diff options
Diffstat (limited to 'Linux-PAM')
251 files changed, 14103 insertions, 4184 deletions
diff --git a/Linux-PAM/CHANGELOG b/Linux-PAM/CHANGELOG index f187f0f7..3a886546 100644 --- a/Linux-PAM/CHANGELOG +++ b/Linux-PAM/CHANGELOG @@ -1,5 +1,5 @@ -$Id: CHANGELOG,v 1.1.1.2 2002/09/15 20:08:18 hartmans Exp $ +$Id: CHANGELOG,v 1.184 2005/03/31 14:50:39 kukuk Exp $ ----------------------------- @@ -50,14 +50,151 @@ bug report - outstanding bugs are listed here: (to file another bug see the 'submit bug' button on that page). + +There is now a second bug tracking system for Linux-PAM on BerliOS. +You can find the list of outstanding bugs on BerliOS here: + +http://developer.berlios.de/bugs/?func=browse&group_id=2134&set=open + +BerliOS Bugs are marked with (BerliOS #XXXX). + ==================================================================== -0.76: please submit patches for this section with actual code/doc - patches! +0.79: Thu Mar 31 16:48:45 CEST 2005 +* pam_tally: added audit option (toady) +* pam_unix: don't log user unknown failure when he can be properly + authenticated by another module (t8m) +* configure: don't abort if no cracklib dictinaries were found, but + warn user that pam_cracklib will not be built (kukuk) +* modules/pam_unix/support.c: Fix return value if user aborts while + changes the password (Bug 872945 - kukuk) +* modules/pam_unix/support.c: Fix return value for an unknown user + (Bug 872943 - kukuk) +* pam_limits: support for new Linux kernel 2.6 limits (from toby cabot + - t8m) +* pam_tally: major rewrite of the module (t8m) +* libpam: don't return PAM_IGNORE for OK or JUMP actions if using + cached chain (Bug 629251 - t8m) +* pam_nologin: don't overwrite return value with return from + pam_get_item (t8m) +* libpam: Add more checks for broken PAM configuration files to + avoid seg.faults (kukuk) +* pam_shells: correct README +* libpam: Fix debug code (kukuk) +* pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk) +* pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk) +* libpam: Add prelude ids (http://www.prelude-ids.org) support, + as experimental. (toady) +* configure: Add the directory where new versions of cracklib is + installed (from Jim Gifford - toady) + +0.78: Do Nov 18 14:48:36 CET 2004 + +* pam_unix: change the order of trying password changes - local first, + NIS second (t8m) +* pam_wheel: add option only_root to make it affect authentication + to root account only +* pam_unix: test return values on renaming files and report error to + syslog and to user +* pam_unix: forced password change shouldn't trump account expiration +* pam_unix: remove the use of openlog (from debian - toady) +* pam_unix: NIS cleanup (patch from Philippe Troin) +* pam_access: you can now authenticate an explicit user on an explicit + tty (from debian - toady) +* pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues + (patch from Igor Khavkine) +* pam_env: added comments in the configuration file to avoid errors + (from debian - toady) +* pam_mail: check PAM_NO_ENV to know if we can delete the environment + variable (from debian - toady) +* pam_filter: s/termio/termios/g (from debian - toady) +* pam_mkhomedir: no maxpathlen required (from debian - toady) +* pam_limits: applied patch to allow explicit limits for root + and remove limits on su. (from debian - toady) +* pam_unix: severe denial of service possible with this module since + it locked too aggressively. Bug report and testing help from Sascha + Loetz. (Bug 664290 - agmorgan) +* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of + characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname' + attacks could potentially spoof pam_wheel with the 'trust' module + argument into granting access to a luser. Also, pam_unix gave + odd error messages in such a situation (logname != uid). This + problem was found by David Endler of iDefense.com (Bug 667584 - + agmorgan). +* added my new DSA public key to the pgp.keys.asc file. Also included + a signed copy of my new public key (1024D/D41A6DF2) made with my old + key (1024/2A398175). +* added "include" directive to config file syntax. + The whole idea is to create few "systemwide" pam configs and include + parts of them in application pam configs. + (patch by "Dmitry V. Levin" <ldv@altlinux.org>) (Bug 812567 - baggins). +* doc/modules/pam_mkhomedir.sgml: Remove wrong debug options + (Bug 591605 - kukuk) +* pam_unix: Call password checking helper whenever the password field + contains only one character (Bug 1027903 - kukuk) +* libpam/pam_start.c: All service names should be files below /etc/pam.d + and nothing else. Forbid paths. (Bug 1027912 - kukuk) +* pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib + module (Bug 1010142 - toady) +* pam_userdb: applied patch from Paul Walmsley <paul@booyaka.com> + it now indicates whether encrypted or plaintext passwords are stored + in the database needed for pam_userdb (BerliOS - toady) +* pam_group: The module should also ignore PAM_REINITIALIZE_CRED to + avoid spurious errors (from Linux distributors - kukuk) +* pam_cracklib: Clear the entire options structure (from Linux + distributors - kukuk) +* pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure + that the destination is part of the allocated block, make do_prompt + static (from Linux distributors - kukuk) +* ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT + environment, else let ldconfig only create the symlinks correct + (from Linux distributors - kukuk) +* pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD + (from Linux distributors - kukuk) +* Add most of Steve Grubb's resource leak and other fixes (from + Linux distributors - kukuk) +* doc/Makefile: Don't include .cvsignore files in tar ball (kukuk) +* libpam_misc/misc_conv.c: Differentiate between Ctrl-D and + <Return> (Bug 1032604 - kukuk) +* Make.Rules.in: Add targets for installing man pages for modules + (from Linux distributors - kukuk) +* Add pam_xauth module (Bug 436440 - kukuk) +* Add pam_localuser module (Bug 436444 - kukuk) +* Add pam_succeed_if module (from Linux distributors - kukuk) +* configure.in: Fix check for libcrypt (Bug 417704 - kukuk) +* Add the "broken_shadow" argument to pam_unix, for ignoring errors + reading shadow information (from Linux distributors - kukuk) +* Add patches to make PAM modules reentrant (Bug 440107 - kukuk) +* Merge patches from Red Hat (Bug 477000 and other - kukuk) +* Fix pam_rhosts option parsing (Bug 922648 - kukuk) +* Add $ISA support in config files (from Red Hat - kukuk) + +0.77: Mon Sep 23 10:25:42 PDT 2002 + +* documentation support for pdf files was not quite right - + installation was messed up. +* pam_wheel was too aggressive to grant access (in the case of the + 'deny' option you want to pay attention to 'trust'). Fix from + Nalin (Bugs 476951, 476953 - agmorgan) +* account management support for: pam_shells, pam_listfile, pam_wheel + and pam_securetty (+ static module fix for pam_nologin). Patch from + redhat through Harald Welte (Bug 436435 - agmorgan). +* pam_wheel feature from Nalin - can use the module to provide wheel + access to non-root accounts. Also from Nalin, a bugfix related to + the primary group of the applicant is the 'wheel' group. (Bugs + 476980, 476941 - agmorgan) +* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while + running the helper binary (patch from Nalin) added the "noreap" + module argument to both of these modules to turn off this new + default. Bugfix found by Silvan Minghetti for former module and + 521314 checkin. (Bugs 476963, 521314 - agmorgan). +* updated CHANGELOG and configure.in for 0.77 work. + +0.76: Mon Jul 8 21:44:59 PDT 2002 * pam_unix: fix for legacy crypt() support when the password entered was long. (Bug 521314 - agmorgan). -* pam_access no longer include gethostname() prototype complained from +* pam_access no longer include gethostname() prototype complaint from David Lee (Bug 415423 - agmorgan). * make pam_nologin more secure by default, added two new module arguments etc. - acting on suggestion from Nico (Bug 419307 - diff --git a/Linux-PAM/Make.Rules.in b/Linux-PAM/Make.Rules.in index cb537d16..86a80524 100644 --- a/Linux-PAM/Make.Rules.in +++ b/Linux-PAM/Make.Rules.in @@ -1,5 +1,5 @@ ## -## $Id: Make.Rules.in,v 1.1.1.2 2002/09/15 20:08:19 hartmans Exp $ +## $Id: Make.Rules.in,v 1.18 2005/03/29 20:41:19 toady Exp $ ## ## @configure_input@ ## @@ -20,6 +20,7 @@ localstatedir = @localstatedir@ libdir = @libdir@ infodir = @infodir@ includedir = @includedir@ +mandir = @mandir@ absolute_srcdir = @LOCALSRCDIR@ absolute_objdir = @LOCALOBJDIR@ @@ -40,10 +41,13 @@ PIC=@PIC@ # Mode to install shared libraries with SHLIBMODE=@SHLIBMODE@ +# Mode to install man pages with +MANMODE=@MANMODE@ NEED_LINK_LIB_C=@PAM_NEEDS_LIBC@ HAVE_LCKPWDF=@HAVE_LCKPWDF@ HAVE_LIBCRACK=@HAVE_LIBCRACK@ +HAVE_LIBCAP=@HAVE_LIBCAP@ HAVE_LIBCRYPT=@HAVE_LIBCRYPT@ HAVE_LIBUTIL=@HAVE_LIBUTIL@ HAVE_NDBM_H=@HAVE_NDBM_H@ @@ -73,6 +77,7 @@ MANDIR=@MANDIR@ WITH_DEBUG=@WITH_DEBUG@ WITH_MEMORY_DEBUG=@WITH_MEMORY_DEBUG@ WITH_LIBDEBUG=@WITH_LIBDEBUG@ +WITH_PRELUDE=@WITH_PRELUDE@ WITH_PAMLOCKING=@WITH_PAMLOCKING@ WITH_LCKPWDF=@WITH_LCKPWDF@ STATIC_LIBPAM=@STATIC_LIBPAM@ @@ -91,10 +96,12 @@ CRACKLIB_DICTPATH=@CRACKLIB_DICTPATH@ # generic build setup OS=@OS@ CC=@CC@ -CFLAGS=$(WARNINGS) -D$(OS) $(OS_CFLAGS) $(HEADER_DIRS) @CONF_CFLAGS@ +CFLAGS=$(WARNINGS) -D$(OS) @CFLAGS@ @CPPFLAGS@ $(OS_CFLAGS) $(HEADER_DIRS) @CONF_CFLAGS@ +LDFLAGS=@LDFLAGS@ LD=@LD@ LD_D=@LD_D@ LD_L=@LD_L@ +MV=@MV@ LDCONFIG=@LDCONFIG@ DYNTYPE=@DYNTYPE@ USESONAME=@USESONAME@ @@ -108,3 +115,10 @@ STRIP=@STRIP@ CC_STATIC=@CC_STATIC@ LINKLIBS = $(NEED_LINK_LIB_C) $(LIBDL) + +USESONAME=@USESONAME@ +SOSWITCH=@SOSWITCH@ + +ifdef DYNAMIC +CFLAGS += $(PIC) +endif diff --git a/Linux-PAM/Makefile b/Linux-PAM/Makefile index cdc8505a..398ae2df 100644 --- a/Linux-PAM/Makefile +++ b/Linux-PAM/Makefile @@ -1,5 +1,5 @@ ## -## $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:19 hartmans Exp $ +## $Id: Makefile,v 1.12 2004/10/14 14:47:53 kukuk Exp $ ## ## Note, ideally I would prefer it if this top level makefile did @@ -11,14 +11,16 @@ DISTNAME=Linux-PAM -ifeq ($(shell test \! -f Make.Rules || echo yes),yes) - include Make.Rules -endif +-include Make.Rules -THINGSTOMAKE = modules libpam libpamc libpam_misc doc examples +THINGSTOMAKE = libpam libpamc libpam_misc modules doc examples all: $(THINGSTOMAKE) + # Let's get a dynamic libpam.so first + bootstrap-libpam: _pam_aconf.h prep + $(MAKE) -C libpam bootstrap-libpam + prep: rm -f security ln -sf . security @@ -26,21 +28,20 @@ prep: clean: if [ ! -f Make.Rules ]; then touch Make.Rules ; fi for i in $(THINGSTOMAKE) ; do $(MAKE) -C $$i clean ; done - rm -f security *~ *.orig *.rej Make.Rules #*# + rm -f security *~ *.orig *.rej #*# distclean: clean rm -f Make.Rules _pam_aconf.h rm -f config.status config.cache config.log core + rm -rf autom4te.cache/ maintainer-clean: distclean @echo files should be ok for packaging now. # NB _pam_aconf.h.in changes will remake this too Make.Rules: configure Make.Rules.in _pam_aconf.h.in - @echo XXX - not sure how to preserve past configure options.. - @echo XXX - so not attempting to. Feel free to run ./configure - @echo XXX - by hand, with the options you want. - ./configure + ./config.status --recheck + ./config.status _pam_aconf.h: Make.Rules @@ -52,12 +53,10 @@ configure: configure.in @rm -f configure @exit 1 -$(THINGSTOMAKE): _pam_aconf.h prep +$(THINGSTOMAKE): _pam_aconf.h prep bootstrap-libpam $(MAKE) -C $@ all install: _pam_aconf.h prep - $(MKDIR) $(FAKEROOT)$(INCLUDED) - $(INSTALL) -m 444 security/_pam_aconf.h $(FAKEROOT)$(INCLUDED) for x in $(THINGSTOMAKE) ; do $(MAKE) -C $$x install ; done remove: @@ -75,4 +74,3 @@ release: cd .. ; tar zvfc $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL).tar.gz \ --exclude CVS --exclude .cvsignore --exclude '.#*' \ $(DISTNAME)-$(MAJOR_REL).$(MINOR_REL)/* - diff --git a/Linux-PAM/README b/Linux-PAM/README index 8aab912a..1e769a5d 100644 --- a/Linux-PAM/README +++ b/Linux-PAM/README @@ -1,5 +1,5 @@ # -# $Id: README,v 1.1.1.1 2001/04/29 04:16:21 hartmans Exp $ +# $Id: README,v 1.3 2000/11/20 00:01:49 agmorgan Exp $ # Hello! diff --git a/Linux-PAM/_pam_aconf.h.in b/Linux-PAM/_pam_aconf.h.in index 14c6f9fd..17adbb34 100644 --- a/Linux-PAM/_pam_aconf.h.in +++ b/Linux-PAM/_pam_aconf.h.in @@ -1,5 +1,5 @@ /* - * $Id: _pam_aconf.h.in,v 1.1.1.2 2002/09/15 20:08:20 hartmans Exp $ + * $Id: _pam_aconf.h.in,v 1.11 2004/10/06 13:42:36 kukuk Exp $ * * */ @@ -21,9 +21,6 @@ #ifdef HAVE_FEATURES_H # define _SVID_SOURCE # define _BSD_SOURCE -# define __USE_BSD -# define __USE_SVID -# define __USE_MISC # define _GNU_SOURCE # include <features.h> #endif /* HAVE_FEATURES_H */ @@ -64,7 +61,11 @@ /* Define if reentrant declarations of standard nss functions are available */ #undef HAVE_GETPWNAM_R +#undef HAVE_GETPWUID_R +#undef HAVE_GETSPNAM_R #undef HAVE_GETGRNAM_R +#undef HAVE_GETGRGID_R +#undef HAVE_GETGROUPLIST /* ugly hack to partially support old pam_strerror syntax */ #undef UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT @@ -96,4 +97,8 @@ # include <security/pam_malloc.h> #endif /* MEMORY_DEBUG */ +/* the path, relative to SECUREDIR, where PAMs specific to this architecture + * can be found */ +#undef _PAM_ISA + #endif /* PAM_ACONF_H */ diff --git a/Linux-PAM/bin/README b/Linux-PAM/bin/README index 427a871a..2d2fba52 100644 --- a/Linux-PAM/bin/README +++ b/Linux-PAM/bin/README @@ -1,5 +1,5 @@ ## -# $Id: README,v 1.1.1.1 2001/04/29 04:16:25 hartmans Exp $ +# $Id: README,v 1.2 2000/12/04 19:02:33 baggins Exp $ ## (now we are getting networked apps, be careful to try and test on a diff --git a/Linux-PAM/conf/Makefile b/Linux-PAM/conf/Makefile index a668607b..67523c59 100644 --- a/Linux-PAM/conf/Makefile +++ b/Linux-PAM/conf/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:16:25 hartmans Exp $ +# $Id: Makefile,v 1.1.1.1 2000/06/20 22:10:44 agmorgan Exp $ # # diff --git a/Linux-PAM/conf/md5itall b/Linux-PAM/conf/md5itall index 2f532b31..0f2656fe 100755 --- a/Linux-PAM/conf/md5itall +++ b/Linux-PAM/conf/md5itall @@ -1,6 +1,6 @@ #!/bin/bash # -# $Id: md5itall,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $ +# $Id: md5itall,v 1.2 2000/12/04 19:02:33 baggins Exp $ # # Created by Andrew G. Morgan (morgan@parc.power.net) # diff --git a/Linux-PAM/conf/pam.conf b/Linux-PAM/conf/pam.conf index 395b7ba3..8e78e547 100644 --- a/Linux-PAM/conf/pam.conf +++ b/Linux-PAM/conf/pam.conf @@ -3,7 +3,7 @@ # # # Last modified by Andrew G. Morgan <morgan@kernel.org> # # ---------------------------------------------------------------------------# -# $Id: pam.conf,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $ +# $Id: pam.conf,v 1.2 2001/04/08 06:02:33 agmorgan Exp $ # ---------------------------------------------------------------------------# # serv. module ctrl module [path] ...[args..] # # name type flag # diff --git a/Linux-PAM/conf/pam_conv1/Makefile b/Linux-PAM/conf/pam_conv1/Makefile index f23c8aa6..daf2e6cf 100644 --- a/Linux-PAM/conf/pam_conv1/Makefile +++ b/Linux-PAM/conf/pam_conv1/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $ +# $Id: Makefile,v 1.3 2004/09/23 15:52:56 kukuk Exp $ # include ../../Make.Rules @@ -21,7 +21,7 @@ else all: pam_conv1 pam_conv1: pam_conv.tab.c lex.yy.c - $(CC) -o pam_conv1 pam_conv.tab.c $(LINK_LIBLEX) + $(CC) -o pam_conv1 $(CFLAGS) pam_conv.tab.c $(LINK_LIBLEX) pam_conv.tab.c: pam_conv.y lex.yy.c bison pam_conv.y diff --git a/Linux-PAM/conf/pam_conv1/README b/Linux-PAM/conf/pam_conv1/README index 3a750d73..7a09df38 100644 --- a/Linux-PAM/conf/pam_conv1/README +++ b/Linux-PAM/conf/pam_conv1/README @@ -1,4 +1,4 @@ -$Id: README,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $ +$Id: README,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $ This directory contains a untility to convert pam.conf files to a pam.d/ tree. The conversion program takes pam.conf from the standard input and diff --git a/Linux-PAM/conf/pam_conv1/pam_conv.lex b/Linux-PAM/conf/pam_conv1/pam_conv.lex index addc60ae..ef8cb41a 100644 --- a/Linux-PAM/conf/pam_conv1/pam_conv.lex +++ b/Linux-PAM/conf/pam_conv1/pam_conv.lex @@ -1,7 +1,7 @@ %{ /* - * $Id: pam_conv.lex,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $ + * $Id: pam_conv.lex,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $ * * Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> * @@ -10,7 +10,7 @@ */ const static char lexid[]= - "$Id: pam_conv.lex,v 1.1.1.1 2001/04/29 04:16:26 hartmans Exp $\n" + "$Id: pam_conv.lex,v 1.1.1.1 2000/06/20 22:10:45 agmorgan Exp $\n" "Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net>\n"; extern int current_line; diff --git a/Linux-PAM/conf/pam_conv1/pam_conv.y b/Linux-PAM/conf/pam_conv1/pam_conv.y index 0cbfa5f8..ef712e78 100644 --- a/Linux-PAM/conf/pam_conv1/pam_conv.y +++ b/Linux-PAM/conf/pam_conv1/pam_conv.y @@ -1,7 +1,7 @@ %{ /* - * $Id: pam_conv.y,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $ + * $Id: pam_conv.y,v 1.2 2002/05/29 06:35:46 agmorgan Exp $ * * Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> * @@ -10,7 +10,7 @@ */ const static char bisonid[]= - "$Id: pam_conv.y,v 1.1.1.2 2002/09/15 20:08:22 hartmans Exp $\n" + "$Id: pam_conv.y,v 1.2 2002/05/29 06:35:46 agmorgan Exp $\n" "Copyright (c) Andrew G. Morgan 1997-8 <morgan@linux.kernel.org>\n"; #include <string.h> diff --git a/Linux-PAM/configure b/Linux-PAM/configure index 270184c7..1d2c8591 100755 --- a/Linux-PAM/configure +++ b/Linux-PAM/configure @@ -1,64 +1,326 @@ #! /bin/sh - # Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.13 -# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# Generated by GNU Autoconf 2.59. # +# Copyright (C) 2003 Free Software Foundation, Inc. # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME +do + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi +done + +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + + +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + -# Defaults: -ac_help= +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' + else + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2 + { (exit 1); exit 1; }; } + fi + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2 + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' + else + as_ln_s='ln -s' + fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + + +# Name of the host. +# hostname on some systems (SVR3.2, Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +exec 6>&1 + +# +# Initializations. +# ac_default_prefix=/usr/local -# Any additions from configure.in: +ac_config_libobj_dir=. +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} + +# Maximum number of lines to put in a shell here document. +# This variable seems obsolete. It should probably be removed, and +# only ac_max_sed_lines should be used. +: ${ac_max_here_lines=38} + +# Identity of this package. +PACKAGE_NAME= +PACKAGE_TARNAME= +PACKAGE_VERSION= +PACKAGE_STRING= +PACKAGE_BUGREPORT= + +ac_unique_file="conf/pam_conv1/pam_conv.y" ac_default_prefix= -ac_help="$ac_help - --enable-debug specify you are building with debugging on" -ac_help="$ac_help - --enable-memory-debug specify you want every malloc etc. call tracked" -ac_help="$ac_help - --enable-libdebug specify you are building debugging libraries" -ac_help="$ac_help - --enable-fakeroot=<path to packaging directory>" -ac_help="$ac_help - --enable-securedir=<path to location of PAMs> [default \$libdir/security]" -ac_help="$ac_help - --enable-sconfigdir=<path to module conf files> [default \$sysconfdir/security]" -ac_help="$ac_help - --enable-suplementedir=<path to module helper binaries> [default \$sbindir]" -ac_help="$ac_help - --enable-includedir=<path to include location> - where to put <security>" -ac_help="$ac_help - --enable-docdir=<path to store documentation in - /usr/share/doc/pam>" -ac_help="$ac_help - --enable-mandir=<path to store manuals in - /usr/share/man>" -ac_help="$ac_help - --enable-pamlocking configure libpam to observe a global authentication lock" -ac_help="$ac_help - --enable-uglyhack configure libpam to try to honor old pam_strerror syntax" -ac_help="$ac_help - --enable-read-both-confs read both /etc/pam.d and /etc/pam.conf files" -ac_help="$ac_help - --enable-static-libpam build a libpam.a library" -ac_help="$ac_help - --disable-dynamic-libpam do not build a shared libpam library" -ac_help="$ac_help - --enable-static-modules do not make the modules dynamically loadable" -ac_help="$ac_help - --disable-lckpwdf do not use the lckpwdf function" -ac_help="$ac_help - --with-mailspool path to mail spool directory - [default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]" +# Factoring default headers for most tests. +ac_includes_default="\ +#include <stdio.h> +#if HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#if HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif +#if STDC_HEADERS +# include <stdlib.h> +# include <stddef.h> +#else +# if HAVE_STDLIB_H +# include <stdlib.h> +# endif +#endif +#if HAVE_STRING_H +# if !STDC_HEADERS && HAVE_MEMORY_H +# include <memory.h> +# endif +# include <string.h> +#endif +#if HAVE_STRINGS_H +# include <strings.h> +#endif +#if HAVE_INTTYPES_H +# include <inttypes.h> +#else +# if HAVE_STDINT_H +# include <stdint.h> +# endif +#endif +#if HAVE_UNISTD_H +# include <unistd.h> +#endif" + +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS LIBPAM_VERSION_MAJOR LIBPAM_VERSION_MINOR LOCALSRCDIR LOCALOBJDIR OS CONF_CFLAGS MKDIR SHLIBMODE MANMODE USESONAME SOSWITCH NEEDSONAME LDCONFIG CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT YACC LEX LEXLIB LEX_OUTPUT_ROOT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE WITH_DEBUG WITH_MEMORY_DEBUG WITH_LIBDEBUG WITH_PRELUDE FAKEROOT SECUREDIR SCONFIGDIR SUPLEMENTED INCLUDEDIR DOCDIR MANDIR WITH_PAMLOCKING PAM_READ_BOTH_CONFS STATIC_LIBPAM DYNAMIC_LIBPAM DYNAMIC STATIC WITH_LCKPWDF CPP EGREP PAM_NEEDS_LIBC HAVE_LCKPWDF LIBDL HAVE_LIBCRACK HAVE_LIBCRYPT HAVE_LIBUTIL HAVE_LIBNDBM HAVE_LIBDB HAVE_LIBFL HAVE_LIBNSL HAVE_LIBPWDB HAVE_LIBFLEX HAVE_LIBLEX HAVE_NDBM_H CRACKLIB_DICTPATH DYNTYPE OS_CFLAGS WARNINGS PIC LD LD_D LD_L RANLIB STRIP CC_STATIC LIBOBJS HAVE_SGML2TXT HAVE_SGML2HTML HAVE_SGML2LATEX HAVE_PS2PDF HAVE_SGML2PS PSER PS2PDF LTLIBOBJS' +ac_subst_files='' # Initialize some variables set by options. +ac_init_help= +ac_init_version=false # The variables have the same names as the options, with # dashes changed to underlines. -build=NONE -cache_file=./config.cache +cache_file=/dev/null exec_prefix=NONE -host=NONE no_create= -nonopt=NONE no_recursion= prefix=NONE program_prefix=NONE @@ -67,10 +329,15 @@ program_transform_name=s,x,x, silent= site= srcdir= -target=NONE verbose= x_includes=NONE x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' @@ -84,17 +351,9 @@ oldincludedir='/usr/include' infodir='${prefix}/info' mandir='${prefix}/man' -# Initialize some other variables. -subdirs= -MFLAGS= MAKEFLAGS= -SHELL=${CONFIG_SHELL-/bin/sh} -# Maximum number of lines to put in a shell here document. -ac_max_here_lines=12 - ac_prev= for ac_option do - # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval "$ac_prev=\$ac_option" @@ -102,59 +361,59 @@ do continue fi - case "$ac_option" in - -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; - *) ac_optarg= ;; - esac + ac_optarg=`expr "x$ac_option" : 'x[^=]*=\(.*\)'` # Accept the important Cygnus configure options, so we can diagnose typos. - case "$ac_option" in + case $ac_option in -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) - bindir="$ac_optarg" ;; + bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) - ac_prev=build ;; + ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) - build="$ac_optarg" ;; + build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) - cache_file="$ac_optarg" ;; + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad | --data | --dat | --da) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ | --da=*) - datadir="$ac_optarg" ;; + datadir=$ac_optarg ;; -disable-* | --disable-*) - ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + ac_feature=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - eval "enable_${ac_feature}=no" ;; + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + eval "enable_$ac_feature=no" ;; -enable-* | --enable-*) - ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + ac_feature=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } - fi - ac_feature=`echo $ac_feature| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; + expr "x$ac_feature" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid feature name: $ac_feature" >&2 + { (exit 1); exit 1; }; } + ac_feature=`echo $ac_feature | sed 's/-/_/g'` + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac - eval "enable_${ac_feature}='$ac_optarg'" ;; + eval "enable_$ac_feature='$ac_optarg'" ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ @@ -163,95 +422,47 @@ do -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) - exec_prefix="$ac_optarg" ;; + exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; - -help | --help | --hel | --he) - # Omit some internal or obsolete options to make the list less imposing. - # This message is too long to be a string in the A/UX 3.1 sh. - cat << EOF -Usage: configure [options] [host] -Options: [defaults in brackets after descriptions] -Configuration: - --cache-file=FILE cache test results in FILE - --help print this message - --no-create do not create output files - --quiet, --silent do not print \`checking...' messages - --version print the version of autoconf that created configure -Directory and file names: - --prefix=PREFIX install architecture-independent files in PREFIX - [$ac_default_prefix] - --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX - [same as prefix] - --bindir=DIR user executables in DIR [EPREFIX/bin] - --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] - --libexecdir=DIR program executables in DIR [EPREFIX/libexec] - --datadir=DIR read-only architecture-independent data in DIR - [PREFIX/share] - --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] - --sharedstatedir=DIR modifiable architecture-independent data in DIR - [PREFIX/com] - --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] - --libdir=DIR object code libraries in DIR [EPREFIX/lib] - --includedir=DIR C header files in DIR [PREFIX/include] - --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] - --infodir=DIR info documentation in DIR [PREFIX/info] - --mandir=DIR man documentation in DIR [PREFIX/man] - --srcdir=DIR find the sources in DIR [configure dir or ..] - --program-prefix=PREFIX prepend PREFIX to installed program names - --program-suffix=SUFFIX append SUFFIX to installed program names - --program-transform-name=PROGRAM - run sed PROGRAM on installed program names -EOF - cat << EOF -Host type: - --build=BUILD configure for building on BUILD [BUILD=HOST] - --host=HOST configure for HOST [guessed] - --target=TARGET configure for TARGET [TARGET=HOST] -Features and packages: - --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) - --enable-FEATURE[=ARG] include FEATURE [ARG=yes] - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] - --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) - --x-includes=DIR X include files are in DIR - --x-libraries=DIR X library files are in DIR -EOF - if test -n "$ac_help"; then - echo "--enable and --with options recognized:$ac_help" - fi - exit 0 ;; + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; -host | --host | --hos | --ho) - ac_prev=host ;; + ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) - host="$ac_optarg" ;; + host_alias=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) - includedir="$ac_optarg" ;; + includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) - infodir="$ac_optarg" ;; + infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) - libdir="$ac_optarg" ;; + libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) - libexecdir="$ac_optarg" ;; + libexecdir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst \ @@ -260,19 +471,19 @@ EOF -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* \ | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) - localstatedir="$ac_optarg" ;; + localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) - mandir="$ac_optarg" ;; + mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) + | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ @@ -286,26 +497,26 @@ EOF -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) - oldincludedir="$ac_optarg" ;; + oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) - prefix="$ac_optarg" ;; + prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) - program_prefix="$ac_optarg" ;; + program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) - program_suffix="$ac_optarg" ;; + program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ @@ -322,7 +533,7 @@ EOF | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) - program_transform_name="$ac_optarg" ;; + program_transform_name=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) @@ -332,7 +543,7 @@ EOF ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) - sbindir="$ac_optarg" ;; + sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ @@ -343,58 +554,57 @@ EOF | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) - sharedstatedir="$ac_optarg" ;; + sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) - site="$ac_optarg" ;; + site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) - srcdir="$ac_optarg" ;; + srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) - sysconfdir="$ac_optarg" ;; + sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) - ac_prev=target ;; + ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) - target="$ac_optarg" ;; + target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; - -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.13" - exit 0 ;; + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; -with-* | --with-*) - ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + ac_package=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } ac_package=`echo $ac_package| sed 's/-/_/g'` - case "$ac_option" in - *=*) ;; + case $ac_option in + *=*) ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"`;; *) ac_optarg=yes ;; esac - eval "with_${ac_package}='$ac_optarg'" ;; + eval "with_$ac_package='$ac_optarg'" ;; -without-* | --without-*) - ac_package=`echo $ac_option|sed -e 's/-*without-//'` + ac_package=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. - if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then - { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } - fi - ac_package=`echo $ac_package| sed 's/-/_/g'` - eval "with_${ac_package}=no" ;; + expr "x$ac_package" : ".*[^-_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid package name: $ac_package" >&2 + { (exit 1); exit 1; }; } + ac_package=`echo $ac_package | sed 's/-/_/g'` + eval "with_$ac_package=no" ;; --x) # Obsolete; use --with-x. @@ -405,99 +615,110 @@ EOF ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) - x_includes="$ac_optarg" ;; + x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) - x_libraries="$ac_optarg" ;; + x_libraries=$ac_optarg ;; - -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + -*) { echo "$as_me: error: unrecognized option: $ac_option +Try \`$0 --help' for more information." >&2 + { (exit 1); exit 1; }; } ;; + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + expr "x$ac_envvar" : ".*[^_$as_cr_alnum]" >/dev/null && + { echo "$as_me: error: invalid variable name: $ac_envvar" >&2 + { (exit 1); exit 1; }; } + ac_optarg=`echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` + eval "$ac_envvar='$ac_optarg'" + export $ac_envvar ;; + *) - if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 - fi - if test "x$nonopt" != xNONE; then - { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } - fi - nonopt="$ac_option" + # FIXME: should be removed in autoconf 3.0. + echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then - { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + { echo "$as_me: error: missing argument to $ac_option" >&2 + { (exit 1); exit 1; }; } fi -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - -# File descriptor usage: -# 0 standard input -# 1 file creation -# 2 errors and warnings -# 3 some systems may open it to /dev/tty -# 4 used on the Kubota Titan -# 6 checking for... messages and results -# 5 compiler messages saved in config.log -if test "$silent" = yes; then - exec 6>/dev/null -else - exec 6>&1 -fi -exec 5>./config.log - -echo "\ -This file contains any messages produced by compilers while -running configure, to aid debugging if configure makes a mistake. -" 1>&5 +# Be sure to have absolute paths. +for ac_var in exec_prefix prefix +do + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* | NONE | '' ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; + esac +done -# Strip out --no-create and --no-recursion so they do not pile up. -# Also quote any args containing shell metacharacters. -ac_configure_args= -for ac_arg +# Be sure to have absolute paths. +for ac_var in bindir sbindir libexecdir datadir sysconfdir sharedstatedir \ + localstatedir libdir includedir oldincludedir infodir mandir do - case "$ac_arg" in - -no-create | --no-create | --no-creat | --no-crea | --no-cre \ - | --no-cr | --no-c) ;; - -no-recursion | --no-recursion | --no-recursio | --no-recursi \ - | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; - *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) - ac_configure_args="$ac_configure_args '$ac_arg'" ;; - *) ac_configure_args="$ac_configure_args $ac_arg" ;; + eval ac_val=$`echo $ac_var` + case $ac_val in + [\\/$]* | ?:[\\/]* ) ;; + *) { echo "$as_me: error: expected an absolute directory name for --$ac_var: $ac_val" >&2 + { (exit 1); exit 1; }; };; esac done -# NLS nuisances. -# Only set these to C if already set. These must not be set unconditionally -# because not all systems understand e.g. LANG=C (notably SCO). -# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! -# Non-C LC_CTYPE values break the ctype check. -if test "${LANG+set}" = set; then LANG=C; export LANG; fi -if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi -if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi -if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + If a cross compiler is detected then cross compile mode will be used." >&2 + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi -# confdefs.h avoids OS command line length limits that DEFS can exceed. -rm -rf conftest* confdefs.h -# AIX cpp loses on an empty file, so make sure it contains at least a newline. -echo > confdefs.h +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null -# A filename unique to this package, relative to the directory that -# configure is in, which we can look for to find out if srcdir is correct. -ac_unique_file=conf/pam_conv1/pam_conv.y # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then its parent. - ac_prog=$0 - ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` - test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + ac_confdir=`(dirname "$0") 2>/dev/null || +$as_expr X"$0" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$0" : 'X\(//\)[^/]' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$0" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` srcdir=$ac_confdir if test ! -r $srcdir/$ac_unique_file; then srcdir=.. @@ -507,13 +728,483 @@ else fi if test ! -r $srcdir/$ac_unique_file; then if test "$ac_srcdir_defaulted" = yes; then - { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $ac_confdir or .." >&2 + { (exit 1); exit 1; }; } else - { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + { echo "$as_me: error: cannot find sources ($ac_unique_file) in $srcdir" >&2 + { (exit 1); exit 1; }; } fi fi -srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` +(cd $srcdir && test -r ./$ac_unique_file) 2>/dev/null || + { echo "$as_me: error: sources are in $srcdir, but \`cd $srcdir' does not work" >&2 + { (exit 1); exit 1; }; } +srcdir=`echo "$srcdir" | sed 's%\([^\\/]\)[\\/]*$%\1%'` +ac_env_build_alias_set=${build_alias+set} +ac_env_build_alias_value=$build_alias +ac_cv_env_build_alias_set=${build_alias+set} +ac_cv_env_build_alias_value=$build_alias +ac_env_host_alias_set=${host_alias+set} +ac_env_host_alias_value=$host_alias +ac_cv_env_host_alias_set=${host_alias+set} +ac_cv_env_host_alias_value=$host_alias +ac_env_target_alias_set=${target_alias+set} +ac_env_target_alias_value=$target_alias +ac_cv_env_target_alias_set=${target_alias+set} +ac_cv_env_target_alias_value=$target_alias +ac_env_CC_set=${CC+set} +ac_env_CC_value=$CC +ac_cv_env_CC_set=${CC+set} +ac_cv_env_CC_value=$CC +ac_env_CFLAGS_set=${CFLAGS+set} +ac_env_CFLAGS_value=$CFLAGS +ac_cv_env_CFLAGS_set=${CFLAGS+set} +ac_cv_env_CFLAGS_value=$CFLAGS +ac_env_LDFLAGS_set=${LDFLAGS+set} +ac_env_LDFLAGS_value=$LDFLAGS +ac_cv_env_LDFLAGS_set=${LDFLAGS+set} +ac_cv_env_LDFLAGS_value=$LDFLAGS +ac_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_env_CPPFLAGS_value=$CPPFLAGS +ac_cv_env_CPPFLAGS_set=${CPPFLAGS+set} +ac_cv_env_CPPFLAGS_value=$CPPFLAGS +ac_env_CPP_set=${CPP+set} +ac_env_CPP_value=$CPP +ac_cv_env_CPP_set=${CPP+set} +ac_cv_env_CPP_value=$CPP + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures this package to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +_ACEOF + + cat <<_ACEOF +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data [PREFIX/share] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --infodir=DIR info documentation [PREFIX/info] + --mandir=DIR man documentation [PREFIX/man] +_ACEOF + + cat <<\_ACEOF +_ACEOF +fi + +if test -n "$ac_init_help"; then + + cat <<\_ACEOF + +Optional Features: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-debug specify you are building with debugging on + --enable-memory-debug specify you want every malloc etc. call tracked + --enable-libdebug specify you are building debugging libraries + --enable-prelude build prelude ids support + --enable-fakeroot=<path to packaging directory> + --enable-securedir=<path to location of PAMs> default \$libdir/security + --enable-isadir=<path to arch-specific module files> default ../../\`basename \$libdir\`/security + --enable-sconfigdir=<path to module conf files> default \$sysconfdir/security + --enable-suplementedir=<path to module helper binaries> default \$sbindir + --enable-includedir=<path to include location> - where to put <security> + --enable-docdir=<path to store documentation in - /usr/share/doc/pam> + --enable-mandir=<path to store manuals in - /usr/share/man> + --enable-pamlocking configure libpam to observe a global authentication lock + --enable-uglyhack configure libpam to try to honor old pam_strerror syntax + --enable-read-both-confs read both /etc/pam.d and /etc/pam.conf files + --enable-static-libpam build a libpam.a library + --disable-dynamic-libpam do not build a shared libpam library + --enable-static-modules do not make the modules dynamically loadable + --disable-lckpwdf do not use the lckpwdf function + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-mailspool path to mail spool directory + default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a + nonstandard directory <lib dir> + CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have + headers in a nonstandard directory <include dir> + CPP C preprocessor + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +_ACEOF +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + ac_popdir=`pwd` + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d $ac_dir || continue + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; + *) # Relative path. + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + cd $ac_dir + # Check for guested configure; otherwise get Cygnus style configure. + if test -f $ac_srcdir/configure.gnu; then + echo + $SHELL $ac_srcdir/configure.gnu --help=recursive + elif test -f $ac_srcdir/configure; then + echo + $SHELL $ac_srcdir/configure --help=recursive + elif test -f $ac_srcdir/configure.ac || + test -f $ac_srcdir/configure.in; then + echo + $ac_configure --help + else + echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi + cd $ac_popdir + done +fi + +test -n "$ac_init_help" && exit 0 +if $ac_init_version; then + cat <<\_ACEOF + +Copyright (C) 2003 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit 0 +fi +exec 5>config.log +cat >&5 <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + $ $0 $@ + +_ACEOF +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +hostinfo = `(hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + echo "PATH: $as_dir" +done + +} >&5 + +cat >&5 <<_ACEOF + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_sep= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=`echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) ac_configure_args0="$ac_configure_args0 '$ac_arg'" ;; + 2) + ac_configure_args1="$ac_configure_args1 '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + ac_configure_args="$ac_configure_args$ac_sep'$ac_arg'" + # Get rid of the leading space. + ac_sep=" " + ;; + esac + done +done +$as_unset ac_configure_args0 || test "${ac_configure_args0+set}" != set || { ac_configure_args0=; export ac_configure_args0; } +$as_unset ac_configure_args1 || test "${ac_configure_args1+set}" != set || { ac_configure_args1=; export ac_configure_args1; } + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Be sure not to use single quotes in there, as some shells, +# such as our DU 5.0 friend, will then `close' the trap. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + cat <<\_ASBOX +## ---------------- ## +## Cache variables. ## +## ---------------- ## +_ASBOX + echo + # The following way of writing the cache mishandles newlines in values, +{ + (set) 2>&1 | + case `(ac_space='"'"' '"'"'; set | grep ac_space) 2>&1` in + *ac_space=\ *) + sed -n \ + "s/'"'"'/'"'"'\\\\'"'"''"'"'/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='"'"'\\2'"'"'/p" + ;; + *) + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} + echo + + cat <<\_ASBOX +## ----------------- ## +## Output variables. ## +## ----------------- ## +_ASBOX + echo + for ac_var in $ac_subst_vars + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + + if test -n "$ac_subst_files"; then + cat <<\_ASBOX +## ------------- ## +## Output files. ## +## ------------- ## +_ASBOX + echo + for ac_var in $ac_subst_files + do + eval ac_val=$`echo $ac_var` + echo "$ac_var='"'"'$ac_val'"'"'" + done | sort + echo + fi + + if test -s confdefs.h; then + cat <<\_ASBOX +## ----------- ## +## confdefs.h. ## +## ----------- ## +_ASBOX + echo + sed "/^$/d" confdefs.h | sort + echo + fi + test "$ac_signal" != 0 && + echo "$as_me: caught signal $ac_signal" + echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core && + rm -rf conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status + ' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; { (exit 1); exit 1; }' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo >confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. # Prefer explicitly selected file to automatically selected ones. if test -z "$CONFIG_SITE"; then if test "x$prefix" != xNONE; then @@ -524,293 +1215,797 @@ if test -z "$CONFIG_SITE"; then fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then - echo "loading site script $ac_site_file" + { echo "$as_me:$LINENO: loading site script $ac_site_file" >&5 +echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then - echo "loading cache $cache_file" - . $cache_file + # Some versions of bash will fail to source /dev/null (special + # files actually), so we avoid doing that. + if test -f "$cache_file"; then + { echo "$as_me:$LINENO: loading cache $cache_file" >&5 +echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . $cache_file;; + *) . ./$cache_file;; + esac + fi else - echo "creating cache $cache_file" - > $cache_file + { echo "$as_me:$LINENO: creating cache $cache_file" >&5 +echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in `(set) 2>&1 | + sed -n 's/^ac_env_\([a-zA-Z_0-9]*\)_set=.*/\1/p'`; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val="\$ac_cv_env_${ac_var}_value" + eval ac_new_val="\$ac_env_${ac_var}_value" + case $ac_old_set,$ac_new_set in + set,) + { echo "$as_me:$LINENO: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { echo "$as_me:$LINENO: error: \`$ac_var' was not set in the previous run" >&5 +echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + { echo "$as_me:$LINENO: error: \`$ac_var' has changed since the previous run:" >&5 +echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { echo "$as_me:$LINENO: former value: $ac_old_val" >&5 +echo "$as_me: former value: $ac_old_val" >&2;} + { echo "$as_me:$LINENO: current value: $ac_new_val" >&5 +echo "$as_me: current value: $ac_new_val" >&2;} + ac_cache_corrupted=: + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?\"\']*) + ac_arg=$ac_var=`echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) ac_configure_args="$ac_configure_args '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { echo "$as_me:$LINENO: error: changes in the environment can compromise the build" >&5 +echo "$as_me: error: changes in the environment can compromise the build" >&2;} + { { echo "$as_me:$LINENO: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 +echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} + { (exit 1); exit 1; }; } fi ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -ac_exeext= -ac_objext=o -if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then - # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. - if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then - ac_n= ac_c=' -' ac_t=' ' - else - ac_n=-n ac_c= ac_t= - fi -else - ac_n= ac_c='\c' ac_t= -fi +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + ac_config_headers="$ac_config_headers _pam_aconf.h" + + + LIBPAM_VERSION_MAJOR=0 -LIBPAM_VERSION_MINOR=76 +LIBPAM_VERSION_MINOR=79 -cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\_ACEOF #define LIBPAM_VERSION_MAJOR 1 -EOF +_ACEOF -cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\_ACEOF #define LIBPAM_VERSION_MINOR 1 -EOF +_ACEOF -LOCALSRCDIR=`/bin/pwd` ; -LOCALOBJDIR=`/bin/pwd` ; +LOCALSRCDIR=`/bin/pwd` ; +LOCALOBJDIR=`/bin/pwd` ; OS=`uname|sed -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` -CONF_CFLAGS= ; -MKDIR="mkdir -p" ; +CONF_CFLAGS= ; +MKDIR="mkdir -p" ; + +SHLIBMODE=755 ; +MANMODE=644 ; -SHLIBMODE=755 ; +USESONAME=yes ; +SOSWITCH="-Wl,-soname -Wl," ; +NEEDSONAME=yes ; +LDCONFIG=/sbin/ldconfig ; -USESONAME=yes ; -SOSWITCH=-soname ; -NEEDSONAME=no ; -LDCONFIG=/sbin/ldconfig ; +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done -if test "$OS" = "aix"; then - INSTALL=/usr/ucb/install -c +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 else - INSTALL=/usr/bin/install + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - -# Extract the first word of "gcc", so it can be a program name with args. +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:610: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="gcc" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + fi fi -CC="$ac_cv_prog_CC" +CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 +fi + + CC=$ac_ct_CC +else + CC="$ac_cv_prog_CC" fi +fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:640: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ac_prog_rejected=no - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then - ac_prog_rejected=yes - continue - fi - ac_cv_prog_CC="cc" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift - if test $# -gt 0; then + if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift - set dummy "$ac_dir/$ac_word" "$@" - shift - ac_cv_prog_CC="$@" + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi -CC="$ac_cv_prog_CC" +CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - if test -z "$CC"; then - case "`uname -s`" in - *win32* | *WIN32*) - # Extract the first word of "cl", so it can be a program name with args. -set dummy cl; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:691: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_CC="cl" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + fi fi -CC="$ac_cv_prog_CC" +CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$ac_t""$CC" 1>&6 + echo "$as_me:$LINENO: result: $CC" >&5 +echo "${ECHO_T}$CC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi - ;; - esac + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_ac_ct_CC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 fi - test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +done +done + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + echo "$as_me:$LINENO: result: $ac_ct_CC" >&5 +echo "${ECHO_T}$ac_ct_CC" >&6 +else + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:723: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + test -n "$ac_ct_CC" && break +done -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -cat > conftest.$ac_ext << EOF - -#line 734 "configure" -#include "confdefs.h" - -main(){return(0);} -EOF -if { (eval echo configure:739: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - ac_cv_prog_cc_works=yes - # If we can't run a trivial program, we are probably using a cross compiler. - if (./conftest; exit) 2>/dev/null; then - ac_cv_prog_cc_cross=no + CC=$ac_ct_CC +fi + +fi + + +test -z "$CC" && { { echo "$as_me:$LINENO: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&5 +echo "$as_me: error: no acceptable C compiler found in \$PATH +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + +# Provide some information about the compiler. +echo "$as_me:$LINENO:" \ + "checking for C compiler version" >&5 +ac_compiler=`set X $ac_compile; echo $2` +{ (eval echo "$as_me:$LINENO: \"$ac_compiler --version </dev/null >&5\"") >&5 + (eval $ac_compiler --version </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -v </dev/null >&5\"") >&5 + (eval $ac_compiler -v </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +{ (eval echo "$as_me:$LINENO: \"$ac_compiler -V </dev/null >&5\"") >&5 + (eval $ac_compiler -V </dev/null >&5) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +echo "$as_me:$LINENO: checking for C compiler default output file name" >&5 +echo $ECHO_N "checking for C compiler default output file name... $ECHO_C" >&6 +ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +if { (eval echo "$as_me:$LINENO: \"$ac_link_default\"") >&5 + (eval $ac_link_default) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # Find the output, starting from the most likely. This scheme is +# not robust to junk in `.', hence go to wildcards (a.*) only as a last +# resort. + +# Be careful to initialize this variable, since it used to be cached. +# Otherwise an old cache value of `no' led to `EXEEXT = no' in a Makefile. +ac_cv_exeext= +# b.out is created by i960 compilers. +for ac_file in a_out.exe a.exe conftest.exe a.out conftest a.* conftest.* b.out +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) + ;; + conftest.$ac_ext ) + # This is the source file. + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + # FIXME: I believe we export ac_cv_exeext for Libtool, + # but it would be cool to find out if it's true. Does anybody + # maintain Libtool? --akim. + export ac_cv_exeext + break;; + * ) + break;; + esac +done +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: C compiler cannot create executables +See \`config.log' for more details." >&5 +echo "$as_me: error: C compiler cannot create executables +See \`config.log' for more details." >&2;} + { (exit 77); exit 77; }; } +fi + +ac_exeext=$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_file" >&5 +echo "${ECHO_T}$ac_file" >&6 + +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether the C compiler works" >&5 +echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 +# FIXME: These cross compiler hacks should be removed for Autoconf 3.0 +# If not cross compiling, check that we can run a simple program. +if test "$cross_compiling" != yes; then + if { ac_try='./$ac_file' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + cross_compiling=no else - ac_cv_prog_cc_cross=yes + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { echo "$as_me:$LINENO: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } + fi fi -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - ac_cv_prog_cc_works=no fi -rm -fr conftest* -ac_ext=c -# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. -ac_cpp='$CPP $CPPFLAGS' -ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' -cross_compiling=$ac_cv_prog_cc_cross - -echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 -if test $ac_cv_prog_cc_works = no; then - { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } -fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:765: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 -echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 -cross_compiling=$ac_cv_prog_cc_cross - -echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:770: checking whether we are using GNU C" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.c <<EOF -#ifdef __GNUC__ - yes; -#endif -EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:779: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then - ac_cv_prog_gcc=yes +echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +rm -f a.out a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +# Check the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +echo "$as_me:$LINENO: checking whether we are cross compiling" >&5 +echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 +echo "$as_me:$LINENO: result: $cross_compiling" >&5 +echo "${ECHO_T}$cross_compiling" >&6 + +echo "$as_me:$LINENO: checking for suffix of executables" >&5 +echo $ECHO_N "checking for suffix of executables... $ECHO_C" >&6 +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + export ac_cv_exeext + break;; + * ) break;; + esac +done else - ac_cv_prog_gcc=no -fi -fi - -echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + { { echo "$as_me:$LINENO: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +rm -f conftest$ac_cv_exeext +echo "$as_me:$LINENO: result: $ac_cv_exeext" >&5 +echo "${ECHO_T}$ac_cv_exeext" >&6 + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +echo "$as_me:$LINENO: checking for suffix of object files" >&5 +echo $ECHO_N "checking for suffix of object files... $ECHO_C" >&6 +if test "${ac_cv_objext+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ -if test $ac_cv_prog_gcc = yes; then - GCC=yes + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done else - GCC= + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { echo "$as_me:$LINENO: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&5 +echo "$as_me: error: cannot compute suffix of object files: cannot compile +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } fi -ac_test_CFLAGS="${CFLAGS+set}" -ac_save_CFLAGS="$CFLAGS" -CFLAGS= -echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:798: checking whether ${CC-cc} accepts -g" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_objext" >&5 +echo "${ECHO_T}$ac_cv_objext" >&6 +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +echo "$as_me:$LINENO: checking whether we are using the GNU C compiler" >&5 +echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 +if test "${ac_cv_c_compiler_gnu+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo 'void f(){}' > conftest.c -if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_compiler_gnu=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_compiler_gnu=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +echo "$as_me:$LINENO: result: $ac_cv_c_compiler_gnu" >&5 +echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 +GCC=`test $ac_compiler_gnu = yes && echo yes` +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +CFLAGS="-g" +echo "$as_me:$LINENO: checking whether $CC accepts -g" >&5 +echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_g+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else - ac_cv_prog_cc_g=no -fi -rm -f conftest* + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 +ac_cv_prog_cc_g=no fi - -echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_cc_g" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then - CFLAGS="$ac_save_CFLAGS" + CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" @@ -824,165 +2019,727 @@ else CFLAGS= fi fi +echo "$as_me:$LINENO: checking for $CC option to accept ANSI C" >&5 +echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 +if test "${ac_cv_prog_cc_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_cv_prog_cc_stdc=no +ac_save_CC=$CC +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdarg.h> +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std1 is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std1. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +# Don't try gcc -ansi; that turns off useful extensions and +# breaks some systems' header files. +# AIX -qlanglvl=ansi +# Ultrix and OSF/1 -std1 +# HP-UX 10.20 and later -Ae +# HP-UX older versions -Aa -D_HPUX_SOURCE +# SVR4 -Xc -D__EXTENSIONS__ +for ac_arg in "" -qlanglvl=ansi -std1 -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_cc_stdc=$ac_arg +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext +done +rm -f conftest.$ac_ext conftest.$ac_objext +CC=$ac_save_CC + +fi + +case "x$ac_cv_prog_cc_stdc" in + x|xno) + echo "$as_me:$LINENO: result: none needed" >&5 +echo "${ECHO_T}none needed" >&6 ;; + *) + echo "$as_me:$LINENO: result: $ac_cv_prog_cc_stdc" >&5 +echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 + CC="$CC $ac_cv_prog_cc_stdc" ;; +esac + +# Some people use a C++ compiler to compile C. Since we use `exit', +# in C++ we need to declare it. In case someone uses the same compiler +# for both compiling C and C++ we need to have the C++ compiler decide +# the declaration of exit, since it's the most demanding environment. +cat >conftest.$ac_ext <<_ACEOF +#ifndef __cplusplus + choke me +#endif +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + for ac_declaration in \ + '' \ + 'extern "C" void std::exit (int) throw (); using std::exit;' \ + 'extern "C" void std::exit (int); using std::exit;' \ + 'extern "C" void exit (int) throw ();' \ + 'extern "C" void exit (int);' \ + 'void exit (int);' +do + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +#include <stdlib.h> +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +continue +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_declaration +int +main () +{ +exit (42); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +done +rm -f conftest* +if test -n "$ac_declaration"; then + echo '#ifdef __cplusplus' >>confdefs.h + echo $ac_declaration >>confdefs.h + echo '#endif' >>confdefs.h +fi + +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu for ac_prog in 'bison -y' byacc do -# Extract the first word of "$ac_prog", so it can be a program name with args. + # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:834: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_YACC+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_YACC="$ac_prog" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_YACC="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + fi fi -YACC="$ac_cv_prog_YACC" +YACC=$ac_cv_prog_YACC if test -n "$YACC"; then - echo "$ac_t""$YACC" 1>&6 + echo "$as_me:$LINENO: result: $YACC" >&5 +echo "${ECHO_T}$YACC" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi -test -n "$YACC" && break + test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" -# Extract the first word of "flex", so it can be a program name with args. -set dummy flex; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:867: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +for ac_prog in flex lex +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_LEX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$LEX"; then ac_cv_prog_LEX="$LEX" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_LEX="flex" - break - fi - done - IFS="$ac_save_ifs" - test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LEX="$ac_prog" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + fi fi -LEX="$ac_cv_prog_LEX" +LEX=$ac_cv_prog_LEX if test -n "$LEX"; then - echo "$ac_t""$LEX" 1>&6 + echo "$as_me:$LINENO: result: $LEX" >&5 +echo "${ECHO_T}$LEX" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi + test -n "$LEX" && break +done +test -n "$LEX" || LEX=":" + if test -z "$LEXLIB" then - case "$LEX" in - flex*) ac_lib=fl ;; - *) ac_lib=l ;; - esac - echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6 -echo "configure:901: checking for yywrap in -l$ac_lib" >&5 -ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-l$ac_lib $LIBS" -cat > conftest.$ac_ext <<EOF -#line 909 "configure" -#include "confdefs.h" + echo "$as_me:$LINENO: checking for yywrap in -lfl" >&5 +echo $ECHO_N "checking for yywrap in -lfl... $ECHO_C" >&6 +if test "${ac_cv_lib_fl_yywrap+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lfl $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char yywrap(); + builtin and then its argument prototype would still apply. */ +char yywrap (); +int +main () +{ +yywrap (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_fl_yywrap=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_fl_yywrap=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_fl_yywrap" >&5 +echo "${ECHO_T}$ac_cv_lib_fl_yywrap" >&6 +if test $ac_cv_lib_fl_yywrap = yes; then + LEXLIB="-lfl" +else + echo "$as_me:$LINENO: checking for yywrap in -ll" >&5 +echo $ECHO_N "checking for yywrap in -ll... $ECHO_C" >&6 +if test "${ac_cv_lib_l_yywrap+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ll $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char yywrap (); +int +main () +{ +yywrap (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_l_yywrap=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_l_yywrap=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_l_yywrap" >&5 +echo "${ECHO_T}$ac_cv_lib_l_yywrap" >&6 +if test $ac_cv_lib_l_yywrap = yes; then + LEXLIB="-ll" +fi + +fi + +fi + +if test "x$LEX" != "x:"; then + echo "$as_me:$LINENO: checking lex output file root" >&5 +echo $ECHO_N "checking lex output file root... $ECHO_C" >&6 +if test "${ac_cv_prog_lex_root+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # The minimal lex program is just a single line: %%. But some broken lexes +# (Solaris, I think it was) want two %% lines, so accommodate them. +cat >conftest.l <<_ACEOF +%% +%% +_ACEOF +{ (eval echo "$as_me:$LINENO: \"$LEX conftest.l\"") >&5 + (eval $LEX conftest.l) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } +if test -f lex.yy.c; then + ac_cv_prog_lex_root=lex.yy +elif test -f lexyy.c; then + ac_cv_prog_lex_root=lexyy +else + { { echo "$as_me:$LINENO: error: cannot find output from $LEX; giving up" >&5 +echo "$as_me: error: cannot find output from $LEX; giving up" >&2;} + { (exit 1); exit 1; }; } +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_lex_root" >&5 +echo "${ECHO_T}$ac_cv_prog_lex_root" >&6 +rm -f conftest.l +LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root + +echo "$as_me:$LINENO: checking whether yytext is a pointer" >&5 +echo $ECHO_N "checking whether yytext is a pointer... $ECHO_C" >&6 +if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # POSIX says lex can declare yytext either as a pointer or an array; the +# default is implementation-dependent. Figure out which it is, since +# not all implementations provide the %pointer and %array declarations. +ac_cv_prog_lex_yytext_pointer=no +echo 'extern char *yytext;' >>$LEX_OUTPUT_ROOT.c +ac_save_LIBS=$LIBS +LIBS="$LIBS $LEXLIB" +cat >conftest.$ac_ext <<_ACEOF +`cat $LEX_OUTPUT_ROOT.c` +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_prog_lex_yytext_pointer=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_save_LIBS +rm -f "${LEX_OUTPUT_ROOT}.c" + +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_lex_yytext_pointer" >&5 +echo "${ECHO_T}$ac_cv_prog_lex_yytext_pointer" >&6 +if test $ac_cv_prog_lex_yytext_pointer = yes; then + +cat >>confdefs.h <<\_ACEOF +#define YYTEXT_POINTER 1 +_ACEOF + +fi + +fi +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f $ac_dir/shtool; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 +echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} + { (exit 1); exit 1; }; } +fi +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +echo "$as_me:$LINENO: checking for a BSD-compatible install" >&5 +echo $ECHO_N "checking for a BSD-compatible install... $ECHO_C" >&6 +if test -z "$INSTALL"; then +if test "${ac_cv_path_install+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in + ./ | .// | /cC/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:\\/os2\\/install\\/* | ?:\\/OS2\\/INSTALL\\/* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + done + done + ;; +esac +done -int main() { -yywrap() -; return 0; } -EOF -if { (eval echo configure:920: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - LEXLIB="-l$ac_lib" -else - echo "$ac_t""no" 1>&6 + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL=$ac_install_sh + fi fi +echo "$as_me:$LINENO: result: $INSTALL" >&5 +echo "${ECHO_T}$INSTALL" >&6 -fi +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' -echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 -echo "configure:943: checking whether ln -s works" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - rm -f conftestdata -if ln -s X conftestdata 2>/dev/null -then - rm -f conftestdata - ac_cv_prog_LN_S="ln -s" -else - ac_cv_prog_LN_S=ln -fi -fi -LN_S="$ac_cv_prog_LN_S" -if test "$ac_cv_prog_LN_S" = "ln -s"; then - echo "$ac_t""yes" 1>&6 +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo "$as_me:$LINENO: checking whether ln -s works" >&5 +echo $ECHO_N "checking whether ln -s works... $ECHO_C" >&6 +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no, using $LN_S" >&5 +echo "${ECHO_T}no, using $LN_S" >&6 fi -echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 -echo "configure:964: checking whether ${MAKE-make} sets \${MAKE}" >&5 -set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +echo $ECHO_N "checking whether ${MAKE-make} sets \$(MAKE)... $ECHO_C" >&6 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y,:./+-,___p_,'` +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftestmake <<\EOF + cat >conftest.make <<\_ACEOF all: - @echo 'ac_maketemp="${MAKE}"' -EOF + @echo 'ac_maketemp="$(MAKE)"' +_ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. -eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +eval `${MAKE-make} -f conftest.make 2>/dev/null | grep temp=` if test -n "$ac_maketemp"; then eval ac_cv_prog_make_${ac_make}_set=yes else eval ac_cv_prog_make_${ac_make}_set=no fi -rm -f conftestmake +rm -f conftest.make fi if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then - echo "$ac_t""yes" 1>&6 + echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6 SET_MAKE= else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 SET_MAKE="MAKE=${MAKE-make}" fi @@ -991,48 +2748,56 @@ fi # Check whether --enable-debug or --disable-debug was given. if test "${enable_debug+set}" = set; then enableval="$enable_debug" - WITH_DEBUG=yes ; cat >> confdefs.h <<\EOF + WITH_DEBUG=yes ; cat >>confdefs.h <<\_ACEOF #define DEBUG 1 -EOF - +_ACEOF + else WITH_DEBUG=no -fi - +fi; # Check whether --enable-memory-debug or --disable-memory-debug was given. if test "${enable_memory_debug+set}" = set; then enableval="$enable_memory_debug" - WITH_MEMORY_DEBUG=yes ; cat >> confdefs.h <<\EOF + WITH_MEMORY_DEBUG=yes ; cat >>confdefs.h <<\_ACEOF #define MEMORY_DEBUG 1 -EOF - +_ACEOF + else WITH_MEMORY_DEBUG=no -fi - +fi; # Check whether --enable-libdebug or --disable-libdebug was given. if test "${enable_libdebug+set}" = set; then enableval="$enable_libdebug" - WITH_LIBDEBUG=yes ; cat >> confdefs.h <<\EOF + WITH_LIBDEBUG=yes ; cat >>confdefs.h <<\_ACEOF #define WITH_LIBDEBUG 1 -EOF - +_ACEOF + else WITH_LIBDEBUG=no -fi +fi; +# Check whether --enable-prelude or --disable-prelude was given. +if test "${enable_prelude+set}" = set; then + enableval="$enable_prelude" + WITH_PRELUDE=yes ; cat >>confdefs.h <<\_ACEOF +#define WITH_PRELUDE 1 +_ACEOF + +else + WITH_PRELUDE=no +fi; + # Check whether --enable-fakeroot or --disable-fakeroot was given. if test "${enable_fakeroot+set}" = set; then enableval="$enable_fakeroot" FAKEROOT=$enableval -fi - +fi; # Check whether --enable-securedir or --disable-securedir was given. @@ -1041,9 +2806,24 @@ if test "${enable_securedir+set}" = set; then SECUREDIR=$enableval else SECUREDIR=$libdir/security -fi +fi; + + +# Check whether --enable-isadir or --disable-isadir was given. +if test "${enable_isadir+set}" = set; then + enableval="$enable_isadir" + ISA=$enableval +else + ISA=../../`basename $libdir`/security +fi; +unset mylibdirbase +cat >>confdefs.h <<_ACEOF +#define _PAM_ISA "$ISA" +_ACEOF +echo "$as_me:$LINENO: result: Defining \$ISA to \\"$ISA\\"." >&5 +echo "${ECHO_T}Defining \$ISA to \\"$ISA\\"." >&6 # Check whether --enable-sconfigdir or --disable-sconfigdir was given. if test "${enable_sconfigdir+set}" = set; then @@ -1051,8 +2831,7 @@ if test "${enable_sconfigdir+set}" = set; then SCONFIGDIR=$enableval else SCONFIGDIR=$sysconfdir/security -fi - +fi; # Check whether --enable-suplementedir or --disable-suplementedir was given. @@ -1061,8 +2840,7 @@ if test "${enable_suplementedir+set}" = set; then SUPLEMENTED=$enableval else SUPLEMENTED=$sbindir -fi - +fi; # Check whether --enable-includedir or --disable-includedir was given. @@ -1071,8 +2849,7 @@ if test "${enable_includedir+set}" = set; then INCLUDEDIR=$enableval else INCLUDEDIR=/usr/include -fi - +fi; # Check whether --enable-docdir or --disable-docdir was given. @@ -1081,8 +2858,7 @@ if test "${enable_docdir+set}" = set; then DOCDIR=$enableval else DOCDIR=/usr/share/doc/pam -fi - +fi; # Check whether --enable-mandir or --disable-mandir was given. @@ -1091,52 +2867,47 @@ if test "${enable_mandir+set}" = set; then MANDIR=$enableval else MANDIR=/usr/share/man -fi - +fi; # Check whether --enable-pamlocking or --disable-pamlocking was given. if test "${enable_pamlocking+set}" = set; then enableval="$enable_pamlocking" - WITH_PAMLOCKING=yes ; cat >> confdefs.h <<\EOF + WITH_PAMLOCKING=yes ; cat >>confdefs.h <<\_ACEOF #define PAM_LOCKING 1 -EOF - +_ACEOF + else WITH_PAMLOCKING=no -fi - +fi; # Check whether --enable-uglyhack or --disable-uglyhack was given. if test "${enable_uglyhack+set}" = set; then enableval="$enable_uglyhack" - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\_ACEOF #define UGLY_HACK_FOR_PRIOR_BEHAVIOR_SUPPORT 1 -EOF - -fi +_ACEOF +fi; # Check whether --enable-read-both-confs or --disable-read-both-confs was given. if test "${enable_read_both_confs+set}" = set; then enableval="$enable_read_both_confs" - cat >> confdefs.h <<\EOF + cat >>confdefs.h <<\_ACEOF #define PAM_READ_BOTH_CONFS 1 -EOF - -fi +_ACEOF +fi; # Check whether --enable-static-libpam or --disable-static-libpam was given. if test "${enable_static_libpam+set}" = set; then enableval="$enable_static_libpam" - STATIC_LIBPAM=yes + STATIC_LIBPAM=yes else STATIC_LIBPAM=no -fi - +fi; # Check whether --enable-dynamic-libpam or --disable-dynamic-libpam was given. @@ -1145,8 +2916,7 @@ if test "${enable_dynamic_libpam+set}" = set; then DYNAMIC_LIBPAM=no else DYNAMIC_LIBPAM=yes -fi - +fi; DYNAMIC=-DPAM_DYNAMIC @@ -1156,8 +2926,7 @@ DYNAMIC=-DPAM_DYNAMIC if test "${enable_static_modules+set}" = set; then enableval="$enable_static_modules" STATIC=-DPAM_STATIC -fi - +fi; # Check whether --enable-lckpwdf or --disable-lckpwdf was given. @@ -1166,145 +2935,665 @@ if test "${enable_lckpwdf+set}" = set; then WITH_LCKPWDF=no else WITH_LCKPWDF=yes -fi +fi; - -echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1175: checking how to run the C preprocessor" >&5 +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +echo "$as_me:$LINENO: checking how to run the C preprocessor" >&5 +echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then -if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + if test "${ac_cv_prog_CPP+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + : +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue else - # This must be in double quotes, not single quotes, because CPP may get - # substituted into the Makefile and "${CC-cc}" will confuse make. - CPP="${CC-cc} -E" + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +echo "$as_me:$LINENO: result: $CPP" >&5 +echo "${ECHO_T}$CPP" >&6 +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + # <limits.h> exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. - cat > conftest.$ac_ext <<EOF -#line 1190 "configure" -#include "confdefs.h" -#include <assert.h> -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1196: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then + # not just through cpp. "Syntax error" is here to catch this case. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + Syntax error +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then : else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -E -traditional-cpp" - cat > conftest.$ac_ext <<EOF -#line 1207 "configure" -#include "confdefs.h" -#include <assert.h> -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1213: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.$ac_ext + + # OK, works on sane cases. Now check whether non-existent headers + # can be detected and how. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ac_nonexistent.h> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes +fi +if test -z "$ac_cpp_err"; then + # Broken: success on invalid input. +continue +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP="${CC-cc} -nologo -E" - cat > conftest.$ac_ext <<EOF -#line 1224 "configure" -#include "confdefs.h" -#include <assert.h> -Syntax Error -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1230: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then + { { echo "$as_me:$LINENO: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&5 +echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details." >&2;} + { (exit 1); exit 1; }; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +echo "$as_me:$LINENO: checking for egrep" >&5 +echo $ECHO_N "checking for egrep... $ECHO_C" >&6 +if test "${ac_cv_prog_egrep+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + if echo a | (grep -E '(a|b)') >/dev/null 2>&1 + then ac_cv_prog_egrep='grep -E' + else ac_cv_prog_egrep='egrep' + fi +fi +echo "$as_me:$LINENO: result: $ac_cv_prog_egrep" >&5 +echo "${ECHO_T}$ac_cv_prog_egrep" >&6 + EGREP=$ac_cv_prog_egrep + + +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_header_stdc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <string.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - CPP=/lib/cpp + ac_cv_header_stdc=no fi rm -f conftest* + fi -rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <stdlib.h> + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then + : +else + ac_cv_header_stdc=no fi rm -f conftest* - ac_cv_prog_CPP="$CPP" + fi - CPP="$ac_cv_prog_CPP" + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then + : +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <ctype.h> +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + : else - ac_cv_prog_CPP="$CPP" + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 +if test $ac_cv_header_stdc = yes; then + +cat >>confdefs.h <<\_ACEOF +#define STDC_HEADERS 1 +_ACEOF + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. + + + + + + + + + +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default + +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + fi -echo "$ac_t""$CPP" 1>&6 -for ac_hdr in paths.h +done + + + +for ac_header in paths.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1258: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 1263 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1268: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + fi + done + # Check whether --with-mailspool or --without-mailspool was given. if test "${with_mailspool+set}" = set; then withval="$with_mailspool" with_mailspool=${withval} -fi - +fi; if test x$with_mailspool != x ; then pam_mail_spool="\"$with_mailspool\"" else if test "$cross_compiling" = yes; then pam_mail_spool="\"/var/spool/mail\"" else - cat > conftest.$ac_ext <<EOF -#line 1307 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <paths.h> int main() { @@ -1314,816 +3603,1472 @@ exit(0); exit(1); #endif } -EOF -if { (eval echo configure:1319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then pam_mail_spool="_PATH_MAILDIR" else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - pam_mail_spool="\"/var/spool/mail\"" + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +pam_mail_spool="\"/var/spool/mail\"" fi -rm -fr conftest* +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi -cat >> confdefs.h <<EOF +cat >>confdefs.h <<_ACEOF #define PAM_PATH_MAILDIR $pam_mail_spool -EOF +_ACEOF -echo $ac_n "checking for __libc_sched_setscheduler in -lc""... $ac_c" 1>&6 -echo "configure:1338: checking for __libc_sched_setscheduler in -lc" >&5 -ac_lib_var=`echo c'_'__libc_sched_setscheduler | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for __libc_sched_setscheduler in -lc" >&5 +echo $ECHO_N "checking for __libc_sched_setscheduler in -lc... $ECHO_C" >&6 +if test "${ac_cv_lib_c___libc_sched_setscheduler+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1346 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char __libc_sched_setscheduler(); - -int main() { -__libc_sched_setscheduler() -; return 0; } -EOF -if { (eval echo configure:1357: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char __libc_sched_setscheduler (); +int +main () +{ +__libc_sched_setscheduler (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_c___libc_sched_setscheduler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_c___libc_sched_setscheduler=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_c___libc_sched_setscheduler" >&5 +echo "${ECHO_T}$ac_cv_lib_c___libc_sched_setscheduler" >&6 +if test $ac_cv_lib_c___libc_sched_setscheduler = yes; then PAM_NEEDS_LIBC= else - echo "$ac_t""no" 1>&6 -PAM_NEEDS_LIBC=-lc + PAM_NEEDS_LIBC=-lc fi -echo $ac_n "checking for lckpwdf in -lc""... $ac_c" 1>&6 -echo "configure:1381: checking for lckpwdf in -lc" >&5 -ac_lib_var=`echo c'_'lckpwdf | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for lckpwdf in -lc" >&5 +echo $ECHO_N "checking for lckpwdf in -lc... $ECHO_C" >&6 +if test "${ac_cv_lib_c_lckpwdf+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lc $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1389 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char lckpwdf(); - -int main() { -lckpwdf() -; return 0; } -EOF -if { (eval echo configure:1400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char lckpwdf (); +int +main () +{ +lckpwdf (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_c_lckpwdf=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_c_lckpwdf=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_c_lckpwdf" >&5 +echo "${ECHO_T}$ac_cv_lib_c_lckpwdf" >&6 +if test $ac_cv_lib_c_lckpwdf = yes; then HAVE_LCKPWDF=yes else - echo "$ac_t""no" 1>&6 -HAVE_LCKPWDF=no + HAVE_LCKPWDF=no fi -echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 -echo "configure:1424: checking for dlopen in -ldl" >&5 -ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for dlopen in -ldl" >&5 +echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6 +if test "${ac_cv_lib_dl_dlopen+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1432 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char dlopen(); - -int main() { -dlopen() -; return 0; } -EOF -if { (eval echo configure:1443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char dlopen (); +int +main () +{ +dlopen (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_dl_dlopen=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_dl_dlopen=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_dl_dlopen" >&5 +echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6 +if test $ac_cv_lib_dl_dlopen = yes; then LIBDL=-ldl -else - echo "$ac_t""no" 1>&6 fi - -echo $ac_n "checking for FascistCheck in -lcrack""... $ac_c" 1>&6 -echo "configure:1466: checking for FascistCheck in -lcrack" >&5 -ac_lib_var=`echo crack'_'FascistCheck | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + +echo "$as_me:$LINENO: checking for FascistCheck in -lcrack" >&5 +echo $ECHO_N "checking for FascistCheck in -lcrack... $ECHO_C" >&6 +if test "${ac_cv_lib_crack_FascistCheck+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrack $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1474 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char FascistCheck(); - -int main() { -FascistCheck() -; return 0; } -EOF -if { (eval echo configure:1485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBCRACK=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char FascistCheck (); +int +main () +{ +FascistCheck (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_crack_FascistCheck=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_crack_FascistCheck=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_crack_FascistCheck" >&5 +echo "${ECHO_T}$ac_cv_lib_crack_FascistCheck" >&6 +if test $ac_cv_lib_crack_FascistCheck = yes; then + HAVE_LIBCRACK=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBCRACK 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBCRACK=no + HAVE_LIBCRACK=no fi -echo $ac_n "checking for fcrypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1512: checking for fcrypt in -lcrypt" >&5 -ac_lib_var=`echo crypt'_'fcrypt | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for crypt in -lcrypt" >&5 +echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 +if test "${ac_cv_lib_crypt_crypt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1520 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char fcrypt(); - -int main() { -fcrypt() -; return 0; } -EOF -if { (eval echo configure:1531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBCRYPT=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char crypt (); +int +main () +{ +crypt (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_crypt_crypt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_crypt_crypt=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_crypt_crypt" >&5 +echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 +if test $ac_cv_lib_crypt_crypt = yes; then + HAVE_LIBCRYPT=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBCRYPT 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBCRYPT=no + HAVE_LIBCRYPT=no fi -echo $ac_n "checking for logwtmp in -lutil""... $ac_c" 1>&6 -echo "configure:1557: checking for logwtmp in -lutil" >&5 -ac_lib_var=`echo util'_'logwtmp | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for logwtmp in -lutil" >&5 +echo $ECHO_N "checking for logwtmp in -lutil... $ECHO_C" >&6 +if test "${ac_cv_lib_util_logwtmp+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lutil $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1565 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char logwtmp(); - -int main() { -logwtmp() -; return 0; } -EOF -if { (eval echo configure:1576: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBUTIL=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char logwtmp (); +int +main () +{ +logwtmp (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_util_logwtmp=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_util_logwtmp=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_util_logwtmp" >&5 +echo "${ECHO_T}$ac_cv_lib_util_logwtmp" >&6 +if test $ac_cv_lib_util_logwtmp = yes; then + HAVE_LIBUTIL=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBUTIL 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBUTIL=no + HAVE_LIBUTIL=no fi -echo $ac_n "checking for dbm_store in -lndbm""... $ac_c" 1>&6 -echo "configure:1602: checking for dbm_store in -lndbm" >&5 -ac_lib_var=`echo ndbm'_'dbm_store | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for dbm_store in -lndbm" >&5 +echo $ECHO_N "checking for dbm_store in -lndbm... $ECHO_C" >&6 +if test "${ac_cv_lib_ndbm_dbm_store+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lndbm $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1610 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char dbm_store(); - -int main() { -dbm_store() -; return 0; } -EOF -if { (eval echo configure:1621: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBNDBM=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char dbm_store (); +int +main () +{ +dbm_store (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_ndbm_dbm_store=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_ndbm_dbm_store=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_ndbm_dbm_store" >&5 +echo "${ECHO_T}$ac_cv_lib_ndbm_dbm_store" >&6 +if test $ac_cv_lib_ndbm_dbm_store = yes; then + HAVE_LIBNDBM=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBNDBM 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBNDBM=no + HAVE_LIBNDBM=no fi -echo $ac_n "checking for dbm_store in -ldb""... $ac_c" 1>&6 -echo "configure:1647: checking for dbm_store in -ldb" >&5 -ac_lib_var=`echo db'_'dbm_store | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for dbm_store in -ldb" >&5 +echo $ECHO_N "checking for dbm_store in -ldb... $ECHO_C" >&6 +if test "${ac_cv_lib_db_dbm_store+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldb $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1655 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char dbm_store(); - -int main() { -dbm_store() -; return 0; } -EOF -if { (eval echo configure:1666: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBDB=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char dbm_store (); +int +main () +{ +dbm_store (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_db_dbm_store=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_db_dbm_store=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_db_dbm_store" >&5 +echo "${ECHO_T}$ac_cv_lib_db_dbm_store" >&6 +if test $ac_cv_lib_db_dbm_store = yes; then + HAVE_LIBDB=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBDB 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBDB=no + HAVE_LIBDB=no fi if test x$HAVE_LIBDB != xyes ; then - echo $ac_n "checking for db_create in -ldb""... $ac_c" 1>&6 -echo "configure:1692: checking for db_create in -ldb" >&5 -ac_lib_var=`echo db'_'db_create | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:$LINENO: checking for db_create in -ldb" >&5 +echo $ECHO_N "checking for db_create in -ldb... $ECHO_C" >&6 +if test "${ac_cv_lib_db_db_create+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ldb $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1700 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char db_create(); - -int main() { -db_create() -; return 0; } -EOF -if { (eval echo configure:1711: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBDB=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char db_create (); +int +main () +{ +db_create (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_db_db_create=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_db_db_create=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_db_db_create" >&5 +echo "${ECHO_T}$ac_cv_lib_db_db_create" >&6 +if test $ac_cv_lib_db_db_create = yes; then + HAVE_LIBDB=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBDB 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBDB=no + HAVE_LIBDB=no fi fi -echo $ac_n "checking for yylex in -lfl""... $ac_c" 1>&6 -echo "configure:1738: checking for yylex in -lfl" >&5 -ac_lib_var=`echo fl'_'yylex | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for yylex in -lfl" >&5 +echo $ECHO_N "checking for yylex in -lfl... $ECHO_C" >&6 +if test "${ac_cv_lib_fl_yylex+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lfl HAVE_LIBFL=no $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1746 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char yylex(); - -int main() { -yylex() -; return 0; } -EOF -if { (eval echo configure:1757: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 + builtin and then its argument prototype would still apply. */ +char yylex (); +int +main () +{ +yylex (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_fl_yylex=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_fl_yylex=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_fl_yylex" >&5 +echo "${ECHO_T}$ac_cv_lib_fl_yylex" >&6 +if test $ac_cv_lib_fl_yylex = yes; then yyterminate else - echo "$ac_t""no" 1>&6 -HAVE_LIBFL=yes ; cat >> confdefs.h <<\EOF + HAVE_LIBFL=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBFL 1 -EOF +_ACEOF fi -echo $ac_n "checking for yp_maplist in -lnsl""... $ac_c" 1>&6 -echo "configure:1783: checking for yp_maplist in -lnsl" >&5 -ac_lib_var=`echo nsl'_'yp_maplist | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for yp_maplist in -lnsl" >&5 +echo $ECHO_N "checking for yp_maplist in -lnsl... $ECHO_C" >&6 +if test "${ac_cv_lib_nsl_yp_maplist+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1791 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char yp_maplist(); - -int main() { -yp_maplist() -; return 0; } -EOF -if { (eval echo configure:1802: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBNSL=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char yp_maplist (); +int +main () +{ +yp_maplist (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_nsl_yp_maplist=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_nsl_yp_maplist=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_nsl_yp_maplist" >&5 +echo "${ECHO_T}$ac_cv_lib_nsl_yp_maplist" >&6 +if test $ac_cv_lib_nsl_yp_maplist = yes; then + HAVE_LIBNSL=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBNSL 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBNSL=no + HAVE_LIBNSL=no fi -echo $ac_n "checking for pwdb_db_name in -lpwdb""... $ac_c" 1>&6 -echo "configure:1828: checking for pwdb_db_name in -lpwdb" >&5 -ac_lib_var=`echo pwdb'_'pwdb_db_name | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-lpwdb $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1836 "configure" -#include "confdefs.h" -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char pwdb_db_name(); -int main() { -pwdb_db_name() -; return 0; } -EOF -if { (eval echo configure:1847: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" +if test $HAVE_LIBNSL = yes ; then + pwdblibs="$pwdblibs -lnsl" fi -rm -f conftest* -LIBS="$ac_save_LIBS" +echo "$as_me:$LINENO: checking for pwdb_db_name in -lpwdb" >&5 +echo $ECHO_N "checking for pwdb_db_name in -lpwdb... $ECHO_C" >&6 +if test "${ac_cv_lib_pwdb_pwdb_db_name+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpwdb $pwdblibs $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBPWDB=yes ; cat >> confdefs.h <<\EOF +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char pwdb_db_name (); +int +main () +{ +pwdb_db_name (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_pwdb_pwdb_db_name=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_pwdb_pwdb_db_name=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_pwdb_pwdb_db_name" >&5 +echo "${ECHO_T}$ac_cv_lib_pwdb_pwdb_db_name" >&6 +if test $ac_cv_lib_pwdb_pwdb_db_name = yes; then + HAVE_LIBPWDB=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBPWDB 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBPWDB=no + HAVE_LIBPWDB=no fi -echo $ac_n "checking for yywrap in -lfl""... $ac_c" 1>&6 -echo "configure:1873: checking for yywrap in -lfl" >&5 -ac_lib_var=`echo fl'_'yywrap | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +unset pwdblibs + +echo "$as_me:$LINENO: checking for yywrap in -lfl" >&5 +echo $ECHO_N "checking for yywrap in -lfl... $ECHO_C" >&6 +if test "${ac_cv_lib_fl_yywrap+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-lfl $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1881 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char yywrap(); - -int main() { -yywrap() -; return 0; } -EOF -if { (eval echo configure:1892: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBFLEX=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char yywrap (); +int +main () +{ +yywrap (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_fl_yywrap=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_fl_yywrap=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_fl_yywrap" >&5 +echo "${ECHO_T}$ac_cv_lib_fl_yywrap" >&6 +if test $ac_cv_lib_fl_yywrap = yes; then + HAVE_LIBFLEX=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBFLEX 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBFLEX=no + HAVE_LIBFLEX=no fi -echo $ac_n "checking for yywrap in -ll""... $ac_c" 1>&6 -echo "configure:1918: checking for yywrap in -ll" >&5 -ac_lib_var=`echo l'_'yywrap | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for yywrap in -ll" >&5 +echo $ECHO_N "checking for yywrap in -ll... $ECHO_C" >&6 +if test "${ac_cv_lib_l_yywrap+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" + ac_check_lib_save_LIBS=$LIBS LIBS="-ll $LIBS" -cat > conftest.$ac_ext <<EOF -#line 1926 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char yywrap(); - -int main() { -yywrap() -; return 0; } -EOF -if { (eval echo configure:1937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" -fi -rm -f conftest* -LIBS="$ac_save_LIBS" - -fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - HAVE_LIBLEX=yes ; cat >> confdefs.h <<\EOF + builtin and then its argument prototype would still apply. */ +char yywrap (); +int +main () +{ +yywrap (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_l_yywrap=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_l_yywrap=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_l_yywrap" >&5 +echo "${ECHO_T}$ac_cv_lib_l_yywrap" >&6 +if test $ac_cv_lib_l_yywrap = yes; then + HAVE_LIBLEX=yes ; cat >>confdefs.h <<\_ACEOF #define HAVE_LIBLEX 1 -EOF +_ACEOF else - echo "$ac_t""no" 1>&6 -HAVE_LIBLEX=no + HAVE_LIBLEX=no fi + + + + + ac_header_dirent=no -for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h -do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:1968: checking for $ac_hdr that defines DIR" >&5 -if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 1973 "configure" -#include "confdefs.h" +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_hdr that defines DIR" >&5 +echo $ECHO_N "checking for $ac_hdr that defines DIR... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <$ac_hdr> -int main() { -DIR *dirp = 0; -; return 0; } -EOF -if { (eval echo configure:1981: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_dirent_$ac_safe=no" -fi -rm -f conftest* -fi -if eval "test \"`echo '$ac_cv_header_dirent_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - ac_header_dirent=$ac_hdr; break -else - echo "$ac_t""no" 1>&6 + +int +main () +{ +if ((DIR *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_Header=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_Header=no" +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 +_ACEOF + +ac_header_dirent=$ac_hdr; break fi + done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then -echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:2006: checking for opendir in -ldir" >&5 -ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - ac_save_LIBS="$LIBS" -LIBS="-ldir $LIBS" -cat > conftest.$ac_ext <<EOF -#line 2014 "configure" -#include "confdefs.h" + echo "$as_me:$LINENO: checking for library containing opendir" >&5 +echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6 +if test "${ac_cv_search_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_func_search_save_LIBS=$LIBS +ac_cv_search_opendir=no +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char opendir(); + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="none required" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_search_opendir" = no; then + for ac_lib in dir; do + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ -int main() { -opendir() -; return 0; } -EOF -if { (eval echo configure:2025: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="-l$ac_lib" +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done fi -rm -f conftest* -LIBS="$ac_save_LIBS" - +LIBS=$ac_func_search_save_LIBS fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - LIBS="$LIBS -ldir" -else - echo "$ac_t""no" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 +echo "${ECHO_T}$ac_cv_search_opendir" >&6 +if test "$ac_cv_search_opendir" != no; then + test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS" + fi else -echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:2047: checking for opendir in -lx" >&5 -ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 + echo "$as_me:$LINENO: checking for library containing opendir" >&5 +echo $ECHO_N "checking for library containing opendir... $ECHO_C" >&6 +if test "${ac_cv_search_opendir+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_save_LIBS="$LIBS" -LIBS="-lx $LIBS" -cat > conftest.$ac_ext <<EOF -#line 2055 "configure" -#include "confdefs.h" + ac_func_search_save_LIBS=$LIBS +ac_cv_search_opendir=no +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char opendir(); + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="none required" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +if test "$ac_cv_search_opendir" = no; then + for ac_lib in x; do + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ -int main() { -opendir() -; return 0; } -EOF -if { (eval echo configure:2066: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_lib_$ac_lib_var=no" +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char opendir (); +int +main () +{ +opendir (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_search_opendir="-l$ac_lib" +break +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + done fi -rm -f conftest* -LIBS="$ac_save_LIBS" - +LIBS=$ac_func_search_save_LIBS fi -if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then - echo "$ac_t""yes" 1>&6 - LIBS="$LIBS -lx" -else - echo "$ac_t""no" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_search_opendir" >&5 +echo "${ECHO_T}$ac_cv_search_opendir" >&6 +if test "$ac_cv_search_opendir" != no; then + test "$ac_cv_search_opendir" = "none required" || LIBS="$ac_cv_search_opendir $LIBS" + fi fi -echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 -echo "configure:2089: checking for ANSI C header files" >&5 -if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for ANSI C header files" >&5 +echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 +if test "${ac_cv_header_stdc+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2094 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <stdlib.h> #include <stdarg.h> #include <string.h> #include <float.h> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2102: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_header_stdc=yes else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_stdc=no + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_stdc=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. -cat > conftest.$ac_ext <<EOF -#line 2119 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <string.h> -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "memchr" >/dev/null 2>&1; then + $EGREP "memchr" >/dev/null 2>&1; then : else - rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* @@ -2132,16 +5077,19 @@ fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. -cat > conftest.$ac_ext <<EOF -#line 2137 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <stdlib.h> -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "free" >/dev/null 2>&1; then + $EGREP "free" >/dev/null 2>&1; then : else - rm -rf conftest* ac_cv_header_stdc=no fi rm -f conftest* @@ -2150,298 +5098,918 @@ fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. -if test "$cross_compiling" = yes; then + if test "$cross_compiling" = yes; then : else - cat > conftest.$ac_ext <<EOF -#line 2158 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <ctype.h> -#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int main () { int i; for (i = 0; i < 256; i++) -if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); -exit (0); } +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif -EOF -if { (eval echo configure:2169: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + exit(2); + exit (0); +} +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then : else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_header_stdc=no + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_header_stdc=no fi -rm -fr conftest* +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi fi - -echo "$ac_t""$ac_cv_header_stdc" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_header_stdc" >&5 +echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\_ACEOF #define STDC_HEADERS 1 -EOF +_ACEOF fi -echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:2193: checking for sys/wait.h that is POSIX.1 compatible" >&5 -if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo $ECHO_N "checking for sys/wait.h that is POSIX.1 compatible... $ECHO_C" >&6 +if test "${ac_cv_header_sys_wait_h+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2198 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <sys/wait.h> #ifndef WEXITSTATUS -#define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) #endif #ifndef WIFEXITED -#define WIFEXITED(stat_val) (((stat_val) & 255) == 0) +# define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif -int main() { -int s; -wait (&s); -s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; -; return 0; } -EOF -if { (eval echo configure:2214: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + +int +main () +{ + int s; + wait (&s); + s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_header_sys_wait_h=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_sys_wait_h=no + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_sys_wait_h=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi - -echo "$ac_t""$ac_cv_header_sys_wait_h" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_header_sys_wait_h" >&5 +echo "${ECHO_T}$ac_cv_header_sys_wait_h" >&6 if test $ac_cv_header_sys_wait_h = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\_ACEOF #define HAVE_SYS_WAIT_H 1 -EOF +_ACEOF fi -for ac_hdr in fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h sys/fsuid.h + + + + + + + + + + +for ac_header in fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h termio.h unistd.h sys/fsuid.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2238: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2243 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2248: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + done -for ac_hdr in features.h + +for ac_header in features.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2279: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2284 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2289: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + done -for ac_hdr in crypt.h + +for ac_header in crypt.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2320: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2325 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2330: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + fi + done -for ac_hdr in ndbm.h db.h + + +for ac_header in ndbm.h db.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2361: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2366 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2371: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + done HAVE_NDBM_H=$ac_cv_header_ndbm_h -for ac_hdr in lastlog.h utmp.h utmpx.h + + + +for ac_header in lastlog.h utmp.h utmpx.h do -ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` -echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2404: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2409 "configure" -#include "confdefs.h" -#include <$ac_hdr> -EOF -ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2414: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` -if test -z "$ac_err"; then - rm -rf conftest* - eval "ac_cv_header_$ac_safe=yes" -else - echo "$ac_err" >&5 - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_header_$ac_safe=no" +as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 +else + # Is the header compilable? +echo "$as_me:$LINENO: checking $ac_header usability" >&5 +echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +#include <$ac_header> +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_header_compiler=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_header_compiler=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 +echo "${ECHO_T}$ac_header_compiler" >&6 + +# Is the header present? +echo "$as_me:$LINENO: checking $ac_header presence" >&5 +echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6 +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +#include <$ac_header> +_ACEOF +if { (eval echo "$as_me:$LINENO: \"$ac_cpp conftest.$ac_ext\"") >&5 + (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } >/dev/null; then + if test -s conftest.err; then + ac_cpp_err=$ac_c_preproc_warn_flag + ac_cpp_err=$ac_cpp_err$ac_c_werror_flag + else + ac_cpp_err= + fi +else + ac_cpp_err=yes fi -rm -f conftest* +if test -z "$ac_cpp_err"; then + ac_header_preproc=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_header_preproc=no fi -if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` - cat >> confdefs.h <<EOF -#define $ac_tr_hdr 1 -EOF - +rm -f conftest.err conftest.$ac_ext +echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 +echo "${ECHO_T}$ac_header_preproc" >&6 + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in + yes:no: ) + { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 +echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} + ac_header_preproc=yes + ;; + no:yes:* ) + { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 +echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 +echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 +echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 +echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 +echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} + { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 +echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} + ( + cat <<\_ASBOX +## ------------------------------------------ ## +## Report this to the AC_PACKAGE_NAME lists. ## +## ------------------------------------------ ## +_ASBOX + ) | + sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac +echo "$as_me:$LINENO: checking for $ac_header" >&5 +echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 +if eval "test \"\${$as_ac_Header+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - echo "$ac_t""no" 1>&6 + eval "$as_ac_Header=\$ac_header_preproc" +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 + +fi +if test `eval echo '${'$as_ac_Header'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + fi + done -echo $ac_n "checking path to cracklib dictionary""... $ac_c" 1>&6 -echo "configure:2443: checking path to cracklib dictionary" >&5 +echo "$as_me:$LINENO: checking path to cracklib dictionary" >&5 +echo $ECHO_N "checking path to cracklib dictionary... $ECHO_C" >&6 DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ - /usr/local/lib /usr/local/share/lib" + /usr/local/lib /usr/local/share/lib /usr/share/cracklib" DICT_FILE_CANDIDATES="pw_dict cracklib_dict" CRACKLIB_DICTPATH="" for d in $DICT_DIR_CANDIDATES ; do @@ -2456,9 +6024,11 @@ for d in $DICT_DIR_CANDIDATES ; do done done if test -z "$CRACKLIB_DICTPATH" ; then - echo "$ac_t""none found" 1>&6 + { echo "$as_me:$LINENO: WARNING: none found - pam_cracklib will not be built" >&5 +echo "$as_me: WARNING: none found - pam_cracklib will not be built" >&2;} else - echo "$ac_t""$CRACKLIB_DICTPATH" 1>&6 + echo "$as_me:$LINENO: result: $CRACKLIB_DICTPATH" >&5 +echo "${ECHO_T}$CRACKLIB_DICTPATH" >&6 fi @@ -2469,19 +6039,19 @@ GCC_WARNINGS="-Wall -Wwrite-strings \ -Wnested-externs -Winline -Wshadow" if test "$GCC" = yes; then - CC=gcc ; + CC=gcc ; ### May need per-OS attention ### Example: -D_POSIX_SOURCE: needed on Linux but harms Solaris. case $OS in linux) - OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" - LD_D="gcc -shared -Xlinker -x" + OS_CFLAGS= + LD_D="$CC -shared $LDFLAGS" WARNINGS="$GCC_WARNINGS" PIC="-fPIC" DYNTYPE=so - LD=ld - LD_L="$LD -x -shared" - RANLIB=ranlib + LD=gcc + LD_L="$CC -shared $LDFLAGS" + RANLIB=: STRIP=strip CC_STATIC="-Xlinker -export-dynamic" ;; @@ -2491,7 +6061,7 @@ if test "$GCC" = yes; then WARNINGS="$GCC_WARNINGS" PIC="-fPIC" DYNTYPE=so - LD=ld + LD=ld LD_L="$LD -x -shared" RANLIB=ranlib STRIP=strip @@ -2500,7 +6070,7 @@ if test "$GCC" = yes; then aix) OS_CFLAGS="" DYNTYPE=lo - LD=ld + LD=ld LD_L=ld -bexpall -bM:SRE -bnoentry LD_D="$LD_L" RANLIB=ranlib @@ -2566,63 +6136,182 @@ fi -echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 -echo "configure:2571: checking whether byte ordering is bigendian" >&5 -if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking whether byte ordering is bigendian" >&5 +echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 +if test "${ac_cv_c_bigendian+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - ac_cv_c_bigendian=unknown -# See if sys/param.h defines the BYTE_ORDER macro. -cat > conftest.$ac_ext <<EOF -#line 2578 "configure" -#include "confdefs.h" + # See if sys/param.h defines the BYTE_ORDER macro. +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <sys/param.h> -int main() { +int +main () +{ #if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN bogus endian macros #endif -; return 0; } -EOF -if { (eval echo configure:2589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then # It does; now see whether it defined to BIG_ENDIAN or not. -cat > conftest.$ac_ext <<EOF -#line 2593 "configure" -#include "confdefs.h" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <sys/param.h> -int main() { +int +main () +{ #if BYTE_ORDER != BIG_ENDIAN not big endian #endif -; return 0; } -EOF -if { (eval echo configure:2604: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_c_bigendian=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_c_bigendian=no + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_bigendian=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 -fi -rm -f conftest* -if test $ac_cv_c_bigendian = unknown; then + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +# It does not; compile a test program. if test "$cross_compiling" = yes; then - { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + # try to guess the endianness by grepping values into an object file + ac_cv_c_bigendian=unknown + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +short ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; +short ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; +void _ascii () { char *s = (char *) ascii_mm; s = (char *) ascii_ii; } +short ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; +short ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; +void _ebcdic () { char *s = (char *) ebcdic_mm; s = (char *) ebcdic_ii; } +int +main () +{ + _ascii (); _ebcdic (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + if grep BIGenDianSyS conftest.$ac_objext >/dev/null ; then + ac_cv_c_bigendian=yes +fi +if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi +fi +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext else - cat > conftest.$ac_ext <<EOF -#line 2624 "configure" -#include "confdefs.h" -main () { + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +int +main () +{ /* Are we little or big endian? From Harbison&Steele. */ union { @@ -2632,326 +6321,545 @@ main () { u.l = 1; exit (u.c[sizeof (long) - 1] == 1); } -EOF -if { (eval echo configure:2637: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_c_bigendian=no else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_c_bigendian=yes + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_c_bigendian=yes fi -rm -fr conftest* +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi +echo "$as_me:$LINENO: result: $ac_cv_c_bigendian" >&5 +echo "${ECHO_T}$ac_cv_c_bigendian" >&6 +case $ac_cv_c_bigendian in + yes) -echo "$ac_t""$ac_cv_c_bigendian" 1>&6 -if test $ac_cv_c_bigendian = yes; then - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\_ACEOF #define WORDS_BIGENDIAN 1 -EOF - -fi - -echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:2661: checking for working const" >&5 -if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 2666 "configure" -#include "confdefs.h" - -int main() { +_ACEOF + ;; + no) + ;; + *) + { { echo "$as_me:$LINENO: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&5 +echo "$as_me: error: unknown endianness +presetting ac_cv_c_bigendian=no (or yes) will help" >&2;} + { (exit 1); exit 1; }; } ;; +esac + +echo "$as_me:$LINENO: checking for an ANSI C-conforming const" >&5 +echo $ECHO_N "checking for an ANSI C-conforming const... $ECHO_C" >&6 +if test "${ac_cv_c_const+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +int +main () +{ +/* FIXME: Include the comments suggested by Paul. */ +#ifndef __cplusplus + /* Ultrix mips cc rejects this. */ + typedef int charset[2]; + const charset x; + /* SunOS 4.1.1 cc rejects this. */ + char const *const *ccp; + char **p; + /* NEC SVR4.0.2 mips cc rejects this. */ + struct point {int x, y;}; + static struct point const zero = {0,0}; + /* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in + an arm of an if-expression whose if-part is not a constant + expression */ + const char *g = "string"; + ccp = &g + (g ? g-g : 0); + /* HPUX 7.0 cc rejects these. */ + ++ccp; + p = (char**) ccp; + ccp = (char const *const *) p; + { /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; + } + { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; + } + { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; + } + { /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; + } + { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; + } +#endif -/* Ultrix mips cc rejects this. */ -typedef int charset[2]; const charset x; -/* SunOS 4.1.1 cc rejects this. */ -char const *const *ccp; -char **p; -/* NEC SVR4.0.2 mips cc rejects this. */ -struct point {int x, y;}; -static struct point const zero = {0,0}; -/* AIX XL C 1.02.0.0 rejects this. - It does not let you subtract one const X* pointer from another in an arm - of an if-expression whose if-part is not a constant expression */ -const char *g = "string"; -ccp = &g + (g ? g-g : 0); -/* HPUX 7.0 cc rejects these. */ -++ccp; -p = (char**) ccp; -ccp = (char const *const *) p; -{ /* SCO 3.2v4 cc rejects this. */ - char *t; - char const *s = 0 ? (char *) 0 : (char const *) 0; - - *t++ = 0; -} -{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ - int x[] = {25, 17}; - const int *foo = &x[0]; - ++foo; -} -{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ - typedef const int *iptr; - iptr p = 0; - ++p; + ; + return 0; } -{ /* AIX XL C 1.02.0.0 rejects this saying - "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ - struct s { int j; const int *ap[3]; }; - struct s *b; b->j = 5; -} -{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ - const int foo = 10; -} - -; return 0; } -EOF -if { (eval echo configure:2715: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_c_const=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_c_const=no + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_c_const=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi - -echo "$ac_t""$ac_cv_c_const" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_c_const" >&5 +echo "${ECHO_T}$ac_cv_c_const" >&6 if test $ac_cv_c_const = no; then - cat >> confdefs.h <<\EOF -#define const -EOF + +cat >>confdefs.h <<\_ACEOF +#define const +_ACEOF fi -echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 -echo "configure:2736: checking for uid_t in sys/types.h" >&5 -if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for uid_t in sys/types.h" >&5 +echo $ECHO_N "checking for uid_t in sys/types.h... $ECHO_C" >&6 +if test "${ac_cv_type_uid_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2741 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "uid_t" >/dev/null 2>&1; then - rm -rf conftest* + $EGREP "uid_t" >/dev/null 2>&1; then ac_cv_type_uid_t=yes else - rm -rf conftest* ac_cv_type_uid_t=no fi rm -f conftest* fi - -echo "$ac_t""$ac_cv_type_uid_t" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_type_uid_t" >&5 +echo "${ECHO_T}$ac_cv_type_uid_t" >&6 if test $ac_cv_type_uid_t = no; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\_ACEOF #define uid_t int -EOF +_ACEOF + - cat >> confdefs.h <<\EOF +cat >>confdefs.h <<\_ACEOF #define gid_t int -EOF +_ACEOF fi -echo $ac_n "checking for off_t""... $ac_c" 1>&6 -echo "configure:2770: checking for off_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for off_t" >&5 +echo $ECHO_N "checking for off_t... $ECHO_C" >&6 +if test "${ac_cv_type_off_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2775 "configure" -#include "confdefs.h" -#include <sys/types.h> -#if STDC_HEADERS -#include <stdlib.h> -#include <stddef.h> -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((off_t *) 0) + return 0; +if (sizeof (off_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_type_off_t=yes else - rm -rf conftest* - ac_cv_type_off_t=no -fi -rm -f conftest* + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 +ac_cv_type_off_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi -echo "$ac_t""$ac_cv_type_off_t" 1>&6 -if test $ac_cv_type_off_t = no; then - cat >> confdefs.h <<\EOF +echo "$as_me:$LINENO: result: $ac_cv_type_off_t" >&5 +echo "${ECHO_T}$ac_cv_type_off_t" >&6 +if test $ac_cv_type_off_t = yes; then + : +else + +cat >>confdefs.h <<_ACEOF #define off_t long -EOF +_ACEOF fi -echo $ac_n "checking for pid_t""... $ac_c" 1>&6 -echo "configure:2803: checking for pid_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for pid_t" >&5 +echo $ECHO_N "checking for pid_t... $ECHO_C" >&6 +if test "${ac_cv_type_pid_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2808 "configure" -#include "confdefs.h" -#include <sys/types.h> -#if STDC_HEADERS -#include <stdlib.h> -#include <stddef.h> -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((pid_t *) 0) + return 0; +if (sizeof (pid_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_type_pid_t=yes else - rm -rf conftest* - ac_cv_type_pid_t=no -fi -rm -f conftest* + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 +ac_cv_type_pid_t=no fi -echo "$ac_t""$ac_cv_type_pid_t" 1>&6 -if test $ac_cv_type_pid_t = no; then - cat >> confdefs.h <<\EOF +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_type_pid_t" >&5 +echo "${ECHO_T}$ac_cv_type_pid_t" >&6 +if test $ac_cv_type_pid_t = yes; then + : +else + +cat >>confdefs.h <<_ACEOF #define pid_t int -EOF +_ACEOF fi -echo $ac_n "checking for size_t""... $ac_c" 1>&6 -echo "configure:2836: checking for size_t" >&5 -if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for size_t" >&5 +echo $ECHO_N "checking for size_t... $ECHO_C" >&6 +if test "${ac_cv_type_size_t+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2841 "configure" -#include "confdefs.h" -#include <sys/types.h> -#if STDC_HEADERS -#include <stdlib.h> -#include <stddef.h> -#endif -EOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then - rm -rf conftest* + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +if ((size_t *) 0) + return 0; +if (sizeof (size_t)) + return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_type_size_t=yes else - rm -rf conftest* - ac_cv_type_size_t=no -fi -rm -f conftest* + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 +ac_cv_type_size_t=no +fi +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi -echo "$ac_t""$ac_cv_type_size_t" 1>&6 -if test $ac_cv_type_size_t = no; then - cat >> confdefs.h <<\EOF +echo "$as_me:$LINENO: result: $ac_cv_type_size_t" >&5 +echo "${ECHO_T}$ac_cv_type_size_t" >&6 +if test $ac_cv_type_size_t = yes; then + : +else + +cat >>confdefs.h <<_ACEOF #define size_t unsigned -EOF +_ACEOF fi -echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 -echo "configure:2869: checking whether time.h and sys/time.h may both be included" >&5 -if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking whether time.h and sys/time.h may both be included" >&5 +echo $ECHO_N "checking whether time.h and sys/time.h may both be included... $ECHO_C" >&6 +if test "${ac_cv_header_time+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2874 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <sys/time.h> #include <time.h> -int main() { -struct tm *tp; -; return 0; } -EOF -if { (eval echo configure:2883: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + +int +main () +{ +if ((struct tm *) 0) +return 0; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_header_time=yes else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_header_time=no + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_header_time=no fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi - -echo "$ac_t""$ac_cv_header_time" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_header_time" >&5 +echo "${ECHO_T}$ac_cv_header_time" >&6 if test $ac_cv_header_time = yes; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\_ACEOF #define TIME_WITH_SYS_TIME 1 -EOF +_ACEOF fi -echo $ac_n "checking whether struct tm is in sys/time.h or time.h""... $ac_c" 1>&6 -echo "configure:2904: checking whether struct tm is in sys/time.h or time.h" >&5 -if eval "test \"`echo '$''{'ac_cv_struct_tm'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking whether struct tm is in sys/time.h or time.h" >&5 +echo $ECHO_N "checking whether struct tm is in sys/time.h or time.h... $ECHO_C" >&6 +if test "${ac_cv_struct_tm+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else - cat > conftest.$ac_ext <<EOF -#line 2909 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sys/types.h> #include <time.h> -int main() { + +int +main () +{ struct tm *tp; tp->tm_sec; -; return 0; } -EOF -if { (eval echo configure:2917: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then - rm -rf conftest* + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext +if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 + (eval $ac_compile) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest.$ac_objext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then ac_cv_struct_tm=time.h else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - ac_cv_struct_tm=sys/time.h + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_struct_tm=sys/time.h fi -rm -f conftest* +rm -f conftest.err conftest.$ac_objext conftest.$ac_ext fi - -echo "$ac_t""$ac_cv_struct_tm" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_struct_tm" >&5 +echo "${ECHO_T}$ac_cv_struct_tm" >&6 if test $ac_cv_struct_tm = sys/time.h; then - cat >> confdefs.h <<\EOF + +cat >>confdefs.h <<\_ACEOF #define TM_IN_SYS_TIME 1 -EOF +_ACEOF fi -echo $ac_n "checking type of array argument to getgroups""... $ac_c" 1>&6 -echo "configure:2939: checking type of array argument to getgroups" >&5 -if eval "test \"`echo '$''{'ac_cv_type_getgroups'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking type of array argument to getgroups" >&5 +echo $ECHO_N "checking type of array argument to getgroups... $ECHO_C" >&6 +if test "${ac_cv_type_getgroups+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then ac_cv_type_getgroups=cross else - cat > conftest.$ac_ext <<EOF -#line 2947 "configure" -#include "confdefs.h" - + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ /* Thanks to Mike Rendell for this test. */ #include <sys/types.h> #define NGID 256 #undef MAX #define MAX(x, y) ((x) > (y) ? (x) : (y)) -main() + +int +main () { gid_t gidset[NGID]; int i, n; @@ -2961,438 +6869,721 @@ main() for (i = 0; i < NGID; i++) gidset[i] = val.gval; n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, - gidset); + gidset); /* Exit non-zero if getgroups seems to require an array of ints. This happens when gid_t is short but getgroups modifies an array of ints. */ exit ((n > 0 && gidset[n] != val.gval) ? 1 : 0); } - -EOF -if { (eval echo configure:2972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then - ac_cv_type_getgroups=gid_t +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_type_getgroups=gid_t else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_type_getgroups=int + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_type_getgroups=int fi -rm -fr conftest* +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi - if test $ac_cv_type_getgroups = cross; then - cat > conftest.$ac_ext <<EOF -#line 2986 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <unistd.h> -EOF + +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "getgroups.*int.*gid_t" >/dev/null 2>&1; then - rm -rf conftest* + $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then ac_cv_type_getgroups=gid_t else - rm -rf conftest* ac_cv_type_getgroups=int fi rm -f conftest* fi fi +echo "$as_me:$LINENO: result: $ac_cv_type_getgroups" >&5 +echo "${ECHO_T}$ac_cv_type_getgroups" >&6 -echo "$ac_t""$ac_cv_type_getgroups" 1>&6 -cat >> confdefs.h <<EOF +cat >>confdefs.h <<_ACEOF #define GETGROUPS_T $ac_cv_type_getgroups -EOF +_ACEOF -if test $ac_cv_prog_gcc = yes; then - echo $ac_n "checking whether ${CC-cc} needs -traditional""... $ac_c" 1>&6 -echo "configure:3011: checking whether ${CC-cc} needs -traditional" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc_traditional'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +if test $ac_cv_c_compiler_gnu = yes; then + echo "$as_me:$LINENO: checking whether $CC needs -traditional" >&5 +echo $ECHO_N "checking whether $CC needs -traditional... $ECHO_C" >&6 +if test "${ac_cv_prog_gcc_traditional+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_pattern="Autoconf.*'x'" - cat > conftest.$ac_ext <<EOF -#line 3017 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <sgtty.h> Autoconf TIOCGETP -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "$ac_pattern" >/dev/null 2>&1; then - rm -rf conftest* + $EGREP "$ac_pattern" >/dev/null 2>&1; then ac_cv_prog_gcc_traditional=yes else - rm -rf conftest* ac_cv_prog_gcc_traditional=no fi rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then - cat > conftest.$ac_ext <<EOF -#line 3035 "configure" -#include "confdefs.h" + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ #include <termio.h> Autoconf TCGETA -EOF +_ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - egrep "$ac_pattern" >/dev/null 2>&1; then - rm -rf conftest* + $EGREP "$ac_pattern" >/dev/null 2>&1; then ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi - -echo "$ac_t""$ac_cv_prog_gcc_traditional" 1>&6 +echo "$as_me:$LINENO: result: $ac_cv_prog_gcc_traditional" >&5 +echo "${ECHO_T}$ac_cv_prog_gcc_traditional" >&6 if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi -echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 -echo "configure:3057: checking for 8-bit clean memcmp" >&5 -if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for working memcmp" >&5 +echo $ECHO_N "checking for working memcmp... $ECHO_C" >&6 +if test "${ac_cv_func_memcmp_working+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then - ac_cv_func_memcmp_clean=no -else - cat > conftest.$ac_ext <<EOF -#line 3065 "configure" -#include "confdefs.h" - -main() + ac_cv_func_memcmp_working=no +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +$ac_includes_default +int +main () { + + /* Some versions of memcmp are not 8-bit clean. */ char c0 = 0x40, c1 = 0x80, c2 = 0x81; - exit(memcmp(&c0, &c2, 1) < 0 && memcmp(&c1, &c2, 1) < 0 ? 0 : 1); + if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0) + exit (1); + + /* The Next x86 OpenStep bug shows up only when comparing 16 bytes + or more and with at least one buffer not starting on a 4-byte boundary. + William Lewis provided this test program. */ + { + char foo[21]; + char bar[21]; + int i; + for (i = 0; i < 4; i++) + { + char *a = foo + i; + char *b = bar + i; + strcpy (a, "--------01111111"); + strcpy (b, "--------10000000"); + if (memcmp (a, b, 16) >= 0) + exit (1); + } + exit (0); + } + + ; + return 0; } +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func_memcmp_working=yes +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +( exit $ac_status ) +ac_cv_func_memcmp_working=no +fi +rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +echo "$as_me:$LINENO: result: $ac_cv_func_memcmp_working" >&5 +echo "${ECHO_T}$ac_cv_func_memcmp_working" >&6 +test $ac_cv_func_memcmp_working = no && case $LIBOBJS in + "memcmp.$ac_objext" | \ + *" memcmp.$ac_objext" | \ + "memcmp.$ac_objext "* | \ + *" memcmp.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" ;; +esac + + + +for ac_func in vprintf +do +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func -EOF -if { (eval echo configure:3075: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null -then - ac_cv_func_memcmp_clean=yes -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -fr conftest* - ac_cv_func_memcmp_clean=no -fi -rm -fr conftest* -fi +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ -fi +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif -echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6 -test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" +#undef $ac_func -echo $ac_n "checking for vprintf""... $ac_c" 1>&6 -echo "configure:3093: checking for vprintf" >&5 -if eval "test \"`echo '$''{'ac_cv_func_vprintf'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 3098 "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char vprintf(); below. */ -#include <assert.h> /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char vprintf(); - -int main() { - + builtin and then its argument prototype would still apply. */ +char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ -#if defined (__stub_vprintf) || defined (__stub___vprintf) +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -vprintf(); +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} #endif -; return 0; } -EOF -if { (eval echo configure:3121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_vprintf=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_vprintf=no" -fi -rm -f conftest* -fi +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +echo "$as_me:$LINENO: checking for _doprnt" >&5 +echo $ECHO_N "checking for _doprnt... $ECHO_C" >&6 +if test "${ac_cv_func__doprnt+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define _doprnt to an innocuous variant, in case <limits.h> declares _doprnt. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define _doprnt innocuous__doprnt -if eval "test \"`echo '$ac_cv_func_'vprintf`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF -#define HAVE_VPRINTF 1 -EOF +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char _doprnt (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ -else - echo "$ac_t""no" 1>&6 -fi +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef _doprnt -if test "$ac_cv_func_vprintf" != yes; then -echo $ac_n "checking for _doprnt""... $ac_c" 1>&6 -echo "configure:3145: checking for _doprnt" >&5 -if eval "test \"`echo '$''{'ac_cv_func__doprnt'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 3150 "configure" -#include "confdefs.h" -/* System header to define __stub macros and hopefully few prototypes, - which can conflict with char _doprnt(); below. */ -#include <assert.h> /* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif /* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char _doprnt(); - -int main() { - + builtin and then its argument prototype would still apply. */ +char _doprnt (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub__doprnt) || defined (__stub____doprnt) choke me #else -_doprnt(); +char (*f) () = _doprnt; +#endif +#ifdef __cplusplus +} #endif -; return 0; } -EOF -if { (eval echo configure:3173: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func__doprnt=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func__doprnt=no" -fi -rm -f conftest* -fi - -if eval "test \"`echo '$ac_cv_func_'_doprnt`\" = yes"; then - echo "$ac_t""yes" 1>&6 - cat >> confdefs.h <<\EOF +int +main () +{ +return f != _doprnt; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_func__doprnt=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_func__doprnt=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: $ac_cv_func__doprnt" >&5 +echo "${ECHO_T}$ac_cv_func__doprnt" >&6 +if test $ac_cv_func__doprnt = yes; then + +cat >>confdefs.h <<\_ACEOF #define HAVE_DOPRNT 1 -EOF +_ACEOF -else - echo "$ac_t""no" 1>&6 fi fi +done + + + + + + + + + + + + for ac_func in gethostname gettimeofday mkdir select strcspn strdup strerror strspn strstr strtol uname do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3200: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 3205 "configure" -#include "confdefs.h" +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ -int main() { +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif +#undef $ac_func + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} #endif -; return 0; } -EOF -if { (eval echo configure:3228: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <<EOF -#define $ac_tr_func 1 -EOF - -else - echo "$ac_t""no" 1>&6 fi done -for ac_func in getpwnam_r getgrnam_r + + + + + + +for ac_func in getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getgrouplist do -echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3256: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 -else - cat > conftest.$ac_ext <<EOF -#line 3261 "configure" -#include "confdefs.h" +as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` +echo "$as_me:$LINENO: checking for $ac_func" >&5 +echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 +if eval "test \"\${$as_ac_var+set}\" = set"; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ +/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func. + For example, HP-UX 11i <limits.h> declares gettimeofday. */ +#define $ac_func innocuous_$ac_func + /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $ac_func(); below. */ -#include <assert.h> -/* Override any gcc2 internal prototype to avoid an error. */ -/* We use char because int might match the return type of a gcc2 - builtin and then its argument prototype would still apply. */ -char $ac_func(); + which can conflict with char $ac_func (); below. + Prefer <limits.h> to <assert.h> if __STDC__ is defined, since + <limits.h> exists even on freestanding compilers. */ -int main() { +#ifdef __STDC__ +# include <limits.h> +#else +# include <assert.h> +#endif + +#undef $ac_func +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +{ +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined (__stub_$ac_func) || defined (__stub___$ac_func) choke me #else -$ac_func(); +char (*f) () = $ac_func; +#endif +#ifdef __cplusplus +} #endif -; return 0; } -EOF -if { (eval echo configure:3284: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then - rm -rf conftest* - eval "ac_cv_func_$ac_func=yes" -else - echo "configure: failed program was:" >&5 - cat conftest.$ac_ext >&5 - rm -rf conftest* - eval "ac_cv_func_$ac_func=no" -fi -rm -f conftest* -fi +int +main () +{ +return f != $ac_func; + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + eval "$as_ac_var=yes" +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +eval "$as_ac_var=no" +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +echo "$as_me:$LINENO: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 +if test `eval echo '${'$as_ac_var'}'` = yes; then + cat >>confdefs.h <<_ACEOF +#define `echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF -if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then - echo "$ac_t""yes" 1>&6 - ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` - cat >> confdefs.h <<EOF -#define $ac_tr_func 1 -EOF - -else - echo "$ac_t""no" 1>&6 fi done # Extract the first word of "sgml2txt", so it can be a program name with args. set dummy sgml2txt; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3312: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_HAVE_SGML2TXT'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_HAVE_SGML2TXT+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$HAVE_SGML2TXT"; then ac_cv_prog_HAVE_SGML2TXT="$HAVE_SGML2TXT" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_HAVE_SGML2TXT="yes" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_SGML2TXT="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + test -z "$ac_cv_prog_HAVE_SGML2TXT" && ac_cv_prog_HAVE_SGML2TXT="no" fi fi -HAVE_SGML2TXT="$ac_cv_prog_HAVE_SGML2TXT" +HAVE_SGML2TXT=$ac_cv_prog_HAVE_SGML2TXT if test -n "$HAVE_SGML2TXT"; then - echo "$ac_t""$HAVE_SGML2TXT" 1>&6 + echo "$as_me:$LINENO: result: $HAVE_SGML2TXT" >&5 +echo "${ECHO_T}$HAVE_SGML2TXT" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi # Extract the first word of "sgml2html", so it can be a program name with args. set dummy sgml2html; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3342: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_HAVE_SGML2HTML'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_HAVE_SGML2HTML+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$HAVE_SGML2HTML"; then ac_cv_prog_HAVE_SGML2HTML="$HAVE_SGML2HTML" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_HAVE_SGML2HTML="yes" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_SGML2HTML="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + test -z "$ac_cv_prog_HAVE_SGML2HTML" && ac_cv_prog_HAVE_SGML2HTML="no" fi fi -HAVE_SGML2HTML="$ac_cv_prog_HAVE_SGML2HTML" +HAVE_SGML2HTML=$ac_cv_prog_HAVE_SGML2HTML if test -n "$HAVE_SGML2HTML"; then - echo "$ac_t""$HAVE_SGML2HTML" 1>&6 + echo "$as_me:$LINENO: result: $HAVE_SGML2HTML" >&5 +echo "${ECHO_T}$HAVE_SGML2HTML" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi # Extract the first word of "sgml2latex", so it can be a program name with args. set dummy sgml2latex; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3372: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_HAVE_SGML2LATEX'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_HAVE_SGML2LATEX+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$HAVE_SGML2LATEX"; then ac_cv_prog_HAVE_SGML2LATEX="$HAVE_SGML2LATEX" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_HAVE_SGML2LATEX="yes" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_SGML2LATEX="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + test -z "$ac_cv_prog_HAVE_SGML2LATEX" && ac_cv_prog_HAVE_SGML2LATEX="no" fi fi -HAVE_SGML2LATEX="$ac_cv_prog_HAVE_SGML2LATEX" +HAVE_SGML2LATEX=$ac_cv_prog_HAVE_SGML2LATEX if test -n "$HAVE_SGML2LATEX"; then - echo "$ac_t""$HAVE_SGML2LATEX" 1>&6 + echo "$as_me:$LINENO: result: $HAVE_SGML2LATEX" >&5 +echo "${ECHO_T}$HAVE_SGML2LATEX" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi if test $HAVE_SGML2LATEX = "yes" ; then @@ -3403,63 +7594,75 @@ if test $HAVE_SGML2LATEX = "yes" ; then fi # Extract the first word of "ps2pdf", so it can be a program name with args. set dummy ps2pdf; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3408: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_HAVE_PS2PDF'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_HAVE_PS2PDF+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$HAVE_PS2PDF"; then ac_cv_prog_HAVE_PS2PDF="$HAVE_PS2PDF" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_HAVE_PS2PDF="yes" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_PS2PDF="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + test -z "$ac_cv_prog_HAVE_PS2PDF" && ac_cv_prog_HAVE_PS2PDF="no" fi fi -HAVE_PS2PDF="$ac_cv_prog_HAVE_PS2PDF" +HAVE_PS2PDF=$ac_cv_prog_HAVE_PS2PDF if test -n "$HAVE_PS2PDF"; then - echo "$ac_t""$HAVE_PS2PDF" 1>&6 + echo "$as_me:$LINENO: result: $HAVE_PS2PDF" >&5 +echo "${ECHO_T}$HAVE_PS2PDF" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi else # Extract the first word of "sgml2ps", so it can be a program name with args. set dummy sgml2ps; ac_word=$2 -echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:3439: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_HAVE_SGML2PS'+set}'`\" = set"; then - echo $ac_n "(cached) $ac_c" 1>&6 +echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 +if test "${ac_cv_prog_HAVE_SGML2PS+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 else if test -n "$HAVE_SGML2PS"; then ac_cv_prog_HAVE_SGML2PS="$HAVE_SGML2PS" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" - ac_dummy="$PATH" - for ac_dir in $ac_dummy; do - test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then - ac_cv_prog_HAVE_SGML2PS="yes" - break - fi - done - IFS="$ac_save_ifs" +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $as_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_SGML2PS="yes" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done + test -z "$ac_cv_prog_HAVE_SGML2PS" && ac_cv_prog_HAVE_SGML2PS="no" fi fi -HAVE_SGML2PS="$ac_cv_prog_HAVE_SGML2PS" +HAVE_SGML2PS=$ac_cv_prog_HAVE_SGML2PS if test -n "$HAVE_SGML2PS"; then - echo "$ac_t""$HAVE_SGML2PS" 1>&6 + echo "$as_me:$LINENO: result: $HAVE_SGML2PS" >&5 +echo "${ECHO_T}$HAVE_SGML2PS" >&6 else - echo "$ac_t""no" 1>&6 + echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6 fi if test $HAVE_SGML2PS = yes ; then @@ -3469,419 +7672,1189 @@ fi -trap '' 1 2 15 -cat > confcache <<\EOF + ac_config_files="$ac_config_files Make.Rules" +cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure -# scripts and configure runs. It is not useful on other systems. -# If it contains results you don't want to keep, you may remove or edit it. +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. # -# By default, configure uses ./config.cache as the cache file, -# creating it if it does not exist already. You can give configure -# the --cache-file=FILE option to use a different cache file; that is -# what configure does when it calls configure scripts in -# subdirectories, so they share the cache. -# Giving --cache-file=/dev/null disables caching, for debugging configure. -# config.status only pays attention to the cache file if you give it the -# --recheck option to rerun configure. +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. # -EOF +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, don't put newlines in cache variables' values. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. -(set) 2>&1 | - case `(ac_space=' '; set | grep ac_space) 2>&1` in - *ac_space=\ *) - # `set' does not quote correctly, so add quotes (double-quote substitution - # turns \\\\ into \\, and sed turns \\ into \). - sed -n \ - -e "s/'/'\\\\''/g" \ - -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" - ;; - *) - # `set' quotes correctly as required by POSIX, so do not add quotes. - sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' - ;; - esac >> confcache -if cmp -s $cache_file confcache; then - : -else +{ + (set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n \ + "s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1=\\2/p" + ;; + esac; +} | + sed ' + t clear + : clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + /^ac_cv_env/!s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + : end' >>confcache +if diff $cache_file confcache >/dev/null 2>&1; then :; else if test -w $cache_file; then - echo "updating cache $cache_file" - cat confcache > $cache_file + test "x$cache_file" != "x/dev/null" && echo "updating cache $cache_file" + cat confcache >$cache_file else echo "not updating unwritable cache $cache_file" fi fi rm -f confcache -trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 - test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' -# Any assignment to VPATH causes Sun make to only execute -# the first set of double-colon rules, so remove it if not needed. -# If there is a colon in the path, we need to keep it. +# VPATH may cause trouble with some makes, so we remove $(srcdir), +# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then - ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' + ac_vpsub='/^[ ]*VPATH[ ]*=/{ +s/:*\$(srcdir):*/:/; +s/:*\${srcdir}:*/:/; +s/:*@srcdir@:*/:/; +s/^\([^=]*=[ ]*\):*/\1/; +s/:*$//; +s/^[^=]*=[ ]*$//; +}' fi -trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 - DEFS=-DHAVE_CONFIG_H -# Without the "./", some shells look in PATH for config.status. -: ${CONFIG_STATUS=./config.status} +ac_libobjs= +ac_ltlibobjs= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_i=`echo "$ac_i" | + sed 's/\$U\././;s/\.o$//;s/\.obj$//'` + # 2. Add them. + ac_libobjs="$ac_libobjs $ac_i\$U.$ac_objext" + ac_ltlibobjs="$ac_ltlibobjs $ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs -echo creating $CONFIG_STATUS -rm -f $CONFIG_STATUS -cat > $CONFIG_STATUS <<EOF -#! /bin/sh -# Generated automatically by configure. +LTLIBOBJS=$ac_ltlibobjs + + + +: ${CONFIG_STATUS=./config.status} +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ echo "$as_me:$LINENO: creating $CONFIG_STATUS" >&5 +echo "$as_me: creating $CONFIG_STATUS" >&6;} +cat >$CONFIG_STATUS <<_ACEOF +#! $SHELL +# Generated by $as_me. # Run this file to recreate the current configuration. -# This directory was configured as follows, -# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: -# -# $0 $ac_configure_args -# # Compiler output produced by configure, useful for debugging -# configure, is in ./config.log if it exists. +# configure, is in config.log if it exists. -ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" -for ac_option +debug=false +ac_cs_recheck=false +ac_cs_silent=false +SHELL=\${CONFIG_SHELL-$SHELL} +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +## --------------------- ## +## M4sh Initialization. ## +## --------------------- ## + +# Be Bourne compatible +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' +elif test -n "${BASH_VERSION+set}" && (set -o posix) >/dev/null 2>&1; then + set -o posix +fi +DUALCASE=1; export DUALCASE # for MKS sh + +# Support unset when possible. +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + as_unset=unset +else + as_unset=false +fi + + +# Work around bugs in pre-3.0 UWIN ksh. +$as_unset ENV MAIL MAILPATH +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +for as_var in \ + LANG LANGUAGE LC_ADDRESS LC_ALL LC_COLLATE LC_CTYPE LC_IDENTIFICATION \ + LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER \ + LC_TELEPHONE LC_TIME do - case "\$ac_option" in - -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) - echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" - exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; - -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.13" - exit 0 ;; - -help | --help | --hel | --he | --h) - echo "\$ac_cs_usage"; exit 0 ;; - *) echo "\$ac_cs_usage"; exit 1 ;; - esac + if (set +x; test -z "`(eval $as_var=C; export $as_var) 2>&1`"); then + eval $as_var=C; export $as_var + else + $as_unset $as_var + fi done -ac_given_srcdir=$srcdir +# Required to use basename. +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +if (basename /) >/dev/null 2>&1 && test "X`basename / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi -trap 'rm -fr `echo "Make.Rules _pam_aconf.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 -EOF -cat >> $CONFIG_STATUS <<EOF -# Protect against being on the right side of a sed subst in config.status. -sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; - s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF -$ac_vpsub -$extrasub -s%@SHELL@%$SHELL%g -s%@CFLAGS@%$CFLAGS%g -s%@CPPFLAGS@%$CPPFLAGS%g -s%@CXXFLAGS@%$CXXFLAGS%g -s%@FFLAGS@%$FFLAGS%g -s%@DEFS@%$DEFS%g -s%@LDFLAGS@%$LDFLAGS%g -s%@LIBS@%$LIBS%g -s%@exec_prefix@%$exec_prefix%g -s%@prefix@%$prefix%g -s%@program_transform_name@%$program_transform_name%g -s%@bindir@%$bindir%g -s%@sbindir@%$sbindir%g -s%@libexecdir@%$libexecdir%g -s%@datadir@%$datadir%g -s%@sysconfdir@%$sysconfdir%g -s%@sharedstatedir@%$sharedstatedir%g -s%@localstatedir@%$localstatedir%g -s%@libdir@%$libdir%g -s%@includedir@%$includedir%g -s%@oldincludedir@%$oldincludedir%g -s%@infodir@%$infodir%g -s%@mandir@%$mandir%g -s%@LIBPAM_VERSION_MAJOR@%$LIBPAM_VERSION_MAJOR%g -s%@LIBPAM_VERSION_MINOR@%$LIBPAM_VERSION_MINOR%g -s%@LOCALSRCDIR@%$LOCALSRCDIR%g -s%@LOCALOBJDIR@%$LOCALOBJDIR%g -s%@OS@%$OS%g -s%@CONF_CFLAGS@%$CONF_CFLAGS%g -s%@MKDIR@%$MKDIR%g -s%@SHLIBMODE@%$SHLIBMODE%g -s%@USESONAME@%$USESONAME%g -s%@SOSWITCH@%$SOSWITCH%g -s%@NEEDSONAME@%$NEEDSONAME%g -s%@LDCONFIG@%$LDCONFIG%g -s%@INSTALL@%$INSTALL%g -s%@CC@%$CC%g -s%@YACC@%$YACC%g -s%@LEX@%$LEX%g -s%@LEXLIB@%$LEXLIB%g -s%@LN_S@%$LN_S%g -s%@SET_MAKE@%$SET_MAKE%g -s%@WITH_DEBUG@%$WITH_DEBUG%g -s%@WITH_MEMORY_DEBUG@%$WITH_MEMORY_DEBUG%g -s%@WITH_LIBDEBUG@%$WITH_LIBDEBUG%g -s%@FAKEROOT@%$FAKEROOT%g -s%@SECUREDIR@%$SECUREDIR%g -s%@SCONFIGDIR@%$SCONFIGDIR%g -s%@SUPLEMENTED@%$SUPLEMENTED%g -s%@INCLUDEDIR@%$INCLUDEDIR%g -s%@DOCDIR@%$DOCDIR%g -s%@MANDIR@%$MANDIR%g -s%@WITH_PAMLOCKING@%$WITH_PAMLOCKING%g -s%@PAM_READ_BOTH_CONFS@%$PAM_READ_BOTH_CONFS%g -s%@STATIC_LIBPAM@%$STATIC_LIBPAM%g -s%@DYNAMIC_LIBPAM@%$DYNAMIC_LIBPAM%g -s%@DYNAMIC@%$DYNAMIC%g -s%@STATIC@%$STATIC%g -s%@WITH_LCKPWDF@%$WITH_LCKPWDF%g -s%@CPP@%$CPP%g -s%@PAM_NEEDS_LIBC@%$PAM_NEEDS_LIBC%g -s%@HAVE_LCKPWDF@%$HAVE_LCKPWDF%g -s%@LIBDL@%$LIBDL%g -s%@HAVE_LIBCRACK@%$HAVE_LIBCRACK%g -s%@HAVE_LIBCRYPT@%$HAVE_LIBCRYPT%g -s%@HAVE_LIBUTIL@%$HAVE_LIBUTIL%g -s%@HAVE_LIBNDBM@%$HAVE_LIBNDBM%g -s%@HAVE_LIBDB@%$HAVE_LIBDB%g -s%@HAVE_LIBFL@%$HAVE_LIBFL%g -s%@HAVE_LIBNSL@%$HAVE_LIBNSL%g -s%@HAVE_LIBPWDB@%$HAVE_LIBPWDB%g -s%@HAVE_LIBFLEX@%$HAVE_LIBFLEX%g -s%@HAVE_LIBLEX@%$HAVE_LIBLEX%g -s%@HAVE_NDBM_H@%$HAVE_NDBM_H%g -s%@CRACKLIB_DICTPATH@%$CRACKLIB_DICTPATH%g -s%@DYNTYPE@%$DYNTYPE%g -s%@OS_CFLAGS@%$OS_CFLAGS%g -s%@WARNINGS@%$WARNINGS%g -s%@PIC@%$PIC%g -s%@LD@%$LD%g -s%@LD_D@%$LD_D%g -s%@LD_L@%$LD_L%g -s%@RANLIB@%$RANLIB%g -s%@STRIP@%$STRIP%g -s%@CC_STATIC@%$CC_STATIC%g -s%@LIBOBJS@%$LIBOBJS%g -s%@HAVE_SGML2TXT@%$HAVE_SGML2TXT%g -s%@HAVE_SGML2HTML@%$HAVE_SGML2HTML%g -s%@HAVE_SGML2LATEX@%$HAVE_SGML2LATEX%g -s%@HAVE_PS2PDF@%$HAVE_PS2PDF%g -s%@HAVE_SGML2PS@%$HAVE_SGML2PS%g -s%@PSER@%$PSER%g -s%@PS2PDF@%$PS2PDF%g +# Name of the executable. +as_me=`$as_basename "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)$' \| \ + . : '\(.\)' 2>/dev/null || +echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/; q; } + /^X\/\(\/\/\)$/{ s//\1/; q; } + /^X\/\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` -CEOF -EOF - -cat >> $CONFIG_STATUS <<\EOF - -# Split the substitutions into bite-sized pieces for seds with -# small command number limits, like on Digital OSF/1 and HP-UX. -ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. -ac_file=1 # Number of current file. -ac_beg=1 # First line for current file. -ac_end=$ac_max_sed_cmds # Line after last line for current file. -ac_more_lines=: -ac_sed_cmds="" -while $ac_more_lines; do - if test $ac_beg -gt 1; then - sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + +# PATH needs CR, and LINENO needs CR and PATH. +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + echo "#! /bin/sh" >conf$$.sh + echo "exit 0" >>conf$$.sh + chmod +x conf$$.sh + if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then + PATH_SEPARATOR=';' else - sed "${ac_end}q" conftest.subs > conftest.s$ac_file + PATH_SEPARATOR=: + fi + rm -f conf$$.sh +fi + + + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" || { + # Find who we are. Look in the path if we contain no path at all + # relative or not. + case $0 in + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break +done + + ;; + esac + # We did not find ourselves, most probably we were run as `sh COMMAND' + # in which case we are not to be found in the path. + if test "x$as_myself" = x; then + as_myself=$0 + fi + if test ! -f "$as_myself"; then + { { echo "$as_me:$LINENO: error: cannot find myself; rerun with an absolute path" >&5 +echo "$as_me: error: cannot find myself; rerun with an absolute path" >&2;} + { (exit 1); exit 1; }; } fi - if test ! -s conftest.s$ac_file; then - ac_more_lines=false - rm -f conftest.s$ac_file + case $CONFIG_SHELL in + '') + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for as_base in sh bash ksh sh5; do + case $as_dir in + /*) + if ("$as_dir/$as_base" -c ' + as_lineno_1=$LINENO + as_lineno_2=$LINENO + as_lineno_3=`(expr $as_lineno_1 + 1) 2>/dev/null` + test "x$as_lineno_1" != "x$as_lineno_2" && + test "x$as_lineno_3" = "x$as_lineno_2" ') 2>/dev/null; then + $as_unset BASH_ENV || test "${BASH_ENV+set}" != set || { BASH_ENV=; export BASH_ENV; } + $as_unset ENV || test "${ENV+set}" != set || { ENV=; export ENV; } + CONFIG_SHELL=$as_dir/$as_base + export CONFIG_SHELL + exec "$CONFIG_SHELL" "$0" ${1+"$@"} + fi;; + esac + done +done +;; + esac + + # Create $as_me.lineno as a copy of $as_myself, but with $LINENO + # uniformly replaced by the line number. The first 'sed' inserts a + # line-number line before each line; the second 'sed' does the real + # work. The second script uses 'N' to pair each line-number line + # with the numbered line, and appends trailing '-' during + # substitution so that $LINENO is not a special case at line end. + # (Raja R Harinath suggested sed '=', and Paul Eggert wrote the + # second 'sed' script. Blame Lee E. McMahon for sed's syntax. :-) + sed '=' <$as_myself | + sed ' + N + s,$,-, + : loop + s,^\(['$as_cr_digits']*\)\(.*\)[$]LINENO\([^'$as_cr_alnum'_]\),\1\2\1\3, + t loop + s,-$,, + s,^['$as_cr_digits']*\n,, + ' >$as_me.lineno && + chmod +x $as_me.lineno || + { { echo "$as_me:$LINENO: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&5 +echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2;} + { (exit 1); exit 1; }; } + + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensible to this). + . ./$as_me.lineno + # Exit status is that of the last command. + exit +} + + +case `echo "testing\c"; echo 1,2,3`,`echo -n testing; echo 1,2,3` in + *c*,-n*) ECHO_N= ECHO_C=' +' ECHO_T=' ' ;; + *c*,* ) ECHO_N=-n ECHO_C= ECHO_T= ;; + *) ECHO_N= ECHO_C='\c' ECHO_T= ;; +esac + +if expr a : '\(a\)' >/dev/null 2>&1; then + as_expr=expr +else + as_expr=false +fi + +rm -f conf$$ conf$$.exe conf$$.file +echo >conf$$.file +if ln -s conf$$.file conf$$ 2>/dev/null; then + # We could just check for DJGPP; but this test a) works b) is more generic + # and c) will remain valid once DJGPP supports symlinks (DJGPP 2.04). + if test -f conf$$.exe; then + # Don't use ln at all; we don't have any links + as_ln_s='cp -p' else - if test -z "$ac_sed_cmds"; then - ac_sed_cmds="sed -f conftest.s$ac_file" - else - ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" - fi - ac_file=`expr $ac_file + 1` - ac_beg=$ac_end - ac_end=`expr $ac_end + $ac_max_sed_cmds` + as_ln_s='ln -s' fi +elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln +else + as_ln_s='cp -p' +fi +rm -f conf$$ conf$$.exe conf$$.file + +if mkdir -p . 2>/dev/null; then + as_mkdir_p=: +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_executable_p="test -f" + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +# IFS +# We need space, tab and new line, in precisely that order. +as_nl=' +' +IFS=" $as_nl" + +# CDPATH. +$as_unset CDPATH + +exec 6>&1 + +# Open the log real soon, to keep \$[0] and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. Logging --version etc. is OK. +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX +} >&5 +cat >&5 <<_CSEOF + +This file was extended by $as_me, which was +generated by GNU Autoconf 2.59. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +_CSEOF +echo "on `(hostname || uname -n) 2>/dev/null | sed 1q`" >&5 +echo >&5 +_ACEOF + +# Files that config.status was made for. +if test -n "$ac_config_files"; then + echo "config_files=\"$ac_config_files\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_headers"; then + echo "config_headers=\"$ac_config_headers\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_links"; then + echo "config_links=\"$ac_config_links\"" >>$CONFIG_STATUS +fi + +if test -n "$ac_config_commands"; then + echo "config_commands=\"$ac_config_commands\"" >>$CONFIG_STATUS +fi + +cat >>$CONFIG_STATUS <<\_ACEOF + +ac_cs_usage="\ +\`$as_me' instantiates files from templates according to the +current configuration. + +Usage: $0 [OPTIONS] [FILE]... + + -h, --help print this help, then exit + -V, --version print version number, then exit + -q, --quiet do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Report bugs to <bug-autoconf@gnu.org>." +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF +ac_cs_version="\\ +config.status +configured by $0, generated by GNU Autoconf 2.59, + with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" + +Copyright (C) 2003 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." +srcdir=$srcdir +INSTALL="$INSTALL" +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF +# If no file are specified by the user, then we need to provide default +# value. By we need to know if files were specified by the user. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=*) + ac_option=`expr "x$1" : 'x\([^=]*\)='` + ac_optarg=`expr "x$1" : 'x[^=]*=\(.*\)'` + ac_shift=: + ;; + -*) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + *) # This is not an option, so the user has probably given explicit + # arguments. + ac_option=$1 + ac_need_defaults=false;; + esac + + case $ac_option in + # Handling of the options. +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --vers* | -V ) + echo "$ac_cs_version"; exit 0 ;; + --he | --h) + # Conflict between --help and --header + { { echo "$as_me:$LINENO: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: ambiguous option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; };; + --help | --hel | -h ) + echo "$ac_cs_usage"; exit 0 ;; + --debug | --d* | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + CONFIG_FILES="$CONFIG_FILES $ac_optarg" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + CONFIG_HEADERS="$CONFIG_HEADERS $ac_optarg" + ac_need_defaults=false;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) { { echo "$as_me:$LINENO: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&5 +echo "$as_me: error: unrecognized option: $1 +Try \`$0 --help' for more information." >&2;} + { (exit 1); exit 1; }; } ;; + + *) ac_config_targets="$ac_config_targets $1" ;; + + esac + shift done -if test -z "$ac_sed_cmds"; then - ac_sed_cmds=cat + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" fi -EOF -cat >> $CONFIG_STATUS <<EOF +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF +if \$ac_cs_recheck; then + echo "running $SHELL $0 " $ac_configure_args \$ac_configure_extra_args " --no-create --no-recursion" >&6 + exec $SHELL $0 $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion +fi -CONFIG_FILES=\${CONFIG_FILES-"Make.Rules"} -EOF -cat >> $CONFIG_STATUS <<\EOF -for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then - # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; +_ACEOF + + + + + +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_config_target in $ac_config_targets +do + case "$ac_config_target" in + # Handling of arguments. + "Make.Rules" ) CONFIG_FILES="$CONFIG_FILES Make.Rules" ;; + "_pam_aconf.h" ) CONFIG_HEADERS="$CONFIG_HEADERS _pam_aconf.h" ;; + *) { { echo "$as_me:$LINENO: error: invalid argument: $ac_config_target" >&5 +echo "$as_me: error: invalid argument: $ac_config_target" >&2;} + { (exit 1); exit 1; }; };; esac +done - # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers +fi - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` - if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" - ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" - # A "../" for each directory in $ac_dir_suffix. - ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` - else - ac_dir_suffix= ac_dots= +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason to put it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Create a temporary directory, and hook for its removal unless debugging. +$debug || +{ + trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0 + trap '{ (exit 1); exit 1; }' 1 2 13 15 +} + +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d -q "./confstatXXXXXX") 2>/dev/null` && + test -n "$tmp" && test -d "$tmp" +} || +{ + tmp=./confstat$$-$RANDOM + (umask 077 && mkdir $tmp) +} || +{ + echo "$me: cannot create a temporary directory in ." >&2 + { (exit 1); exit 1; } +} + +_ACEOF + +cat >>$CONFIG_STATUS <<_ACEOF + +# +# CONFIG_FILES section. +# + +# No need to generate the scripts if there are no CONFIG_FILES. +# This happens for instance when ./config.status config.h +if test -n "\$CONFIG_FILES"; then + # Protect against being on the right side of a sed subst in config.status. + sed 's/,@/@@/; s/@,/@@/; s/,;t t\$/@;t t/; /@;t t\$/s/[\\\\&,]/\\\\&/g; + s/@@/,@/; s/@@/@,/; s/@;t t\$/,;t t/' >\$tmp/subs.sed <<\\CEOF +s,@SHELL@,$SHELL,;t t +s,@PATH_SEPARATOR@,$PATH_SEPARATOR,;t t +s,@PACKAGE_NAME@,$PACKAGE_NAME,;t t +s,@PACKAGE_TARNAME@,$PACKAGE_TARNAME,;t t +s,@PACKAGE_VERSION@,$PACKAGE_VERSION,;t t +s,@PACKAGE_STRING@,$PACKAGE_STRING,;t t +s,@PACKAGE_BUGREPORT@,$PACKAGE_BUGREPORT,;t t +s,@exec_prefix@,$exec_prefix,;t t +s,@prefix@,$prefix,;t t +s,@program_transform_name@,$program_transform_name,;t t +s,@bindir@,$bindir,;t t +s,@sbindir@,$sbindir,;t t +s,@libexecdir@,$libexecdir,;t t +s,@datadir@,$datadir,;t t +s,@sysconfdir@,$sysconfdir,;t t +s,@sharedstatedir@,$sharedstatedir,;t t +s,@localstatedir@,$localstatedir,;t t +s,@libdir@,$libdir,;t t +s,@includedir@,$includedir,;t t +s,@oldincludedir@,$oldincludedir,;t t +s,@infodir@,$infodir,;t t +s,@mandir@,$mandir,;t t +s,@build_alias@,$build_alias,;t t +s,@host_alias@,$host_alias,;t t +s,@target_alias@,$target_alias,;t t +s,@DEFS@,$DEFS,;t t +s,@ECHO_C@,$ECHO_C,;t t +s,@ECHO_N@,$ECHO_N,;t t +s,@ECHO_T@,$ECHO_T,;t t +s,@LIBS@,$LIBS,;t t +s,@LIBPAM_VERSION_MAJOR@,$LIBPAM_VERSION_MAJOR,;t t +s,@LIBPAM_VERSION_MINOR@,$LIBPAM_VERSION_MINOR,;t t +s,@LOCALSRCDIR@,$LOCALSRCDIR,;t t +s,@LOCALOBJDIR@,$LOCALOBJDIR,;t t +s,@OS@,$OS,;t t +s,@CONF_CFLAGS@,$CONF_CFLAGS,;t t +s,@MKDIR@,$MKDIR,;t t +s,@SHLIBMODE@,$SHLIBMODE,;t t +s,@MANMODE@,$MANMODE,;t t +s,@USESONAME@,$USESONAME,;t t +s,@SOSWITCH@,$SOSWITCH,;t t +s,@NEEDSONAME@,$NEEDSONAME,;t t +s,@LDCONFIG@,$LDCONFIG,;t t +s,@CC@,$CC,;t t +s,@CFLAGS@,$CFLAGS,;t t +s,@LDFLAGS@,$LDFLAGS,;t t +s,@CPPFLAGS@,$CPPFLAGS,;t t +s,@ac_ct_CC@,$ac_ct_CC,;t t +s,@EXEEXT@,$EXEEXT,;t t +s,@OBJEXT@,$OBJEXT,;t t +s,@YACC@,$YACC,;t t +s,@LEX@,$LEX,;t t +s,@LEXLIB@,$LEXLIB,;t t +s,@LEX_OUTPUT_ROOT@,$LEX_OUTPUT_ROOT,;t t +s,@INSTALL_PROGRAM@,$INSTALL_PROGRAM,;t t +s,@INSTALL_SCRIPT@,$INSTALL_SCRIPT,;t t +s,@INSTALL_DATA@,$INSTALL_DATA,;t t +s,@LN_S@,$LN_S,;t t +s,@SET_MAKE@,$SET_MAKE,;t t +s,@WITH_DEBUG@,$WITH_DEBUG,;t t +s,@WITH_MEMORY_DEBUG@,$WITH_MEMORY_DEBUG,;t t +s,@WITH_LIBDEBUG@,$WITH_LIBDEBUG,;t t +s,@WITH_PRELUDE@,$WITH_PRELUDE,;t t +s,@FAKEROOT@,$FAKEROOT,;t t +s,@SECUREDIR@,$SECUREDIR,;t t +s,@SCONFIGDIR@,$SCONFIGDIR,;t t +s,@SUPLEMENTED@,$SUPLEMENTED,;t t +s,@INCLUDEDIR@,$INCLUDEDIR,;t t +s,@DOCDIR@,$DOCDIR,;t t +s,@MANDIR@,$MANDIR,;t t +s,@WITH_PAMLOCKING@,$WITH_PAMLOCKING,;t t +s,@PAM_READ_BOTH_CONFS@,$PAM_READ_BOTH_CONFS,;t t +s,@STATIC_LIBPAM@,$STATIC_LIBPAM,;t t +s,@DYNAMIC_LIBPAM@,$DYNAMIC_LIBPAM,;t t +s,@DYNAMIC@,$DYNAMIC,;t t +s,@STATIC@,$STATIC,;t t +s,@WITH_LCKPWDF@,$WITH_LCKPWDF,;t t +s,@CPP@,$CPP,;t t +s,@EGREP@,$EGREP,;t t +s,@PAM_NEEDS_LIBC@,$PAM_NEEDS_LIBC,;t t +s,@HAVE_LCKPWDF@,$HAVE_LCKPWDF,;t t +s,@LIBDL@,$LIBDL,;t t +s,@HAVE_LIBCRACK@,$HAVE_LIBCRACK,;t t +s,@HAVE_LIBCRYPT@,$HAVE_LIBCRYPT,;t t +s,@HAVE_LIBUTIL@,$HAVE_LIBUTIL,;t t +s,@HAVE_LIBNDBM@,$HAVE_LIBNDBM,;t t +s,@HAVE_LIBDB@,$HAVE_LIBDB,;t t +s,@HAVE_LIBFL@,$HAVE_LIBFL,;t t +s,@HAVE_LIBNSL@,$HAVE_LIBNSL,;t t +s,@HAVE_LIBPWDB@,$HAVE_LIBPWDB,;t t +s,@HAVE_LIBFLEX@,$HAVE_LIBFLEX,;t t +s,@HAVE_LIBLEX@,$HAVE_LIBLEX,;t t +s,@HAVE_NDBM_H@,$HAVE_NDBM_H,;t t +s,@CRACKLIB_DICTPATH@,$CRACKLIB_DICTPATH,;t t +s,@DYNTYPE@,$DYNTYPE,;t t +s,@OS_CFLAGS@,$OS_CFLAGS,;t t +s,@WARNINGS@,$WARNINGS,;t t +s,@PIC@,$PIC,;t t +s,@LD@,$LD,;t t +s,@LD_D@,$LD_D,;t t +s,@LD_L@,$LD_L,;t t +s,@RANLIB@,$RANLIB,;t t +s,@STRIP@,$STRIP,;t t +s,@CC_STATIC@,$CC_STATIC,;t t +s,@LIBOBJS@,$LIBOBJS,;t t +s,@HAVE_SGML2TXT@,$HAVE_SGML2TXT,;t t +s,@HAVE_SGML2HTML@,$HAVE_SGML2HTML,;t t +s,@HAVE_SGML2LATEX@,$HAVE_SGML2LATEX,;t t +s,@HAVE_PS2PDF@,$HAVE_PS2PDF,;t t +s,@HAVE_SGML2PS@,$HAVE_SGML2PS,;t t +s,@PSER@,$PSER,;t t +s,@PS2PDF@,$PS2PDF,;t t +s,@LTLIBOBJS@,$LTLIBOBJS,;t t +CEOF + +_ACEOF + + cat >>$CONFIG_STATUS <<\_ACEOF + # Split the substitutions into bite-sized pieces for seds with + # small command number limits, like on Digital OSF/1 and HP-UX. + ac_max_sed_lines=48 + ac_sed_frag=1 # Number of current file. + ac_beg=1 # First line for current file. + ac_end=$ac_max_sed_lines # Line after last line for current file. + ac_more_lines=: + ac_sed_cmds= + while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + else + sed "${ac_end}q" $tmp/subs.sed >$tmp/subs.frag + fi + if test ! -s $tmp/subs.frag; then + ac_more_lines=false + else + # The purpose of the label and of the branching condition is to + # speed up the sed processing (if there are no `@' at all, there + # is no need to browse any of the substitutions). + # These are the two extra sed commands mentioned above. + (echo ':t + /@[a-zA-Z_][a-zA-Z_0-9]*@/!b' && cat $tmp/subs.frag) >$tmp/subs-$ac_sed_frag.sed + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f $tmp/subs-$ac_sed_frag.sed" + else + ac_sed_cmds="$ac_sed_cmds | sed -f $tmp/subs-$ac_sed_frag.sed" + fi + ac_sed_frag=`expr $ac_sed_frag + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_lines` + fi + done + if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat fi +fi # test -n "$CONFIG_FILES" + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +for ac_file in : $CONFIG_FILES; do test "x$ac_file" = x: && continue + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; + esac - case "$ac_given_srcdir" in - .) srcdir=. - if test -z "$ac_dots"; then top_srcdir=. - else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + # Compute @srcdir@, @top_srcdir@, and @INSTALL@ for subdirectories. + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + ac_builddir=. + +if test "$ac_dir" != .; then + ac_dir_suffix=/`echo "$ac_dir" | sed 's,^\.[\\/],,'` + # A "../" for each directory in $ac_dir_suffix. + ac_top_builddir=`echo "$ac_dir_suffix" | sed 's,/[^\\/]*,../,g'` +else + ac_dir_suffix= ac_top_builddir= +fi + +case $srcdir in + .) # No --srcdir option. We are building in place. + ac_srcdir=. + if test -z "$ac_top_builddir"; then + ac_top_srcdir=. + else + ac_top_srcdir=`echo $ac_top_builddir | sed 's,/$,,'` + fi ;; + [\\/]* | ?:[\\/]* ) # Absolute path. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir ;; *) # Relative path. - srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" - top_srcdir="$ac_dots$ac_given_srcdir" ;; + ac_srcdir=$ac_top_builddir$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_builddir$srcdir ;; +esac + +# Do not use `cd foo && pwd` to compute absolute paths, because +# the directories may not exist. +case `pwd` in +.) ac_abs_builddir="$ac_dir";; +*) + case "$ac_dir" in + .) ac_abs_builddir=`pwd`;; + [\\/]* | ?:[\\/]* ) ac_abs_builddir="$ac_dir";; + *) ac_abs_builddir=`pwd`/"$ac_dir";; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_builddir=${ac_top_builddir}.;; +*) + case ${ac_top_builddir}. in + .) ac_abs_top_builddir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_builddir=${ac_top_builddir}.;; + *) ac_abs_top_builddir=$ac_abs_builddir/${ac_top_builddir}.;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_srcdir=$ac_srcdir;; +*) + case $ac_srcdir in + .) ac_abs_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_srcdir=$ac_srcdir;; + *) ac_abs_srcdir=$ac_abs_builddir/$ac_srcdir;; + esac;; +esac +case $ac_abs_builddir in +.) ac_abs_top_srcdir=$ac_top_srcdir;; +*) + case $ac_top_srcdir in + .) ac_abs_top_srcdir=$ac_abs_builddir;; + [\\/]* | ?:[\\/]* ) ac_abs_top_srcdir=$ac_top_srcdir;; + *) ac_abs_top_srcdir=$ac_abs_builddir/$ac_top_srcdir;; + esac;; +esac + + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_builddir$INSTALL ;; esac + if test x"$ac_file" != x-; then + { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + rm -f "$ac_file" + fi + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + configure_input= + else + configure_input="$ac_file. " + fi + configure_input=$configure_input"Generated from `echo $ac_file_in | + sed 's,.*/,,'` by configure." + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF + sed "$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s,@configure_input@,$configure_input,;t t +s,@srcdir@,$ac_srcdir,;t t +s,@abs_srcdir@,$ac_abs_srcdir,;t t +s,@top_srcdir@,$ac_top_srcdir,;t t +s,@abs_top_srcdir@,$ac_abs_top_srcdir,;t t +s,@builddir@,$ac_builddir,;t t +s,@abs_builddir@,$ac_abs_builddir,;t t +s,@top_builddir@,$ac_top_builddir,;t t +s,@abs_top_builddir@,$ac_abs_top_builddir,;t t +s,@INSTALL@,$ac_INSTALL,;t t +" $ac_file_inputs | (eval "$ac_sed_cmds") >$tmp/out + rm -f $tmp/stdin + if test x"$ac_file" != x-; then + mv $tmp/out $ac_file + else + cat $tmp/out + rm -f $tmp/out + fi - echo creating "$ac_file" - rm -f "$ac_file" - configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." - case "$ac_file" in - *Makefile*) ac_comsub="1i\\ -# $configure_input" ;; - *) ac_comsub= ;; - esac +done +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - sed -e "$ac_comsub -s%@configure_input@%$configure_input%g -s%@srcdir@%$srcdir%g -s%@top_srcdir@%$top_srcdir%g -" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file -fi; done -rm -f conftest.s* +# +# CONFIG_HEADER section. +# # These sed commands are passed to sed as "A NAME B NAME C VALUE D", where # NAME is the cpp macro being defined and VALUE is the value it is being given. # # ac_d sets the value in "#define NAME VALUE" lines. -ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' -ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' -ac_dC='\3' -ac_dD='%g' -# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". -ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -ac_uB='\([ ]\)%\1#\2define\3' +ac_dA='s,^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='[ ].*$,\1#\2' +ac_dC=' ' +ac_dD=',;t' +# ac_u turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_uA='s,^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='$,\1#\2define\3' ac_uC=' ' -ac_uD='\4%g' -# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". -ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' -ac_eB='$%\1#\2define\3' -ac_eC=' ' -ac_eD='%g' - -if test "${CONFIG_HEADERS+set}" != set; then -EOF -cat >> $CONFIG_STATUS <<EOF - CONFIG_HEADERS="_pam_aconf.h" -EOF -cat >> $CONFIG_STATUS <<\EOF -fi -for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then +ac_uD=',;t' + +for ac_file in : $CONFIG_HEADERS; do test "x$ac_file" = x: && continue # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". - case "$ac_file" in - *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` - ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; - *) ac_file_in="${ac_file}.in" ;; + case $ac_file in + - | *:- | *:-:* ) # input from stdin + cat >$tmp/stdin + ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + *:* ) ac_file_in=`echo "$ac_file" | sed 's,[^:]*:,,'` + ac_file=`echo "$ac_file" | sed 's,:.*,,'` ;; + * ) ac_file_in=$ac_file.in ;; esac - echo creating $ac_file - - rm -f conftest.frag conftest.in conftest.out - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` - cat $ac_file_inputs > conftest.in - -EOF - -# Transform confdefs.h into a sed script conftest.vals that substitutes -# the proper values into config.h.in to produce config.h. And first: -# Protect against being on the right side of a sed subst in config.status. -# Protect against being in an unquoted here document in config.status. -rm -f conftest.vals -cat > conftest.hdr <<\EOF -s/[\\&%]/\\&/g -s%[\\$`]%\\&%g -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp -s%ac_d%ac_u%gp -s%ac_u%ac_e%gp -EOF -sed -n -f conftest.hdr confdefs.h > conftest.vals -rm -f conftest.hdr + test x"$ac_file" != x- && { echo "$as_me:$LINENO: creating $ac_file" >&5 +echo "$as_me: creating $ac_file" >&6;} + + # First look for the input files in the build tree, otherwise in the + # src tree. + ac_file_inputs=`IFS=: + for f in $ac_file_in; do + case $f in + -) echo $tmp/stdin ;; + [\\/$]*) + # Absolute (can't be DOS-style, as IFS=:) + test -f "$f" || { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + # Do quote $f, to prevent DOS paths from being IFS'd. + echo "$f";; + *) # Relative + if test -f "$f"; then + # Build tree + echo "$f" + elif test -f "$srcdir/$f"; then + # Source tree + echo "$srcdir/$f" + else + # /dev/null tree + { { echo "$as_me:$LINENO: error: cannot find input file: $f" >&5 +echo "$as_me: error: cannot find input file: $f" >&2;} + { (exit 1); exit 1; }; } + fi;; + esac + done` || { (exit 1); exit 1; } + # Remove the trailing spaces. + sed 's/[ ]*$//' $ac_file_inputs >$tmp/in + +_ACEOF + +# Transform confdefs.h into two sed scripts, `conftest.defines' and +# `conftest.undefs', that substitutes the proper values into +# config.h.in to produce config.h. The first handles `#define' +# templates, and the second `#undef' templates. +# And first: Protect against being on the right side of a sed subst in +# config.status. Protect against being in an unquoted here document +# in config.status. +rm -f conftest.defines conftest.undefs +# Using a here document instead of a string reduces the quoting nightmare. +# Putting comments in sed scripts is not portable. +# +# `end' is used to avoid that the second main sed command (meant for +# 0-ary CPP macros) applies to n-ary macro definitions. +# See the Autoconf documentation for `clear'. +cat >confdef2sed.sed <<\_ACEOF +s/[\\&,]/\\&/g +s,[\\$`],\\&,g +t clear +: clear +s,^[ ]*#[ ]*define[ ][ ]*\([^ (][^ (]*\)\(([^)]*)\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1\2${ac_dC}\3${ac_dD},gp +t end +s,^[ ]*#[ ]*define[ ][ ]*\([^ ][^ ]*\)[ ]*\(.*\)$,${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD},gp +: end +_ACEOF +# If some macros were called several times there might be several times +# the same #defines, which is useless. Nevertheless, we may not want to +# sort them, since we want the *last* AC-DEFINE to be honored. +uniq confdefs.h | sed -n -f confdef2sed.sed >conftest.defines +sed 's/ac_d/ac_u/g' conftest.defines >conftest.undefs +rm -f confdef2sed.sed # This sed command replaces #undef with comments. This is necessary, for # example, in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. -cat >> conftest.vals <<\EOF -s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% -EOF - -# Break up conftest.vals because some shells have a limit on -# the size of here documents, and old seds have small limits too. +cat >>conftest.undefs <<\_ACEOF +s,^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*,/* & */, +_ACEOF + +# Break up conftest.defines because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #define templates only if necessary.' >>$CONFIG_STATUS +echo ' if grep "^[ ]*#[ ]*define" $tmp/in >/dev/null; then' >>$CONFIG_STATUS +echo ' # If there are no defines, we may have an empty if/fi' >>$CONFIG_STATUS +echo ' :' >>$CONFIG_STATUS +rm -f conftest.tail +while grep . conftest.defines >/dev/null +do + # Write a limited-size here document to $tmp/defines.sed. + echo ' cat >$tmp/defines.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#define' lines. + echo '/^[ ]*#[ ]*define/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.defines >>$CONFIG_STATUS + echo 'CEOF + sed -f $tmp/defines.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.defines >conftest.tail + rm -f conftest.defines + mv conftest.tail conftest.defines +done +rm -f conftest.defines +echo ' fi # grep' >>$CONFIG_STATUS +echo >>$CONFIG_STATUS +# Break up conftest.undefs because some shells have a limit on the size +# of here documents, and old seds have small limits too (100 cmds). +echo ' # Handle all the #undef templates' >>$CONFIG_STATUS rm -f conftest.tail -while : +while grep . conftest.undefs >/dev/null do - ac_lines=`grep -c . conftest.vals` - # grep -c gives empty output for an empty file on some AIX systems. - if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi - # Write a limited-size here document to conftest.frag. - echo ' cat > conftest.frag <<CEOF' >> $CONFIG_STATUS - sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + # Write a limited-size here document to $tmp/undefs.sed. + echo ' cat >$tmp/undefs.sed <<CEOF' >>$CONFIG_STATUS + # Speed up: don't consider the non `#undef' + echo '/^[ ]*#[ ]*undef/!b' >>$CONFIG_STATUS + # Work around the forget-to-reset-the-flag bug. + echo 't clr' >>$CONFIG_STATUS + echo ': clr' >>$CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.undefs >>$CONFIG_STATUS echo 'CEOF - sed -f conftest.frag conftest.in > conftest.out - rm -f conftest.in - mv conftest.out conftest.in -' >> $CONFIG_STATUS - sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail - rm -f conftest.vals - mv conftest.tail conftest.vals -done -rm -f conftest.vals - -cat >> $CONFIG_STATUS <<\EOF - rm -f conftest.frag conftest.h - echo "/* $ac_file. Generated automatically by configure. */" > conftest.h - cat conftest.in >> conftest.h - rm -f conftest.in - if cmp -s $ac_file conftest.h 2>/dev/null; then - echo "$ac_file is unchanged" - rm -f conftest.h + sed -f $tmp/undefs.sed $tmp/in >$tmp/out + rm -f $tmp/in + mv $tmp/out $tmp/in +' >>$CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.undefs >conftest.tail + rm -f conftest.undefs + mv conftest.tail conftest.undefs +done +rm -f conftest.undefs + +cat >>$CONFIG_STATUS <<\_ACEOF + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + if test x"$ac_file" = x-; then + echo "/* Generated by configure. */" >$tmp/config.h else - # Remove last slash and all that follows it. Not all systems have dirname. - ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` - if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then - # The file is in a subdirectory. - test ! -d "$ac_dir" && mkdir "$ac_dir" + echo "/* $ac_file. Generated by configure. */" >$tmp/config.h + fi + cat $tmp/in >>$tmp/config.h + rm -f $tmp/in + if test x"$ac_file" != x-; then + if diff $ac_file $tmp/config.h >/dev/null 2>&1; then + { echo "$as_me:$LINENO: $ac_file is unchanged" >&5 +echo "$as_me: $ac_file is unchanged" >&6;} + else + ac_dir=`(dirname "$ac_file") 2>/dev/null || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + { if $as_mkdir_p; then + mkdir -p "$ac_dir" + else + as_dir="$ac_dir" + as_dirs= + while test ! -d "$as_dir"; do + as_dirs="$as_dir $as_dirs" + as_dir=`(dirname "$as_dir") 2>/dev/null || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| \ + . : '\(.\)' 2>/dev/null || +echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/; q; } + /^X\(\/\/\)[^/].*/{ s//\1/; q; } + /^X\(\/\/\)$/{ s//\1/; q; } + /^X\(\/\).*/{ s//\1/; q; } + s/.*/./; q'` + done + test ! -n "$as_dirs" || mkdir $as_dirs + fi || { { echo "$as_me:$LINENO: error: cannot create directory \"$ac_dir\"" >&5 +echo "$as_me: error: cannot create directory \"$ac_dir\"" >&2;} + { (exit 1); exit 1; }; }; } + + rm -f $ac_file + mv $tmp/config.h $ac_file fi - rm -f $ac_file - mv conftest.h $ac_file + else + cat $tmp/config.h + rm -f $tmp/config.h fi -fi; done - -EOF -cat >> $CONFIG_STATUS <<EOF +done +_ACEOF -EOF -cat >> $CONFIG_STATUS <<\EOF +cat >>$CONFIG_STATUS <<\_ACEOF -exit 0 -EOF +{ (exit 0); exit 0; } +_ACEOF chmod +x $CONFIG_STATUS -rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 +ac_clean_files=$ac_clean_files_save + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || { (exit 1); exit 1; } +fi diff --git a/Linux-PAM/configure.in b/Linux-PAM/configure.in index 8da11c85..f090a542 100644 --- a/Linux-PAM/configure.in +++ b/Linux-PAM/configure.in @@ -9,7 +9,7 @@ dnl Release specific dnl LIBPAM_VERSION_MAJOR=0 -LIBPAM_VERSION_MINOR=76 +LIBPAM_VERSION_MINOR=79 AC_SUBST(LIBPAM_VERSION_MAJOR) AC_SUBST(LIBPAM_VERSION_MINOR) @@ -39,29 +39,20 @@ CONF_CFLAGS= ; AC_SUBST(CONF_CFLAGS) MKDIR="mkdir -p" ; AC_SUBST(MKDIR) SHLIBMODE=755 ; AC_SUBST(SHLIBMODE) +MANMODE=644 ; AC_SUBST(MANMODE) dnl These are most likely platform specific - I think HPUX differs USESONAME=yes ; AC_SUBST(USESONAME) -SOSWITCH=-soname ; AC_SUBST(SOSWITCH) -NEEDSONAME=no ; AC_SUBST(NEEDSONAME) +SOSWITCH="-Wl,-soname -Wl," ; AC_SUBST(SOSWITCH) +NEEDSONAME=yes ; AC_SUBST(NEEDSONAME) LDCONFIG=/sbin/ldconfig ; AC_SUBST(LDCONFIG) -dnl ### Should enable this INSTALL detection. -dnl ### Would need to distribute GNU's config.guess and config.sub -dnl AC_PROG_INSTALL -if test "$OS" = "aix"; then - INSTALL=/usr/ucb/install -c -else - INSTALL=/usr/bin/install -fi -AC_SUBST(INSTALL) - dnl Checks for programs. AC_PROG_CC dnl ### AC_PROG_CXX AC_PROG_YACC AC_PROG_LEX -dnl AC_PROG_INSTALL +AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET @@ -86,6 +77,12 @@ AC_ARG_ENABLE(libdebug, WITH_LIBDEBUG=yes ; AC_DEFINE(WITH_LIBDEBUG) , WITH_LIBDEBUG=no) AC_SUBST(WITH_LIBDEBUG) +dnl have prelude support +AC_ARG_ENABLE(prelude, +[ --enable-prelude build prelude ids support], + WITH_PRELUDE=yes ; AC_DEFINE(WITH_PRELUDE), WITH_PRELUDE=no) +AC_SUBST(WITH_PRELUDE) + dnl packaging convenience AC_ARG_ENABLE(fakeroot, [ --enable-fakeroot=<path to packaging directory>], FAKEROOT=$enableval) @@ -96,6 +93,14 @@ AC_ARG_ENABLE(securedir, SECUREDIR=$enableval, SECUREDIR=$libdir/security) AC_SUBST(SECUREDIR) +AC_ARG_ENABLE(isadir, +[ --enable-isadir=<path to arch-specific module files> [default ../../\`basename \$libdir\`/security]], +ISA=$enableval, +ISA=../../`basename $libdir`/security) +unset mylibdirbase +AC_DEFINE_UNQUOTED(_PAM_ISA,"$ISA",[Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found.]) +AC_MSG_RESULT([Defining \$ISA to \"$ISA\".]) + AC_ARG_ENABLE(sconfigdir, [ --enable-sconfigdir=<path to module conf files> [default \$sysconfdir/security]], SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security) @@ -188,7 +193,7 @@ AC_CHECK_LIB(c, lckpwdf, HAVE_LCKPWDF=yes, HAVE_LCKPWDF=no) AC_SUBST(HAVE_LCKPWDF) dnl Checks for the existence of libdl - on BSD and Tru64 its part of libc -AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) +AC_CHECK_LIB(dl, dlopen, LIBDL=-ldl) AC_SUBST(LIBDL) dnl @@ -199,7 +204,7 @@ AC_CHECK_LIB(crack, FascistCheck, HAVE_LIBCRACK=yes ; AC_DEFINE(HAVE_LIBCRACK), HAVE_LIBCRACK=no) AC_SUBST(HAVE_LIBCRACK) -AC_CHECK_LIB(crypt, fcrypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), +AC_CHECK_LIB(crypt, crypt, HAVE_LIBCRYPT=yes ; AC_DEFINE(HAVE_LIBCRYPT), HAVE_LIBCRYPT=no) AC_SUBST(HAVE_LIBCRYPT) AC_CHECK_LIB(util, logwtmp, HAVE_LIBUTIL=yes ; AC_DEFINE(HAVE_LIBUTIL), @@ -221,9 +226,15 @@ AC_SUBST(HAVE_LIBFL) AC_CHECK_LIB(nsl, yp_maplist, HAVE_LIBNSL=yes ; AC_DEFINE(HAVE_LIBNSL), HAVE_LIBNSL=no) AC_SUBST(HAVE_LIBNSL) + +if test $HAVE_LIBNSL = yes ; then + pwdblibs="$pwdblibs -lnsl" +fi AC_CHECK_LIB(pwdb, pwdb_db_name, HAVE_LIBPWDB=yes ; AC_DEFINE(HAVE_LIBPWDB), - HAVE_LIBPWDB=no) + HAVE_LIBPWDB=no,$pwdblibs) AC_SUBST(HAVE_LIBPWDB) +unset pwdblibs + AC_CHECK_LIB(fl, yywrap, HAVE_LIBFLEX=yes ; AC_DEFINE(HAVE_LIBFLEX), HAVE_LIBFLEX=no) AC_SUBST(HAVE_LIBFLEX) @@ -258,7 +269,7 @@ dnl being found. dnl Look for cracklib dictionary AC_MSG_CHECKING(path to cracklib dictionary) DICT_DIR_CANDIDATES="/usr/lib /usr/share/dict /usr/share/lib \ - /usr/local/lib /usr/local/share/lib" + /usr/local/lib /usr/local/share/lib /usr/share/cracklib" DICT_FILE_CANDIDATES="pw_dict cracklib_dict" CRACKLIB_DICTPATH="" for d in $DICT_DIR_CANDIDATES ; do @@ -273,7 +284,7 @@ for d in $DICT_DIR_CANDIDATES ; do done done if test -z "$CRACKLIB_DICTPATH" ; then - AC_MSG_RESULT(none found) + AC_MSG_WARN([none found - pam_cracklib will not be built]) else AC_MSG_RESULT($CRACKLIB_DICTPATH) fi @@ -282,9 +293,7 @@ AC_SUBST(CRACKLIB_DICTPATH) dnl Set FLAGS, linker options etc. depending on C compiler. dnl gcc is tested and much preferred; others less so, if at all dnl -dnl If compiling with gcc, linking is also supposed to be done with gcc; -dnl since we use linker-specific arguments, we may not gain anything by -dnl switching LD_L over, but I think we can use LD_D as-is. +dnl If compiling with gcc, linking is also supposed to be done with gcc dnl dnl For the moment, gcc is enforced above at "CC=gcc". dnl @@ -304,14 +313,14 @@ if test "$GCC" = yes; then ### Example: -D_POSIX_SOURCE: needed on Linux but harms Solaris. case $OS in linux) - OS_CFLAGS="-ansi -D_POSIX_SOURCE -pedantic" - LD_D="gcc -shared -Xlinker -x" + OS_CFLAGS= + LD_D="$CC -shared $LDFLAGS" WARNINGS="$GCC_WARNINGS" PIC="-fPIC" DYNTYPE=so - LD=ld - LD_L="$LD -x -shared" - RANLIB=ranlib + LD=gcc + LD_L="$CC -shared $LDFLAGS" + RANLIB=: STRIP=strip CC_STATIC="-Xlinker -export-dynamic" ;; @@ -321,7 +330,7 @@ if test "$GCC" = yes; then WARNINGS="$GCC_WARNINGS" PIC="-fPIC" DYNTYPE=so - LD=ld + LD=ld LD_L="$LD -x -shared" RANLIB=ranlib STRIP=strip @@ -330,7 +339,7 @@ if test "$GCC" = yes; then aix) OS_CFLAGS="" DYNTYPE=lo - LD=ld + LD=ld LD_L=ld -bexpall -bM:SRE -bnoentry LD_D="$LD_L" RANLIB=ranlib @@ -413,7 +422,7 @@ AC_FUNC_MEMCMP AC_FUNC_VPRINTF AC_CHECK_FUNCS(gethostname gettimeofday mkdir select strcspn strdup strerror strspn strstr strtol uname) -AC_CHECK_FUNCS(getpwnam_r getgrnam_r) +AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getgrouplist) dnl Checks for programs/utilities AC_CHECK_PROG(HAVE_SGML2TXT, sgml2txt, yes, no) diff --git a/Linux-PAM/doc/CREDITS b/Linux-PAM/doc/CREDITS index 1b40f7fd..528032bb 100644 --- a/Linux-PAM/doc/CREDITS +++ b/Linux-PAM/doc/CREDITS @@ -1,6 +1,6 @@ <!-- an sgml list of people to credit for their contributions to Linux-PAM - $Id: CREDITS,v 1.1.1.1 2001/04/29 04:16:27 hartmans Exp $ + $Id: CREDITS,v 1.2 2001/03/19 01:46:41 agmorgan Exp $ --> Chris Adams, Peter Allgeyer, diff --git a/Linux-PAM/doc/Makefile b/Linux-PAM/doc/Makefile index 20c2a23f..1c2ba510 100644 --- a/Linux-PAM/doc/Makefile +++ b/Linux-PAM/doc/Makefile @@ -1,5 +1,5 @@ -### $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:24 hartmans Exp $ +### $Id: Makefile,v 1.10 2004/09/22 09:37:47 kukuk Exp $ include ../Make.Rules @@ -25,7 +25,7 @@ dummy: # can type make pdf in this directory and see what happens in the pdf # subdirectory. -all: htmls texts postscript +all: htmls texts postscript pdf htmls: $(HTMLS) @@ -125,12 +125,12 @@ ifneq ($(PSER),) for file in ps/*.ps; do \ install -m 644 $$file $(FAKEROOT)$(DOCDIR)/ps ; \ done - ifeq ($(HAVE_PS2PDF),yes) - mkdir -p $(FAKEROOT)$(DOCDIR)/pdf - for file in pdf/*.pdf; do \ - install -m 644 $$file $(FAKEROOT)$(DOCDIR)/pdf ; \ - done - endif +ifeq ($(HAVE_PS2PDF),yes) + mkdir -p $(FAKEROOT)$(DOCDIR)/pdf + for file in pdf/*.pdf; do \ + install -m 644 $$file $(FAKEROOT)$(DOCDIR)/pdf ; \ + done +endif endif ifeq ($(HAVE_SGML2HTML),yes) mkdir -p $(FAKEROOT)$(DOCDIR)/html @@ -152,7 +152,9 @@ spec: specs/draft-morgan-pam.raw specs/formatter/padout < specs/draft-morgan-pam.raw > specs/draft-morgan-pam-current.txt releasedocs: all spec - tar zvfc Linux-PAM-$(MAJOR_REL).$(MINOR_REL)-docs.tar.gz --exclude CVS html ps txts specs/draft-morgan-pam-current.txt + tar zvfc Linux-PAM-$(MAJOR_REL).$(MINOR_REL)-docs.tar.gz \ + --exclude CVS --exclude .cvsignore --exclude '.#*' \ + html ps txts specs/draft-morgan-pam-current.txt clean: rm -f *~ *.bak diff --git a/Linux-PAM/doc/html/index.html b/Linux-PAM/doc/html/index.html index 8ab3b9ec..5cb1e0f0 100644 --- a/Linux-PAM/doc/html/index.html +++ b/Linux-PAM/doc/html/index.html @@ -17,5 +17,5 @@ currently not complete. However, in order of decreasing length: <hr> <p> -REVISION: <tt>$Id: index.html,v 1.1.1.1 2001/04/29 04:16:52 hartmans Exp $</tt> +REVISION: <tt>$Id: index.html,v 1.1.1.1 2000/06/20 22:10:56 agmorgan Exp $</tt> </BODY> diff --git a/Linux-PAM/doc/man/pam.8 b/Linux-PAM/doc/man/pam.8 index f2ef9c1f..81f9eb35 100644 --- a/Linux-PAM/doc/man/pam.8 +++ b/Linux-PAM/doc/man/pam.8 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam.8,v 1.1.1.1 2001/04/29 04:16:52 hartmans Exp $ +.\" $Id: pam.8,v 1.3 2003/09/25 17:49:29 baggins Exp $ .\" Copyright (c) Andrew G. Morgan 1996-7,2001 <morgan@kernel.org> .TH PAM 8 "2001 Jan 20" "Linux-PAM 0.74" "Linux-PAM Manual" .SH NAME @@ -231,6 +231,12 @@ only module in the stack associated with this .BR service "+" type "." .sp +New control directive first introduced in ALT Linux is +.BR include +- include all lines of given type from the configuration +file specified as an argument to this control. + +.sp For the more complicated syntax valid .B control values have the following form: diff --git a/Linux-PAM/doc/man/pam_authenticate.3 b/Linux-PAM/doc/man/pam_authenticate.3 index bc1cd5c9..7383f5f0 100644 --- a/Linux-PAM/doc/man/pam_authenticate.3 +++ b/Linux-PAM/doc/man/pam_authenticate.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_authenticate.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_authenticate.3,v 1.1.1.1 2000/06/20 22:10:57 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net> .TH PAM_AUTHENTICATE 3 "1996 Dec 9" "Linux-PAM 0.55" "App. Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_chauthtok.3 b/Linux-PAM/doc/man/pam_chauthtok.3 index 94a8f2d3..a0466f0f 100644 --- a/Linux-PAM/doc/man/pam_chauthtok.3 +++ b/Linux-PAM/doc/man/pam_chauthtok.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_chauthtok.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_chauthtok.3,v 1.1.1.1 2000/06/20 22:10:57 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> .TH PAM_CHAUTHTOK 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_fail_delay.3 b/Linux-PAM/doc/man/pam_fail_delay.3 index 63cc88b3..3b72f3d9 100644 --- a/Linux-PAM/doc/man/pam_fail_delay.3 +++ b/Linux-PAM/doc/man/pam_fail_delay.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_fail_delay.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_fail_delay.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> .TH PAM_FAIL_DELAY 3 "1997 Jan 12" "Linux-PAM 0.56" "Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_open_session.3 b/Linux-PAM/doc/man/pam_open_session.3 index 05ccbb88..53f6adf1 100644 --- a/Linux-PAM/doc/man/pam_open_session.3 +++ b/Linux-PAM/doc/man/pam_open_session.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_open_session.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_open_session.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> .TH PAM_OPEN_SESSION 3 "1997 Jan 4" "Linux-PAM 0.55" "App. Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_set_item.3 b/Linux-PAM/doc/man/pam_set_item.3 index ad759cfd..ddd081fe 100644 --- a/Linux-PAM/doc/man/pam_set_item.3 +++ b/Linux-PAM/doc/man/pam_set_item.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_set_item.3,v 1.1.1.1 2002/09/15 20:08:27 hartmans Exp $ +.\" $Id: pam_set_item.3,v 1.1 2001/12/08 19:02:48 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1996,1997 <morgan@kernel.org> .TH PAM_SET_ITEM 3 "2001 Jan 21" "Linux-PAM" "App. Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_setcred.3 b/Linux-PAM/doc/man/pam_setcred.3 index 9681690c..ea251405 100644 --- a/Linux-PAM/doc/man/pam_setcred.3 +++ b/Linux-PAM/doc/man/pam_setcred.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_setcred.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_setcred.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1996,1997 <morgan@parc.power.net> .TH PAM_SETCRED 3 "1997 July 6" "Linux-PAM 0.58" "App. Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_start.3 b/Linux-PAM/doc/man/pam_start.3 index 159bf201..a912cc75 100644 --- a/Linux-PAM/doc/man/pam_start.3 +++ b/Linux-PAM/doc/man/pam_start.3 @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: pam_start.3,v 1.1.1.1 2001/04/29 04:16:53 hartmans Exp $ +.\" $Id: pam_start.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@parc.power.net> .TH PAM_START 3 "1997 Feb 15" "Linux-PAM 0.56" "Application Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/pam_strerror.3 b/Linux-PAM/doc/man/pam_strerror.3 index 84622088..b2318f28 100644 --- a/Linux-PAM/doc/man/pam_strerror.3 +++ b/Linux-PAM/doc/man/pam_strerror.3 @@ -1,6 +1,6 @@ .\" Hey Emacs! This file is -*- nroff -*- source. .\" ripped off from Rick Faith's getgroups man page -.\" $Id: pam_strerror.3,v 1.1.1.1 2001/04/29 04:16:54 hartmans Exp $ +.\" $Id: pam_strerror.3,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1996-7 <morgan@linux.kernel.org> .TH PAM_STRERROR 3 "1999 Oct 4" "Linux-PAM 0.70" "Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/man/template-man b/Linux-PAM/doc/man/template-man index 5ba564a0..11e7a061 100644 --- a/Linux-PAM/doc/man/template-man +++ b/Linux-PAM/doc/man/template-man @@ -1,5 +1,5 @@ .\" Hey Emacs! This file is -*- nroff -*- source. -.\" $Id: template-man,v 1.1.1.1 2001/04/29 04:16:54 hartmans Exp $ +.\" $Id: template-man,v 1.1.1.1 2000/06/20 22:10:58 agmorgan Exp $ .\" Copyright (c) Andrew G. Morgan 1997 <morgan@parc.power.net> .TH PAM_???? 2 "1997 Jan 4" "Linux-PAM 0.55" "Application Programmers' Manual" .SH NAME diff --git a/Linux-PAM/doc/modules/README b/Linux-PAM/doc/modules/README index b81f1d26..653448f3 100644 --- a/Linux-PAM/doc/modules/README +++ b/Linux-PAM/doc/modules/README @@ -1,4 +1,4 @@ -$Id: README,v 1.1.1.2 2002/09/15 20:08:28 hartmans Exp $ +$Id: README,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This directory contains a number of sgml sub-files. One for each documented module. They contain a description of each module and give diff --git a/Linux-PAM/doc/modules/module.sgml-template b/Linux-PAM/doc/modules/module.sgml-template index 36ffe617..3fffc754 100644 --- a/Linux-PAM/doc/modules/module.sgml-template +++ b/Linux-PAM/doc/modules/module.sgml-template @@ -1,6 +1,6 @@ <!-- - $Id: module.sgml-template,v 1.1.1.1 2001/04/29 04:16:54 hartmans Exp $ + $Id: module.sgml-template,v 1.2 2001/02/11 07:52:56 agmorgan Exp $ This template file was written by Andrew G. Morgan <morgan@kernel.org> diff --git a/Linux-PAM/doc/modules/pam_chroot.sgml b/Linux-PAM/doc/modules/pam_chroot.sgml index 2bc3e8af..2366880e 100644 --- a/Linux-PAM/doc/modules/pam_chroot.sgml +++ b/Linux-PAM/doc/modules/pam_chroot.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_chroot.sgml,v 1.1.1.1 2001/04/29 04:16:55 hartmans Exp $ + $Id: pam_chroot.sgml,v 1.1.1.1 2000/06/20 22:10:59 agmorgan Exp $ This file was written by Bruce Campbell <brucec@humbug.org.au> --> diff --git a/Linux-PAM/doc/modules/pam_cracklib.sgml b/Linux-PAM/doc/modules/pam_cracklib.sgml index de1d5df2..d6fc0c56 100644 --- a/Linux-PAM/doc/modules/pam_cracklib.sgml +++ b/Linux-PAM/doc/modules/pam_cracklib.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_cracklib.sgml,v 1.1.1.2 2002/09/15 20:08:28 hartmans Exp $ + $Id: pam_cracklib.sgml,v 1.5 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> long password amendments are from Philip W. Dalrymple III <pwd@mdtsoft.com> diff --git a/Linux-PAM/doc/modules/pam_deny.sgml b/Linux-PAM/doc/modules/pam_deny.sgml index d8041d19..bf9dfd2b 100644 --- a/Linux-PAM/doc/modules/pam_deny.sgml +++ b/Linux-PAM/doc/modules/pam_deny.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_deny.sgml,v 1.1.1.2 2002/09/15 20:08:29 hartmans Exp $ + $Id: pam_deny.sgml,v 1.3 2002/05/10 04:03:02 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_env.sgml b/Linux-PAM/doc/modules/pam_env.sgml index 0ca18fe4..a6361cac 100644 --- a/Linux-PAM/doc/modules/pam_env.sgml +++ b/Linux-PAM/doc/modules/pam_env.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_env.sgml,v 1.1.1.1 2001/04/29 04:16:54 hartmans Exp $ + $Id: pam_env.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $ This file was written by Dave Kinchlea <kinch@kinch.ark.com> Ed. AGM diff --git a/Linux-PAM/doc/modules/pam_filter.sgml b/Linux-PAM/doc/modules/pam_filter.sgml index 1d582abc..e22ad9b6 100644 --- a/Linux-PAM/doc/modules/pam_filter.sgml +++ b/Linux-PAM/doc/modules/pam_filter.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_filter.sgml,v 1.1.1.2 2002/09/15 20:08:29 hartmans Exp $ + $Id: pam_filter.sgml,v 1.3 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_ftp.sgml b/Linux-PAM/doc/modules/pam_ftp.sgml index 3ea43713..cb4c4f33 100644 --- a/Linux-PAM/doc/modules/pam_ftp.sgml +++ b/Linux-PAM/doc/modules/pam_ftp.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_ftp.sgml,v 1.1.1.2 2002/09/15 20:08:29 hartmans Exp $ + $Id: pam_ftp.sgml,v 1.3 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_group.sgml b/Linux-PAM/doc/modules/pam_group.sgml index 770933bc..2d767275 100644 --- a/Linux-PAM/doc/modules/pam_group.sgml +++ b/Linux-PAM/doc/modules/pam_group.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_group.sgml,v 1.1.1.2 2002/09/15 20:08:30 hartmans Exp $ + $Id: pam_group.sgml,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_krb4.sgml b/Linux-PAM/doc/modules/pam_krb4.sgml index 2fc8518e..51a46522 100644 --- a/Linux-PAM/doc/modules/pam_krb4.sgml +++ b/Linux-PAM/doc/modules/pam_krb4.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_krb4.sgml,v 1.1.1.1 2001/04/29 04:16:55 hartmans Exp $ + $Id: pam_krb4.sgml,v 1.1.1.1 2000/06/20 22:11:01 agmorgan Exp $ This file was written by Derrick J. Brashear <shadow@DEMENTIA.ORG> --> diff --git a/Linux-PAM/doc/modules/pam_lastlog.sgml b/Linux-PAM/doc/modules/pam_lastlog.sgml index e79723b3..451bfaa2 100644 --- a/Linux-PAM/doc/modules/pam_lastlog.sgml +++ b/Linux-PAM/doc/modules/pam_lastlog.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_lastlog.sgml,v 1.1.1.1 2001/04/29 04:16:55 hartmans Exp $ + $Id: pam_lastlog.sgml,v 1.2 2001/02/17 01:55:38 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_limits.sgml b/Linux-PAM/doc/modules/pam_limits.sgml index 65ce6d82..22674d42 100644 --- a/Linux-PAM/doc/modules/pam_limits.sgml +++ b/Linux-PAM/doc/modules/pam_limits.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_limits.sgml,v 1.1.1.2 2002/09/15 20:08:31 hartmans Exp $ + $Id: pam_limits.sgml,v 1.7 2002/05/09 12:00:35 baggins Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> from information compiled by Cristian Gafton (author of module) diff --git a/Linux-PAM/doc/modules/pam_listfile.sgml b/Linux-PAM/doc/modules/pam_listfile.sgml index f39d8bc6..1284d1b6 100644 --- a/Linux-PAM/doc/modules/pam_listfile.sgml +++ b/Linux-PAM/doc/modules/pam_listfile.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_listfile.sgml,v 1.1.1.1 2001/04/29 04:16:56 hartmans Exp $ + $Id: pam_listfile.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $ This file was written by Michael K. Johnson <johnsonm@redhat.com> --> diff --git a/Linux-PAM/doc/modules/pam_mail.sgml b/Linux-PAM/doc/modules/pam_mail.sgml index 397df29e..c157659a 100644 --- a/Linux-PAM/doc/modules/pam_mail.sgml +++ b/Linux-PAM/doc/modules/pam_mail.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_mail.sgml,v 1.1.1.2 2002/09/15 20:08:31 hartmans Exp $ + $Id: pam_mail.sgml,v 1.4 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_mkhomedir.sgml b/Linux-PAM/doc/modules/pam_mkhomedir.sgml index 075e16f9..8428565d 100644 --- a/Linux-PAM/doc/modules/pam_mkhomedir.sgml +++ b/Linux-PAM/doc/modules/pam_mkhomedir.sgml @@ -46,7 +46,7 @@ Creates home directories on the fly for authenticated users. <descrip> <tag><bf>Recognized arguments:</bf></tag> -<tt/debug/; <tt/skel=skeleton-dir/; <tt/umask=octal-umask/; +<tt/skel=skeleton-dir/; <tt/umask=octal-umask/; <tag><bf>Description:</bf></tag> This module is useful for distributed systems where the user account is diff --git a/Linux-PAM/doc/modules/pam_nologin.sgml b/Linux-PAM/doc/modules/pam_nologin.sgml index e2463570..241c24f0 100644 --- a/Linux-PAM/doc/modules/pam_nologin.sgml +++ b/Linux-PAM/doc/modules/pam_nologin.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_nologin.sgml,v 1.1.1.2 2002/09/15 20:08:31 hartmans Exp $ + $Id: pam_nologin.sgml,v 1.3 2002/06/27 05:43:28 agmorgan Exp $ This file was written by Michael K. Johnson <johnsonm@redhat.com> --> diff --git a/Linux-PAM/doc/modules/pam_permit.sgml b/Linux-PAM/doc/modules/pam_permit.sgml index 969e6b84..1d6bbce4 100644 --- a/Linux-PAM/doc/modules/pam_permit.sgml +++ b/Linux-PAM/doc/modules/pam_permit.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_permit.sgml,v 1.1.1.2 2002/09/15 20:08:31 hartmans Exp $ + $Id: pam_permit.sgml,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_pwdb.sgml b/Linux-PAM/doc/modules/pam_pwdb.sgml index df0cb329..7b237d2e 100644 --- a/Linux-PAM/doc/modules/pam_pwdb.sgml +++ b/Linux-PAM/doc/modules/pam_pwdb.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_pwdb.sgml,v 1.1.1.2 2002/09/15 20:08:32 hartmans Exp $ + $Id: pam_pwdb.sgml,v 1.4 2002/07/11 05:43:50 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> @@ -99,7 +99,8 @@ login account required pam_pwdb.so <tt/try_first_pass/; <tt/nullok/; <tt/nodelay/; -<tt/likeauth/ +<tt/likeauth/; +<tt/noreap/ <tag><bf>Description:</bf></tag> @@ -137,7 +138,14 @@ password when it is stored in a read protected database. This binary is very simple and will only check the password of the user invoking it. It is called transparently on behalf of the user by the authenticating component of this module. In this way it is possible -for applications like <em>xlock</em> to work without being setuid-root. +for applications like <em>xlock</em> to work without being +setuid-root. The module, by default, will temporarily turn off +<tt/SIGCHLD/ handling for the duration of execution of the helper +binary. This is generally the right thing to do, as many applications +are not prepared to handle this signal from a child they didn't know +was <tt/fork()/d. The <tt/noreap/ module argument can be used to +suppress this temporary shielding and may be needed for use with +certain applications. <p> The <tt>likeauth</tt> argument makes the module return the same value diff --git a/Linux-PAM/doc/modules/pam_radius.sgml b/Linux-PAM/doc/modules/pam_radius.sgml index b452bebd..8ebfa0a8 100644 --- a/Linux-PAM/doc/modules/pam_radius.sgml +++ b/Linux-PAM/doc/modules/pam_radius.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_radius.sgml,v 1.1.1.1 2001/04/29 04:16:57 hartmans Exp $ + $Id: pam_radius.sgml,v 1.2 2001/03/19 01:46:41 agmorgan Exp $ This file was written by Cristian Gafton <gafton@redhat.com> --> diff --git a/Linux-PAM/doc/modules/pam_rhosts.sgml b/Linux-PAM/doc/modules/pam_rhosts.sgml index 4b9d1a89..ded5697b 100644 --- a/Linux-PAM/doc/modules/pam_rhosts.sgml +++ b/Linux-PAM/doc/modules/pam_rhosts.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_rhosts.sgml,v 1.1.1.2 2002/09/15 20:08:32 hartmans Exp $ + $Id: pam_rhosts.sgml,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_rootok.sgml b/Linux-PAM/doc/modules/pam_rootok.sgml index e882f4d5..b5ae6921 100644 --- a/Linux-PAM/doc/modules/pam_rootok.sgml +++ b/Linux-PAM/doc/modules/pam_rootok.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_rootok.sgml,v 1.1.1.2 2002/09/15 20:08:32 hartmans Exp $ + $Id: pam_rootok.sgml,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_securetty.sgml b/Linux-PAM/doc/modules/pam_securetty.sgml index f500b8b2..fc89af23 100644 --- a/Linux-PAM/doc/modules/pam_securetty.sgml +++ b/Linux-PAM/doc/modules/pam_securetty.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_securetty.sgml,v 1.1.1.1 2001/04/29 04:16:57 hartmans Exp $ + $Id: pam_securetty.sgml,v 1.1.1.1 2000/06/20 22:11:04 agmorgan Exp $ This file was written by Michael K. Johnson <johnsonm@redhat.com> --> diff --git a/Linux-PAM/doc/modules/pam_tally.sgml b/Linux-PAM/doc/modules/pam_tally.sgml index a2d03435..ee6fad46 100644 --- a/Linux-PAM/doc/modules/pam_tally.sgml +++ b/Linux-PAM/doc/modules/pam_tally.sgml @@ -1,6 +1,6 @@ <!-- - $Id: pam_tally.sgml,v 1.1.1.1 2001/04/29 04:16:57 hartmans Exp $ + $Id: pam_tally.sgml,v 1.3 2005/01/16 22:12:25 toady Exp $ This template file was written by Andrew G. Morgan <morgan@kernel.org> adapted from text provided by Tim Baverstock. @@ -18,6 +18,7 @@ pam_tally <tag><bf>Author[s]:</bf></tag> Tim Baverstock +Tomas Mraz <tag><bf>Maintainer:</bf></tag> @@ -61,9 +62,7 @@ want to use the supplied appliction. <p> Note, there are some outstanding issues with this module: <tt>pam_tally</tt> is very dependant on <tt>getpw*()</tt> - a database -of usernames would be much more flexible; the `keep a count of current -logins' bit has been <tt>#ifdef</tt>'d out and you can only reset the -counter on successful authentication, for now. +of usernames would be much more flexible <sect3>Generic options accepted by both components <p> @@ -74,6 +73,11 @@ counter on successful authentication, for now. <item> <tt>file=</tt><em>/where/to/keep/counts</em>: specify the file location for the counts. The default location is <tt>/var/log/faillog</tt>. +<item> <tt>audit</tt>: + display the username typed if the user is not found. It may be + useful for scripts, but you should know users often type their + password instead making your system weaker. Activate it only if you + know what you are doing. </itemize> <sect2>Authentication component @@ -84,23 +88,46 @@ counter on successful authentication, for now. <tag><bf>Recognized arguments:</bf></tag> <tt>onerr=</tt>(<tt>succeed</tt>|<tt>fail</tt>); <tt>file=</tt>/where/to/keep/counts; -<tt>no_magic_root</tt> +<tt>deny=</tt><em>n</em>; +<tt>lock_time=</tt><em>n</em>; +<tt>unlock_time=</tt><em>n</em>; +<tt>magic_root</tt>; +<tt>even_deny_root_account</tt>; +<tt>per_user</tt>; +<tt>no_lock_time</tt> +<tt>no_reset</tt>; <tag><bf>Description:</bf></tag> <p> -The authentication component of this module increments the attempted -login counter. +The authentication component first checks if the user should be denied +access and if not it increments attempted login counter. +Then on call to <tt>pam_setcred</tt> it resets the attempts counter +if the user is NOT magic root. <p> <tag><bf>Examples/suggested usage:</bf></tag> <p> -The module argument <tt>no_magic_root</tt> is used to indicate that if -the module is invoked by a user with uid=0, then the counter is -incremented. The sys-admin should use this for daemon-launched -services, like <tt>telnet</tt>/<tt>rsh</tt>/<tt>login</tt>. For user -launched services, like <tt>su</tt>, this argument should be omitted. +The <tt>deny=</tt><em>n</em> option is used to deny access if tally +for this user exceeds <em>n</em>. + +<p> +The <tt>lock_time=</tt><em>n</em> option is used to always deny access +for at least <em>n</em> seconds after a failed attempt. + +<p> +The <tt>unlock_time=</tt><em>n</em> option is used to allow access after +<em>n</em> seconds after the last failed attempt with exceeded tally. +If this option is used the user will be locked out only for the specified +amount of time after he exceeded his maximum allowed attempts. Otherwise +the lock is removed only by a manual intervention of the system administrator. + +<p> +The <tt>magic_root</tt> option is used to indicate that if +the module is invoked by a user with uid=0, then the counter is not +incremented. The sys-admin should use this for user launched services, +like <tt>su</tt>, otherwise this argument should be omitted. <p> By way of more explanation, when a process already running as root @@ -109,9 +136,33 @@ bypasses <tt>pam_tally</tt>'s checks: this is handy for <tt>su</tt>ing from root into an account otherwise blocked. However, for services like <tt>telnet</tt> or <tt>login</tt>, which always effectively run from the root account, root (ie everyone) shouldn't be granted this -magic status, and the flag `no_magic_root' should be set in this +magic status, and the flag `magic_root' should not be set in this situation, as noted in the summary above. +<p> +Normally, failed attempts to access root will <bf>NOT</bf> cause the +root account to become blocked, to prevent denial-of-service: if your +users aren't given shell accounts and root may only login via +<tt>su</tt> or at the machine console (not +<tt>telnet</tt>/<tt>rsh</tt>, etc), this is safe. If you really want +root to be blocked for some given service, use +<tt>even_deny_root_account</tt>. + +<p> +If <tt>/var/log/faillog</tt> contains a non-zero <tt>.fail_max/.fail_locktime</tt> +field for this user then the <tt>per_user</tt> module argument will +ensure that the module uses this value and not the global +<tt>deny/lock_time=</tt><em>n</em> parameter. + +<p> +The <tt>no_lock_time</tt> option is for ensuring that the module does +not use the <tt>.fail_locktime</tt> field in /var/log/faillog for this +user. + +<p> +The <tt>no_reset</tt> option is used to instruct the module to not reset +the count on successful entry. + </descrip> <sect2>Account component @@ -122,67 +173,28 @@ situation, as noted in the summary above. <tag><bf>Recognized arguments:</bf></tag> <tt>onerr=</tt>(<tt>succeed</tt>|<tt>fail</tt>); <tt>file=</tt>/where/to/keep/counts; -<tt>deny=</tt><em>n</em>; -<tt>no_magic_root</tt>; -<tt>even_deny_root_account</tt>; -<tt>reset</tt>; +<tt>magic_root</tt>; <tt>no_reset</tt>; -<tt>per_user</tt>; -<tt>no_lock_time</tt> <tag><bf>Description:</bf></tag> <p> -The account component can deny access and/or reset the attempts -counter. It also checks to make sure that the counts file is a plain -file and not world writable. +The account component resets attempts counter if the user is NOT +magic root. This phase can be used optionaly for services which don't call +pam_setcred correctly or if the reset should be done regardless +of the failure of the account phase of other modules. <tag><bf>Examples/suggested usage:</bf></tag> <p> -The <tt>deny=</tt><em>n</em> option is used to deny access if tally -for this user exceeds <em>n</em>. The presence of -<tt>deny=</tt><em>n</em> changes the default for -<tt>reset</tt>/<tt>no_reset</tt> to <tt>reset</tt>, unless the user -trying to gain access is root and the <tt>no_magic_root</tt> option -has NOT been specified. +The <tt>magic_root</tt> option is used to indicate that if +the module is invoked by a user with uid=0, then the counter is not +decremented/reset. The sys-admin should use this for user launched services, +like <tt>su</tt>, otherwise this argument should be omitted. <p> -The <tt>no_magic_root</tt> option ensures that access attempts by root -DON'T ignore deny. Use this for daemon-based stuff, like -<tt>telnet</tt>/<tt>rsh</tt>/<tt>login</tt>. - -<p> -The <tt>even_deny_root_account</tt> option is used to ensure that the -root account can become unavailable. <bf>Note</bf> that magic root -trying to gain root bypasses this, but normal users can be locked out. - -<p> -The <tt>reset</tt> option instructs the module to reset count to 0 on -successful entry, even for magic root. The <tt>no_reset</tt> option is -used to instruct the module to not reset the count on successful -entry. This is the default unless <tt>deny</tt> exists and the user -attempting access is NOT magic root. - -<p> -If <tt>/var/log/faillog</tt> contains a non-zero <tt>.fail_max</tt> -field for this user then the <tt>per_user</tt> module argument will -ensure that the module uses this value and not the global -<tt>deny=</tt><em>n</em> parameter. - -<p> -The <tt>no_lock_time</tt> option is for ensuring that the module does -not use the <tt>.fail_locktime</tt> field in /var/log/faillog for this -user. - -<p> -Normally, failed attempts to access root will <bf>NOT</bf> cause the -root account to become blocked, to prevent denial-of-service: if your -users aren't given shell accounts and root may only login via -<tt>su</tt> or at the machine console (not -<tt>telnet</tt>/<tt>rsh</tt>, etc), this is safe. If you really want -root to be blocked for some given service, use -<tt>even_deny_root_account</tt>. +The <tt>no_reset</tt> option is used to instruct the module to not reset +the count on successful entry. </descrip> diff --git a/Linux-PAM/doc/modules/pam_time.sgml b/Linux-PAM/doc/modules/pam_time.sgml index 785f76c2..ef761223 100644 --- a/Linux-PAM/doc/modules/pam_time.sgml +++ b/Linux-PAM/doc/modules/pam_time.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_time.sgml,v 1.1.1.2 2002/09/15 20:08:33 hartmans Exp $ + $Id: pam_time.sgml,v 1.4 2002/05/10 04:03:02 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_unix.sgml b/Linux-PAM/doc/modules/pam_unix.sgml index 286cd3f8..86c584a8 100644 --- a/Linux-PAM/doc/modules/pam_unix.sgml +++ b/Linux-PAM/doc/modules/pam_unix.sgml @@ -97,7 +97,8 @@ login account required pam_unix.so <tt/use_first_pass/; <tt/try_first_pass/; <tt/nullok/; -<tt/nodelay/ +<tt/nodelay/; +<tt/noreap/ <tag><bf>Description:</bf></tag> @@ -126,17 +127,24 @@ authentication as a whole fail. The default action is for the module to request a delay-on-failure of the order of one second. <p> -Remaining arguments, supported by the other functions of this module, -are silently ignored. Other arguments are logged as errors through -<tt/syslog(3)/. - -<p> A helper binary, <tt>unix_chkpwd</tt>, is provided to check the user's password when it is stored in a read protected database. This binary is very simple and will only check the password of the user invoking it. It is called transparently on behalf of the user by the authenticating component of this module. In this way it is possible -for applications like <em>xlock</em> to work without being setuid-root. +for applications like <em>xlock</em> to work without being +setuid-root. The module, by default, will temporarily turn off +<tt/SIGCHLD/ handling for the duration of execution of the helper +binary. This is generally the right thing to do, as many applications +are not prepared to handle this signal from a child they didn't know +was <tt/fork()/d. The <tt/noreap/ module argument can be used to +suppress this temporary shielding and may be needed for use with +certain applications. + +<p> +Remaining arguments, supported by the other functions of this module, +are silently ignored. Other arguments are logged as errors through +<tt/syslog(3)/. <tag><bf>Examples/suggested usage:</bf></tag> diff --git a/Linux-PAM/doc/modules/pam_userdb.sgml b/Linux-PAM/doc/modules/pam_userdb.sgml index bdbf80b8..155a2668 100644 --- a/Linux-PAM/doc/modules/pam_userdb.sgml +++ b/Linux-PAM/doc/modules/pam_userdb.sgml @@ -50,6 +50,8 @@ what is contained in that database. <tt/icase/; <tt/dump/; <tt/db=XXXX/; +<tt/use_authtok/; +<tt/unknown_ok/; <tag><bf>Description:</bf></tag> @@ -59,7 +61,7 @@ fields corresponding to the username keys are the passwords, in unencrypted form so caution must be exercised over the access rights to the DB database itself.. The module will read the password from the user using the conversation mechanism. If -you are using this module on top of another authetication module (like <tt/pam_pwdb/;) +you are using this module on top of another authentication module (like <tt/pam_pwdb/;) then you should tell that module to read the entered password from the PAM_AUTHTOK field, which is set by this module. <p> @@ -85,6 +87,18 @@ use the database found on pathname XXXX. Note that Berkeley DB usually adds the needed filename extension for you, so you should use something like <tt>/etc/foodata</tt> instead of <tt>/etc/foodata.db</tt>. +<item> <tt/use_authtok/ - +use the authentication token previously obtained by another module that did the +conversation with the application. If this token can not be obtained then +the module will try to converse again. This option can be used for stacking +different modules that need to deal with the authentication tokens. + +<item> +<tt/unknown_ok/ - +do not return error when checking for a user that is not in the database. +This can be used to stack more than one pam_userdb module that will check a +username/password pair in more than a database. + </itemize> <tag><bf>Examples/suggested usage:</bf></tag> diff --git a/Linux-PAM/doc/modules/pam_warn.sgml b/Linux-PAM/doc/modules/pam_warn.sgml index caedf873..b015554d 100644 --- a/Linux-PAM/doc/modules/pam_warn.sgml +++ b/Linux-PAM/doc/modules/pam_warn.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_warn.sgml,v 1.1.1.2 2002/09/15 20:08:33 hartmans Exp $ + $Id: pam_warn.sgml,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> --> diff --git a/Linux-PAM/doc/modules/pam_wheel.sgml b/Linux-PAM/doc/modules/pam_wheel.sgml index cc064120..e4dc501a 100644 --- a/Linux-PAM/doc/modules/pam_wheel.sgml +++ b/Linux-PAM/doc/modules/pam_wheel.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_wheel.sgml,v 1.1.1.2 2002/09/15 20:08:33 hartmans Exp $ + $Id: pam_wheel.sgml,v 1.3 2002/07/13 05:48:19 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> from notes provided by Cristian Gafton. @@ -22,7 +22,7 @@ Cristian Gafton <gafton@redhat.com> Author. <tag><bf>Management groups provided:</bf></tag> -authentication +authentication; account <tag><bf>Cryptographically sensitive:</bf></tag> @@ -31,7 +31,6 @@ authentication <tag><bf>Clean code base:</bf></tag> <tag><bf>System dependencies:</bf></tag> -Requires libpwdb. <tag><bf>Network aware:</bf></tag> @@ -42,7 +41,7 @@ Requires libpwdb. <p> Only permit root access to members of the wheel (<tt/gid=0/) group. -<sect2>Authentication component +<sect2>Authentication and Account components <p> <descrip> @@ -56,13 +55,17 @@ Only permit root access to members of the wheel (<tt/gid=0/) group. <tag><bf>Description:</bf></tag> -This module is used to enforce the so-called <em/wheel/ group. By +This module is used to enforce the so-called <em/wheel/ group. By default, it permits root access to the system if the applicant user is a member of the <tt/wheel/ group (first, the module checks for the existence of a '<tt/wheel/' group. Otherwise the module defines the group with group-id <tt/0/ to be the <em/wheel/ group). <p> +The module can be used as either an '<tt/auth/' or an '<tt/account/' +module. + +<p> The action of the module may be modified from this default by one or more of the following flags in the <tt>/etc/pam.conf</tt> file. <itemize> @@ -88,10 +91,13 @@ password. <bf/USE WITH CARE/. <item> <tt/deny/ - -This is used to reverse the logic of the module's behavior. -If the user is trying to get <tt/uid=0/ access and is a member of the wheel +This is used to reverse the logic of the module's behavior. If the +user is trying to get <tt/uid=0/ access and is a member of the wheel group, deny access (for the wheel group, this is perhaps nonsense!): it is intended for use in conjunction with the <tt/group=/ argument... +Conversely, if the user is not in the group, return <tt/PAM_IGNORE/ +(unless <tt/trust/ was also specified, in which case we return +<tt/PAM_SUCCESS/). <item> <tt/group=XXXX/ - @@ -114,7 +120,7 @@ file: # su auth sufficient pam_rootok.so su auth required pam_wheel.so -su auth required pam_unix_auth.so +su auth required pam_unix.so </verb> </tscreen> diff --git a/Linux-PAM/doc/pam_appl.sgml b/Linux-PAM/doc/pam_appl.sgml index f6d35b4e..33fdcba6 100644 --- a/Linux-PAM/doc/pam_appl.sgml +++ b/Linux-PAM/doc/pam_appl.sgml @@ -2,7 +2,7 @@ <!-- - $Id: pam_appl.sgml,v 1.1.1.2 2002/09/15 20:08:24 hartmans Exp $ + $Id: pam_appl.sgml,v 1.10 2004/09/22 09:37:47 kukuk Exp $ Copyright (C) Andrew G. Morgan 1996-2001. All rights reserved. @@ -442,12 +442,7 @@ However, the application should expect one of the following errors: </descrip> <p> -Note, in the case of an error, the contents of <tt/item/ is not -modified - that is, it retains its pre-call value. One should take -care to initialize this value prior to calling -<tt/pam_get_item()/. Since, if its value - despite the -<tt/pam_get_item()/ function failing - is to be used the consequences -are undefined. +In the case of an error, the contents of <tt/item/ is set to <tt/NULL/. <sect2>Understanding errors <label id="pam-strerror-section"> @@ -1664,7 +1659,7 @@ This document was written by Andrew G. Morgan <!-- insert credits here --> <!-- an sgml list of people to credit for their contributions to Linux-PAM - $Id: pam_appl.sgml,v 1.1.1.2 2002/09/15 20:08:24 hartmans Exp $ + $Id: pam_appl.sgml,v 1.10 2004/09/22 09:37:47 kukuk Exp $ --> Chris Adams, Peter Allgeyer, @@ -1777,6 +1772,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <p> -<tt>$Id: pam_appl.sgml,v 1.1.1.2 2002/09/15 20:08:24 hartmans Exp $</tt> +<tt>$Id: pam_appl.sgml,v 1.10 2004/09/22 09:37:47 kukuk Exp $</tt> </article> diff --git a/Linux-PAM/doc/pam_modules.sgml b/Linux-PAM/doc/pam_modules.sgml index c67dd448..9d77b25f 100644 --- a/Linux-PAM/doc/pam_modules.sgml +++ b/Linux-PAM/doc/pam_modules.sgml @@ -2,7 +2,7 @@ <!-- - $Id: pam_modules.sgml,v 1.1.1.2 2002/09/15 20:08:25 hartmans Exp $ + $Id: pam_modules.sgml,v 1.9 2002/05/10 06:00:12 agmorgan Exp $ Copyright (c) Andrew G. Morgan 1996-2001. All rights reserved. @@ -1386,7 +1386,7 @@ This document was written by Andrew G. Morgan <!-- insert credits here --> <!-- an sgml list of people to credit for their contributions to Linux-PAM - $Id: pam_modules.sgml,v 1.1.1.2 2002/09/15 20:08:25 hartmans Exp $ + $Id: pam_modules.sgml,v 1.9 2002/05/10 06:00:12 agmorgan Exp $ --> Chris Adams, Peter Allgeyer, @@ -1500,6 +1500,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <p> -<tt>$Id: pam_modules.sgml,v 1.1.1.2 2002/09/15 20:08:25 hartmans Exp $</tt> +<tt>$Id: pam_modules.sgml,v 1.9 2002/05/10 06:00:12 agmorgan Exp $</tt> </article> diff --git a/Linux-PAM/doc/pam_source.sgml b/Linux-PAM/doc/pam_source.sgml index 0b7fcb8f..9ec0bbe6 100644 --- a/Linux-PAM/doc/pam_source.sgml +++ b/Linux-PAM/doc/pam_source.sgml @@ -2,7 +2,7 @@ <!-- - $Id: pam_source.sgml,v 1.1.1.2 2002/09/15 20:08:25 hartmans Exp $ + $Id: pam_source.sgml,v 1.13 2004/09/28 13:48:46 kukuk Exp $ Copyright (c) Andrew G. Morgan 1996-2002. All rights reserved. @@ -46,7 +46,7 @@ DAMAGE. <title>The Linux-PAM System Administrators' Guide <author>Andrew G. Morgan, <tt>morgan@kernel.org</tt> -<date>DRAFT v0.76 2002/06/26 +<date>DRAFT v0.77 2002/07/10 <abstract> This manual documents what a system-administrator needs to know about the <bf>Linux-PAM</bf> library. It covers the correct syntax of the @@ -268,7 +268,7 @@ that this enables. be used, including RADIUS, NIS, NCP (which means that Novell password databases can be used). - o pppd has a PAMified version (available from RedHat) Now it is + o pppd has a PAMified version (available from Red Hat) Now it is possible to use a series of databases to authenticate ppp users. In addition to the normal Linux-based password databases (such as /etc/passwd and /etc/shadow), you can use PAM modules to @@ -437,8 +437,8 @@ with one of two syntaxes. The simpler (and historical) syntax for the control-flag is a single keyword defined to indicate the severity of concern associated with the success or failure of a specific module. There are four such -keywords: <tt/required/, <tt/requisite/, <tt/sufficient/ and -<tt/optional/. +keywords: <tt/required/, <tt/requisite/, <tt/sufficient/, +<tt/optional/ and <tt/include/. <p> The Linux-PAM library interprets these keywords in the following @@ -481,6 +481,12 @@ determine the nature of the response to the application. One example of this latter case, is when the other modules return something like <tt/PAM_IGNORE/. +<item> <tt/include/; this tells PAM to include all lines of given type +from the configuration file specified as an argument to this control. +The whole idea is to create few "systemwide" pam configs and include +parts of them in application pam configs. + + </itemize> <p> @@ -1155,6 +1161,6 @@ USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <p> -<tt>$Id: pam_source.sgml,v 1.1.1.2 2002/09/15 20:08:25 hartmans Exp $</tt> +<tt>$Id: pam_source.sgml,v 1.13 2004/09/28 13:48:46 kukuk Exp $</tt> </article> diff --git a/Linux-PAM/doc/pdf/README b/Linux-PAM/doc/pdf/README index 6a2f085e..5cae4e68 100644 --- a/Linux-PAM/doc/pdf/README +++ b/Linux-PAM/doc/pdf/README @@ -1,3 +1,3 @@ -$Id: README,v 1.1.1.1 2002/09/15 20:08:34 hartmans Exp $ +$Id: README,v 1.1 2002/05/29 04:14:11 agmorgan Exp $ a directory for PDF versions of the documentation diff --git a/Linux-PAM/doc/ps/README b/Linux-PAM/doc/ps/README index 5f7d2f34..18ab6329 100644 --- a/Linux-PAM/doc/ps/README +++ b/Linux-PAM/doc/ps/README @@ -1,3 +1,3 @@ -$Id: README,v 1.1.1.2 2002/09/15 20:08:34 hartmans Exp $ +$Id: README,v 1.2 2001/11/27 05:37:30 agmorgan Exp $ this is the directory for the PostScript documentation diff --git a/Linux-PAM/doc/specs/draft-morgan-pam.raw b/Linux-PAM/doc/specs/draft-morgan-pam.raw index cd829a17..2d55048e 100644 --- a/Linux-PAM/doc/specs/draft-morgan-pam.raw +++ b/Linux-PAM/doc/specs/draft-morgan-pam.raw @@ -761,4 +761,4 @@ The email list for discussing issues related to this document is Andrew G. Morgan Email: morgan@kernel.org -## $Id: draft-morgan-pam.raw,v 1.1.1.2 2002/09/15 20:08:34 hartmans Exp $ ## +## $Id: draft-morgan-pam.raw,v 1.2 2001/12/08 18:56:47 agmorgan Exp $ ## diff --git a/Linux-PAM/doc/specs/std-agent-id.raw b/Linux-PAM/doc/specs/std-agent-id.raw index 61d5bc4a..c97ce975 100644 --- a/Linux-PAM/doc/specs/std-agent-id.raw +++ b/Linux-PAM/doc/specs/std-agent-id.raw @@ -1,6 +1,6 @@ PAM working group ## A.G. Morgan -## $Id: std-agent-id.raw,v 1.1.1.1 2002/09/15 20:08:34 hartmans Exp $ ## +## $Id: std-agent-id.raw,v 1.1 2001/12/08 18:56:47 agmorgan Exp $ ## ## Pluggable Authentication Modules ## diff --git a/Linux-PAM/doc/txts/README b/Linux-PAM/doc/txts/README index 785f59f8..f63820cf 100644 --- a/Linux-PAM/doc/txts/README +++ b/Linux-PAM/doc/txts/README @@ -1,3 +1,3 @@ -$Id: README,v 1.1.1.1 2001/04/29 04:17:03 hartmans Exp $ +$Id: README,v 1.1.1.1 2000/06/20 22:11:12 agmorgan Exp $ This is a directory for text versions of the pam documentation diff --git a/Linux-PAM/dynamic/Makefile b/Linux-PAM/dynamic/Makefile index 72d5a08a..e1e4f89e 100644 --- a/Linux-PAM/dynamic/Makefile +++ b/Linux-PAM/dynamic/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2002/09/15 20:08:35 hartmans Exp $ +# $Id: Makefile,v 1.1 2001/12/09 22:51:12 agmorgan Exp $ # # diff --git a/Linux-PAM/dynamic/pam.c b/Linux-PAM/dynamic/pam.c index c7b158d7..e0a51c32 100644 --- a/Linux-PAM/dynamic/pam.c +++ b/Linux-PAM/dynamic/pam.c @@ -1,5 +1,5 @@ /* - * $Id: pam.c,v 1.1.1.1 2002/09/15 20:08:35 hartmans Exp $ + * $Id: pam.c,v 1.1 2001/12/09 22:51:12 agmorgan Exp $ * * If you want to dynamically load libpam using dlopen() or something, * then dlopen( ' this shared object ' ); It takes care of exporting diff --git a/Linux-PAM/examples/Makefile b/Linux-PAM/examples/Makefile index a55f1d21..3ffea528 100644 --- a/Linux-PAM/examples/Makefile +++ b/Linux-PAM/examples/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:35 hartmans Exp $ +# $Id: Makefile,v 1.6 2002/06/27 04:04:54 agmorgan Exp $ # include ../Make.Rules diff --git a/Linux-PAM/examples/blank.c b/Linux-PAM/examples/blank.c index e4129b4b..20896b5c 100644 --- a/Linux-PAM/examples/blank.c +++ b/Linux-PAM/examples/blank.c @@ -1,5 +1,5 @@ /* - * $Id: blank.c,v 1.1.1.1 2001/04/29 04:17:04 hartmans Exp $ + * $Id: blank.c,v 1.2 2000/12/04 19:02:33 baggins Exp $ */ /* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank' diff --git a/Linux-PAM/examples/check_user.c b/Linux-PAM/examples/check_user.c index 295d6715..cb539c4e 100644 --- a/Linux-PAM/examples/check_user.c +++ b/Linux-PAM/examples/check_user.c @@ -1,5 +1,5 @@ /* - $Id: check_user.c,v 1.1.1.1 2001/04/29 04:17:04 hartmans Exp $ + $Id: check_user.c,v 1.2 2000/12/04 19:02:33 baggins Exp $ This program was contributed by Shane Watts <shane@icarus.bofh.asn.au> slight modifications by AGM. diff --git a/Linux-PAM/examples/xsh.c b/Linux-PAM/examples/xsh.c index 0e092402..3f5246f5 100644 --- a/Linux-PAM/examples/xsh.c +++ b/Linux-PAM/examples/xsh.c @@ -1,18 +1,18 @@ /* - * $Id: xsh.c,v 1.1.1.2 2002/09/15 20:08:35 hartmans Exp $ + * $Id: xsh.c,v 1.7 2004/09/24 09:18:21 kukuk Exp $ */ /* Andrew Morgan (morgan@kernel.org) -- an example application * that invokes a shell, based on blank.c */ +#include <security/_pam_aconf.h> + #include <stdio.h> #include <stdlib.h> #include <security/pam_appl.h> #include <security/pam_misc.h> -#include <security/_pam_aconf.h> - #include <pwd.h> #include <sys/types.h> #include <unistd.h> @@ -155,7 +155,7 @@ int main(int argc, char **argv) fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } - + /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred"); diff --git a/Linux-PAM/install-sh b/Linux-PAM/install-sh new file mode 100755 index 00000000..b777f124 --- /dev/null +++ b/Linux-PAM/install-sh @@ -0,0 +1,322 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2004-07-05.00 + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +chmodcmd="$chmodprog 0755" +chowncmd= +chgrpcmd= +stripcmd= +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src= +dst= +dir_arg= +dstarg= +no_target_directory= + +usage="Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: +-c (ignored) +-d create directories instead of installing files. +-g GROUP $chgrpprog installed files to GROUP. +-m MODE $chmodprog installed files to MODE. +-o USER $chownprog installed files to USER. +-s $stripprog installed files. +-t DIRECTORY install into DIRECTORY. +-T report an error if DSTFILE is a directory. +--help display this help and exit. +--version display version info and exit. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG +" + +while test -n "$1"; do + case $1 in + -c) shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + --help) echo "$usage"; exit 0;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -s) stripcmd=$stripprog + shift + continue;; + + -t) dstarg=$2 + shift + shift + continue;; + + -T) no_target_directory=true + shift + continue;; + + --version) echo "$0 $scriptversion"; exit 0;; + + *) # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + test -n "$dir_arg$dstarg" && break + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dstarg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dstarg" + shift # fnord + fi + shift # arg + dstarg=$arg + done + break;; + esac +done + +if test -z "$1"; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src ;; + esac + + if test -n "$dir_arg"; then + dst=$src + src= + + if test -d "$dst"; then + mkdircmd=: + chmodcmd= + else + mkdircmd=$mkdirprog + fi + else + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dstarg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dstarg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst ;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dstarg: Is a directory" >&2 + exit 1 + fi + dst=$dst/`basename "$src"` + fi + fi + + # This sed command emulates the dirname command. + dstdir=`echo "$dst" | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + + # Make sure that the destination directory exists. + + # Skip lots of stat calls in the usual case. + if test ! -d "$dstdir"; then + defaultIFS=' + ' + IFS="${IFS-$defaultIFS}" + + oIFS=$IFS + # Some sh's can't handle IFS=/ for some reason. + IFS='%' + set - `echo "$dstdir" | sed -e 's@/@%@g' -e 's@^%@/@'` + IFS=$oIFS + + pathcomp= + + while test $# -ne 0 ; do + pathcomp=$pathcomp$1 + shift + if test ! -d "$pathcomp"; then + $mkdirprog "$pathcomp" + # mkdir can fail with a `File exist' error in case several + # install-sh are creating the directory concurrently. This + # is OK. + test -d "$pathcomp" || exit + fi + pathcomp=$pathcomp/ + done + fi + + if test -n "$dir_arg"; then + $doit $mkdircmd "$dst" \ + && { test -z "$chowncmd" || $doit $chowncmd "$dst"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dst"; } \ + && { test -z "$chmodcmd" || $doit $chmodcmd "$dst"; } + + else + dstfile=`basename "$dst"` + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'status=$?; rm -f "$dsttmp" "$rmtmp" && exit $status' 0 + trap '(exit $?); exit' 1 2 13 15 + + # Copy the file name to the temp name. + $doit $cpprog "$src" "$dsttmp" && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } \ + && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } \ + && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } \ + && { test -z "$chmodcmd" || $doit $chmodcmd "$dsttmp"; } && + + # Now rename the file to the real destination. + { $doit $mvcmd -f "$dsttmp" "$dstdir/$dstfile" 2>/dev/null \ + || { + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + if test -f "$dstdir/$dstfile"; then + $doit $rmcmd -f "$dstdir/$dstfile" 2>/dev/null \ + || $doit $mvcmd -f "$dstdir/$dstfile" "$rmtmp" 2>/dev/null \ + || { + echo "$0: cannot unlink or rename $dstdir/$dstfile" >&2 + (exit 1); exit + } + else + : + fi + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dstdir/$dstfile" + } + } + fi || { (exit 1); exit; } +done + +# The final little trick to "correctly" pass the exit status to the exit trap. +{ + (exit 0); exit +} + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/Linux-PAM/libpam/Makefile b/Linux-PAM/libpam/Makefile index 2c0813f7..94d92de6 100644 --- a/Linux-PAM/libpam/Makefile +++ b/Linux-PAM/libpam/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:36 hartmans Exp $ +# $Id: Makefile,v 1.12 2005/03/29 20:41:20 toady Exp $ # # @@ -10,9 +10,15 @@ MOREFLAGS=-D"DEFAULT_MODULE_PATH=\"$(SECUREDIR)/\"" ifeq ($(WITH_LIBDEBUG),yes) LIBNAME=libpamd + CFLAGS += -D"DEBUG" + CFLAGS += -g else LIBNAME=libpam endif +ifeq ($(WITH_PRELUDE),yes) + CFLAGS += -DPRELUDE -DLIBPRELUDE_CONFIG_PREFIX=\"`libprelude-config --prefix`\" + LINKLIBS += -lprelude +endif VERSION=.$(MAJOR_REL) MODIFICATION=.$(MINOR_REL) @@ -24,7 +30,8 @@ dummy: ../Make.Rules all CFLAGS += $(DYNAMIC) $(STATIC) $(MOREFLAGS) \ -DLIBPAM_VERSION_MAJOR=$(MAJOR_REL) \ - -DLIBPAM_VERSION_MINOR=$(MINOR_REL) + -DLIBPAM_VERSION_MINOR=$(MINOR_REL) \ + -DLIBPAM_VERSION_STRING=\"$(MAJOR_REL).$(MINOR_REL)\" # dynamic library names @@ -37,7 +44,7 @@ LIBPAMFULL = $(LIBPAMNAME)$(MODIFICATION) LIBPAMSTATIC = $(LIBNAME).a ifdef STATIC -@echo Did you mean to set STATIC\? +# @echo Did you mean to set STATIC\? MODULES = $(shell cat ../modules/_static_module_objects) STATICOBJ = pam_static.o else @@ -50,7 +57,7 @@ endif LIBOBJECTS = pam_item.o pam_strerror.o pam_end.o pam_start.o pam_data.o \ pam_delay.o pam_dispatch.o pam_handlers.o pam_misc.o \ - pam_account.o pam_auth.o pam_session.o pam_password.o \ + pam_account.o pam_auth.o pam_prelude.o pam_session.o pam_password.o \ pam_env.o pam_log.o $(EXTRAS) ifeq ($(DYNAMIC_LIBPAM),yes) @@ -88,11 +95,14 @@ dynamic/%.o : %.c static/%.o : %.c $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ +bootstrap-libpam: bootdir $(LIBPAM) +bootdir: + test -d dynamic || mkdir dynamic $(LIBPAM): $(DLIBOBJECTS) ifeq ($(DYNAMIC_LIBPAM),yes) ifeq ($(USESONAME),yes) - $(LD_L) $(SOSWITCH) $(LIBPAMNAME) -o $@ $(DLIBOBJECTS) \ + $(LD_L) $(SOSWITCH)$(LIBPAMNAME) -o $@ $(DLIBOBJECTS) \ $(MODULES) $(LINKLIBS) else $(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) @@ -107,9 +117,11 @@ endif $(LIBPAMSTATIC): $(SLIBOBJECTS) ifeq ($(STATIC_LIBPAM),yes) - ar cr $@ $(SLIBOBJECTS) $(MODULES) + $(AR) cru $@ $(SLIBOBJECTS) $(MODULES) +ifdef RANLIB $(RANLIB) $@ endif +endif install: all $(MKDIR) $(FAKEROOT)$(INCLUDED) $(FAKEROOT)$(libdir) @@ -123,7 +135,11 @@ ifdef MEMORY_DEBUG endif ifeq ($(DYNAMIC_LIBPAM),yes) $(INSTALL) -m $(SHLIBMODE) $(LIBPAM) $(FAKEROOT)$(libdir)/$(LIBPAMFULL) +ifndef FAKEROOT $(LDCONFIG) +else + $(LDCONFIG) -n $(FAKEROOT)$(libdir) +endif ifneq ($(DYNTYPE),"sl") ( cd $(FAKEROOT)$(libdir) ; rm -f $(LIBPAM) ; \ ln -sf $(LIBPAMNAME) $(LIBPAM) ) @@ -141,11 +157,14 @@ remove: rm -f $(FAKEROOT)$(INCLUDED)/pam_malloc.h rm -f $(FAKEROOT)$(libdir)/$(LIBPAM).* rm -f $(FAKEROOT)$(libdir)/$(LIBPAM) +ifndef FAKEROOT $(LDCONFIG) +endif rm -f $(FAKEROOT)$(libdir)/$(LIBPAMSTATIC) clean: rm -f a.out core *~ static/*.o dynamic/*.o + rm -f *.orig $(LIBPAMNAME) $(LIBPAMFULL) rm -f *.a *.o *.so ./include/security/*~ if [ -d dynamic ]; then rmdir dynamic ; fi if [ -d static ]; then rmdir static ; fi diff --git a/Linux-PAM/libpam/include/security/_pam_compat.h b/Linux-PAM/libpam/include/security/_pam_compat.h index b66a5479..33520a6c 100644 --- a/Linux-PAM/libpam/include/security/_pam_compat.h +++ b/Linux-PAM/libpam/include/security/_pam_compat.h @@ -2,7 +2,7 @@ #define _PAM_COMPAT_H /* - * $Id: _pam_compat.h,v 1.1.1.1 2001/04/29 04:17:10 hartmans Exp $ + * $Id: _pam_compat.h,v 1.1.1.1 2000/06/20 22:11:21 agmorgan Exp $ * * This file was contributed by Derrick J Brashear <shadow@dementia.org> * slight modification by Brad M. Garcia <bgarcia@fore.com> diff --git a/Linux-PAM/libpam/include/security/_pam_types.h b/Linux-PAM/libpam/include/security/_pam_types.h index 5bc4a43d..b4413ee3 100644 --- a/Linux-PAM/libpam/include/security/_pam_types.h +++ b/Linux-PAM/libpam/include/security/_pam_types.h @@ -1,7 +1,7 @@ /* * <security/_pam_types.h> * - * $Id: _pam_types.h,v 1.1.1.1 2001/04/29 04:17:10 hartmans Exp $ + * $Id: _pam_types.h,v 1.6 2005/03/16 00:06:01 toady Exp $ * * This file defines all of the types common to the Linux-PAM library * applications and modules. @@ -46,7 +46,7 @@ typedef struct pam_handle pam_handle_t; #define PAM_CRED_INSUFFICIENT 8 /* Can not access authentication data */ /* due to insufficient credentials */ #define PAM_AUTHINFO_UNAVAIL 9 /* Underlying authentication service */ - /* can not retrieve authenticaiton */ + /* can not retrieve authentication */ /* information */ #define PAM_USER_UNKNOWN 10 /* User not known to the underlying */ /* authenticaiton module */ @@ -76,7 +76,7 @@ typedef struct pam_handle pam_handle_t; #define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token lock busy */ #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */ #define PAM_TRY_AGAIN 24 /* Preliminary check by password service */ -#define PAM_IGNORE 25 /* Ingore underlying account module */ +#define PAM_IGNORE 25 /* Ignore underlying account module */ /* regardless of whether the control */ /* flag is required, optional, or sufficient */ #define PAM_ABORT 26 /* Critical error (?module fail now request) */ diff --git a/Linux-PAM/libpam/include/security/pam_appl.h b/Linux-PAM/libpam/include/security/pam_appl.h index 21bc2212..69ee544d 100644 --- a/Linux-PAM/libpam/include/security/pam_appl.h +++ b/Linux-PAM/libpam/include/security/pam_appl.h @@ -10,7 +10,7 @@ * Created: 15-Jan-96 by TYT * Last modified: 1996/3/5 by AGM * - * $Id: pam_appl.h,v 1.1.1.1 2001/04/29 04:17:11 hartmans Exp $ + * $Id: pam_appl.h,v 1.3 2000/11/19 23:54:02 agmorgan Exp $ */ #ifndef _SECURITY_PAM_APPL_H diff --git a/Linux-PAM/libpam/include/security/pam_malloc.h b/Linux-PAM/libpam/include/security/pam_malloc.h index 60a38857..bbf31338 100644 --- a/Linux-PAM/libpam/include/security/pam_malloc.h +++ b/Linux-PAM/libpam/include/security/pam_malloc.h @@ -1,5 +1,5 @@ /* - * $Id: pam_malloc.h,v 1.1.1.2 2002/09/15 20:08:40 hartmans Exp $ + * $Id: pam_malloc.h,v 1.3 2001/11/26 03:04:47 agmorgan Exp $ */ /* diff --git a/Linux-PAM/libpam/include/security/pam_modules.h b/Linux-PAM/libpam/include/security/pam_modules.h index 0fac9994..1f20993f 100644 --- a/Linux-PAM/libpam/include/security/pam_modules.h +++ b/Linux-PAM/libpam/include/security/pam_modules.h @@ -1,7 +1,7 @@ /* * <security/pam_modules.h> * - * $Id: pam_modules.h,v 1.1.1.1 2001/04/29 04:17:11 hartmans Exp $ + * $Id: pam_modules.h,v 1.3 2001/02/05 06:50:41 agmorgan Exp $ * */ diff --git a/Linux-PAM/libpam/pam_account.c b/Linux-PAM/libpam/pam_account.c index 71e04f15..3a4fb1fc 100644 --- a/Linux-PAM/libpam/pam_account.c +++ b/Linux-PAM/libpam/pam_account.c @@ -1,9 +1,9 @@ /* pam_account.c - PAM Account Management */ -#include <stdio.h> - #include "pam_private.h" +#include <stdio.h> + int pam_acct_mgmt(pam_handle_t *pamh, int flags) { int retval; diff --git a/Linux-PAM/libpam/pam_auth.c b/Linux-PAM/libpam/pam_auth.c index f8dd8c0d..f2743624 100644 --- a/Linux-PAM/libpam/pam_auth.c +++ b/Linux-PAM/libpam/pam_auth.c @@ -1,15 +1,16 @@ /* * pam_auth.c -- PAM authentication * - * $Id: pam_auth.c,v 1.1.1.1 2001/04/29 04:17:04 hartmans Exp $ + * $Id: pam_auth.c,v 1.5 2005/03/29 20:41:20 toady Exp $ * */ +#include "pam_private.h" +#include "pam_prelude.h" + #include <stdio.h> #include <stdlib.h> -#include "pam_private.h" - int pam_authenticate(pam_handle_t *pamh, int flags) { int retval; @@ -40,6 +41,10 @@ int pam_authenticate(pam_handle_t *pamh, int flags) D(("will resume when ready")); } +#ifdef PRELUDE + prelude_send_alert(pamh, retval); +#endif + return retval; } diff --git a/Linux-PAM/libpam/pam_data.c b/Linux-PAM/libpam/pam_data.c index 635357cd..6a90bd51 100644 --- a/Linux-PAM/libpam/pam_data.c +++ b/Linux-PAM/libpam/pam_data.c @@ -1,14 +1,14 @@ /* pam_data.c */ /* - * $Id: pam_data.c,v 1.1.1.1 2001/04/29 04:17:04 hartmans Exp $ + * $Id: pam_data.c,v 1.3 2003/07/13 20:01:44 vorlon Exp $ */ +#include "pam_private.h" + #include <stdlib.h> #include <string.h> -#include "pam_private.h" - static struct pam_data *_pam_locate_data(const pam_handle_t *pamh, const char *name) { diff --git a/Linux-PAM/libpam/pam_delay.c b/Linux-PAM/libpam/pam_delay.c index b2b7f0cb..01304629 100644 --- a/Linux-PAM/libpam/pam_delay.c +++ b/Linux-PAM/libpam/pam_delay.c @@ -4,7 +4,7 @@ * Copyright (c) Andrew G. Morgan <morgan@kernel.org> 1996-9 * All rights reserved. * - * $Id: pam_delay.c,v 1.1.1.2 2002/09/15 20:08:36 hartmans Exp $ + * $Id: pam_delay.c,v 1.6 2003/07/13 20:01:44 vorlon Exp $ * */ @@ -13,9 +13,9 @@ * attempt to overcome authentication-time attacks in a simple manner. */ +#include "pam_private.h" #include <unistd.h> #include <time.h> -#include "pam_private.h" /* ********************************************************************** * initialize the time as unset, this is set on the return from the diff --git a/Linux-PAM/libpam/pam_dispatch.c b/Linux-PAM/libpam/pam_dispatch.c index 2c82e81d..4af29f69 100644 --- a/Linux-PAM/libpam/pam_dispatch.c +++ b/Linux-PAM/libpam/pam_dispatch.c @@ -3,14 +3,14 @@ /* * Copyright (c) 1998 Andrew G. Morgan <morgan@kernel.org> * - * $Id: pam_dispatch.c,v 1.1.1.2 2002/09/15 20:08:36 hartmans Exp $ + * $Id: pam_dispatch.c,v 1.7 2005/01/07 15:31:26 t8m Exp $ */ +#include "pam_private.h" + #include <stdlib.h> #include <stdio.h> -#include "pam_private.h" - /* * this is the return code we return when a function pointer is NULL * or, the handler structure indicates a broken module config line @@ -184,8 +184,12 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if ( impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + /* in case of using cached chain + we could get here with PAM_IGNORE - don't return it */ + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { goto decision_made; @@ -227,8 +231,10 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, if (impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { - impression = _PAM_POSITIVE; - status = retval; + if ( retval != PAM_IGNORE || cached_retval == retval ) { + impression = _PAM_POSITIVE; + status = retval; + } } } diff --git a/Linux-PAM/libpam/pam_end.c b/Linux-PAM/libpam/pam_end.c index 890d18f1..a0716175 100644 --- a/Linux-PAM/libpam/pam_end.c +++ b/Linux-PAM/libpam/pam_end.c @@ -1,13 +1,13 @@ /* pam_end.c */ /* - * $Id: pam_end.c,v 1.1.1.1 2001/04/29 04:17:05 hartmans Exp $ + * $Id: pam_end.c,v 1.3 2003/07/13 20:01:44 vorlon Exp $ */ -#include <stdlib.h> - #include "pam_private.h" +#include <stdlib.h> + int pam_end(pam_handle_t *pamh, int pam_status) { int ret; diff --git a/Linux-PAM/libpam/pam_env.c b/Linux-PAM/libpam/pam_env.c index 0f718ae3..9027bc79 100644 --- a/Linux-PAM/libpam/pam_env.c +++ b/Linux-PAM/libpam/pam_env.c @@ -7,17 +7,18 @@ * This file was written from a "hint" provided by the people at SUN. * and the X/Open XSSO draft of March 1997. * - * $Id: pam_env.c,v 1.1.1.1 2001/04/29 04:17:05 hartmans Exp $ + * $Id: pam_env.c,v 1.5 2004/09/22 09:37:47 kukuk Exp $ */ +#include "pam_private.h" + #include <string.h> #include <stdlib.h> + #ifdef sunos #define memmove(x,y,z) bcopy(y,x,z) #endif -#include "pam_private.h" - /* helper functions */ #ifdef DEBUG @@ -74,7 +75,7 @@ int _pam_make_env(pam_handle_t *pamh) /* * fill entries in pamh->env */ - + pamh->env->entries = PAM_ENV_CHUNK; pamh->env->requested = 1; pamh->env->list[0] = NULL; @@ -222,7 +223,7 @@ int pam_putenv(pam_handle_t *pamh, const char *name_value) /* add a new NULL entry at end; increase counter */ pamh->env->list[pamh->env->requested++] = NULL; - + } else { /* replace old */ D(("replacing item: %s\n with: %s" , pamh->env->list[item], name_value)); @@ -343,6 +344,7 @@ static char **_copy_env(pam_handle_t *pamh) _pam_overwrite(dump[i]); _pam_drop(dump[i]); } + _pam_drop(dump); return NULL; } } diff --git a/Linux-PAM/libpam/pam_handlers.c b/Linux-PAM/libpam/pam_handlers.c index d00f1842..ed03eda8 100644 --- a/Linux-PAM/libpam/pam_handlers.c +++ b/Linux-PAM/libpam/pam_handlers.c @@ -4,10 +4,12 @@ * created by Marc Ewing. * Currently maintained by Andrew G. Morgan <morgan@kernel.org> * - * $Id: pam_handlers.c,v 1.1.1.2 2002/09/15 20:08:37 hartmans Exp $ + * $Id: pam_handlers.c,v 1.12 2005/02/07 08:18:53 kukuk Exp $ * */ +#include "pam_private.h" + #include <stdlib.h> #include <stdio.h> #include <string.h> @@ -24,8 +26,6 @@ # endif /* PAM_SHL */ #endif /* PAM_DYNAMIC */ -#include "pam_private.h" - /* If not required, define as nothing */ #ifndef SHLIB_SYM_PREFIX # define SHLIB_SYM_PREFIX "" @@ -34,6 +34,9 @@ #define BUF_SIZE 1024 #define MODULE_CHUNK 4 #define UNKNOWN_MODULE_PATH "<*unknown module path*>" +#ifndef _PAM_ISA +#define _PAM_ISA "." +#endif static int _pam_assemble_line(FILE *f, char *buf, int buf_len); @@ -46,13 +49,23 @@ static int _pam_add_handler(pam_handle_t *pamh /* Values for module type */ +#define PAM_T_ANY 0 #define PAM_T_AUTH 1 #define PAM_T_SESS 2 #define PAM_T_ACCT 4 #define PAM_T_PASS 8 +static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name + , const char *service /* specific file */ + , int module_type /* specific type */ +#ifdef PAM_READ_BOTH_CONFS + , int not_other +#endif /* PAM_READ_BOTH_CONFS */ + ); + static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f , const char *known_service /* specific file */ + , int requested_module_type /* specific type */ #ifdef PAM_READ_BOTH_CONFS , int not_other #endif /* PAM_READ_BOTH_CONFS */ @@ -93,12 +106,21 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f /* accept "service name" or PAM_DEFAULT_SERVICE modules */ if (!_pam_strCMP(this_service, pamh->service_name) || other) { + int pam_include = 0; + /* This is a service we are looking for */ D(("_pam_init_handlers: Found PAM config entry for: %s" , this_service)); tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (!_pam_strCMP("auth", tok)) { + if (tok == NULL) { + /* module type does not exist */ + D(("_pam_init_handlers: empty module type for %s", this_service)); + _pam_system_log(LOG_ERR, "(%s) empty module type", this_service); + module_type = (requested_module_type != PAM_T_ANY) ? + requested_module_type : PAM_T_AUTH; /* most sensitive */ + must_fail = 1; /* install as normal but fail when dispatched */ + } else if (!_pam_strCMP("auth", tok)) { module_type = PAM_T_AUTH; } else if (!_pam_strCMP("session", tok)) { module_type = PAM_T_SESS; @@ -111,10 +133,17 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f D(("_pam_init_handlers: bad module type: %s", tok)); _pam_system_log(LOG_ERR, "(%s) illegal module type: %s", this_service, tok); - module_type = PAM_T_AUTH; /* most sensitive */ + module_type = (requested_module_type != PAM_T_ANY) ? + requested_module_type : PAM_T_AUTH; /* most sensitive */ must_fail = 1; /* install as normal but fail when dispatched */ } D(("Using %s config entry: %s", must_fail?"BAD ":"", tok)); + if (requested_module_type != PAM_T_ANY && + module_type != requested_module_type) { + D(("Skipping config entry: %s (requested=%d, found=%d)", + tok, requested_module_type, module_type)); + continue; + } /* reset the actions to .._UNDEF's -- this is so that we can work out which entries are not yet set (for default). */ @@ -124,7 +153,14 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f actions[i++] = _PAM_ACTION_UNDEF); } tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (!_pam_strCMP("required", tok)) { + if (tok == NULL) { + /* no module name given */ + D(("_pam_init_handlers: no control flag supplied")); + _pam_system_log(LOG_ERR, + "(%s) no control flag supplied", this_service); + _pam_set_default_control(actions, _PAM_ACTION_BAD); + must_fail = 1; + } else if (!_pam_strCMP("required", tok)) { D(("*PAM_F_REQUIRED*")); actions[PAM_SUCCESS] = _PAM_ACTION_OK; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; @@ -146,6 +182,9 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f actions[PAM_SUCCESS] = _PAM_ACTION_DONE; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_DONE; _pam_set_default_control(actions, _PAM_ACTION_IGNORE); + } else if (!_pam_strCMP("include", tok)) { + D(("*PAM_F_INCLUDE*")); + pam_include = 1; } else { D(("will need to parse %s", tok)); _pam_parse_control(actions, tok); @@ -154,7 +193,18 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f } tok = _pam_StrTok(NULL, " \n\t", &nexttok); - if (tok != NULL) { + if (pam_include) { + if (_pam_load_conf_file(pamh, tok, this_service, module_type +#ifdef PAM_READ_BOTH_CONFS + , !other +#endif /* PAM_READ_BOTH_CONFS */ + ) == PAM_SUCCESS) + continue; + _pam_set_default_control(actions, _PAM_ACTION_BAD); + mod_path = NULL; + must_fail = 1; + nexttok = NULL; + } else if (tok != NULL) { mod_path = tok; D(("mod_path = %s",mod_path)); } else { @@ -213,6 +263,58 @@ static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f return ( (x < 0) ? PAM_ABORT:PAM_SUCCESS ); } +static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name + , const char *service /* specific file */ + , int module_type /* specific type */ +#ifdef PAM_READ_BOTH_CONFS + , int not_other +#endif /* PAM_READ_BOTH_CONFS */ + ) +{ + FILE *f; + char *config_path = NULL; + int retval = PAM_ABORT; + + D(("_pam_load_conf_file called")); + + if (config_name == NULL) { + D(("no config file supplied")); + _pam_system_log(LOG_ERR, "(%s) no config file supplied", service); + return PAM_ABORT; + } + + if (config_name[0] != '/') { + if (asprintf (&config_path, PAM_CONFIG_DF, config_name) < 0) { + _pam_system_log(LOG_CRIT, "asprintf failed"); + return PAM_BUF_ERR; + } + config_name = config_path; + } + + D(("opening %s", config_name)); + f = fopen(config_name, "r"); + if (f != NULL) { + retval = _pam_parse_conf_file(pamh, f, service, module_type +#ifdef PAM_READ_BOTH_CONFS + , not_other +#endif /* PAM_READ_BOTH_CONFS */ + ); + fclose(f); + if (retval != PAM_SUCCESS) + _pam_system_log(LOG_ERR, + "_pam_load_conf_file: error reading %s: %s", + config_name, pam_strerror(pamh, retval)); + } else { + D(("unable to open %s", config_name)); + _pam_system_log(LOG_ERR, + "_pam_load_conf_file: unable to open %s", + config_name); + } + + _pam_drop(config_path); + return retval; +} + /* Parse config file, allocate handler structures, dlopen() */ int _pam_init_handlers(pam_handle_t *pamh) { @@ -228,7 +330,7 @@ int _pam_init_handlers(pam_handle_t *pamh) } D(("_pam_init_handlers: initializing")); - + /* First clean the service structure */ _pam_free_handlers(pamh); @@ -273,7 +375,7 @@ int _pam_init_handlers(pam_handle_t *pamh) */ { struct stat test_d; - + /* Is there a PAM_CONFIG_D directory? */ if ( stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode) ) { char *filename; @@ -293,7 +395,7 @@ int _pam_init_handlers(pam_handle_t *pamh) f = fopen(filename, "r"); if (f != NULL) { /* would test magic here? */ - retval = _pam_parse_conf_file(pamh, f, pamh->service_name + retval = _pam_parse_conf_file(pamh, f, pamh->service_name, PAM_T_ANY #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -314,7 +416,7 @@ int _pam_init_handlers(pam_handle_t *pamh) D(("checking %s", PAM_CONFIG)); if ((f = fopen(PAM_CONFIG,"r")) != NULL) { - retval = _pam_parse_conf_file(pamh, f, NULL, 1); + retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 1); fclose(f); } else #endif /* PAM_READ_BOTH_CONFS */ @@ -335,6 +437,7 @@ int _pam_init_handlers(pam_handle_t *pamh) /* would test magic here? */ retval = _pam_parse_conf_file(pamh, f , PAM_DEFAULT_SERVICE + , PAM_T_ANY #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -367,7 +470,7 @@ int _pam_init_handlers(pam_handle_t *pamh) return PAM_ABORT; } - retval = _pam_parse_conf_file(pamh, f, NULL + retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ @@ -489,7 +592,7 @@ int _pam_add_handler(pam_handle_t *pamh #ifdef PAM_SHL const char *_sym, *_sym2; #endif - char *mod_full_path=NULL; + char *mod_full_path=NULL, *mod_full_isa_path=NULL, *isa=NULL; servicefn func, func2; int success; @@ -554,6 +657,30 @@ int _pam_add_handler(pam_handle_t *pamh # endif /* PAM_SHL */ D(("_pam_add_handler: dlopen'ed")); if (mod->dl_handle == NULL) { + if (strstr(mod_path, "$ISA")) { + mod_full_isa_path = malloc(strlen(mod_path) + strlen(_PAM_ISA) + 1); + if (mod_full_isa_path == NULL) { + D(("_pam_handler: couldn't get memory for mod_path")); + _pam_system_log(LOG_ERR, "no memory for module path"); + success = PAM_ABORT; + } else { + strcpy(mod_full_isa_path, mod_path); + isa = strstr(mod_full_isa_path, "$ISA"); + if (isa) { + memmove(isa + strlen(_PAM_ISA), isa + 4, strlen(isa + 4) + 1); + memmove(isa, _PAM_ISA, strlen(_PAM_ISA)); + } + mod->dl_handle = +# ifdef PAM_SHL + shl_load(mod_full_isa_path, BIND_IMMEDIATE, 0L); +# else /* PAM_SHL */ + dlopen(mod_full_isa_path, RTLD_NOW); +# endif /* PAM_SHL */ + _pam_drop(mod_full_isa_path); + } + } + } + if (mod->dl_handle == NULL) { D(("_pam_add_handler: dlopen(%s) failed", mod_path)); _pam_system_log(LOG_ERR, "unable to dlopen(%s)", mod_path); # ifndef PAM_SHL @@ -600,7 +727,7 @@ int _pam_add_handler(pam_handle_t *pamh /* indicate its name - later we will search for it by this */ if ((mod->name = _pam_strdup(mod_path)) == NULL) { D(("_pam_handler: couldn't get memory for mod_path")); - _pam_system_log(LOG_ERR, "no memory for module path", mod_path); + _pam_system_log(LOG_ERR, "no memory for module path"); success = PAM_ABORT; } @@ -696,7 +823,7 @@ int _pam_add_handler(pam_handle_t *pamh } /* now identify this module's functions - for non-faulty modules */ - + #ifdef PAM_DYNAMIC if ((mod->type == PAM_MT_DYNAMIC_MOD) && # ifdef PAM_SHL @@ -823,7 +950,7 @@ int _pam_free_handlers(pam_handle_t *pamh) } /* Free all the handlers */ - + _pam_free_handlers_aux(&(pamh->handlers.conf.authenticate)); _pam_free_handlers_aux(&(pamh->handlers.conf.setcred)); _pam_free_handlers_aux(&(pamh->handlers.conf.acct_mgmt)); @@ -863,7 +990,7 @@ void _pam_start_handlers(pam_handle_t *pamh) pamh->handlers.module = NULL; /* initialize the .conf and .other entries */ - + pamh->handlers.conf.authenticate = NULL; pamh->handlers.conf.setcred = NULL; pamh->handlers.conf.acct_mgmt = NULL; diff --git a/Linux-PAM/libpam/pam_item.c b/Linux-PAM/libpam/pam_item.c index 3dcbf616..1425c600 100644 --- a/Linux-PAM/libpam/pam_item.c +++ b/Linux-PAM/libpam/pam_item.c @@ -1,16 +1,16 @@ /* pam_item.c */ /* - * $Id: pam_item.c,v 1.1.1.1 2001/04/29 04:17:06 hartmans Exp $ + * $Id: pam_item.c,v 1.5 2004/09/22 09:37:47 kukuk Exp $ */ +#include "pam_private.h" + #include <ctype.h> #include <stdlib.h> #include <string.h> #include <syslog.h> -#include "pam_private.h" - #define RESET(X, Y) \ { \ char *_TMP_ = (X); \ @@ -158,6 +158,8 @@ int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item) "pam_get_item: nowhere to place requested item"); return PAM_PERM_DENIED; } + else + *item = NULL; switch (item_type) { case PAM_SERVICE: @@ -238,6 +240,12 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) struct pam_response *resp; D(("called.")); + if (user == NULL) { /* ensure that the module has supplied a destination */ + _pam_system_log(LOG_ERR, "pam_get_user: nowhere to record username"); + return PAM_PERM_DENIED; + } else + *user = NULL; + IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR); if (pamh->pam_conversation == NULL) { @@ -245,12 +253,6 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) return PAM_SERVICE_ERR; } - if (user == NULL) { /* ensure the the module has suplied a destination */ - _pam_system_log(LOG_ERR, "pam_get_user: nowhere to record username"); - return PAM_PERM_DENIED; - } else - *user = NULL; - if (pamh->user) { /* have one so return it */ *user = pamh->user; return PAM_SUCCESS; diff --git a/Linux-PAM/libpam/pam_log.c b/Linux-PAM/libpam/pam_log.c index 2da1b280..c42fe015 100644 --- a/Linux-PAM/libpam/pam_log.c +++ b/Linux-PAM/libpam/pam_log.c @@ -1,7 +1,7 @@ /* * pam_log.c -- PAM system logging * - * $Id: pam_log.c,v 1.1.1.1 2001/04/29 04:17:07 hartmans Exp $ + * $Id: pam_log.c,v 1.2 2000/11/19 23:54:02 agmorgan Exp $ * */ diff --git a/Linux-PAM/libpam/pam_malloc.c b/Linux-PAM/libpam/pam_malloc.c index 7cc177c6..98b35f62 100644 --- a/Linux-PAM/libpam/pam_malloc.c +++ b/Linux-PAM/libpam/pam_malloc.c @@ -1,5 +1,5 @@ /* - * $Id: pam_malloc.c,v 1.1.1.2 2002/09/15 20:08:37 hartmans Exp $ + * $Id: pam_malloc.c,v 1.5 2001/12/09 21:44:58 agmorgan Exp $ */ /* diff --git a/Linux-PAM/libpam/pam_map.c b/Linux-PAM/libpam/pam_map.c index c4af41a9..86b16577 100644 --- a/Linux-PAM/libpam/pam_map.c +++ b/Linux-PAM/libpam/pam_map.c @@ -1,6 +1,6 @@ /* pam_map.c - PAM mapping interface * - * $Id: pam_map.c,v 1.1.1.1 2001/04/29 04:17:08 hartmans Exp $ + * $Id: pam_map.c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * This is based on the X/Open XSSO specification of March 1997. * It is not implemented as it is going to change... after 1997/9/25. diff --git a/Linux-PAM/libpam/pam_misc.c b/Linux-PAM/libpam/pam_misc.c index 53bd54de..cb0572b1 100644 --- a/Linux-PAM/libpam/pam_misc.c +++ b/Linux-PAM/libpam/pam_misc.c @@ -1,9 +1,11 @@ /* pam_misc.c -- This is random stuff */ /* - * $Id: pam_misc.c,v 1.1.1.2 2002/09/15 20:08:38 hartmans Exp $ + * $Id: pam_misc.c,v 1.4 2003/07/13 20:01:44 vorlon Exp $ */ +#include "pam_private.h" + #include <stdarg.h> #include <stdlib.h> #include <stdio.h> @@ -11,8 +13,6 @@ #include <syslog.h> #include <ctype.h> -#include "pam_private.h" - /* caseless string comparison: POSIX does not define this.. */ int _pam_strCMP(const char *s, const char *t) { diff --git a/Linux-PAM/libpam/pam_password.c b/Linux-PAM/libpam/pam_password.c index 756d8536..50c12adf 100644 --- a/Linux-PAM/libpam/pam_password.c +++ b/Linux-PAM/libpam/pam_password.c @@ -1,16 +1,16 @@ /* pam_password.c - PAM Password Management */ /* - * $Id: pam_password.c,v 1.1.1.1 2001/04/29 04:17:08 hartmans Exp $ + * $Id: pam_password.c,v 1.3 2003/07/13 20:01:44 vorlon Exp $ */ -#include <stdio.h> -#include <stdlib.h> - /* #define DEBUG */ #include "pam_private.h" +#include <stdio.h> +#include <stdlib.h> + int pam_chauthtok(pam_handle_t *pamh, int flags) { int retval; diff --git a/Linux-PAM/libpam/pam_prelude.c b/Linux-PAM/libpam/pam_prelude.c new file mode 100644 index 00000000..656376f5 --- /dev/null +++ b/Linux-PAM/libpam/pam_prelude.c @@ -0,0 +1,605 @@ +/* + * pam_prelude.c -- prelude reporting + * http://www.prelude-ids.org + * + * (C) Sebastien Tricaud 2005 <toady@gscore.org> + */ + +#include <stdio.h> +#include <syslog.h> + +#ifdef PRELUDE + +#include <libprelude/prelude.h> +#include <libprelude/prelude-log.h> +#include <libprelude/idmef-message-print.h> + +#include "pam_prelude.h" +#include "pam_private.h" + + +#define ANALYZER_CLASS "pam" +#define ANALYZER_MODEL "PAM" +#define ANALYZER_MANUFACTURER "Sebastien Tricaud, http://www.kernel.org/pub/linux/libs/pam/" + +#define DEFAULT_ANALYZER_NAME "PAM" +#define DEFAULT_ANALYZER_CONFIG LIBPRELUDE_CONFIG_PREFIX "/etc/prelude/default/idmef-client.conf" + +#define PAM_VERSION LIBPAM_VERSION_STRING + +static const char *pam_get_item_service(pam_handle_t *pamh); +static const char *pam_get_item_user(pam_handle_t *pamh); +static const char *pam_get_item_user_prompt(pam_handle_t *pamh); +static const char *pam_get_item_tty(pam_handle_t *pamh); +static const char *pam_get_item_ruser(pam_handle_t *pamh); +static const char *pam_get_item_rhost(pam_handle_t *pamh); + +static int setup_analyzer(idmef_analyzer_t *analyzer); +static void pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval); +static int pam_alert_prelude_init(pam_handle_t *pamh, int authval); +static int generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data); + + +/******************* + * some syslogging * + *******************/ +static void +_pam_log(int err, const char *format, ...) +{ + va_list args; + va_start(args, format); + +#ifdef MAIN + vfprintf(stderr,format,args); + fprintf(stderr,"\n"); +#else + openlog("libpam", LOG_CONS|LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + closelog(); +#endif + va_end(args); +} + +static const char * +pam_get_item_service(pam_handle_t *pamh) +{ + const char *service = NULL; + + pam_get_item(pamh, PAM_SERVICE, (const void **)&service); + + return (const char *)service; +} + +static const char * +pam_get_item_user(pam_handle_t *pamh) +{ + const char *user = NULL; + + pam_get_item(pamh, PAM_USER, (const void **)&user); + + return (const char *)user; +} + +static const char * +pam_get_item_user_prompt(pam_handle_t *pamh) +{ + const char *user_prompt = NULL; + + pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&user_prompt); + + return (const char *)user_prompt; +} + +static const char * +pam_get_item_tty(pam_handle_t *pamh) +{ + const char *tty = NULL; + + pam_get_item(pamh, PAM_TTY, (const void **)&tty); + + return (const char *)tty; +} + +static const char * +pam_get_item_ruser(pam_handle_t *pamh) +{ + const char *ruser = NULL; + + pam_get_item(pamh, PAM_RUSER, (const void **)&ruser); + + return (const char *)ruser; +} + +static const char * +pam_get_item_rhost(pam_handle_t *pamh) +{ + const char *rhost = NULL; + + pam_get_item(pamh, PAM_RHOST, (const void **)&rhost); + + return (const char *)rhost; +} + +/***************************************************************** + * Returns a string concerning the authentication value provided * + *****************************************************************/ +static const char * +pam_get_alert_description(int authval) +{ + const char *retstring = NULL; + + switch(authval) { + case PAM_SUCCESS: + retstring = "Authentication success"; + break; + case PAM_OPEN_ERR: + retstring = "dlopen() failure when dynamically loading a service module"; + break; + case PAM_SYMBOL_ERR: + retstring = "Symbol not found"; + break; + case PAM_SERVICE_ERR: + retstring = "Error in service module"; + break; + case PAM_SYSTEM_ERR: + retstring = "System error"; + break; + case PAM_BUF_ERR: + retstring = "Memory buffer error"; + break; + case PAM_PERM_DENIED: + retstring = "Permission denied"; + break; + case PAM_AUTH_ERR: + retstring = "Authentication failure"; + break; + case PAM_CRED_INSUFFICIENT: + retstring = "Can not access authentication data due to insufficient credentials"; + break; + case PAM_AUTHINFO_UNAVAIL: + retstring = "Underlying authentication service can not retrieve authenticaiton information"; + break; + case PAM_USER_UNKNOWN: + retstring = "User not known to the underlying authentication module"; + break; + case PAM_MAXTRIES: + retstring = "An authentication service has maintained a retry count which has been reached. No further retries should be attempted"; + break; + case PAM_NEW_AUTHTOK_REQD: + retstring = "New authentication token required. This is normally returned if the machine security policies require that the password should be changed beccause the password is NULL or it has aged"; + break; + case PAM_ACCT_EXPIRED: + retstring = "User account has expired"; + break; + case PAM_SESSION_ERR: + retstring = "Can not make/remove an entry for the specified session"; + break; + case PAM_CRED_UNAVAIL: + retstring = "Underlying authentication service can not retrieve user credentials unavailable"; + break; + case PAM_CRED_EXPIRED: + retstring = "User credentials expired"; + break; + case PAM_CRED_ERR: + retstring = "Failure setting user credentials"; + break; + case PAM_NO_MODULE_DATA: + retstring = "No module specific data is present"; + break; + case PAM_CONV_ERR: + retstring = "Conversation error"; + break; + case PAM_AUTHTOK_ERR: + retstring = "Authentication token manipulation error"; + break; + case PAM_AUTHTOK_RECOVER_ERR: + retstring = "Authentication information cannot be recovered"; + break; + case PAM_AUTHTOK_LOCK_BUSY: + retstring = "Authentication token lock busy"; + break; + case PAM_AUTHTOK_DISABLE_AGING: + retstring = "Authentication token aging disabled"; + break; + case PAM_TRY_AGAIN: + retstring = "Preliminary check by password service"; + break; + case PAM_IGNORE: + retstring = "Ignore underlying account module regardless of whether the control flag is required, optional, or sufficient"; + break; + case PAM_ABORT: + retstring = "Critical error (?module fail now request)"; + break; + case PAM_AUTHTOK_EXPIRED: + retstring = "User's authentication token has expired"; + break; + case PAM_MODULE_UNKNOWN: + retstring = "Module is not known"; + break; + case PAM_BAD_ITEM: + retstring = "Bad item passed to pam_*_item()"; + break; + case PAM_CONV_AGAIN: + retstring = "Conversation function is event driven and data is not available yet"; + break; + case PAM_INCOMPLETE: + retstring = "Please call this function again to complete authentication stack. Before calling again, verify that conversation is completed"; + break; + + default: + retstring = "Authentication Failure!. You should not see this message."; + } + + return retstring; + +} + +/* Courteously stolen from prelude-lml */ +static int +generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data) +{ + int ret; + prelude_string_t *str; + idmef_additional_data_t *adata; + + ret = idmef_alert_new_additional_data(alert, &adata, -1); + if ( ret < 0 ) + return ret; + + ret = idmef_additional_data_new_meaning(adata, &str); + if ( ret < 0 ) + return ret; + + ret = prelude_string_set_ref(str, meaning); + if ( ret < 0 ) + return ret; + + return idmef_additional_data_set_string_ref(adata, data); +} + +extern void +prelude_send_alert(pam_handle_t *pamh, int authval) +{ + + int ret; + + prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG); + + ret = pam_alert_prelude_init(pamh, authval); + if ( ret < 0 ) + _pam_log(LOG_WARNING, + "No prelude alert sent"); + + prelude_deinit(); + +} + +static int +setup_analyzer(idmef_analyzer_t *analyzer) +{ + int ret; + prelude_string_t *string; + + ret = idmef_analyzer_new_model(analyzer, &string); + if ( ret < 0 ) + goto err; + prelude_string_set_constant(string, ANALYZER_MODEL); + + ret = idmef_analyzer_new_class(analyzer, &string); + if ( ret < 0 ) + goto err; + prelude_string_set_constant(string, ANALYZER_CLASS); + + ret = idmef_analyzer_new_manufacturer(analyzer, &string); + if ( ret < 0 ) + goto err; + prelude_string_set_constant(string, ANALYZER_MANUFACTURER); + + ret = idmef_analyzer_new_version(analyzer, &string); + if ( ret < 0 ) + goto err; + prelude_string_set_constant(string, PAM_VERSION); + + + return 0; + + err: + _pam_log(LOG_WARNING, + "%s: IDMEF error: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); + + return -1; +} + +static void +pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) +{ + int ret; + idmef_time_t *clienttime; + idmef_alert_t *alert; + prelude_string_t *str; + idmef_message_t *idmef = NULL; + idmef_classification_t *class; + prelude_client_t *client = (prelude_client_t *)data; + idmef_source_t *source; + idmef_target_t *target; + idmef_user_t *user; + idmef_user_id_t *user_id; + idmef_process_t *process; + idmef_classification_t *classification; + idmef_impact_t *impact; + idmef_assessment_t *assessment; + idmef_node_t *node; + idmef_analyzer_t *analyzer; + + + ret = idmef_message_new(&idmef); + if ( ret < 0 ) + goto err; + + ret = idmef_message_new_alert(idmef, &alert); + if ( ret < 0 ) + goto err; + + ret = idmef_alert_new_classification(alert, &class); + if ( ret < 0 ) + goto err; + + ret = idmef_classification_new_text(class, &str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_new_ref(&str, msg); + if ( ret < 0 ) + goto err; + + idmef_classification_set_text(class, str); + + ret = idmef_time_new_from_gettimeofday(&clienttime); + if ( ret < 0 ) + goto err; + idmef_alert_set_create_time(alert, clienttime); + + idmef_alert_set_analyzer(alert, + idmef_analyzer_ref(prelude_client_get_analyzer(client)), + 0); + + /********** + * SOURCE * + **********/ + ret = idmef_alert_new_source(alert, &source, -1); + if ( ret < 0 ) + goto err; + + /* BEGIN: Sets the user doing authentication stuff */ + ret = idmef_source_new_user(source, &user); + if ( ret < 0 ) + goto err; + idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); + + ret = idmef_user_new_user_id(user, &user_id, 0); + if ( ret < 0 ) + goto err; + idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_ORIGINAL_USER); + + if ( pam_get_item_ruser(pamh) ) { + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, pam_get_item_ruser(pamh)); + if ( ret < 0 ) + goto err; + + idmef_user_id_set_name(user_id, str); + } + /* END */ + /* BEGIN: Adds TTY infos */ + if ( pam_get_item_tty(pamh) ) { + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, pam_get_item_tty(pamh)); + if ( ret < 0 ) + goto err; + + idmef_user_id_set_tty(user_id, str); + } + /* END */ + /* BEGIN: Sets the source node (rhost) */ + ret = idmef_source_new_node(source, &node); + if ( ret < 0 ) + goto err; + idmef_node_set_category(node, IDMEF_NODE_CATEGORY_HOSTS); + + if ( pam_get_item_rhost(pamh) ) { + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, pam_get_item_rhost(pamh)); + if ( ret < 0 ) + goto err; + + idmef_node_set_name(node, str); + } + /* END */ + /* BEGIN: Describe the service */ + ret = idmef_source_new_process(source, &process); + if ( ret < 0 ) + goto err; + idmef_process_set_pid(process, getpid()); + + if ( pam_get_item_service(pamh) ) { + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, pam_get_item_service(pamh)); + if ( ret < 0 ) + goto err; + + idmef_process_set_name(process, str); + } + /* END */ + + /********** + * TARGET * + **********/ + + ret = idmef_alert_new_target(alert, &target, -1); + if ( ret < 0 ) + goto err; + + + /* BEGIN: Sets the target node */ + analyzer = prelude_client_get_analyzer(client); + if ( ! analyzer ) goto err; + + node = idmef_analyzer_get_node(analyzer); + if ( ! node ) goto err; + idmef_target_set_node(target, node); + node = idmef_node_ref(node); + if ( ! node ) goto err; + /* END */ + /* BEGIN: Sets the user doing authentication stuff */ + ret = idmef_target_new_user(target, &user); + if ( ret < 0 ) + goto err; + idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); + + ret = idmef_user_new_user_id(user, &user_id, 0); + if ( ret < 0 ) + goto err; + idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); + + if ( pam_get_item_user(pamh) ) { + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, pam_get_item_user(pamh)); + if ( ret < 0 ) + goto err; + + idmef_user_id_set_name(user_id, str); + } + /* END */ + /* BEGIN: Short description of the alert */ + ret = idmef_alert_new_classification(alert, &classification); + if ( ret < 0 ) + goto err; + + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, + authval == PAM_SUCCESS ? + "Authentication Success" : "Authentication Failure"); + if ( ret < 0 ) + goto err; + + idmef_classification_set_text(classification, str); + /* END */ + /* BEGIN: Long description of the alert */ + ret = idmef_alert_new_assessment(alert, &assessment); + if ( ret < 0 ) + goto err; + + ret = idmef_assessment_new_impact(assessment, &impact); + if ( ret < 0 ) + goto err; + + ret = prelude_string_new(&str); + if ( ret < 0 ) + goto err; + + ret = prelude_string_set_ref(str, + pam_get_alert_description(authval)); + if ( ret < 0 ) + goto err; + + idmef_impact_set_description(impact, str); + /* END */ + /* BEGIN: Adding additional data */ + if ( pam_get_item_user_prompt(pamh) ) { + ret = generate_additional_data(alert, "Local User Prompt", + pam_get_item_user_prompt(pamh)); + if ( ret < 0 ) + goto err; + } + /* END */ + + prelude_client_send_idmef(client, idmef); + + if ( idmef ) + idmef_message_destroy(idmef); + + return; + err: + _pam_log(LOG_WARNING, + "%s: IDMEF error: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); + + if ( idmef ) + idmef_message_destroy(idmef); + +} + +static int +pam_alert_prelude_init(pam_handle_t *pamh, int authval) +{ + + int ret; + prelude_client_t *client = NULL; + + ret = prelude_init(NULL, NULL); + if ( ret < 0 ) { + _pam_log(LOG_WARNING, + "%s: Unable to initialize the Prelude library: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); + return -1; + } + + ret = prelude_client_new(&client, DEFAULT_ANALYZER_NAME); + if ( ! client ) { + _pam_log(LOG_WARNING, + "%s: Unable to create a prelude client object: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); + + return -1; + } + + + ret = setup_analyzer(prelude_client_get_analyzer(client)); + if ( ret < 0 ) { + _pam_log(LOG_WARNING, + "%s: Unable to setup analyzer: %s\n", + prelude_strsource(ret), prelude_strerror(ret)); + + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); + + return -1; + } + + ret = prelude_client_start(client); + if ( ret < 0 ) { + _pam_log(LOG_WARNING, + "%s: Unable to initialize prelude client: %s.\n", + prelude_strsource(ret), prelude_strerror(ret)); + + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); + + return -1; + } + + pam_alert_prelude("libpam alert" , client, pamh, authval); + + prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); + + return 0; +} + +#endif PRELUDE diff --git a/Linux-PAM/libpam/pam_prelude.h b/Linux-PAM/libpam/pam_prelude.h new file mode 100644 index 00000000..13ee6fdb --- /dev/null +++ b/Linux-PAM/libpam/pam_prelude.h @@ -0,0 +1,16 @@ +/* + * pam_prelude.h -- prelude ids reporting + * http://www.prelude-ids.org + * + * (C) Sebastien Tricaud 2005 <toady@gscore.org> + */ + +#ifndef _SECURITY_PAM_PRELUDE_H +#define _SECURITY_PAM_PRELUDE_H + +#include <security/_pam_types.h> + +void prelude_send_alert(pam_handle_t *pamh, int authval); + +#endif /* _SECURITY_PAM_PRELUDE_H */ + diff --git a/Linux-PAM/libpam/pam_private.h b/Linux-PAM/libpam/pam_private.h index 7b4c7490..3c8d8538 100644 --- a/Linux-PAM/libpam/pam_private.h +++ b/Linux-PAM/libpam/pam_private.h @@ -1,7 +1,7 @@ /* * pam_private.h * - * $Id: pam_private.h,v 1.1.1.2 2002/09/15 20:08:39 hartmans Exp $ + * $Id: pam_private.h,v 1.6 2004/09/15 12:06:17 kukuk Exp $ * * This is the Linux-PAM Library Private Header. It contains things * internal to the Linux-PAM library. Things not needed by either an @@ -250,7 +250,13 @@ void _pam_set_default_control(int *control_array, int default_action); void _pam_parse_control(int *control_array, char *tok); -void _pam_system_log(int priority, const char *format, ... ); +void _pam_system_log(int priority, const char *format, ... ) +#ifdef __GNUC__ + __attribute__ ((format (printf, 2, 3))); +#else + ; +#endif + #define _PAM_SYSTEM_LOG_PREFIX "PAM " /* diff --git a/Linux-PAM/libpam/pam_second.c b/Linux-PAM/libpam/pam_second.c index 21b5b993..fa3bdf78 100644 --- a/Linux-PAM/libpam/pam_second.c +++ b/Linux-PAM/libpam/pam_second.c @@ -2,7 +2,7 @@ * pam_second.c -- PAM secondary authentication * (based on XSSO draft spec of March 1997) * - * $Id: pam_second.c,v 1.1.1.2 2002/09/15 20:08:39 hartmans Exp $ + * $Id: pam_second.c,v 1.3 2001/09/19 06:18:46 agmorgan Exp $ * */ diff --git a/Linux-PAM/libpam/pam_session.c b/Linux-PAM/libpam/pam_session.c index 0ee5a61e..c468cf96 100644 --- a/Linux-PAM/libpam/pam_session.c +++ b/Linux-PAM/libpam/pam_session.c @@ -1,13 +1,13 @@ /* pam_session.c - PAM Session Management */ /* - * $Id: pam_session.c,v 1.1.1.1 2001/04/29 04:17:09 hartmans Exp $ + * $Id: pam_session.c,v 1.4 2003/07/13 20:01:44 vorlon Exp $ */ -#include <stdio.h> - #include "pam_private.h" +#include <stdio.h> + int pam_open_session(pam_handle_t *pamh, int flags) { D(("called")); diff --git a/Linux-PAM/libpam/pam_start.c b/Linux-PAM/libpam/pam_start.c index 53517fe0..5d6e066a 100644 --- a/Linux-PAM/libpam/pam_start.c +++ b/Linux-PAM/libpam/pam_start.c @@ -3,18 +3,18 @@ /* Creator Marc Ewing * Maintained by AGM * - * $Id: pam_start.c,v 1.1.1.1 2001/04/29 04:17:09 hartmans Exp $ + * $Id: pam_start.c,v 1.5 2004/09/14 13:48:41 kukuk Exp $ * */ +#include "pam_private.h" + #include <ctype.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <syslog.h> -#include "pam_private.h" - int pam_start ( const char *service_name, const char *user, @@ -24,11 +24,21 @@ int pam_start ( D(("called pam_start: [%s] [%s] [%p] [%p]" ,service_name, user, pam_conversation, pamh)); + if (pamh == NULL) { + _pam_system_log(LOG_CRIT, "pam_start: invalid argument: pamh == NULL"); + return (PAM_BUF_ERR); + } + if ((*pamh = calloc(1, sizeof(**pamh))) == NULL) { _pam_system_log(LOG_CRIT, "pam_start: calloc failed for *pamh"); return (PAM_BUF_ERR); } + /* All service names should be files below /etc/pam.d and nothing + else. Forbid paths. */ + if (strrchr(service_name, '/') != NULL) + service_name = strrchr(service_name, '/') + 1; + /* Mark the caller as the application - permission to do certain things is limited to a module or an application */ diff --git a/Linux-PAM/libpam/pam_static.c b/Linux-PAM/libpam/pam_static.c index f7e0645f..5a2b5a5d 100644 --- a/Linux-PAM/libpam/pam_static.c +++ b/Linux-PAM/libpam/pam_static.c @@ -2,7 +2,7 @@ /* created by Michael K. Johnson, johnsonm@redhat.com * - * $Id: pam_static.c,v 1.1.1.1 2001/04/29 04:17:10 hartmans Exp $ + * $Id: pam_static.c,v 1.1.1.1 2000/06/20 22:11:21 agmorgan Exp $ */ /* This whole file is only used for PAM_STATIC */ diff --git a/Linux-PAM/libpam/pam_strerror.c b/Linux-PAM/libpam/pam_strerror.c index f287b5ad..788c7a51 100644 --- a/Linux-PAM/libpam/pam_strerror.c +++ b/Linux-PAM/libpam/pam_strerror.c @@ -1,7 +1,7 @@ /* pam_strerror.c */ /* - * $Id: pam_strerror.c,v 1.1.1.2 2002/09/15 20:08:39 hartmans Exp $ + * $Id: pam_strerror.c,v 1.4 2005/01/07 15:31:26 t8m Exp $ */ #include "pam_private.h" @@ -48,7 +48,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_USER_UNKNOWN: return "User not known to the underlying authentication module"; case PAM_MAXTRIES: - return "Have exhasted maximum number of retries for service."; + return "Have exhausted maximum number of retries for service."; case PAM_NEW_AUTHTOK_REQD: return "Authentication token is no longer valid; new one required."; case PAM_ACCT_EXPIRED: @@ -78,7 +78,7 @@ const char *pam_strerror(pam_handle_t *pamh, int errnum) case PAM_TRY_AGAIN: return "Failed preliminary check by password service"; case PAM_IGNORE: - return "Please ignore underlying account module"; + return "The return value should be ignored by PAM dispatch"; case PAM_MODULE_UNKNOWN: return "Module is unknown"; case PAM_AUTHTOK_EXPIRED: diff --git a/Linux-PAM/libpam/pam_tokens.h b/Linux-PAM/libpam/pam_tokens.h index 0300fdf1..69e79489 100644 --- a/Linux-PAM/libpam/pam_tokens.h +++ b/Linux-PAM/libpam/pam_tokens.h @@ -1,7 +1,7 @@ /* * pam_tokens.h * - * $Id: pam_tokens.h,v 1.1.1.1 2001/04/29 04:17:10 hartmans Exp $ + * $Id: pam_tokens.h,v 1.3 2001/01/22 06:07:29 agmorgan Exp $ * * This is a Linux-PAM Library Private Header file. It contains tokens * that are used when we parse the configuration file(s). diff --git a/Linux-PAM/libpam_misc/Makefile b/Linux-PAM/libpam_misc/Makefile index 8d5a68e6..97166668 100644 --- a/Linux-PAM/libpam_misc/Makefile +++ b/Linux-PAM/libpam_misc/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:40 hartmans Exp $ +# $Id: Makefile,v 1.9 2005/03/29 20:41:20 toady Exp $ # # lots of debugging information goes to /tmp/pam-debug.log @@ -12,6 +12,9 @@ ifeq ($(WITH_LIBDEBUG),yes) else LIBNAME=libpam_misc endif +ifeq ($(WITH_PRELUDE),yes) + CFLAGS += -DPRELUDE -DLIBPRELUDE_CONFIG_PREFIX=\"`libprelude-config --prefix`\" +endif VERSION=.$(MAJOR_REL) MODIFICATION=.$(MINOR_REL) @@ -60,9 +63,9 @@ static/%.o : %.c $(LIBNAMED): $(DLIBOBJECTS) ifeq ($(DYNAMIC_LIBPAM),yes) ifeq ($(USESONAME),yes) - $(LD_L) $(SOSWITCH) $(LIBNAMEDNAME) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) + $(LD_L) $(SOSWITCH)$(LIBNAMEDNAME) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) else - $(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES) + $(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) endif ifeq ($(NEEDSONAME),yes) rm -f $(LIBNAMEDFULL) @@ -74,9 +77,12 @@ endif $(LIBNAMEDSTATIC): $(SLIBOBJECTS) ifeq ($(STATIC_LIBPAM),yes) + $(AR) rcu $@ $(SLIBOBJECTS) $(MODULES) +ifdef RANLIB $(AR) rc $@ $(SLIBOBJECTS) $(MODULES) $(RANLIB) $@ endif +endif install: all $(MKDIR) $(FAKEROOT)$(INCLUDED) @@ -84,7 +90,11 @@ install: all ifeq ($(DYNAMIC_LIBPAM),yes) $(MKDIR) $(FAKEROOT)$(libdir) $(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) +ifndef FAKEROOT $(LDCONFIG) +else + $(LDCONFIG) -n $(FAKEROOT)$(libdir) +endif ifneq ($(DYNTYPE),"sl") ( cd $(FAKEROOT)$(libdir) ; rm -f $(LIBNAMED) ; ln -s $(LIBNAMEDNAME) $(LIBNAMED) ) endif @@ -97,11 +107,14 @@ remove: rm -f $(FAKEROOT)$(INCLUDED)/pam_misc.h rm -f $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) rm -f $(FAKEROOT)$(libdir)/$(LIBNAMED) +ifndef FAKEROOT $(LDCONFIG) +endif rm -f $(FAKEROOT)$(libdir)/$(LIBNAMEDSTATIC) clean: rm -f a.out core *~ static/*.o dynamic/*.o rm -f *.a *.out *.o *.so ./include/security/*~ + rm -f *.orig $(LIBNAMEDNAME) $(LIBNAMEDFULL) if [ -d dynamic ]; then rmdir dynamic ; fi if [ -d static ]; then rmdir static ; fi diff --git a/Linux-PAM/libpam_misc/help_env.c b/Linux-PAM/libpam_misc/help_env.c index 3a342ed5..e1390984 100644 --- a/Linux-PAM/libpam_misc/help_env.c +++ b/Linux-PAM/libpam_misc/help_env.c @@ -1,5 +1,5 @@ /* - * $Id: help_env.c,v 1.1.1.1 2001/04/29 04:17:12 hartmans Exp $ + * $Id: help_env.c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * This file was written by Andrew G. Morgan <morgan@parc.power.net> * diff --git a/Linux-PAM/libpam_misc/include/security/pam_misc.h b/Linux-PAM/libpam_misc/include/security/pam_misc.h index e042e8e9..66c7ab4a 100644 --- a/Linux-PAM/libpam_misc/include/security/pam_misc.h +++ b/Linux-PAM/libpam_misc/include/security/pam_misc.h @@ -1,4 +1,4 @@ -/* $Id: pam_misc.h,v 1.1.1.2 2002/09/15 20:08:41 hartmans Exp $ */ +/* $Id: pam_misc.h,v 1.4 2001/05/01 04:27:37 agmorgan Exp $ */ #ifndef __PAMMISC_H #define __PAMMISC_H diff --git a/Linux-PAM/libpam_misc/misc_conv.c b/Linux-PAM/libpam_misc/misc_conv.c index e352bb9a..1c66f96c 100644 --- a/Linux-PAM/libpam_misc/misc_conv.c +++ b/Linux-PAM/libpam_misc/misc_conv.c @@ -1,5 +1,5 @@ /* - * $Id: misc_conv.c,v 1.1.1.2 2002/09/15 20:08:40 hartmans Exp $ + * $Id: misc_conv.c,v 1.6 2004/09/22 12:51:20 kukuk Exp $ * * A generic conversation function for text based applications * @@ -127,24 +127,23 @@ static int get_delay(void) } /* read a line of input string, giving prompt when appropriate */ -static char *read_string(int echo, const char *prompt) +static int read_string(int echo, const char *prompt, char **retstr) { struct termios term_before, term_tmp; - char line[INPUTSIZE], *input; + char line[INPUTSIZE]; struct sigaction old_sig; - int delay, nc, have_term=0; + int delay, nc = -1, have_term = 0; sigset_t oset, nset; - - D(("called with echo='%s', prompt='%s'.", echo ? "ON":"OFF" , prompt)); - input = line; + D(("called with echo='%s', prompt='%s'.", echo ? "ON":"OFF" , prompt)); if (isatty(STDIN_FILENO)) { /* terminal state */ /* is a terminal so record settings and flush it */ if ( tcgetattr(STDIN_FILENO, &term_before) != 0 ) { D(("<error: failed to get terminal settings>")); - return NULL; + *retstr = NULL; + return -1; } memcpy(&term_tmp, &term_before, sizeof(term_tmp)); if (!echo) { @@ -203,7 +202,7 @@ static char *read_string(int echo, const char *prompt) } line[nc] = '\0'; } - input = x_strdup(line); + *retstr = x_strdup(line); _pam_overwrite(line); goto cleanexit; /* return malloc()ed string */ @@ -211,11 +210,19 @@ static char *read_string(int echo, const char *prompt) } else if (nc == 0) { /* Ctrl-D */ D(("user did not want to type anything")); - input = x_strdup(""); + *retstr = NULL; if (echo) { fprintf(stderr, "\n"); } goto cleanexit; /* return malloc()ed "" */ + } else if (nc == -1) { + /* Don't loop forever if read() returns -1. */ + D(("error reading input from the user: %s", strerror(errno))); + if (echo) { + fprintf(stderr, "\n"); + } + *retstr = NULL; + goto cleanexit; /* return NULL */ } } } @@ -224,7 +231,7 @@ static char *read_string(int echo, const char *prompt) D(("the timer appears to have expired")); - input = NULL; + *retstr = NULL; _pam_overwrite(line); cleanexit: @@ -234,9 +241,7 @@ static char *read_string(int echo, const char *prompt) (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); } - D(("returning [%s]", input)); - - return input; + return nc; } /* end of read_string functions */ @@ -276,17 +281,18 @@ int misc_conv(int num_msg, const struct pam_message **msgm, for (count=0; count < num_msg; ++count) { char *string=NULL; + int nc; switch (msgm[count]->msg_style) { case PAM_PROMPT_ECHO_OFF: - string = read_string(CONV_ECHO_OFF,msgm[count]->msg); - if (string == NULL) { + nc = read_string(CONV_ECHO_OFF,msgm[count]->msg, &string); + if (nc < 0) { goto failed_conversation; } break; case PAM_PROMPT_ECHO_ON: - string = read_string(CONV_ECHO_ON,msgm[count]->msg); - if (string == NULL) { + nc = read_string(CONV_ECHO_ON,msgm[count]->msg, &string); + if (nc < 0) { goto failed_conversation; } break; diff --git a/Linux-PAM/libpam_misc/xstrdup.c b/Linux-PAM/libpam_misc/xstrdup.c index f5bfde66..cce476e8 100644 --- a/Linux-PAM/libpam_misc/xstrdup.c +++ b/Linux-PAM/libpam_misc/xstrdup.c @@ -1,4 +1,4 @@ -/* $Id: xstrdup.c,v 1.1.1.1 2001/04/29 04:17:12 hartmans Exp $ */ +/* $Id: xstrdup.c,v 1.1.1.1 2000/06/20 22:11:25 agmorgan Exp $ */ #include <malloc.h> #include <string.h> diff --git a/Linux-PAM/libpamc/Makefile b/Linux-PAM/libpamc/Makefile index f1c90669..ee5c2086 100644 --- a/Linux-PAM/libpamc/Makefile +++ b/Linux-PAM/libpamc/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:13 hartmans Exp $ +# $Id: Makefile,v 1.8 2005/03/29 20:41:20 toady Exp $ # # lots of debugging information goes to /tmp/pam-debug.log @@ -12,6 +12,9 @@ ifeq ($(DEBUG_REL),yes) else LIBNAME=libpamc endif +ifeq ($(WITH_PRELUDE),yes) + CFLAGS += -DPRELUDE -DLIBPRELUDE_CONFIG_PREFIX=\"`libprelude-config --prefix`\" +endif VERSION=.$(MAJOR_REL) MODIFICATION=.$(MINOR_REL) @@ -59,7 +62,7 @@ static/%.o : %.c $(LIBNAMED): $(DLIBOBJECTS) ifeq ($(DYNAMIC_LIBPAM),yes) ifeq ($(USESONAME),yes) - $(LD_L) $(SOSWITCH) $(LIBNAMEDNAME) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) + $(LD_L) $(SOSWITCH)$(LIBNAMEDNAME) -o $@ $(DLIBOBJECTS) $(MODULES) $(LINKLIBS) else $(LD_L) -o $@ $(DLIBOBJECTS) $(MODULES) endif @@ -73,9 +76,11 @@ endif $(LIBNAMEDSTATIC): $(SLIBOBJECTS) ifeq ($(STATIC_LIBPAM),yes) - $(AR) rc $@ $(SLIBOBJECTS) $(MODULES) + $(AR) rcu $@ $(SLIBOBJECTS) $(MODULES) +ifdef RANLIB $(RANLIB) $@ endif +endif install: all $(MKDIR) $(FAKEROOT)$(INCLUDED) @@ -83,7 +88,11 @@ install: all ifeq ($(DYNAMIC_LIBPAM),yes) $(MKDIR) $(FAKEROOT)$(libdir) $(INSTALL) -m $(SHLIBMODE) $(LIBNAMED) $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) +ifndef FAKEROOT $(LDCONFIG) +else + $(LDCONFIG) -n $(FAKEROOT)$(libdir) +endif ifneq ($(DYNTYPE),"sl") ( cd $(FAKEROOT)$(libdir) ; rm -f $(LIBNAMED) ; ln -s $(LIBNAMEDNAME) $(LIBNAMED) ) endif @@ -96,12 +105,15 @@ remove: rm -f $(FAKEROOT)$(INCLUDED)/pam_client.h rm -f $(FAKEROOT)$(libdir)/$(LIBNAMEDFULL) rm -f $(FAKEROOT)$(libdir)/$(LIBNAMED) +ifndef FAKEROOT $(LDCONFIG) +endif rm -f $(FAKEROOT)$(libdir)/$(LIBNAMEDSTATIC) clean: rm -f a.out core *~ static/*.o dynamic/*.o rm -f *.a *.out *.o *.so ./include/security/*~ + rm -f *.orig $(LIBNAMEDNAME) $(LIBNAMEDFULL) if [ -d dynamic ]; then rmdir dynamic ; fi if [ -d static ]; then rmdir static ; fi diff --git a/Linux-PAM/libpamc/include/security/pam_client.h b/Linux-PAM/libpamc/include/security/pam_client.h index 7c474689..99530322 100644 --- a/Linux-PAM/libpamc/include/security/pam_client.h +++ b/Linux-PAM/libpamc/include/security/pam_client.h @@ -1,5 +1,5 @@ /* - * $Id: pam_client.h,v 1.1.1.2 2002/09/15 20:08:42 hartmans Exp $ + * $Id: pam_client.h,v 1.6 2001/09/19 06:18:46 agmorgan Exp $ * * Copyright (c) 1999 Andrew G. Morgan <morgan@linux.kernel.org> * diff --git a/Linux-PAM/libpamc/libpamc.h b/Linux-PAM/libpamc/libpamc.h index 4b47029f..1c9397c9 100644 --- a/Linux-PAM/libpamc/libpamc.h +++ b/Linux-PAM/libpamc/libpamc.h @@ -1,5 +1,5 @@ /* - * $Id: libpamc.h,v 1.1.1.1 2001/04/29 04:17:13 hartmans Exp $ + * $Id: libpamc.h,v 1.2 2000/11/19 23:54:03 agmorgan Exp $ * * Copyright (c) Andrew G. Morgan <morgan@ftp.kernel.org> * diff --git a/Linux-PAM/libpamc/pamc_client.c b/Linux-PAM/libpamc/pamc_client.c index 82d61262..19eff429 100644 --- a/Linux-PAM/libpamc/pamc_client.c +++ b/Linux-PAM/libpamc/pamc_client.c @@ -1,5 +1,5 @@ /* - * $Id: pamc_client.c,v 1.1.1.1 2001/04/29 04:17:13 hartmans Exp $ + * $Id: pamc_client.c,v 1.1.1.1 2000/06/20 22:11:25 agmorgan Exp $ * * Copyright (c) Andrew G. Morgan <morgan@ftp.kernel.org> * diff --git a/Linux-PAM/libpamc/pamc_converse.c b/Linux-PAM/libpamc/pamc_converse.c index 426f581d..131789fb 100644 --- a/Linux-PAM/libpamc/pamc_converse.c +++ b/Linux-PAM/libpamc/pamc_converse.c @@ -1,5 +1,5 @@ /* - * $Id: pamc_converse.c,v 1.1.1.1 2001/04/29 04:17:13 hartmans Exp $ + * $Id: pamc_converse.c,v 1.2 2001/01/20 22:29:47 agmorgan Exp $ * * Copyright (c) Andrew G. Morgan <morgan@ftp.kernel.org> * diff --git a/Linux-PAM/libpamc/pamc_load.c b/Linux-PAM/libpamc/pamc_load.c index 2e044eb9..01304cc1 100644 --- a/Linux-PAM/libpamc/pamc_load.c +++ b/Linux-PAM/libpamc/pamc_load.c @@ -1,5 +1,5 @@ /* - * $Id: pamc_load.c,v 1.1.1.1 2001/04/29 04:17:13 hartmans Exp $ + * $Id: pamc_load.c,v 1.1.1.1 2000/06/20 22:11:26 agmorgan Exp $ * * Copyright (c) 1999 Andrew G. Morgan <morgan@ftp.kernel.org> * diff --git a/Linux-PAM/libpamc/test/modules/pam_secret.c b/Linux-PAM/libpamc/test/modules/pam_secret.c index 557f5959..95f26014 100644 --- a/Linux-PAM/libpamc/test/modules/pam_secret.c +++ b/Linux-PAM/libpamc/test/modules/pam_secret.c @@ -1,5 +1,5 @@ /* - * $Id: pam_secret.c,v 1.1.1.1 2001/04/29 04:17:14 hartmans Exp $ + * $Id: pam_secret.c,v 1.3 2004/09/14 14:22:39 kukuk Exp $ * * Copyright (c) 1999 Andrew G. Morgan <morgan@linux.kernel.org> */ @@ -206,6 +206,7 @@ char *identify_secret(char *identity, const char *user) pwd = getpwnam(user); if ((pwd == NULL) || (pwd->pw_dir == NULL)) { D(("user [%s] is not known", user)); + return NULL; } length_id = strlen(pwd->pw_dir) + sizeof(SECRET_FILE_FORMAT); diff --git a/Linux-PAM/libpamc/test/regress/Makefile b/Linux-PAM/libpamc/test/regress/Makefile index ff63e5f0..cba474f9 100644 --- a/Linux-PAM/libpamc/test/regress/Makefile +++ b/Linux-PAM/libpamc/test/regress/Makefile @@ -1,7 +1,7 @@ CFLAGS = -g -I ../../include test.libpamc: test.libpamc.o - $(CC) -o $@ $< -L ../.. -lpamc + $(CC) -o $@ $(CFLAGS) $< -L ../.. -lpamc clean: rm -f test.libpamc test.libpamc.o diff --git a/Linux-PAM/modules/Makefile b/Linux-PAM/modules/Makefile index 96b3a636..58be5a24 100644 --- a/Linux-PAM/modules/Makefile +++ b/Linux-PAM/modules/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:43 hartmans Exp $ +# $Id: Makefile,v 1.4 2004/09/28 13:48:47 kukuk Exp $ # # Makefile # @@ -8,7 +8,7 @@ include ../Make.Rules -MODDIRS=$(shell /bin/ls -d pam_*) +MODDIRS=$(shell /bin/ls -d pam_*/Makefile | cut -f1 -d/) all: @echo building the static modutil library diff --git a/Linux-PAM/modules/Simple.Rules b/Linux-PAM/modules/Simple.Rules index bbbf3e50..57b582de 100644 --- a/Linux-PAM/modules/Simple.Rules +++ b/Linux-PAM/modules/Simple.Rules @@ -1,4 +1,4 @@ -# $Id: Simple.Rules,v 1.1.1.2 2002/09/15 20:08:43 hartmans Exp $ +# $Id: Simple.Rules,v 1.7 2004/09/28 13:48:47 kukuk Exp $ # # For simple modules with no significant dependencies, set $(TITLE) # and include this file. @@ -13,13 +13,15 @@ # $(MODULE_SIMPLE_EXTRAFILES) - other files to build (no .c suffix) # +-include ../Make.Rules + LIBFILES = $(TITLE) $(MODULE_SIMPLE_EXTRAFILES) LIBSRC = $(addsuffix .c,$(LIBFILES)) LIBOBJ = $(addsuffix .o,$(LIBFILES)) LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) LIBOBJS = $(addprefix static/,$(LIBOBJ)) -LINK_PAMMODUTILS = -L../pammodutil -lpammodutil +LINK_PAMMODUTILS = -L../pammodutil -lpammodutil -L../../libpam -lpam INCLUDE_PAMMODUTILS = -I../pammodutil/include ifdef DYNAMIC @@ -77,6 +79,18 @@ install: all ifdef DYNAMIC $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) endif +ifdef MAN3 + test -d $(FAKEROOT)$(mandir)/man3 || $(MKDIR) $(FAKEROOT)$(mandir)/man3 + $(INSTALL) -m $(MANMODE) $(MAN3) $(FAKEROOT)$(mandir)/man3/ +endif +ifdef MAN5 + test -d $(FAKEROOT)$(mandir)/man5 || $(MKDIR) $(FAKEROOT)$(mandir)/man5 + $(INSTALL) -m $(MANMODE) $(MAN5) $(FAKEROOT)$(mandir)/man5/ +endif +ifdef MAN8 + test -d $(FAKEROOT)$(mandir)/man8 || $(MKDIR) $(FAKEROOT)$(mandir)/man8 + $(INSTALL) -m $(MANMODE) $(MAN8) $(FAKEROOT)$(mandir)/man8/ +endif $(MODULE_SIMPLE_INSTALL) remove: diff --git a/Linux-PAM/modules/dont_makefile b/Linux-PAM/modules/dont_makefile index b49e9e7a..48307f02 100644 --- a/Linux-PAM/modules/dont_makefile +++ b/Linux-PAM/modules/dont_makefile @@ -1,5 +1,5 @@ ######################################################################### -# $Id: dont_makefile,v 1.1.1.1 2001/04/29 04:17:16 hartmans Exp $ +# $Id: dont_makefile,v 1.2 2000/11/19 23:54:03 agmorgan Exp $ ######################################################################### # This is a makefile that does nothing. It is designed to be included # by module Makefile-s when they are not compatable with the local diff --git a/Linux-PAM/modules/download-all b/Linux-PAM/modules/download-all index 451b3c51..9b6cf655 100755 --- a/Linux-PAM/modules/download-all +++ b/Linux-PAM/modules/download-all @@ -1,6 +1,6 @@ #!/bin/sh # -# $Id: download-all,v 1.1.1.1 2001/04/29 04:17:16 hartmans Exp $ +# $Id: download-all,v 1.1.1.1 2000/06/20 22:11:29 agmorgan Exp $ # cat <<EOT For a number of reasons it is not practical for Linux-PAM to be diff --git a/Linux-PAM/modules/pam_access/Makefile b/Linux-PAM/modules/pam_access/Makefile index 5f8574ab..d8a71ee5 100644 --- a/Linux-PAM/modules/pam_access/Makefile +++ b/Linux-PAM/modules/pam_access/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:16 hartmans Exp $ +# $Id: Makefile,v 1.3 2003/07/13 18:41:04 vorlon Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know @@ -10,6 +10,9 @@ include ../../Make.Rules TITLE=pam_access LOCAL_CONFILE=./access.conf INSTALLED_CONFILE=$(SCONFIGD)/access.conf +ifeq ($(HAVE_LIBNSL),yes) +MODULE_SIMPLE_EXTRALIBS=-lnsl +endif DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" CFLAGS += $(DEFS) diff --git a/Linux-PAM/modules/pam_access/access.conf b/Linux-PAM/modules/pam_access/access.conf index dbaadf67..cec2be0c 100644 --- a/Linux-PAM/modules/pam_access/access.conf +++ b/Linux-PAM/modules/pam_access/access.conf @@ -40,8 +40,15 @@ # logged-in user. Both the user's primary group is matched, as well as # groups in which users are explicitly listed. # +# TTY NAMES: Must be in the form returned by ttyname(3) less the initial +# "/dev" (e.g. tty1 or vc/1) +# ############################################################################## # +# Disallow non-root logins on tty1 +# +#-:ALL EXCEPT root:tty1 +# # Disallow console logins to all but a few accounts. # #-:ALL EXCEPT wheel shutdown sync:LOCAL diff --git a/Linux-PAM/modules/pam_access/pam_access.c b/Linux-PAM/modules/pam_access/pam_access.c index 4005c93b..4f6cf574 100644 --- a/Linux-PAM/modules/pam_access/pam_access.c +++ b/Linux-PAM/modules/pam_access/pam_access.c @@ -5,23 +5,23 @@ * (I took login_access from logdaemon-5.6 and converted it to PAM * using parts of pam_time code.) * - ************************************************************************ + ************************************************************************ * Copyright message from logdaemon-5.6 (original file name DISCLAIMER) - ************************************************************************ - * Copyright 1995 by Wietse Venema. All rights reserved. Individual files - * may be covered by other copyrights (as noted in the file itself.) - * - * This material was originally written and compiled by Wietse Venema at - * Eindhoven University of Technology, The Netherlands, in 1990, 1991, - * 1992, 1993, 1994 and 1995. - * - * Redistribution and use in source and binary forms are permitted - * provided that this entire copyright notice is duplicated in all such - * copies. - * - * This software is provided "as is" and without any expressed or implied - * warranties, including, without limitation, the implied warranties of - * merchantibility and fitness for any particular purpose. + ************************************************************************ + * Copyright 1995 by Wietse Venema. All rights reserved. Individual files + * may be covered by other copyrights (as noted in the file itself.) + * + * This material was originally written and compiled by Wietse Venema at + * Eindhoven University of Technology, The Netherlands, in 1990, 1991, + * 1992, 1993, 1994 and 1995. + * + * Redistribution and use in source and binary forms are permitted + * provided that this entire copyright notice is duplicated in all such + * copies. + * + * This software is provided "as is" and without any expressed or implied + * warranties, including, without limitation, the implied warranties of + * merchantibility and fitness for any particular purpose. ************************************************************************* */ @@ -41,6 +41,7 @@ #include <errno.h> #include <ctype.h> #include <sys/utsname.h> +#include <rpcsvc/ypclnt.h> #ifndef BROKEN_NETWORK_MATCH # include <netdb.h> @@ -58,8 +59,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> - -int strcasecmp(const char *s1, const char *s2); +#include <security/_pam_modutil.h> /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ @@ -68,7 +68,7 @@ int strcasecmp(const char *s1, const char *s2); * control based on login names and on host (or domain) names, internet * addresses (or network numbers), or on terminal line names in case of * non-networked logins. Diagnostics are reported through syslog(3). - * + * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ @@ -140,26 +140,27 @@ static int parse_args(struct login_info *loginfo, int argc, const char **argv) , loginfo->service, 11 + argv[i]); return 0; } - + } else { _log_err("unrecognized option [%s]", argv[i]); } } - + return 1; /* OK */ } -typedef int match_func (char *, struct login_info *); +typedef int match_func (pam_handle_t *, char *, struct login_info *); -static int list_match (char *, struct login_info *, - match_func *); -static int user_match (char *, struct login_info *); -static int from_match (char *, struct login_info *); -static int string_match (char *, char *); +static int list_match (pam_handle_t *, char *, struct login_info *, + match_func *); +static int user_match (pam_handle_t *, char *, struct login_info *); +static int from_match (pam_handle_t *, char *, struct login_info *); +static int string_match (pam_handle_t *, char *, char *); /* login_access - match username/group and host/tty with access control file */ -static int login_access(struct login_info *item) +static int +login_access (pam_handle_t *pamh, struct login_info *item) { FILE *fp; char line[BUFSIZ]; @@ -193,10 +194,11 @@ static int login_access(struct login_info *item) line[end] = 0; /* strip trailing whitespace */ if (line[0] == 0) /* skip blank lines */ continue; + + /* Allow trailing: in last field fo froms */ if (!(perm = strtok(line, fs)) || !(users = strtok((char *) 0, fs)) - || !(froms = strtok((char *) 0, fs)) - || strtok((char *) 0, fs)) { + || !(froms = strtok((char *) 0, fs))) { _log_err("%s: line %d: bad field count", item->config_file, lineno); continue; @@ -206,19 +208,21 @@ static int login_access(struct login_info *item) item->config_file, lineno); continue; } - match = (list_match(froms, item, from_match) - && list_match(users, item, user_match)); + match = (list_match(pamh, froms, item, from_match) + && list_match(pamh, users, item, user_match)); } (void) fclose(fp); } else if (errno != ENOENT) { _log_err("cannot open %s: %m", item->config_file); + return NO; } return (match == 0 || (line[0] == '+')); } /* list_match - match an item against a list of tokens with exceptions */ -static int list_match(char *list, struct login_info *item, match_func *match_fn) +static int list_match(pam_handle_t *pamh, + char *list, struct login_info *item, match_func *match_fn) { char *tok; int match = NO; @@ -233,7 +237,7 @@ static int list_match(char *list, struct login_info *item, match_func *match_fn) for (tok = strtok(list, sep); tok != 0; tok = strtok((char *) 0, sep)) { if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; - if ((match = (*match_fn) (tok, item))) /* YES */ + if ((match = (*match_fn) (pamh, tok, item))) /* YES */ break; } /* Process exceptions to matches. */ @@ -241,7 +245,7 @@ static int list_match(char *list, struct login_info *item, match_func *match_fn) if (match != NO) { while ((tok = strtok((char *) 0, sep)) && strcasecmp(tok, "EXCEPT")) /* VOID */ ; - if (tok == 0 || list_match((char *) 0, item, match_fn) == NO) + if (tok == 0 || list_match(pamh, (char *) 0, item, match_fn) == NO) return (match); } return (NO); @@ -253,35 +257,30 @@ static char * myhostname(void) { static char name[MAXHOSTNAMELEN + 1]; - gethostname(name, MAXHOSTNAMELEN); - name[MAXHOSTNAMELEN] = 0; - return (name); + if (gethostname(name, MAXHOSTNAMELEN) == 0) { + name[MAXHOSTNAMELEN] = 0; + return (name); + } + return NULL; } /* netgroup_match - match group against machine or user */ static int netgroup_match(char *group, char *machine, char *user) { -#ifdef NIS - static char *mydomain = 0; + static char *mydomain = NULL; if (mydomain == 0) yp_get_default_domain(&mydomain); return (innetgr(group, machine, user, mydomain)); -#else - _log_err("NIS netgroup support not configured"); - return (NO); -#endif } /* user_match - match a username against one token */ -static int user_match(char *tok, struct login_info *item) +static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item) { char *string = item->user->pw_name; struct login_info fake_item; - struct group *group; - int i; char *at; /* @@ -294,24 +293,24 @@ static int user_match(char *tok, struct login_info *item) if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */ *at = 0; fake_item.from = myhostname(); - return (user_match(tok, item) && from_match(at + 1, &fake_item)); - } else if (tok[0] == '@') { /* netgroup */ + if (fake_item.from == NULL) + return NO; + return (user_match (pamh, tok, item) && from_match (pamh, at + 1, &fake_item)); + } else if (tok[0] == '@') /* netgroup */ return (netgroup_match(tok + 1, (char *) 0, string)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if ((group = getgrnam(tok))) { /* try group membership */ - if (item->user->pw_gid == group->gr_gid) - return (YES); - for (i = 0; group->gr_mem[i]; i++) - if (strcasecmp(string, group->gr_mem[i]) == 0) - return (YES); - } - return (NO); + else if (string_match (pamh, tok, string)) /* ALL or exact match */ + return YES; + else if (_pammodutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) + /* try group membership */ + return YES; + + return NO; } /* from_match - match a host or tty against a list of tokens */ -static int from_match(char *tok, struct login_info *item) +static int +from_match (pam_handle_t *pamh, char *tok, struct login_info *item) { char *string = item->from; int tok_len; @@ -328,9 +327,9 @@ static int from_match(char *tok, struct login_info *item) if (tok[0] == '@') { /* netgroup */ return (netgroup_match(tok + 1, string, (char *) 0)); - } else if (string_match(tok, string)) { /* ALL or exact match */ - return (YES); - } else if (tok[0] == '.') { /* domain: match last fields */ + } else if (string_match (pamh, tok, string)) /* ALL or exact match */ + return YES; + else if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); @@ -374,7 +373,8 @@ static int from_match(char *tok, struct login_info *item) /* string_match - match a string against one token */ -static int string_match(char *tok, char *string) +static int +string_match (pam_handle_t *pamh, char *tok, char *string) { /* @@ -390,14 +390,6 @@ static int string_match(char *tok, char *string) return (NO); } -/* end of login_access.c */ - -int strcasecmp(const char *s1, const char *s2) -{ - while ((toupper(*s1)==toupper(*s2)) && (*s1) && (*s2)) {s1++; s2++;} - return(toupper(*s1)-toupper(*s2)); -} - /* --- public account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc @@ -447,13 +439,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc return PAM_ABORT; } } - if (strncmp("/dev/",from,5) == 0) { /* strip leading /dev/ */ - from += 5; - } + if (from[0] == '/') { /* full path */ + from++; + from = strchr(from, '/'); + from++; + } } - if ((user_pw=getpwnam(user))==NULL) return (PAM_USER_UNKNOWN); + if ((user_pw=_pammodutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN); /* * Bundle up the arguments to avoid unnecessary clumsiness later on. @@ -470,7 +464,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc return PAM_ABORT; } - if (login_access(&loginfo)) { + if (login_access(pamh, &loginfo)) { return (PAM_SUCCESS); } else { _log_err("access denied for user `%s' from `%s'",user,from); @@ -494,4 +488,3 @@ struct pam_module _pam_access_modstruct = { NULL }; #endif - diff --git a/Linux-PAM/modules/pam_cracklib/Makefile b/Linux-PAM/modules/pam_cracklib/Makefile index 9e8f69aa..371ac0a8 100644 --- a/Linux-PAM/modules/pam_cracklib/Makefile +++ b/Linux-PAM/modules/pam_cracklib/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:17 hartmans Exp $ +# $Id: Makefile,v 1.3 2001/02/10 22:15:23 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_cracklib/pam_cracklib.c b/Linux-PAM/modules/pam_cracklib/pam_cracklib.c index fa415e32..8f3e4c42 100644 --- a/Linux-PAM/modules/pam_cracklib/pam_cracklib.c +++ b/Linux-PAM/modules/pam_cracklib/pam_cracklib.c @@ -1,6 +1,6 @@ /* * pam_cracklib module - * $Id: pam_cracklib.c,v 1.1.1.2 2002/09/15 20:08:45 hartmans Exp $ + * $Id: pam_cracklib.c,v 1.9 2004/09/15 12:06:17 kukuk Exp $ */ /* @@ -77,7 +77,7 @@ extern char *FascistCheck(char *pw, const char *dictpath); #include <security/pam_modules.h> #include <security/_pam_macros.h> -#ifndef LINUX_PAM +#ifndef LINUX_PAM #include <security/pam_appl.h> #endif /* LINUX_PAM */ @@ -186,11 +186,11 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs, struct pam_response **response) { int retval; - struct pam_conv *conv; + struct pam_conv *conv = NULL; - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); - if ( retval == PAM_SUCCESS ) { + if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, (const struct pam_message **)message, response, conv->appdata_ptr); if (retval != PAM_SUCCESS && (ctrl && PAM_DEBUG_ARG)) { @@ -199,7 +199,9 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs, } } else { _pam_log(LOG_ERR, "couldn't obtain coversation function [%s]", - pam_strerror(pamh, retval)); + pam_strerror(pamh, retval)); + if ( retval == PAM_SUCCESS ) + retval = PAM_BAD_ITEM; /* conv was NULL */ } return retval; /* propagate error status */ @@ -258,12 +260,12 @@ static int distdifferent(const char *old, const char *new, int i, int j) { char c, d; - if ((i == 0) || (strlen(old) <= i)) { + if ((i == 0) || (strlen(old) < i)) { c = 0; } else { c = old[i - 1]; } - if ((j == 0) || (strlen(new) <= i)) { + if ((j == 0) || (strlen(new) < j)) { d = 0; } else { d = new[j - 1]; @@ -389,17 +391,17 @@ static int simple(struct cracklib_options *opt, size -= digits; else if (digits < opt->dig_credit * -1) return 1; - + if (opt->up_credit >= 0) size -= uppers; else if (uppers < opt->up_credit * -1) return 1; - + if (opt->low_credit >= 0) size -= lowers; else if (lowers < opt->low_credit * -1) return 1; - + if (opt->oth_credit >= 0) size -= others; else if (others < opt->oth_credit * -1) @@ -507,7 +509,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, const char *msg = NULL; const char *user; int retval; - + if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { if (ctrl && PAM_DEBUG_ARG) _pam_log(LOG_DEBUG, "bad authentication token"); @@ -524,7 +526,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, msg = password_check(opt, pass_old,pass_new); if (!msg) { retval = pam_get_item(pamh, PAM_USER, (const void **)&user); - if (retval != PAM_SUCCESS) { + if (retval != PAM_SUCCESS || user == NULL) { if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_ERR,"Can not get username"); return PAM_AUTHTOK_ERR; @@ -535,7 +537,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, if (msg) { char remark[BUFSIZ]; - + memset(remark,0,sizeof(remark)); snprintf(remark,sizeof(remark),"BAD PASSWORD: %s",msg); if (ctrl && PAM_DEBUG_ARG) @@ -543,12 +545,12 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, msg); make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); return PAM_AUTHTOK_ERR; - }; + }; return PAM_SUCCESS; - + } -/* The Main Thing (by Cristian Gafton, CEO at this module :-) +/* The Main Thing (by Cristian Gafton, CEO at this module :-) * (stolen from http://home.netscape.com) */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, @@ -559,6 +561,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, D(("called.")); + memset(&options, 0, sizeof(options)); options.retry_times = CO_RETRY_TIMES; options.diff_ok = CO_DIFF_OK; options.diff_ignore = CO_DIFF_IGNORE; @@ -574,7 +577,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, ctrl = _pam_parse(&options, argc, argv); if (flags & PAM_PRELIM_CHECK) { - /* Check for passwd dictionary */ + /* Check for passwd dictionary */ struct stat st; char buf[sizeof(CRACKLIB_DICTPATH)+10]; @@ -591,7 +594,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, CRACKLIB_DICTPATH); return PAM_ABORT; } - + /* Not reached */ return PAM_SERVICE_ERR; @@ -613,12 +616,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_SUCCESS; } - do { + do { /* * make sure nothing inappropriate gets returned */ token1 = token2 = NULL; - + if (!options.retry_times) { D(("returning %s because maxtries reached", pam_strerror(pamh, retval))); @@ -628,7 +631,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* Planned modus operandi: * Get a passwd. * Verify it against cracklib. - * If okay get it a second time. + * If okay get it a second time. * Check to be the same with the first one. * set PAM_AUTHTOK and return */ @@ -691,7 +694,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, { char *crack_msg; char remark[BUFSIZ]; - + bzero(remark,sizeof(remark)); D(("against cracklib")); if ((crack_msg = FascistCheck(token1, cracklib_dictpath))) { @@ -779,7 +782,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_AUTHTOK_RECOVER_ERR; continue; } - + /* Yes, the password was typed correct twice * we store this password as an item */ @@ -804,7 +807,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } } - + } while (options.retry_times--); } else { @@ -814,7 +817,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } /* Not reached */ - return PAM_SERVICE_ERR; + return PAM_SERVICE_ERR; } diff --git a/Linux-PAM/modules/pam_debug/Makefile b/Linux-PAM/modules/pam_debug/Makefile index bb759918..56e9a14e 100644 --- a/Linux-PAM/modules/pam_debug/Makefile +++ b/Linux-PAM/modules/pam_debug/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2002/09/15 20:08:45 hartmans Exp $ +# $Id: Makefile,v 1.1 2001/10/10 05:00:11 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_debug/README b/Linux-PAM/modules/pam_debug/README index c1dad0f8..85401651 100644 --- a/Linux-PAM/modules/pam_debug/README +++ b/Linux-PAM/modules/pam_debug/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.1 2002/09/15 20:08:45 hartmans Exp $ +# $Id: README,v 1.1 2001/10/10 05:00:11 agmorgan Exp $ # This module returns what its module arguments tell it to return. It diff --git a/Linux-PAM/modules/pam_debug/pam_debug.c b/Linux-PAM/modules/pam_debug/pam_debug.c index 6226c829..819cd651 100644 --- a/Linux-PAM/modules/pam_debug/pam_debug.c +++ b/Linux-PAM/modules/pam_debug/pam_debug.c @@ -1,7 +1,7 @@ /* pam_permit module */ /* - * $Id: pam_debug.c,v 1.1.1.1 2002/09/15 20:08:45 hartmans Exp $ + * $Id: pam_debug.c,v 1.2 2004/09/15 12:06:17 kukuk Exp $ * * Written by Andrew Morgan <morgan@kernel.org> 2001/02/04 * @@ -102,7 +102,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, } if (user == NULL || *user == '\0') { D(("username not known")); - pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); + retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); + if (retval != PAM_SUCCESS) + return retval; } user = NULL; /* clean up */ diff --git a/Linux-PAM/modules/pam_deny/Makefile b/Linux-PAM/modules/pam_deny/Makefile index f2a49e1d..2fdd6e11 100644 --- a/Linux-PAM/modules/pam_deny/Makefile +++ b/Linux-PAM/modules/pam_deny/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:18 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:03 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_deny/README b/Linux-PAM/modules/pam_deny/README index c6b86c79..2eb96d4e 100644 --- a/Linux-PAM/modules/pam_deny/README +++ b/Linux-PAM/modules/pam_deny/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.1 2001/04/29 04:17:18 hartmans Exp $ +# $Id: README,v 1.1.1.1 2000/06/20 22:11:33 agmorgan Exp $ # this module always fails, it ignores all options. diff --git a/Linux-PAM/modules/pam_deny/pam_deny.c b/Linux-PAM/modules/pam_deny/pam_deny.c index d1fa42a3..8be1a8a8 100644 --- a/Linux-PAM/modules/pam_deny/pam_deny.c +++ b/Linux-PAM/modules/pam_deny/pam_deny.c @@ -1,7 +1,7 @@ /* pam_permit module */ /* - * $Id: pam_deny.c,v 1.1.1.1 2001/04/29 04:17:18 hartmans Exp $ + * $Id: pam_deny.c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11 * diff --git a/Linux-PAM/modules/pam_env/Makefile b/Linux-PAM/modules/pam_env/Makefile index 25856f04..189f1ee3 100644 --- a/Linux-PAM/modules/pam_env/Makefile +++ b/Linux-PAM/modules/pam_env/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:18 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:03 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_env/README b/Linux-PAM/modules/pam_env/README index 27d007b9..5053618a 100644 --- a/Linux-PAM/modules/pam_env/README +++ b/Linux-PAM/modules/pam_env/README @@ -1,6 +1,6 @@ -# $Date: 2001/04/29 04:17:19 $ -# $Author: hartmans $ -# $Id: README,v 1.1.1.1 2001/04/29 04:17:19 hartmans Exp $ +# $Date: 2000/06/20 22:11:33 $ +# $Author: agmorgan $ +# $Id: README,v 1.1.1.1 2000/06/20 22:11:33 agmorgan Exp $ # # This is the configuration file for pam_env, a PAM module to load in # a configurable list of environment variables for a diff --git a/Linux-PAM/modules/pam_env/pam_env.c b/Linux-PAM/modules/pam_env/pam_env.c index 2b7533d0..a3cf7684 100644 --- a/Linux-PAM/modules/pam_env/pam_env.c +++ b/Linux-PAM/modules/pam_env/pam_env.c @@ -1,7 +1,7 @@ /* pam_mail module */ /* - * $Id: pam_env.c,v 1.1.1.2 2002/09/15 20:08:46 hartmans Exp $ + * $Id: pam_env.c,v 1.5 2004/09/15 12:06:17 kukuk Exp $ * * Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31 * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the @@ -13,7 +13,7 @@ #endif #define DEFAULT_ETC_ENVFILE "/etc/environment" -#define DEFAULT_READ_ENVFILE 1 +#define DEFAULT_READ_ENVFILE 0 #include <security/_pam_aconf.h> @@ -165,8 +165,8 @@ static int _parse_config_file(pam_handle_t *pamh, int ctrl, char **conffile) return PAM_IGNORE; } - /* _pam_assemble_line will provide a complete line from the config file, with all - * comments removed and any escaped newlines fixed up + /* _pam_assemble_line will provide a complete line from the config file, + * with all comments removed and any escaped newlines fixed up */ while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { @@ -192,12 +192,13 @@ static int _parse_config_file(pam_handle_t *pamh, int ctrl, char **conffile) (void) fclose(conf); /* tidy up */ - _clean_var(var); /* We could have got here prematurely, this is safe though */ + _clean_var(var); /* We could have got here prematurely, + * this is safe though */ _pam_overwrite(*conffile); _pam_drop(*conffile); file = NULL; D(("Exit.")); - return (retval<0?PAM_ABORT:PAM_SUCCESS); + return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); } static int _parse_env_file(pam_handle_t *pamh, int ctrl, char **env_file) @@ -231,7 +232,7 @@ static int _parse_env_file(pam_handle_t *pamh, int ctrl, char **env_file) continue; /* skip over "export " if present so we can be compat with - bash type declerations */ + bash type declarations */ if (strncmp(key, "export ", (size_t) 7) == 0) key += 7; @@ -279,7 +280,7 @@ static int _parse_env_file(pam_handle_t *pamh, int ctrl, char **env_file) _pam_drop(*env_file); file = NULL; D(("Exit.")); - return (retval<0?PAM_IGNORE:PAM_SUCCESS); + return (retval != 0 ? PAM_IGNORE : PAM_SUCCESS); } /* @@ -765,8 +766,8 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, retval = _parse_config_file(pamh, ctrl, &conf_file); - if(readenv) - _parse_env_file(pamh, ctrl, &env_file); + if(readenv && retval == PAM_SUCCESS) + retval = _parse_env_file(pamh, ctrl, &env_file); /* indicate success or failure */ @@ -798,8 +799,8 @@ int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc retval = _parse_config_file(pamh, ctrl, &conf_file); - if(readenv) - _parse_env_file(pamh, ctrl, &env_file); + if(readenv && retval == PAM_SUCCESS) + retval = _parse_env_file(pamh, ctrl, &env_file); /* indicate success or failure */ diff --git a/Linux-PAM/modules/pam_env/pam_env.conf-example b/Linux-PAM/modules/pam_env/pam_env.conf-example index fa4e0b84..612a31c2 100644 --- a/Linux-PAM/modules/pam_env/pam_env.conf-example +++ b/Linux-PAM/modules/pam_env/pam_env.conf-example @@ -1,6 +1,6 @@ -# $Date: 2001/04/29 04:17:19 $ -# $Author: hartmans $ -# $Id: pam_env.conf-example,v 1.1.1.1 2001/04/29 04:17:19 hartmans Exp $ +# $Date: 2004/11/16 14:27:41 $ +# $Author: toady $ +# $Id: pam_env.conf-example,v 1.2 2004/11/16 14:27:41 toady Exp $ # # This is the configuration file for pam_env, a PAM module to load in # a configurable list of environment variables for a @@ -43,6 +43,10 @@ # be used in values using the @{string} syntax. Both the $ and @ # characters can be backslash escaped to be used as literal values # values can be delimited with "", escaped " not supported. +# Note that many environment variables that you would like to use +# may not be set by the time the module is called. +# For example, HOME is used below several times, but +# many PAM applications don't make it available by the time you need it. # # # First, some special variables diff --git a/Linux-PAM/modules/pam_filter/Makefile b/Linux-PAM/modules/pam_filter/Makefile index caad06c7..e7d7041e 100644 --- a/Linux-PAM/modules/pam_filter/Makefile +++ b/Linux-PAM/modules/pam_filter/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:47 hartmans Exp $ +# $Id: Makefile,v 1.4 2001/11/11 07:43:54 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_filter/README b/Linux-PAM/modules/pam_filter/README index 64bac608..12c4aeb5 100644 --- a/Linux-PAM/modules/pam_filter/README +++ b/Linux-PAM/modules/pam_filter/README @@ -1,5 +1,5 @@ # -# $Id: README,v 1.1.1.1 2001/04/29 04:17:19 hartmans Exp $ +# $Id: README,v 1.1.1.1 2000/06/20 22:11:35 agmorgan Exp $ # # This describes the behavior of this module with respect to the # /etc/pam.conf file. diff --git a/Linux-PAM/modules/pam_filter/include/pam_filter.h b/Linux-PAM/modules/pam_filter/include/pam_filter.h index f189c911..69e3a3e2 100644 --- a/Linux-PAM/modules/pam_filter/include/pam_filter.h +++ b/Linux-PAM/modules/pam_filter/include/pam_filter.h @@ -1,5 +1,5 @@ /* - * $Id: pam_filter.h,v 1.1.1.1 2001/04/29 04:17:20 hartmans Exp $ + * $Id: pam_filter.h,v 1.1.1.1 2000/06/20 22:11:36 agmorgan Exp $ * * this file is associated with the Linux-PAM filter module. * it was written by Andrew G. Morgan <morgan@linux.kernel.org> diff --git a/Linux-PAM/modules/pam_filter/pam_filter.c b/Linux-PAM/modules/pam_filter/pam_filter.c index 0ddd3711..9aa23f29 100644 --- a/Linux-PAM/modules/pam_filter/pam_filter.c +++ b/Linux-PAM/modules/pam_filter/pam_filter.c @@ -1,5 +1,5 @@ /* - * $Id: pam_filter.c,v 1.1.1.2 2002/09/15 20:08:47 hartmans Exp $ + * $Id: pam_filter.c,v 1.6 2004/11/16 14:27:41 toady Exp $ * * written by Andrew Morgan <morgan@transmeta.com> with much help from * Richard Stevens' UNIX Network Programming book. @@ -21,7 +21,7 @@ #include <sys/stat.h> #include <sys/socket.h> #include <sys/ioctl.h> -#include <termio.h> +#include <termios.h> #include <signal.h> @@ -131,7 +131,7 @@ static int process_args(pam_handle_t *pamh } else { char **levp; const char *tmp; - int i,size; + int i,size, retval; *filtername = *++argv; if (ctrl & FILTER_DEBUG) { @@ -150,7 +150,7 @@ static int process_args(pam_handle_t *pamh /* the "ARGS" variable */ -#define ARGS_OFFSET 5 /* sizeof('ARGS='); */ +#define ARGS_OFFSET 5 /* strlen('ARGS='); */ #define ARGS_NAME "ARGS=" size += ARGS_OFFSET; @@ -174,10 +174,18 @@ static int process_args(pam_handle_t *pamh /* the "SERVICE" variable */ -#define SERVICE_OFFSET 8 /* sizeof('SERVICE='); */ +#define SERVICE_OFFSET 8 /* strlen('SERVICE='); */ #define SERVICE_NAME "SERVICE=" - pam_get_item(pamh, PAM_SERVICE, (const void **)&tmp); + retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&tmp); + if (retval != PAM_SUCCESS || tmp == NULL) { + _pam_log(LOG_CRIT,"service name not found"); + if (levp) { + free(levp[0]); + free(levp); + } + return -1; + } size = SERVICE_OFFSET+strlen(tmp); levp[1] = (char *) malloc(size+1); @@ -196,9 +204,10 @@ static int process_args(pam_handle_t *pamh /* the "USER" variable */ -#define USER_OFFSET 5 /* sizeof('USER='); */ +#define USER_OFFSET 5 /* strlen('USER='); */ #define USER_NAME "USER=" + tmp = NULL; pam_get_user(pamh, &tmp, NULL); if (tmp == NULL) { tmp = "<unknown>"; @@ -222,7 +231,7 @@ static int process_args(pam_handle_t *pamh /* the "USER" variable */ -#define TYPE_OFFSET 5 /* sizeof('TYPE='); */ +#define TYPE_OFFSET 5 /* strlen('TYPE='); */ #define TYPE_NAME "TYPE=" size = TYPE_OFFSET+strlen(type); @@ -278,7 +287,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl { int status=-1; char terminal[TERMINAL_LEN]; - struct termio stored_mode; /* initial terminal mode settings */ + struct termios stored_mode; /* initial terminal mode settings */ int fd[2], child=0, child2=0, aterminal; if (filtername == NULL || *filtername != '/') { @@ -305,15 +314,15 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl /* set terminal into raw mode.. remember old mode so that we can revert to it after the child has quit. */ - /* this is termio terminal handling... */ + /* this is termios terminal handling... */ - if (ioctl(STDIN_FILENO, TCGETA, (char *) &stored_mode ) < 0) { + if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) { /* in trouble, so close down */ close(fd[0]); _pam_log(LOG_CRIT, "couldn't copy terminal mode"); return PAM_ABORT; } else { - struct termio t_mode = stored_mode; + struct termios t_mode = stored_mode; t_mode.c_iflag = 0; /* no input control */ t_mode.c_oflag &= ~OPOST; /* no ouput post processing */ @@ -326,7 +335,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */ t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ - if (ioctl(STDIN_FILENO, TCSETA, (char *) &t_mode) < 0) { + if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) { close(fd[0]); _pam_log(LOG_WARNING, "couldn't put terminal in RAW mode"); return PAM_ABORT; @@ -356,7 +365,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl _pam_log(LOG_WARNING,"first fork failed"); if (aterminal) { - (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); + (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); } return PAM_AUTH_ERR; @@ -398,7 +407,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl /* initialize the child's terminal to be the way the parent's was before we set it into RAW mode */ - if (ioctl(fd[1], TCSETA, (char *) &stored_mode) < 0) { + if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) { _pam_log(LOG_WARNING,"cannot set slave terminal mode; %s" ,terminal); close(fd[1]); @@ -572,7 +581,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl if (aterminal) { /* reset to initial terminal mode */ - (void) ioctl(STDIN_FILENO, TCSETA, (char *) &stored_mode); + (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); } if (ctrl & FILTER_DEBUG) { diff --git a/Linux-PAM/modules/pam_filter/upperLOWER/Makefile b/Linux-PAM/modules/pam_filter/upperLOWER/Makefile index 3e2d667f..c75f4964 100644 --- a/Linux-PAM/modules/pam_filter/upperLOWER/Makefile +++ b/Linux-PAM/modules/pam_filter/upperLOWER/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:47 hartmans Exp $ +# $Id: Makefile,v 1.4 2004/09/22 09:37:47 kukuk Exp $ # # This directory contains a pam_filter filter executable # @@ -12,16 +12,19 @@ TITLE=upperLOWER # -CFLAGS += -I../include +CFLAGS += -I../include -I../../pammodutil/include OBJS = $(TITLE).o +LIBS += $(GLIB_LIBS) -L../../pammodutil -lpammodutil +LDFLAGS = $(LIBS) + ####################### don't edit below ####################### all: $(TITLE) $(TITLE): $(OBJS) - $(CC) $(CFLAGS) -o $(TITLE) $(OBJS) + $(CC) $(CFLAGS) -o $(TITLE) $(OBJS) $(LDFLAGS) $(STRIP) $(TITLE) install: diff --git a/Linux-PAM/modules/pam_filter/upperLOWER/upperLOWER.c b/Linux-PAM/modules/pam_filter/upperLOWER/upperLOWER.c index 59c0e0e3..ee3544a1 100644 --- a/Linux-PAM/modules/pam_filter/upperLOWER/upperLOWER.c +++ b/Linux-PAM/modules/pam_filter/upperLOWER/upperLOWER.c @@ -1,5 +1,5 @@ /* - * $Id: upperLOWER.c,v 1.1.1.2 2002/09/15 20:08:48 hartmans Exp $ + * $Id: upperLOWER.c,v 1.5 2004/09/22 09:37:48 kukuk Exp $ * * This is a sample filter program, for use with pam_filter (a module * provided with Linux-PAM). This filter simply transposes upper and @@ -21,6 +21,9 @@ #include <unistd.h> #include <security/pam_filter.h> +#include <security/pam_modules.h> +#include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* ---------------------------------------------------------------- */ @@ -109,27 +112,27 @@ int main(int argc, char **argv) /* application errors */ if ( FD_ISSET(APPERR_FILENO,&readers) ) { - int got = read(APPERR_FILENO, buffer, BUFSIZ); + int got = _pammodutil_read(APPERR_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); - if ( write(STDERR_FILENO, buffer, got) != got ) { + if (_pammodutil_write(STDERR_FILENO, buffer, got) != got ) { log_this(LOG_WARNING,"couldn't write %d bytes?!",got); break; } } } else if ( FD_ISSET(APPOUT_FILENO,&readers) ) { /* app output */ - int got = read(APPOUT_FILENO, buffer, BUFSIZ); + int got = _pammodutil_read(APPOUT_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); - if ( write(STDOUT_FILENO, buffer, got) != got ) { + if (_pammodutil_write(STDOUT_FILENO, buffer, got) != got ) { log_this(LOG_WARNING,"couldn't write %d bytes!?",got); break; } @@ -137,7 +140,7 @@ int main(int argc, char **argv) } if ( FD_ISSET(STDIN_FILENO, &readers) ) { /* user input */ - int got = read(STDIN_FILENO, buffer, BUFSIZ); + int got = _pammodutil_read(STDIN_FILENO, buffer, BUFSIZ); if (got < 0) { log_this(LOG_WARNING,"user input junked"); break; @@ -145,7 +148,7 @@ int main(int argc, char **argv) /* translate to give to application */ if (before_app != NULL) before_app(buffer, got); - if ( write(APPIN_FILENO, buffer, got) != got ) { + if (_pammodutil_write(APPIN_FILENO, buffer, got) != got ) { log_this(LOG_WARNING,"couldn't pass %d bytes!?",got); break; } diff --git a/Linux-PAM/modules/pam_ftp/Makefile b/Linux-PAM/modules/pam_ftp/Makefile index a1088e17..456161bf 100644 --- a/Linux-PAM/modules/pam_ftp/Makefile +++ b/Linux-PAM/modules/pam_ftp/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:21 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:03 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_ftp/pam_ftp.c b/Linux-PAM/modules/pam_ftp/pam_ftp.c index 1512a65d..64df95ac 100644 --- a/Linux-PAM/modules/pam_ftp/pam_ftp.c +++ b/Linux-PAM/modules/pam_ftp/pam_ftp.c @@ -1,7 +1,7 @@ /* pam_ftp module */ /* - * $Id: pam_ftp.c,v 1.1.1.1 2001/04/29 04:17:21 hartmans Exp $ + * $Id: pam_ftp.c,v 1.3 2004/09/22 09:37:48 kukuk Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 * @@ -58,7 +58,7 @@ static int converse(pam_handle_t *pamh, int nargs D(("begin to converse\n")); retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; - if ( retval == PAM_SUCCESS ) { + if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, ( const struct pam_message ** ) message , response, conv->appdata_ptr); @@ -73,6 +73,8 @@ static int converse(pam_handle_t *pamh, int nargs } else { _pam_log(LOG_ERR, "couldn't obtain coversation function [%s]" , pam_strerror(pamh, retval)); + if (retval == PAM_SUCCESS) + retval = PAM_BAD_ITEM; /* conv was NULL */ } D(("ready to return from module conversation\n")); diff --git a/Linux-PAM/modules/pam_group/Makefile b/Linux-PAM/modules/pam_group/Makefile index 11593e25..06c88998 100644 --- a/Linux-PAM/modules/pam_group/Makefile +++ b/Linux-PAM/modules/pam_group/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:21 hartmans Exp $ +# $Id: Makefile,v 1.3 2003/11/27 07:49:46 kukuk Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know @@ -11,7 +11,7 @@ TITLE=pam_group LOCAL_CONFILE=./group.conf INSTALLED_CONFILE=$(SCONFIGD)/group.conf -DEFS=-DDEFAULT_CONF_FILE=\"$(CONFILE)\" +DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" CFLAGS += $(DEFS) MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" diff --git a/Linux-PAM/modules/pam_group/pam_group.c b/Linux-PAM/modules/pam_group/pam_group.c index b6b6ee08..c7b75fe2 100644 --- a/Linux-PAM/modules/pam_group/pam_group.c +++ b/Linux-PAM/modules/pam_group/pam_group.c @@ -1,13 +1,13 @@ /* pam_group module */ /* - * $Id: pam_group.c,v 1.1.1.2 2002/09/15 20:08:48 hartmans Exp $ + * $Id: pam_group.c,v 1.7 2004/09/24 13:13:20 kukuk Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/7/6 */ const static char rcsid[] = -"$Id: pam_group.c,v 1.1.1.2 2002/09/15 20:08:48 hartmans Exp $;\n" +"$Id: pam_group.c,v 1.7 2004/09/24 13:13:20 kukuk Exp $;\n" "Version 0.5 for Linux-PAM\n" "Copyright (c) Andrew G. Morgan 1996 <morgan@linux.kernel.org>\n"; @@ -57,6 +57,7 @@ typedef enum { AND, OR } operator; #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* --- static functions for checking whether the user should be let in --- */ @@ -79,6 +80,12 @@ static void shift_bytes(char *mem, int from, int by) } } +/* This function should initially be called with buf = NULL. If + * an error occurs, the file descriptor is closed. Subsequent + * calls with a closed descriptor will cause buf to be deallocated. + * Therefore, always check buf after calling this to see if an error + * occurred. + */ static int read_field(int fd, char **buf, int *from, int *to) { /* is buf set ? */ @@ -126,6 +133,7 @@ static int read_field(int fd, char **buf, int *from, int *to) i = read(fd, *to + *buf, PAM_GROUP_BUFLEN - *to); if (i < 0) { _log_err("error reading " PAM_GROUP_CONF); + close(fd); return -1; } else if (!i) { close(fd); @@ -165,6 +173,7 @@ static int read_field(int fd, char **buf, int *from, int *to) } else { _log_err("internal error in " __FILE__ " at line %d", __LINE__ ); + close(fd); return -1; } break; @@ -518,7 +527,7 @@ static int find_member(const char *string, int *at) #define GROUP_BLK 10 #define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK) -static int mkgrplist(char *buf, gid_t **list, int len) +static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) { int l,at=0; int blks; @@ -581,7 +590,7 @@ static int mkgrplist(char *buf, gid_t **list, int len) { const struct group *grp; - grp = getgrnam(buf+at); + grp = _pammodutil_getgrnam(pamh, buf+at); if (grp == NULL) { _log_err("bad group: %s", buf+at); } else { @@ -600,8 +609,8 @@ static int mkgrplist(char *buf, gid_t **list, int len) } -static int check_account(const char *service, const char *tty - , const char *user) +static int check_account(pam_handle_t *pamh, const char *service, + const char *tty, const char *user) { int from=0,to=0,fd=-1; char *buffer=NULL; @@ -700,7 +709,7 @@ static int check_account(const char *service, const char *tty if (good) { D(("adding %s to gid list", buffer)); - good = mkgrplist(buffer, &grps, no_grps); + good = mkgrplist(pamh, buffer, &grps, no_grps); if (good < 0) { no_grps = 0; } else { @@ -771,7 +780,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags /* only interested in establishing credentials */ setting = flags; - if (!(setting & PAM_ESTABLISH_CRED)) { + if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { D(("ignoring call - not for establishing credentials")); return PAM_SUCCESS; /* don't fail because of this */ } @@ -823,7 +832,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags /* We initialize the pwdb library and check the account */ retval = pwdb_start(); /* initialize */ if (retval == PWDB_SUCCESS) { - retval = check_account(service,tty,user); /* get groups */ + retval = check_account(pamh, service,tty,user); /* get groups */ (void) pwdb_end(); /* tidy up */ } else { D(("failed to initialize pwdb; %s", pwdb_strerror(retval))); @@ -832,7 +841,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags } #else /* WANT_PWDB */ - retval = check_account(service,tty,user); /* get groups */ + retval = check_account(pamh,service,tty,user); /* get groups */ #endif /* WANT_PWDB */ return retval; diff --git a/Linux-PAM/modules/pam_issue/Makefile b/Linux-PAM/modules/pam_issue/Makefile index 1bc611af..1bd2be21 100644 --- a/Linux-PAM/modules/pam_issue/Makefile +++ b/Linux-PAM/modules/pam_issue/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:22 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_issue/pam_issue.c b/Linux-PAM/modules/pam_issue/pam_issue.c index 1f4853de..5665966e 100644 --- a/Linux-PAM/modules/pam_issue/pam_issue.c +++ b/Linux-PAM/modules/pam_issue/pam_issue.c @@ -38,7 +38,7 @@ static int _user_prompt_set = 0; -char *do_prompt (FILE *); +static char *do_prompt (FILE *); /* --- authentication management functions (only) --- */ @@ -84,12 +84,19 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, if ((fd = fopen(issue_file, "r")) != NULL) { int tot_size = 0; - if (fstat(fileno(fd), &st) < 0) + if (fstat(fileno(fd), &st) < 0) { + fclose(fd); + if (issue_file) + free(issue_file); return PAM_IGNORE; + } retval = pam_get_item(pamh, PAM_USER_PROMPT, (const void **) &cur_prompt); if (retval != PAM_SUCCESS) { + fclose(fd); + if (issue_file) + free(issue_file); return PAM_IGNORE; } if (cur_prompt == NULL) { @@ -101,6 +108,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, if (parse_esc) { prompt_tmp = do_prompt(fd); if (prompt_tmp == NULL) { + fclose(fd); + if (issue_file) + free(issue_file); return PAM_IGNORE; } } else { @@ -108,13 +118,17 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, prompt_tmp = malloc(st.st_size + 1); if (prompt_tmp == NULL) { + fclose(fd); + if (issue_file) + free(issue_file); return PAM_IGNORE; } memset (prompt_tmp, '\0', st.st_size + 1); - count = fread(prompt_tmp, sizeof(char *), st.st_size, fd); + count = fread(prompt_tmp, 1, st.st_size, fd); if (count != st.st_size) { - free(prompt_tmp); - return PAM_IGNORE; + fclose(fd); + retval = PAM_IGNORE; + goto cleanup; } prompt_tmp[st.st_size] = '\0'; } @@ -130,7 +144,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, { char *prompt_tmp_tmp = prompt_tmp; - prompt_tmp = realloc(prompt_tmp, tot_size); + prompt_tmp = realloc(prompt_tmp, tot_size + 1); if (prompt_tmp == NULL) { prompt_tmp = prompt_tmp_tmp; retval = PAM_IGNORE; @@ -151,6 +165,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, } else { D(("could not open issue_file: %s", issue_file)); + free(issue_file); return PAM_IGNORE; } @@ -164,14 +179,18 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, return PAM_IGNORE; } -char *do_prompt(FILE *fd) +static char *do_prompt(FILE *fd) { int c, size = 1024; - char *issue = (char *)malloc(size); + char *issue; char buf[1024]; struct utsname uts; - if (issue == NULL || fd == NULL) + if (fd == NULL) + return NULL; + + issue = (char *)malloc(size); + if (issue == NULL) return NULL; issue[0] = '\0'; /* zero this, for strcat to work on first buf */ diff --git a/Linux-PAM/modules/pam_lastlog/Makefile b/Linux-PAM/modules/pam_lastlog/Makefile index 18042b47..e8062714 100644 --- a/Linux-PAM/modules/pam_lastlog/Makefile +++ b/Linux-PAM/modules/pam_lastlog/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:22 hartmans Exp $ +# $Id: Makefile,v 1.3 2001/02/10 22:33:10 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_lastlog/pam_lastlog.c b/Linux-PAM/modules/pam_lastlog/pam_lastlog.c index 89cea3d6..c9c5e24e 100644 --- a/Linux-PAM/modules/pam_lastlog/pam_lastlog.c +++ b/Linux-PAM/modules/pam_lastlog/pam_lastlog.c @@ -1,7 +1,7 @@ /* pam_lastlog module */ /* - * $Id: pam_lastlog.c,v 1.1.1.2 2002/09/15 20:08:49 hartmans Exp $ + * $Id: pam_lastlog.c,v 1.8 2004/09/24 13:13:20 kukuk Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 * @@ -79,6 +79,7 @@ struct lastlog { #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -149,7 +150,7 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs D(("begin to converse")); retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; - if ( retval == PAM_SUCCESS ) { + if ( retval == PAM_SUCCESS && conv) { retval = conv->conv(nargs, ( const struct pam_message ** ) message , response, conv->appdata_ptr); @@ -164,6 +165,8 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs } else { _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" , pam_strerror(pamh, retval)); + if (retval == PAM_SUCCESS) + retval = PAM_BAD_ITEM; /* conv was NULL */ } D(("ready to return from module conversation")); @@ -235,8 +238,8 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) sleep(LASTLOG_IGNORE_LOCK_TIME); } - win = ( read(last_fd, &last_login, sizeof(last_login)) - == sizeof(last_login) ); + win = (_pammodutil_read (last_fd, (char *) &last_login, + sizeof(last_login)) == sizeof(last_login)); last_lock.l_type = F_UNLCK; (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ @@ -254,10 +257,12 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) if (!(announce & LASTLOG_QUIET)) { if (last_login.ll_time) { + time_t ll_time; char *the_time; char *remark; - the_time = ctime(&last_login.ll_time); + ll_time = last_login.ll_time; + the_time = ctime(&ll_time); the_time[-1+strlen(the_time)] = '\0'; /* delete '\n' */ remark = malloc(LASTLOG_MAXSIZE); @@ -319,13 +324,15 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) /* write latest value */ { + time_t ll_time; const char *remote_host=NULL , *terminal_line=DEFAULT_TERM; /* set this login date */ D(("set the most recent login time")); - (void) time(&last_login.ll_time); /* set the time */ + (void) time(&ll_time); /* set the time */ + last_login.ll_time = ll_time; /* set the remote host */ (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host); @@ -372,7 +379,8 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) } D(("writing to the last_log file")); - (void) write(last_fd, &last_login, sizeof(last_login)); + _pammodutil_write (last_fd, (char *) &last_login, + sizeof (last_login)); last_lock.l_type = F_UNLCK; (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ @@ -417,7 +425,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc /* what uid? */ - pwd = getpwnam(user); + pwd = _pammodutil_getpwnam (pamh, user); if (pwd == NULL) { D(("couldn't identify user %s", user)); return PAM_CRED_INSUFFICIENT; diff --git a/Linux-PAM/modules/pam_limits/Makefile b/Linux-PAM/modules/pam_limits/Makefile index b7462851..d15fd9f7 100644 --- a/Linux-PAM/modules/pam_limits/Makefile +++ b/Linux-PAM/modules/pam_limits/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:22 hartmans Exp $ +# $Id: Makefile,v 1.4 2004/09/28 13:48:47 kukuk Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know @@ -21,9 +21,15 @@ CFLAGS += $(DEFS) MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age +ifeq ($(HAVE_LIBCAP),yes) +MODULE_SIMPLE_EXTRALIBS=-lcap +endif include ../Simple.Rules +#else +#include ../dont_makefile +#endif else include ../dont_makefile diff --git a/Linux-PAM/modules/pam_limits/README b/Linux-PAM/modules/pam_limits/README index 023b9575..32afb197 100644 --- a/Linux-PAM/modules/pam_limits/README +++ b/Linux-PAM/modules/pam_limits/README @@ -39,6 +39,9 @@ Where: - maxsyslogins - max number of logins on the system - priority - lower the priority by given value (value can be -ve) - locks - max locked files (Linux 2.4 and higher) + - sigpending - max number of pending signals (Linux 2.6 and higher) + - msgqueue - max memory used by POSIX message queues (bytes) + (Linux 2.6 and higher) Note, if you specify a type of '-' but neglect to supply the item and value fields then the module will never enforce any limits on the diff --git a/Linux-PAM/modules/pam_limits/limits.skel b/Linux-PAM/modules/pam_limits/limits.skel index ccb4e103..9ba31b19 100644 --- a/Linux-PAM/modules/pam_limits/limits.skel +++ b/Linux-PAM/modules/pam_limits/limits.skel @@ -30,6 +30,8 @@ # - maxlogins - max number of logins for this user # - priority - the priority to run user process with # - locks - max number of file locks the user can hold +# - sigpending - max number of pending signals +# - msgqueue - max memory used by POSIX message queues (bytes) # #<domain> <type> <item> <value> # diff --git a/Linux-PAM/modules/pam_limits/pam_limits.c b/Linux-PAM/modules/pam_limits/pam_limits.c index 6837fdef..1482833a 100644 --- a/Linux-PAM/modules/pam_limits/pam_limits.c +++ b/Linux-PAM/modules/pam_limits/pam_limits.c @@ -1,13 +1,13 @@ /* * pam_limits - impose resource limits when opening a user session * - * 1.6 - modified for PLD (added process priority settings) + * 1.6 - modified for PLD (added process priority settings) * by Marcin Korzonek <mkorz@shadow.eu.org> * 1.5 - Elliot Lee's "max system logins patch" * 1.4 - addressed bug in configuration file parser * 1.3 - modified the configuration file format * 1.2 - added 'debug' and 'conf=' arguments - * 1.1 - added @group support + * 1.1 - added @group support * 1.0 - initial release - Linux ONLY * * See end for Copyright information @@ -15,7 +15,7 @@ #if !(defined(linux)) #error THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! -#endif +#endif #include <security/_pam_aconf.h> @@ -44,17 +44,19 @@ #define LIMITS_DEF_USER 0 /* limit was set by an user entry */ #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */ -#define LIMITS_DEF_DEFAULT 2 /* limit was set by an default entry */ -#define LIMITS_DEF_NONE 3 /* this limit was not set yet */ -#define LIMITS_DEF_ALL 4 /* limit was set by an default entry */ -#define LIMITS_DEF_ALLGROUP 5 /* limit was set by a group entry */ +#define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */ +#define LIMITS_DEF_ALL 3 /* limit was set by an default entry */ +#define LIMITS_DEF_DEFAULT 4 /* limit was set by an default entry */ +#define LIMITS_DEF_NONE 5 /* this limit was not set yet */ static const char *limits_def_names[] = { "USER", "GROUP", + "ALLGROUP", + "ALL", "DEFAULT", "NONE", - NULL, + NULL }; struct user_limits_struct { @@ -74,6 +76,7 @@ struct pam_limit_s { struct user_limits_struct limits[RLIM_NLIMITS]; char conf_file[BUFSIZ]; int utmp_after_pam_call; + char login_group[LINE_LENGTH]; }; #define LIMIT_LOGIN RLIM_NLIMITS+1 @@ -88,6 +91,7 @@ struct pam_limit_s { #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* logging */ static void _pam_log(int err, const char *format, ...) @@ -145,62 +149,10 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) #define LIMIT_ERR 1 /* error setting a limit */ #define LOGIN_ERR 2 /* too many logins err */ -/* checks if a user is on a list of members of the GID 0 group */ -static int is_on_list(char * const *list, const char *member) -{ - while (*list) { - if (strcmp(*list, member) == 0) - return 1; - list++; - } - return 0; -} - -/* - * Checks if a user is a member of a group - return non-zero if - * the user is in the group. - */ -static int is_in_group(const char *user_name, const char *group_name) -{ - struct passwd *pwd; - struct group *grp, *pgrp; - char uname[LINE_LENGTH], gname[LINE_LENGTH]; - - if (!user_name || !strlen(user_name)) - return 0; - if (!group_name || !strlen(group_name)) - return 0; - memset(uname, 0, sizeof(uname)); - strncpy(uname, user_name, sizeof(uname)-1); - memset(gname, 0, sizeof(gname)); - strncpy(gname, group_name, sizeof(gname)-1); - - pwd = getpwnam(uname); - if (!pwd) - return 0; - - /* the info about this group */ - grp = getgrnam(gname); - if (!grp) - return 0; - - /* first check: is a member of the group_name group ? */ - if (is_on_list(grp->gr_mem, uname)) - return 1; - - /* next check: user primary group is group_name ? */ - pgrp = getgrgid(pwd->pw_gid); - if (!pgrp) - return 0; - if (!strcmp(pgrp->gr_name, gname)) - return 1; - - return 0; -} - /* Counts the number of user logins and check against the limit*/ -static int check_logins(const char *name, int limit, int ctrl, - struct pam_limit_s *pl) +static int +check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, + struct pam_limit_s *pl) { struct utmp *ut; unsigned int count; @@ -228,7 +180,7 @@ static int check_logins(const char *name, int limit, int ctrl, standard for this, since if a module wants to actually map a username then any early utmp entry will be for the unmapped name = broken.) */ - + if (ctrl & PAM_UTMP_EARLY) { count = 0; } else { @@ -252,7 +204,7 @@ static int check_logins(const char *name, int limit, int ctrl, continue; } if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) - && !is_in_group(ut->UT_USER, name)) { + && !_pammodutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { continue; } } @@ -300,7 +252,7 @@ static int init_limits(struct pam_limit_s *pl) pl->login_limit_def = LIMITS_DEF_NONE; return retval; -} +} static void process_limit(int source, const char *lim_type, const char *lim_item, const char *lim_value, @@ -309,9 +261,9 @@ static void process_limit(int source, const char *lim_type, int limit_item; int limit_type = 0; long limit_value; - const char **endptr = &lim_value; + char *endptr; const char *value_orig = lim_value; - + if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_DEBUG, "%s: processing %s %s %s for %s\n", __FUNCTION__,lim_type,lim_item,lim_value, @@ -341,6 +293,14 @@ static void process_limit(int source, const char *lim_type, else if (strcmp(lim_item, "locks") == 0) limit_item = RLIMIT_LOCKS; #endif +#ifdef RLIMIT_SIGPENDING + else if (strcmp(lim_item, "sigpending") == 0) + limit_item = RLIMIT_SIGPENDING; +#endif +#ifdef RLIMIT_MSGQUEUE + else if (strcmp(lim_item, "msgqueue") == 0) + limit_item = RLIMIT_MSGQUEUE; +#endif else if (strcmp(lim_item, "maxlogins") == 0) { limit_item = LIMIT_LOGIN; pl->flag_numsyslogins = 0; @@ -365,14 +325,10 @@ static void process_limit(int source, const char *lim_type, return; } - /* - * there is a warning here because the library prototype for this - * function is incorrect. - */ - limit_value = strtol(lim_value, endptr, 10); + limit_value = strtol (lim_value, &endptr, 10); /* special case value when limiting logins */ - if (limit_value == 0 && value_orig == *endptr) { /* no chars read */ + if (limit_value == 0 && value_orig == endptr) { /* no chars read */ if (strcmp(lim_value,"-") != 0) { _pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value); return; @@ -446,12 +402,12 @@ static void process_limit(int source, const char *lim_type, return; } -static int parse_config_file(const char *uname, int ctrl, +static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, struct pam_limit_s *pl) { FILE *fil; char buf[LINE_LENGTH]; - + #define CONF_FILE (pl->conf_file[0])?pl->conf_file:LIMITS_FILE /* check for the LIMITS_FILE */ if (ctrl & PAM_DEBUG_ARG) @@ -462,7 +418,7 @@ static int parse_config_file(const char *uname, int ctrl, return PAM_SERVICE_ERR; } #undef CONF_FILE - + /* init things */ memset(buf, 0, sizeof(buf)); /* start the show */ @@ -473,14 +429,14 @@ static int parse_config_file(const char *uname, int ctrl, char value[LINE_LENGTH]; int i,j; char *tptr; - + tptr = buf; /* skip the leading white space */ while (*tptr && isspace(*tptr)) tptr++; strncpy(buf, tptr, sizeof(buf)-1); buf[sizeof(buf)-1] = '\0'; - + /* Rip off the comments */ tptr = strchr(buf,'#'); if (tptr) @@ -499,7 +455,7 @@ static int parse_config_file(const char *uname, int ctrl, memset(ltype, 0, sizeof(ltype)); memset(item, 0, sizeof(item)); memset(value, 0, sizeof(value)); - + i = sscanf(buf,"%s%s%s%s", domain, ltype, item, value); D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", i, domain, ltype, item, value)); @@ -521,7 +477,7 @@ static int parse_config_file(const char *uname, int ctrl, _pam_log(LOG_DEBUG, "checking if %s is in group %s", uname, domain + 1); } - if (is_in_group(uname, domain+1)) + if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) process_limit(LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } else if (domain[0]=='%') { @@ -532,9 +488,11 @@ static int parse_config_file(const char *uname, int ctrl, if (strcmp(domain,"%") == 0) process_limit(LIMITS_DEF_ALL, ltype, item, value, ctrl, pl); - else if (is_in_group(uname, domain+1)) + else if (_pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { + strcpy(pl->login_group, domain+1); process_limit(LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); + } } else if (strcmp(domain, "*") == 0) process_limit(LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); @@ -545,7 +503,7 @@ static int parse_config_file(const char *uname, int ctrl, } fclose(fil); return PAM_IGNORE; - } else if (domain[0] == '@' && is_in_group(uname, domain+1)) { + } else if (domain[0] == '@' && _pammodutil_user_in_group_nam_nam(pamh, uname, domain+1)) { if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_DEBUG, "no limits for '%s' in group '%s'", uname, domain+1); @@ -558,10 +516,11 @@ static int parse_config_file(const char *uname, int ctrl, } } fclose(fil); - return PAM_SUCCESS; + return PAM_SUCCESS; } -static int setup_limits(const char * uname, uid_t uid, int ctrl, +static int setup_limits(pam_handle_t *pamh, + const char *uname, uid_t uid, int ctrl, struct pam_limit_s *pl) { int i; @@ -588,7 +547,7 @@ static int setup_limits(const char * uname, uid_t uid, int ctrl, } status |= setrlimit(i, &pl->limits[i].limit); } - + if (status) { retval = LIMIT_ERR; } @@ -601,7 +560,7 @@ static int setup_limits(const char * uname, uid_t uid, int ctrl, if (uid == 0) { D(("skip login limit check for uid=0")); } else if (pl->login_limit > 0) { - if (check_logins(uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { + if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { retval |= LOGIN_ERR; } } else if (pl->login_limit == 0) { @@ -610,7 +569,7 @@ static int setup_limits(const char * uname, uid_t uid, int ctrl, return retval; } - + /* now the session stuff */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -631,7 +590,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, _pam_log(LOG_CRIT, "open_session - error recovering username"); return PAM_SESSION_ERR; } - + pwd = getpwnam(user_name); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) @@ -639,14 +598,14 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, user_name); return PAM_SESSION_ERR; } - + retval = init_limits(&pl); if (retval != PAM_SUCCESS) { _pam_log(LOG_WARNING, "cannot initialize"); return PAM_IGNORE; } - retval = parse_config_file(pwd->pw_name, ctrl, &pl); + retval = parse_config_file(pamh, pwd->pw_name, ctrl, &pl); if (retval == PAM_IGNORE) { D(("the configuration file has an applicable '<domain> -' entry")); return PAM_SUCCESS; @@ -659,7 +618,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, if (ctrl & PAM_DO_SETREUID) { setreuid(pwd->pw_uid, -1); } - retval = setup_limits(pwd->pw_name, pwd->pw_uid, ctrl, &pl); + retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, &pl); if (retval != LIMITED_OK) { return PAM_PERM_DENIED; } @@ -705,13 +664,13 @@ struct pam_module _pam_limits_modstruct = { * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE diff --git a/Linux-PAM/modules/pam_listfile/Makefile b/Linux-PAM/modules/pam_listfile/Makefile index 5a3d6957..c5447c94 100644 --- a/Linux-PAM/modules/pam_listfile/Makefile +++ b/Linux-PAM/modules/pam_listfile/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:24 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_listfile/pam_listfile.c b/Linux-PAM/modules/pam_listfile/pam_listfile.c index 934b51fb..965c471d 100644 --- a/Linux-PAM/modules/pam_listfile/pam_listfile.c +++ b/Linux-PAM/modules/pam_listfile/pam_listfile.c @@ -1,5 +1,5 @@ /* - * $Id: pam_listfile.c,v 1.1.1.2 2002/09/15 20:08:51 hartmans Exp $ + * $Id: pam_listfile.c,v 1.6 2004/09/24 13:13:20 kukuk Exp $ * */ @@ -35,9 +35,11 @@ */ #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -63,45 +65,6 @@ static int is_on_list(char * const *list, const char *member) return 0; } -/* Checks if a user is a member of a group */ -static int is_on_group(const char *user_name, const char *group_name) -{ - struct passwd *pwd; - struct group *grp, *pgrp; - char uname[BUFSIZ], gname[BUFSIZ]; - - if (!strlen(user_name)) - return 0; - if (!strlen(group_name)) - return 0; - bzero(uname, sizeof(uname)); - strncpy(uname, user_name, sizeof(uname)-1); - bzero(gname, sizeof(gname)); - strncpy(gname, group_name, sizeof(gname)-1); - - pwd = getpwnam(uname); - if (!pwd) - return 0; - - /* the info about this group */ - grp = getgrnam(gname); - if (!grp) - return 0; - - /* first check: is a member of the group_name group ? */ - if (is_on_list(grp->gr_mem, uname)) - return 1; - - /* next check: user primary group is group_name ? */ - pgrp = getgrgid(pwd->pw_gid); - if (!pgrp) - return 0; - if (!strcmp(pgrp->gr_name, gname)) - return 1; - - return 0; -} - /* --- authentication management functions (only) --- */ /* Extended Items that are not directly available via pam_get_item() */ @@ -134,8 +97,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar struct group *grpinfo; char *itemlist[256]; /* Maximum of 256 items */ - D(("called.")); - apply_type=APPLY_TYPE_NULL; memset(apply_val,0,sizeof(apply_val)); @@ -258,7 +219,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar return PAM_IGNORE; } } else if(apply_type==APPLY_TYPE_GROUP) { - if(!is_on_group(user_name,apply_val)) { + if(!_pammodutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { /* Not a member of apply= group */ #ifdef DEBUG _pam_log(LOG_DEBUG, @@ -281,8 +242,14 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar if (retval != PAM_SUCCESS) return PAM_SERVICE_ERR; } + if((citem == PAM_TTY) && citemp) { + /* Normalize the TTY name. */ + if(strncmp(citemp, "/dev/", 5) == 0) { + citemp += 5; + } + } - if(!citemp || (strlen(citemp) <= 0)) { + if(!citemp || (strlen(citemp) == 0)) { /* The item was NULL - we are sure not to match */ return sense?PAM_SUCCESS:PAM_AUTH_ERR; } @@ -290,13 +257,13 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar if(extitem) { switch(extitem) { case EI_GROUP: - userinfo = getpwnam(citemp); + userinfo = _pammodutil_getpwnam(pamh, citemp); if (userinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed", citemp); return onerr; } - grpinfo = getgrgid(userinfo->pw_gid); + grpinfo = _pammodutil_getgrgid(pamh, userinfo->pw_gid); if (grpinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getgrgid(%d) failed", (int)userinfo->pw_gid); @@ -317,7 +284,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar /* Assume that we have already gotten PAM_USER in pam_get_item() - a valid assumption since citem gets set to PAM_USER in the extitem switch */ - userinfo = getpwnam(citemp); + userinfo = _pammodutil_getpwnam(pamh, citemp); if (userinfo == NULL) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "getpwnam(%s) failed", citemp); @@ -371,8 +338,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar assert(PAM_AUTH_ERR != 0); #endif if(extitem == EI_GROUP) { - while((fgets(aline,255,inf) != NULL) + while((fgets(aline,sizeof(aline),inf) != NULL) && retval) { + if(strlen(aline) == 0) + continue; if(aline[strlen(aline) - 1] == '\n') aline[strlen(aline) - 1] = '\0'; for(i=0;itemlist[i];) @@ -383,11 +352,21 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar for(i=0;itemlist[i];) free(itemlist[i++]); } else { - while((fgets(aline,255,inf) != NULL) + while((fgets(aline,sizeof(aline),inf) != NULL) && retval) { + char *a = aline; + if(strlen(aline) == 0) + continue; if(aline[strlen(aline) - 1] == '\n') aline[strlen(aline) - 1] = '\0'; - retval = strcmp(aline,citemp); + if(strlen(aline) == 0) + continue; + if(aline[strlen(aline) - 1] == '\r') + aline[strlen(aline) - 1] = '\0'; + if(citem == PAM_TTY) + if(strncmp(a, "/dev/", 5) == 0) + a += 5; + retval = strcmp(a,citemp); } } fclose(inf); @@ -419,6 +398,13 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) return PAM_SUCCESS; } +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return pam_sm_authenticate(pamh, 0, argc, argv); +} + #ifdef PAM_STATIC /* static module data */ @@ -427,13 +413,13 @@ struct pam_module _pam_listfile_modstruct = { "pam_listfile", pam_sm_authenticate, pam_sm_setcred, - NULL, + pam_sm_acct_mgmt, NULL, NULL, NULL, }; -#endif +#endif /* PAM_STATIC */ /* end of module definition */ diff --git a/Linux-PAM/modules/pam_localuser/Makefile b/Linux-PAM/modules/pam_localuser/Makefile new file mode 100644 index 00000000..3dc61aa0 --- /dev/null +++ b/Linux-PAM/modules/pam_localuser/Makefile @@ -0,0 +1,14 @@ +# $Id: Makefile,v 1.1 2004/09/24 11:49:37 kukuk Exp $ +# +# This Makefile controls a build process of $(TITLE) module for +# Linux-PAM. You should not modify this Makefile (unless you know +# what you are doing!). +# +# + +include ../../Make.Rules + +TITLE=pam_localuser +MAN8=pam_localuser.8 + +include ../Simple.Rules diff --git a/Linux-PAM/modules/pam_localuser/README b/Linux-PAM/modules/pam_localuser/README new file mode 100644 index 00000000..b8cdf524 --- /dev/null +++ b/Linux-PAM/modules/pam_localuser/README @@ -0,0 +1,17 @@ +pam_localuser: + Succeeds iff the PAM_USER is listed in /etc/passwd. This seems to be a + common policy need (allowing only a subset of network-wide users, and + any locally-defined users, to access services). Simpler than using + awk to generate a file for use with pam_listfile (-F: '{print $1}'), + I guess. + +RECOGNIZED ARGUMENTS: + debug write debugging messages to syslog + file=FILE scan FILE instead of /etc/passwd + +MODULE SERVICES PROVIDED: + auth,account scan the FILE (/etc/passwd by default) and return + a success code if an entry is found for the user + +AUTHOR: + Nalin Dahyabhai <nalin@redhat.com> diff --git a/Linux-PAM/modules/pam_localuser/pam_localuser.8 b/Linux-PAM/modules/pam_localuser/pam_localuser.8 new file mode 100644 index 00000000..ce0a9465 --- /dev/null +++ b/Linux-PAM/modules/pam_localuser/pam_localuser.8 @@ -0,0 +1,36 @@ +.\" Copyright 2000 Red Hat, Inc. +.TH pam_localuser 8 2000/7/21 "Red Hat" "System Administrator's Manual" + +.SH NAME +pam_localuser \- require users to be listed in /etc/passwd + +.SH SYNOPSIS +.B account sufficient /lib/security/pam_localuser.so \fIargs\fP +.br +.B account required /lib/security/pam_wheel.so group=devel + +.SH DESCRIPTION +pam_localuser.so exists to help implement site-wide login policies, where +they typically include a subset of the network's users and a few accounts +that are local to a particular workstation. Using pam_localuser.so and +pam_wheel.so or pam_listfile.so is an effective way to restrict access to +either local users and/or a subset of the network's users. + +This could also be implemented using pam_listfile.so and a very short awk +script invoked by cron, but it's common enough to have been separated out. + +.SH ARGUMENTS +.IP debug +turns on debugging +.IP file=\fBFILE\fP +uses a file other than \fB/etc/passwd\fP. + +.SH FILES +/etc/passwd + +.SH BUGS +Let's hope not, but if you find any, please report them via the "Bug Track" +link at http://bugzilla.redhat.com/bugzilla/ + +.SH AUTHOR +Nalin Dahyabhai <nalin@redhat.com> diff --git a/Linux-PAM/modules/pam_localuser/pam_localuser.c b/Linux-PAM/modules/pam_localuser/pam_localuser.c new file mode 100644 index 00000000..e5496089 --- /dev/null +++ b/Linux-PAM/modules/pam_localuser/pam_localuser.c @@ -0,0 +1,159 @@ +/* + * Copyright 2001, 2004 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "../../_pam_aconf.h" + +#include <errno.h> +#include <limits.h> +#include <stdlib.h> +#include <string.h> +#include <syslog.h> +#include <stdio.h> +#include <stdarg.h> +#include <time.h> +#include <unistd.h> +#include <sys/stat.h> +#include <sys/types.h> + +#define PAM_SM_AUTH +#define PAM_SM_ACCOUNT +#include "../../libpam/include/security/pam_modules.h" +#include "../../libpam/include/security/_pam_macros.h" + +#define MODULE_NAME "pam_localuser" + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + int i, ret = PAM_SUCCESS; + FILE *fp; + int debug = 0; + const char *filename = "/etc/passwd"; + char line[LINE_MAX], name[LINE_MAX]; + const char* user; + + /* process arguments */ + for(i = 0; i < argc; i++) { + if(strcmp("debug", argv[i]) == 0) { + debug = 1; + } + } + for(i = 0; i < argc; i++) { + if(strncmp("file=", argv[i], 5) == 0) { + filename = argv[i] + 5; + if(debug) { + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + syslog(LOG_DEBUG, "set filename to \"%s\"", + filename); + closelog(); + } + } + } + + /* open the file */ + fp = fopen(filename, "r"); + if(fp == NULL) { + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + syslog(LOG_ERR, "error opening \"%s\": %s", filename, + strerror(errno)); + closelog(); + return PAM_SYSTEM_ERR; + } + + if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + syslog(LOG_ERR, "user name not specified yet"); + closelog(); + fclose(fp); + return PAM_SYSTEM_ERR; + } + + if ((user == NULL) || (strlen(user) == 0)) { + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + syslog(LOG_ERR, "user name not valid"); + closelog(); + fclose(fp); + return PAM_SYSTEM_ERR; + } + + /* scan the file, using fgets() instead of fgetpwent() because i + * don't want to mess with applications which call fgetpwent() */ + ret = PAM_PERM_DENIED; + snprintf(name, sizeof(name), "%s:", user); + i = strlen(name); + while(fgets(line, sizeof(line), fp) != NULL) { + if(debug) { + openlog(MODULE_NAME, LOG_PID, LOG_AUTHPRIV); + syslog(LOG_DEBUG, "checking \"%s\"", line); + closelog(); + } + if(strncmp(name, line, i) == 0) { + ret = PAM_SUCCESS; + break; + } + } + + /* okay, we're done */ + fclose(fp); + return ret; +} + +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} + +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} + +#ifdef PAM_STATIC + +/* static module data */ + +struct pam_module _pam_localuser_modstruct = { + "pam_localuser", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + NULL, + NULL, + NULL, +}; + +#endif diff --git a/Linux-PAM/modules/pam_mail/Makefile b/Linux-PAM/modules/pam_mail/Makefile index d5e5c44a..2d9b8e9a 100644 --- a/Linux-PAM/modules/pam_mail/Makefile +++ b/Linux-PAM/modules/pam_mail/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:24 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_mail/pam_mail.c b/Linux-PAM/modules/pam_mail/pam_mail.c index d63e79b1..7987cb28 100644 --- a/Linux-PAM/modules/pam_mail/pam_mail.c +++ b/Linux-PAM/modules/pam_mail/pam_mail.c @@ -1,7 +1,7 @@ /* pam_mail module */ /* - * $Id: pam_mail.c,v 1.1.1.1 2001/04/29 04:17:24 hartmans Exp $ + * $Id: pam_mail.c,v 1.6 2004/11/16 14:27:41 toady Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 * $HOME additions by David Kinchlea <kinch@kinch.ark.com> 1997/1/7 @@ -32,7 +32,7 @@ #define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s" #define YOUR_MAIL_VERBOSE_FORMAT "You have %s mail in %s." #define YOUR_MAIL_STANDARD_FORMAT "You have %smail." -#define NO_MAIL_STANDARD_FORMAT "No mail." +#define NO_MAIL_STANDARD_FORMAT "No mail." /* * here, we make a definition for the externally accessible function @@ -46,6 +46,7 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -142,8 +143,8 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs D(("begin to converse")); - retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; - if ( retval == PAM_SUCCESS ) { + retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; + if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, ( const struct pam_message ** ) message , response, conv->appdata_ptr); @@ -158,6 +159,8 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs } else { _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" , pam_strerror(pamh, retval)); + if (retval == PAM_SUCCESS) + retval = PAM_BAD_ITEM; /* conv was NULL */ } D(("ready to return from module conversation")); @@ -182,7 +185,7 @@ static int get_folder(pam_handle_t *pamh, int ctrl, if (ctrl & PAM_NEW_MAIL_DIR) { path = *path_mail; if (*path == '~') { /* support for $HOME delivery */ - pwd = getpwnam(user); + pwd = _pammodutil_getpwnam(pamh, user); if (pwd == NULL) { _log_err(LOG_ERR, "user [%s] unknown", user); _pam_overwrite(*path_mail); @@ -234,7 +237,9 @@ static int get_folder(pam_handle_t *pamh, int ctrl, _pam_overwrite(hash); _pam_drop(hash); } else { - sprintf(folder, "error"); + _pam_drop(folder); + _log_err(LOG_CRIT, "out of memory for mail folder"); + return PAM_BUF_ERR; } } D(("folder =[%s]", folder)); @@ -386,7 +391,7 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc ,const char **argv) { - return _do_mail(pamh,flags,argc,argv,0);; + return _do_mail(pamh,flags,argc,argv,0); } /* Checking mail as part of the session management */ @@ -467,9 +472,9 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, type = NULL; } } - - /* Delete environment variable? */ - if (!est) + + /* Delete environment variable? */ + if ( ! est && ! (ctrl & PAM_NO_ENV) ) (void) pam_putenv(pamh, MAIL_ENV_NAME); _pam_overwrite(folder); /* clean up */ diff --git a/Linux-PAM/modules/pam_mkhomedir/Makefile b/Linux-PAM/modules/pam_mkhomedir/Makefile index 14802d55..f017f4a4 100644 --- a/Linux-PAM/modules/pam_mkhomedir/Makefile +++ b/Linux-PAM/modules/pam_mkhomedir/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:25 hartmans Exp $ +# $Id: Makefile,v 1.3 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_mkhomedir/README b/Linux-PAM/modules/pam_mkhomedir/README new file mode 100644 index 00000000..2a3e705e --- /dev/null +++ b/Linux-PAM/modules/pam_mkhomedir/README @@ -0,0 +1,25 @@ +PAM Make Home Dir module + +This module will create a users home directory if it does not exist +when the session begins. This allows users to be present in central +database (such as nis, kerb or ldap) without using a distributed +file system or pre-creating a large number of directories. + +Here is a sample /etc/pam.d/login file: + + auth requisite pam_securetty.so + auth sufficient pam_ldap.so + auth required pam_unix.so + auth optional pam_group.so + auth optional pam_mail.so + account requisite pam_time.so + account sufficient pam_ldap.so + account required pam_unix.so + session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 + session required pam_unix.so + session optional pam_lastlog.so + password required pam_unix.so + +Released under the GNU LGPL version 2 or later +Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999 + diff --git a/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c b/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c index 9a4640dd..f63177bf 100644 --- a/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/Linux-PAM/modules/pam_mkhomedir/pam_mkhomedir.c @@ -4,10 +4,10 @@ when the session begins. This allows users to be present in central database (such as nis, kerb or ldap) without using a distributed file system or pre-creating a large number of directories. - + Here is a sample /etc/pam.d/login file for Debian GNU/Linux 2.1: - + auth requisite pam_securetty.so auth sufficient pam_ldap.so auth required pam_pwdb.so @@ -19,11 +19,11 @@ session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_pwdb.so session optional pam_lastlog.so - password required pam_pwdb.so - + password required pam_pwdb.so + Released under the GNU LGPL version 2 or later Originally written by Jason Gunthorpe <jgg@debian.org> Feb 1999 - Structure taken from pam_lastlogin by Andrew Morgan + Structure taken from pam_lastlogin by Andrew Morgan <morgan@parc.power.net> 1996 */ @@ -51,6 +51,8 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> +#include <security/_pam_modutil.h> + /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* keep quiet about things */ @@ -98,8 +100,8 @@ static int _pam_parse(int flags, int argc, const char **argv) return ctrl; } -/* This common function is used to send a message to the applications - conversion function. Our only use is to ask the application to print +/* This common function is used to send a message to the applications + conversion function. Our only use is to ask the application to print an informative message that we are creating a home directory */ static int converse(pam_handle_t * pamh, int ctrl, int nargs ,struct pam_message **message @@ -111,7 +113,7 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs D(("begin to converse")); retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); - if (retval == PAM_SUCCESS) + if (retval == PAM_SUCCESS && conv) { retval = conv->conv(nargs, (const struct pam_message **) message @@ -130,6 +132,8 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs { _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" ,pam_strerror(pamh, retval)); + if (retval == PAM_SUCCESS) + retval = PAM_BAD_ITEM; /* conv was NULL */ } D(("ready to return from module conversation")); @@ -187,9 +191,9 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, /* Create the new directory */ if (mkdir(dest,0700) != 0) { - _log_err(LOG_DEBUG, "unable to create directory %s",source); + _log_err(LOG_DEBUG, "unable to create directory %s",dest); return PAM_PERM_DENIED; - } + } if (chmod(dest,0777 & (~UMask)) != 0 || chown(dest,pwd->pw_uid,pwd->pw_gid) != 0) { @@ -212,12 +216,19 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, } for (Dir = readdir(D); Dir != 0; Dir = readdir(D)) - { + { int SrcFd; int DestFd; int Res; struct stat St; +#ifndef PATH_MAX + char *newsource = NULL, *newdest = NULL; + /* track length of buffers */ + int nslen = 0, ndlen = 0; + int slen = strlen(source), dlen = strlen(dest); +#else char newsource[PATH_MAX], newdest[PATH_MAX]; +#endif /* Skip some files.. */ if (strcmp(Dir->d_name,".") == 0 || @@ -225,37 +236,124 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, continue; /* Determine what kind of file it is. */ +#ifndef PATH_MAX + nslen = slen + strlen(Dir->d_name) + 2; + + if (nslen <= 0) + return PAM_BUF_ERR; + + if ( (newsource = malloc(nslen)) == NULL ) + return PAM_BUF_ERR; + + sprintf(newsource, "%s/%s", source, Dir->d_name); +#else snprintf(newsource,sizeof(newsource),"%s/%s",source,Dir->d_name); +#endif + if (lstat(newsource,&St) != 0) +#ifndef PATH_MAX + { + free(newsource); + newsource = NULL; continue; + } +#else + continue; +#endif + /* We'll need the new file's name. */ +#ifndef PATH_MAX + ndlen = dlen + strlen(Dir->d_name)+2; + + if (ndlen <= 0) + return PAM_BUF_ERR; + + if ( (newdest = malloc(ndlen)) == NULL ) { + free(newsource); + return PAM_BUF_ERR; + } + + sprintf(newdest, "%s/%s", dest, Dir->d_name); +#else snprintf(newdest,sizeof(newdest),"%s/%s",dest,Dir->d_name); +#endif /* If it's a directory, recurse. */ if (S_ISDIR(St.st_mode)) { - create_homedir(pamh, ctrl, pwd, newsource, newdest); + int retval = create_homedir(pamh, ctrl, pwd, newsource, newdest); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif + + if (retval != PAM_SUCCESS) { + closedir(D); + return retval; + } continue; } /* If it's a symlink, create a new link. */ if (S_ISLNK(St.st_mode)) { + int pointedlen = 0; +#ifndef PATH_MAX + char *pointed = NULL; + { + int size = 100; + + while (1) { + pointed = (char *) malloc(size); + if ( ! pointed ) { + free(newsource); + free(newdest); + return PAM_BUF_ERR; + } + pointedlen = readlink (newsource, pointed, size); + if ( pointedlen < 0 ) break; + if ( pointedlen < size ) break; + free (pointed); + size *= 2; + } + } + if ( pointedlen < 0 ) + free(pointed); + else + pointed[pointedlen] = 0; +#else char pointed[PATH_MAX]; memset(pointed, 0, sizeof(pointed)); - if(readlink(newsource, pointed, sizeof(pointed) - 1) != -1) - { + + pointedlen = readlink(newsource, pointed, sizeof(pointed) - 1); +#endif + + if ( pointedlen >= 0 ) { if(symlink(pointed, newdest) == 0) { if (lchown(newdest,pwd->pw_uid,pwd->pw_gid) != 0) { - _log_err(LOG_DEBUG, "unable to chang perms on link %s", + closedir(D); + _log_err(LOG_DEBUG, "unable to change perms on link %s", newdest); +#ifndef PATH_MAX + free(pointed); + free(newsource); + free(newdest); +#endif return PAM_PERM_DENIED; } } +#ifndef PATH_MAX + free(pointed); +#endif } +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif continue; } @@ -263,13 +361,24 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, * the new device node, FIFO, or whatever it is. */ if (!S_ISREG(St.st_mode)) { +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif continue; } /* Open the source file */ if ((SrcFd = open(newsource,O_RDONLY)) < 0 || fstat(SrcFd,&St) != 0) { + closedir(D); _log_err(LOG_DEBUG, "unable to open src file %s",newsource); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif + return PAM_PERM_DENIED; } stat(newsource,&St); @@ -278,7 +387,13 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, if ((DestFd = open(newdest,O_WRONLY | O_TRUNC | O_CREAT,0600)) < 0) { close(SrcFd); + closedir(D); _log_err(LOG_DEBUG, "unable to open dest file %s",newdest); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif return PAM_PERM_DENIED; } @@ -290,26 +405,55 @@ static int create_homedir(pam_handle_t * pamh, int ctrl, { close(SrcFd); close(DestFd); + closedir(D); _log_err(LOG_DEBUG, "unable to chang perms on copy %s",newdest); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif + return PAM_PERM_DENIED; } /* Copy the file */ do { - Res = read(SrcFd,remark,sizeof(remark)); - if (Res < 0 || write(DestFd,remark,Res) != Res) - { - close(SrcFd); - close(DestFd); - _log_err(LOG_DEBUG, "unable to perform IO"); - return PAM_PERM_DENIED; + Res = _pammodutil_read(SrcFd,remark,sizeof(remark)); + + if (Res == 0) + continue; + + if (Res > 0) { + if (_pammodutil_write(DestFd,remark,Res) == Res) + continue; } + + /* If we get here, pammodutil_read returned a -1 or + _pammodutil_write returned something unexpected. */ + close(SrcFd); + close(DestFd); + closedir(D); + _log_err(LOG_DEBUG, "unable to perform IO"); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif + + return PAM_PERM_DENIED; } while (Res != 0); close(SrcFd); close(DestFd); + +#ifndef PATH_MAX + free(newsource); newsource = NULL; + free(newdest); newdest = NULL; +#endif + } + closedir(D); return PAM_SUCCESS; } @@ -324,7 +468,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc const char *user; const struct passwd *pwd; struct stat St; - + /* Parse the flag values */ ctrl = _pam_parse(flags, argc, argv); @@ -337,7 +481,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc } /* Get the password entry */ - pwd = getpwnam(user); + pwd = _pammodutil_getpwnam (pamh, user); if (pwd == NULL) { D(("couldn't identify user %s", user)); @@ -353,7 +497,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc } /* Ignore */ -PAM_EXTERN +PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc ,const char **argv) { diff --git a/Linux-PAM/modules/pam_motd/Makefile b/Linux-PAM/modules/pam_motd/Makefile index ad6a2497..fb83807a 100644 --- a/Linux-PAM/modules/pam_motd/Makefile +++ b/Linux-PAM/modules/pam_motd/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:26 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_motd/pam_motd.c b/Linux-PAM/modules/pam_motd/pam_motd.c index 931dfd10..ce695f92 100644 --- a/Linux-PAM/modules/pam_motd/pam_motd.c +++ b/Linux-PAM/modules/pam_motd/pam_motd.c @@ -4,7 +4,7 @@ * Modified for pam_motd by Ben Collins <bcollins@debian.org> * * Based off of: - * $Id: pam_motd.c,v 1.1.1.2 2002/09/15 20:08:52 hartmans Exp $ + * $Id: pam_motd.c,v 1.3 2004/09/22 09:37:49 kukuk Exp $ * * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24 * @@ -33,6 +33,7 @@ #define DEFAULT_MOTD "/etc/motd" #include <security/pam_modules.h> +#include <security/_pam_modutil.h> /* --- session management functions (only) --- */ @@ -80,24 +81,33 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, if ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { /* fill in message buffer with contents of motd */ - if ((fstat(fd, &st) < 0) || !st.st_size) + if ((fstat(fd, &st) < 0) || !st.st_size) { + close(fd); return retval; + } message.msg = mtmp = malloc(st.st_size+1); /* if malloc failed... */ - if (!message.msg) return retval; - read(fd, mtmp, st.st_size); - if (mtmp[st.st_size-1] == '\n') - mtmp[st.st_size-1] = '\0'; - else - mtmp[st.st_size] = '\0'; - close(fd); - /* Use conversation function to give user contents of motd */ - pam_get_item(pamh, PAM_CONV, (const void **)&conversation); - conversation->conv(1, (const struct pam_message **)&pmessage, - &resp, conversation->appdata_ptr); + if (!message.msg) { + close(fd); + return retval; + } + if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) { + if (mtmp[st.st_size-1] == '\n') + mtmp[st.st_size-1] = '\0'; + else + mtmp[st.st_size] = '\0'; + close(fd); + + /* Use conversation function to give user contents of motd */ + if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) == + PAM_SUCCESS && conversation) { + conversation->conv(1, (const struct pam_message **)&pmessage, + &resp, conversation->appdata_ptr); + if (resp) + _pam_drop_reply(resp, 1); + } + } free(mtmp); - if (resp) - _pam_drop_reply(resp, 1); } return retval; diff --git a/Linux-PAM/modules/pam_nologin/Makefile b/Linux-PAM/modules/pam_nologin/Makefile index 494d2909..2ad38ffd 100644 --- a/Linux-PAM/modules/pam_nologin/Makefile +++ b/Linux-PAM/modules/pam_nologin/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:26 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_nologin/README b/Linux-PAM/modules/pam_nologin/README index 5f7d6ced..5de704c3 100644 --- a/Linux-PAM/modules/pam_nologin/README +++ b/Linux-PAM/modules/pam_nologin/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.2 2002/09/15 20:08:52 hartmans Exp $ +# $Id: README,v 1.2 2002/06/27 05:43:28 agmorgan Exp $ # This module always lets root in; it lets other users in only if the file diff --git a/Linux-PAM/modules/pam_nologin/pam_nologin.c b/Linux-PAM/modules/pam_nologin/pam_nologin.c index ea5d86e9..8e7e124a 100644 --- a/Linux-PAM/modules/pam_nologin/pam_nologin.c +++ b/Linux-PAM/modules/pam_nologin/pam_nologin.c @@ -1,7 +1,7 @@ /* pam_nologin module */ /* - * $Id: pam_nologin.c,v 1.1.1.2 2002/09/15 20:08:53 hartmans Exp $ + * $Id: pam_nologin.c,v 1.6 2005/01/07 15:31:26 t8m Exp $ * * Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24 * @@ -24,6 +24,7 @@ */ #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include <security/pam_modules.h> @@ -116,21 +117,29 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) goto clean_up_fd; } - read(fd, mtmp, st.st_size); - mtmp[st.st_size] = '\000'; + if (_pammodutil_read(fd, mtmp, st.st_size) == st.st_size) { + mtmp[st.st_size] = '\000'; - /* - * Use conversation function to give user contents of /etc/nologin - */ + /* + * Use conversation function to give user contents + * of /etc/nologin + */ - pam_get_item(pamh, PAM_CONV, (const void **)&conversation); - (void) conversation->conv(1, (const struct pam_message **)&pmessage, - &resp, conversation->appdata_ptr); - free(mtmp); + if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) + == PAM_SUCCESS && conversation && conversation->conv) { + (void) conversation->conv(1, + (const struct pam_message **)&pmessage, + &resp, conversation->appdata_ptr); - if (resp) { - _pam_drop_reply(resp, 1); + if (resp) { + _pam_drop_reply(resp, 1); + } + } } + else + retval = PAM_SYSTEM_ERR; + + free(mtmp); clean_up_fd: @@ -192,6 +201,6 @@ struct pam_module _pam_nologin_modstruct = { NULL, }; -#endif +#endif /* PAM_STATIC */ /* end of module definition */ diff --git a/Linux-PAM/modules/pam_permit/Makefile b/Linux-PAM/modules/pam_permit/Makefile index 23835be4..49f3b3dd 100644 --- a/Linux-PAM/modules/pam_permit/Makefile +++ b/Linux-PAM/modules/pam_permit/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:26 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:04 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_permit/README b/Linux-PAM/modules/pam_permit/README index 15d95942..52e7364e 100644 --- a/Linux-PAM/modules/pam_permit/README +++ b/Linux-PAM/modules/pam_permit/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.1 2001/04/29 04:17:26 hartmans Exp $ +# $Id: README,v 1.1.1.1 2000/06/20 22:11:46 agmorgan Exp $ # this module always returns PAM_SUCCESS, it ignores all options. diff --git a/Linux-PAM/modules/pam_permit/pam_permit.c b/Linux-PAM/modules/pam_permit/pam_permit.c index 1041ca84..08d464b8 100644 --- a/Linux-PAM/modules/pam_permit/pam_permit.c +++ b/Linux-PAM/modules/pam_permit/pam_permit.c @@ -1,7 +1,7 @@ /* pam_permit module */ /* - * $Id: pam_permit.c,v 1.1.1.1 2001/04/29 04:17:26 hartmans Exp $ + * $Id: pam_permit.c,v 1.3 2004/09/22 09:37:49 kukuk Exp $ * * Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11 * @@ -45,7 +45,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc } if (user == NULL || *user == '\0') { D(("username not known")); - pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); + retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); + if (retval != PAM_SUCCESS) + return PAM_USER_UNKNOWN; } user = NULL; /* clean up */ diff --git a/Linux-PAM/modules/pam_pwdb/BUGS b/Linux-PAM/modules/pam_pwdb/BUGS index 7258822c..d51686e5 100644 --- a/Linux-PAM/modules/pam_pwdb/BUGS +++ b/Linux-PAM/modules/pam_pwdb/BUGS @@ -1,3 +1,3 @@ -$Id: BUGS,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +$Id: BUGS,v 1.2 2000/12/04 19:02:34 baggins Exp $ As of Linux-PAM-0.52 this is new. No known bugs yet. diff --git a/Linux-PAM/modules/pam_pwdb/CHANGELOG b/Linux-PAM/modules/pam_pwdb/CHANGELOG index 78c1a239..a3614031 100644 --- a/Linux-PAM/modules/pam_pwdb/CHANGELOG +++ b/Linux-PAM/modules/pam_pwdb/CHANGELOG @@ -1,4 +1,4 @@ -$Id: CHANGELOG,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +$Id: CHANGELOG,v 1.1.1.1 2000/06/20 22:11:46 agmorgan Exp $ Tue Apr 23 12:28:09 EDT 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu) diff --git a/Linux-PAM/modules/pam_pwdb/Makefile b/Linux-PAM/modules/pam_pwdb/Makefile index bce2950f..228c6704 100644 --- a/Linux-PAM/modules/pam_pwdb/Makefile +++ b/Linux-PAM/modules/pam_pwdb/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +# $Id: Makefile,v 1.3 2004/09/28 13:48:47 kukuk Exp $ # # This Makefile controls a build process of the pam_unix module # for Linux-PAM. You should not modify this Makefile. @@ -17,6 +17,9 @@ EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\" ifeq ($(HAVE_LIBCRYPT),yes) EXTRALS += -lcrypt endif +ifeq ($(HAVE_LIBNSL),yes) + EXTRALS += -lnsl +endif TITLE=pam_pwdb CHKPWD=pwdb_chkpwd @@ -53,7 +56,7 @@ info: $(CHKPWD): pwdb_chkpwd.o md5_good.o md5_broken.o \ md5_crypt_good.o md5_crypt_broken.o - $(CC) -o $(CHKPWD) $^ -lpwdb + $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDFLAGS) -lpwdb $(EXTRALS) pwdb_chkpwd.o: pwdb_chkpwd.c pam_unix_md.-c bigcrypt.-c diff --git a/Linux-PAM/modules/pam_pwdb/TODO b/Linux-PAM/modules/pam_pwdb/TODO index 04635859..520a262e 100644 --- a/Linux-PAM/modules/pam_pwdb/TODO +++ b/Linux-PAM/modules/pam_pwdb/TODO @@ -1,4 +1,4 @@ -$Id: TODO,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +$Id: TODO,v 1.1.1.1 2000/06/20 22:11:47 agmorgan Exp $ * get NIS working * .. including "nonis" argument diff --git a/Linux-PAM/modules/pam_pwdb/md5.c b/Linux-PAM/modules/pam_pwdb/md5.c index a0e5a974..44282941 100644 --- a/Linux-PAM/modules/pam_pwdb/md5.c +++ b/Linux-PAM/modules/pam_pwdb/md5.c @@ -1,4 +1,4 @@ -/* $Id: md5.c,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +/* $Id: md5.c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was diff --git a/Linux-PAM/modules/pam_pwdb/md5_crypt.c b/Linux-PAM/modules/pam_pwdb/md5_crypt.c index 28f22727..826087f2 100644 --- a/Linux-PAM/modules/pam_pwdb/md5_crypt.c +++ b/Linux-PAM/modules/pam_pwdb/md5_crypt.c @@ -1,4 +1,4 @@ -/* $Id: md5_crypt.c,v 1.1.1.1 2001/04/29 04:17:27 hartmans Exp $ +/* $Id: md5_crypt.c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): diff --git a/Linux-PAM/modules/pam_pwdb/pam_pwdb.c b/Linux-PAM/modules/pam_pwdb/pam_pwdb.c index c2a5639c..8c75ac23 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_pwdb.c +++ b/Linux-PAM/modules/pam_pwdb/pam_pwdb.c @@ -1,5 +1,5 @@ /* - * $Id: pam_pwdb.c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $ + * $Id: pam_pwdb.c,v 1.3 2000/11/19 23:54:04 agmorgan Exp $ * * This is the single file that will be compiled for pam_unix. * it includes each of the modules that have beed defined in the .-c @@ -14,7 +14,7 @@ */ static const char rcsid[] = -"$Id: pam_pwdb.c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $\n" +"$Id: pam_pwdb.c,v 1.3 2000/11/19 23:54:04 agmorgan Exp $\n" " - PWDB Pluggable Authentication module. <morgan@linux.kernel.org>" ; diff --git a/Linux-PAM/modules/pam_pwdb/pam_unix_acct.-c b/Linux-PAM/modules/pam_pwdb/pam_unix_acct.-c index 3a6ff1ed..adcb6538 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_unix_acct.-c +++ b/Linux-PAM/modules/pam_pwdb/pam_unix_acct.-c @@ -1,11 +1,11 @@ /* - * $Id: pam_unix_acct.-c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $ + * $Id: pam_unix_acct.-c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * See end of file for copyright information */ static const char rcsid_acct[] = -"$Id: pam_unix_acct.-c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $\n" +"$Id: pam_unix_acct.-c,v 1.2 2000/12/04 19:02:34 baggins Exp $\n" " - PAM_PWDB account management <gafton@redhat.com>"; /* the shadow suite has accout managment.. */ diff --git a/Linux-PAM/modules/pam_pwdb/pam_unix_auth.-c b/Linux-PAM/modules/pam_pwdb/pam_unix_auth.-c index 14d74b74..31230394 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_unix_auth.-c +++ b/Linux-PAM/modules/pam_pwdb/pam_unix_auth.-c @@ -1,11 +1,11 @@ /* - * $Id: pam_unix_auth.-c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $ + * $Id: pam_unix_auth.-c,v 1.1.1.1 2000/06/20 22:11:49 agmorgan Exp $ * * See end of file for Copyright information. */ static const char rcsid_auth[] = -"$Id: pam_unix_auth.-c,v 1.1.1.1 2001/04/29 04:17:28 hartmans Exp $: pam_unix_auth.-c,v 1.2 1996/09/05 06:46:53 morgan Exp morgan $\n" +"$Id: pam_unix_auth.-c,v 1.1.1.1 2000/06/20 22:11:49 agmorgan Exp $: pam_unix_auth.-c,v 1.2 1996/09/05 06:46:53 morgan Exp morgan $\n" " - PAM_PWDB authentication functions. <morgan@parc.power.net>"; /* diff --git a/Linux-PAM/modules/pam_pwdb/pam_unix_passwd.-c b/Linux-PAM/modules/pam_pwdb/pam_unix_passwd.-c index dc106431..7ed65000 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_unix_passwd.-c +++ b/Linux-PAM/modules/pam_pwdb/pam_unix_passwd.-c @@ -1,7 +1,7 @@ -/* $Id: pam_unix_passwd.-c,v 1.1.1.2 2002/09/15 20:08:55 hartmans Exp $ */ +/* $Id: pam_unix_passwd.-c,v 1.3 2001/11/12 06:57:38 agmorgan Exp $ */ static const char rcsid_pass[] = -"$Id: pam_unix_passwd.-c,v 1.1.1.2 2002/09/15 20:08:55 hartmans Exp $\n" +"$Id: pam_unix_passwd.-c,v 1.3 2001/11/12 06:57:38 agmorgan Exp $\n" " - PAM_PWDB password module <morgan@parc.power.net>" ; diff --git a/Linux-PAM/modules/pam_pwdb/pam_unix_pwupd.-c b/Linux-PAM/modules/pam_pwdb/pam_unix_pwupd.-c index adb286e2..a1fc65ff 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_unix_pwupd.-c +++ b/Linux-PAM/modules/pam_pwdb/pam_unix_pwupd.-c @@ -1,5 +1,5 @@ /* - * $Id: pam_unix_pwupd.-c,v 1.1.1.1 2001/04/29 04:17:29 hartmans Exp $ + * $Id: pam_unix_pwupd.-c,v 1.1.1.1 2000/06/20 22:11:51 agmorgan Exp $ * * This file contains the routines to update the passwd databases. */ diff --git a/Linux-PAM/modules/pam_pwdb/pam_unix_sess.-c b/Linux-PAM/modules/pam_pwdb/pam_unix_sess.-c index 3e03fc55..395bd9bb 100644 --- a/Linux-PAM/modules/pam_pwdb/pam_unix_sess.-c +++ b/Linux-PAM/modules/pam_pwdb/pam_unix_sess.-c @@ -1,11 +1,11 @@ /* - * $Id: pam_unix_sess.-c,v 1.1.1.1 2001/04/29 04:17:29 hartmans Exp $ + * $Id: pam_unix_sess.-c,v 1.2 2000/12/04 19:02:34 baggins Exp $ * * See end for Copyright information */ static const char rcsid_sess[] = -"$Id: pam_unix_sess.-c,v 1.1.1.1 2001/04/29 04:17:29 hartmans Exp $\n" +"$Id: pam_unix_sess.-c,v 1.2 2000/12/04 19:02:34 baggins Exp $\n" " - PAM_PWDB session management. morgan@parc.power.net"; /* Define internal functions */ diff --git a/Linux-PAM/modules/pam_pwdb/pwdb_chkpwd.c b/Linux-PAM/modules/pam_pwdb/pwdb_chkpwd.c index 0b55c952..36c248ef 100644 --- a/Linux-PAM/modules/pam_pwdb/pwdb_chkpwd.c +++ b/Linux-PAM/modules/pam_pwdb/pwdb_chkpwd.c @@ -1,5 +1,5 @@ /* - * $Id: pwdb_chkpwd.c,v 1.1.1.2 2002/09/15 20:08:55 hartmans Exp $ + * $Id: pwdb_chkpwd.c,v 1.4 2001/12/09 21:44:58 agmorgan Exp $ * * This program is designed to run setuid(root) or with sufficient * privilege to read all of the unix password databases. It is designed diff --git a/Linux-PAM/modules/pam_pwdb/support.-c b/Linux-PAM/modules/pam_pwdb/support.-c index 623fe2c3..bfa4e8a1 100644 --- a/Linux-PAM/modules/pam_pwdb/support.-c +++ b/Linux-PAM/modules/pam_pwdb/support.-c @@ -1,5 +1,5 @@ /* - * $Id: support.-c,v 1.1.1.2 2002/09/15 20:08:55 hartmans Exp $ + * $Id: support.-c,v 1.6 2004/09/15 12:06:17 kukuk Exp $ * * Copyright information at end of file. */ @@ -79,8 +79,9 @@ typedef struct { #define UNIX_UNIX 19 /* wish to use /etc/passwd for pwd */ #define UNIX_BIGCRYPT 20 /* use DEC-C2 crypt()^x function */ #define UNIX_LIKE_AUTH 21 /* need to auth for setcred to work */ +#define UNIX_NOREAP 22 /* don't reap child process */ /* -------------- */ -#define UNIX_CTRLS_ 22 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { @@ -109,6 +110,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = { /* UNIX_UNIX */ { "unix", _ALL_ON_^(050000), 01000000 }, /* UNIX_BIGCRYPT */ { "bigcrypt", _ALL_ON_^(020000), 02000000 }, /* UNIX_LIKE_AUTH */ { "likeauth", _ALL_ON_, 04000000 }, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 010000000 }, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -342,13 +344,15 @@ static void _cleanup_failures(pam_handle_t *pamh, void *fl, int err) * verify the password of a user */ +#include <signal.h> #include <sys/types.h> #include <sys/wait.h> static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd, - const char *user) + unsigned int ctrl, const char *user) { int retval, child, fds[2]; + void (*sighandler)(int) = NULL; D(("called.")); /* create a pipe for the password */ @@ -357,6 +361,18 @@ static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd, return PAM_AUTH_ERR; } + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + sighandler = signal(SIGCHLD, SIG_DFL); + } + /* fork */ child = fork(); if (child == 0) { @@ -397,6 +413,10 @@ static int pwdb_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } + if (sighandler != NULL) { + (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + } + D(("returning %d", retval)); return retval; } @@ -468,7 +488,7 @@ static int _unix_verify_password(pam_handle_t *pamh, const char *name, if (geteuid()) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary")); - retval = pwdb_run_helper_binary(pamh, p, name); + retval = pwdb_run_helper_binary(pamh, p, ctrl, name); } else { retval = PAM_AUTHINFO_UNAVAIL; _log_err(LOG_ALERT, "get passwd; %s", pwdb_strerror(retval)); diff --git a/Linux-PAM/modules/pam_radius/pam_radius.h b/Linux-PAM/modules/pam_radius/pam_radius.h index 8193c844..67230243 100644 --- a/Linux-PAM/modules/pam_radius/pam_radius.h +++ b/Linux-PAM/modules/pam_radius/pam_radius.h @@ -1,5 +1,5 @@ /* - * $Id: pam_radius.h,v 1.1.1.1 2001/04/29 04:17:32 hartmans Exp $ + * $Id: pam_radius.h,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ */ #ifndef PAM_RADIUS_H diff --git a/Linux-PAM/modules/pam_rhosts/Makefile b/Linux-PAM/modules/pam_rhosts/Makefile index 0c4ec77e..d12e00c0 100644 --- a/Linux-PAM/modules/pam_rhosts/Makefile +++ b/Linux-PAM/modules/pam_rhosts/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:32 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c b/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c index 7266b4e8..979580ec 100644 --- a/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c +++ b/Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c @@ -42,7 +42,7 @@ #define USER_RHOSTS_FILE "/.rhosts" /* prefixed by user's home dir */ -#ifdef linux +#ifdef __linux__ #include <endian.h> #endif @@ -50,6 +50,10 @@ #include <sys/fsuid.h> #endif /* HAVE_SYS_FSUID_H */ +#ifdef HAVE_NET_IF_H +#include <sys/if.h> +#endif + #include <sys/types.h> #include <sys/uio.h> #include <string.h> @@ -74,19 +78,13 @@ int innetgr(const char *, const char *, const char *,const char *); #include <ctype.h> #include <net/if.h> -#ifdef linux -# include <linux/sockios.h> -# ifndef __USE_MISC -# define __USE_MISC -# include <sys/fsuid.h> -# endif /* __USE_MISC */ -#endif #include <pwd.h> #include <grp.h> #include <sys/file.h> #include <sys/signal.h> #include <sys/stat.h> +#include <stdint.h> #include <syslog.h> #ifndef _PATH_HEQUIV #define _PATH_HEQUIV "/etc/hosts.equiv" @@ -98,8 +96,17 @@ int innetgr(const char *, const char *, const char *,const char *); #include <security/_pam_macros.h> #include <security/_pam_modutil.h> -/* to the best of my knowledge, all modern UNIX boxes have 32 bit integers */ +#ifdef _ISOC9X_SOURCE +#include <inttypes.h> +#define U32 uint32_t +#else +/* to the best of my knowledge, all modern UNIX boxes have 32 bits integers */ #define U32 unsigned int +#endif /* _ISOC9X_SOURCE */ + +/* Use the C99 type; older platforms will need this to be typedef'ed + elsewhere */ +#define U32 uint32_t /* @@ -183,7 +190,7 @@ static void set_option (struct _options *opts, const char *arg) return; } - if (strcmp(arg, "superuser=") == 0) { + if (strncmp(arg, "superuser=", sizeof("superuser=")-1) == 0) { opts->superuser = arg+sizeof("superuser=")-1; return; } @@ -298,7 +305,7 @@ __icheckhost (pam_handle_t *pamh, struct _options *opts, U32 raddr hp = gethostbyname(lhost); if (hp == NULL) return (0); - + /* Spin through ip addresses. */ for (pp = hp->h_addr_list; *pp; ++pp) if (!memcmp (&raddr, *pp, sizeof (U32))) @@ -413,7 +420,7 @@ __ivaliduser (pam_handle_t *pamh, struct _options *opts, user = p; /* this is the user's name */ while (*p && !isspace(*p)) ++p; /* find end of user's name */ - } else + } else user = p; *p = '\0'; /* <nul> terminate username (+host?) */ @@ -485,7 +492,7 @@ pam_iruserok(pam_handle_t *pamh, No hosts.equiv file on system. } */ } - + if ( opts->opt_no_rhosts ) return 1; @@ -495,10 +502,10 @@ pam_iruserok(pam_handle_t *pamh, pwd = _pammodutil_getpwnam(pamh, luser); if (pwd == NULL) { - /* + /* * luser is assumed to be valid because of an earlier check for uid = 0 * we don't log this error twice. However, this shouldn't happen ! - * --cristiang + * --cristiang */ return(1); } @@ -520,7 +527,7 @@ pam_iruserok(pam_handle_t *pamh, */ /* We are root, this will not fail */ -#ifdef linux +#ifdef __linux__ /* If we are on linux the better way is setfsuid */ uid = setfsuid(pwd->pw_uid); hostf = fopen(pbuf, "r"); @@ -555,7 +562,7 @@ pam_iruserok(pam_handle_t *pamh, /* private group caveat */ if (opts->opt_private_group) { - struct group *grp = getgrgid(sbuf.st_gid); + struct group *grp = _pammodutil_getgrgid(pamh, sbuf.st_gid); if (NULL == grp || NULL == grp->gr_name || strcmp(luser,grp->gr_name)) { @@ -596,7 +603,7 @@ exit_function: * they are reset before we exit. */ -#ifdef linux +#ifdef __linux__ setfsuid(uid); #else (void)seteuid(uid); @@ -657,9 +664,9 @@ pam_ruserok (pam_handle_t *pamh, */ static int _pam_auth_rhosts (pam_handle_t *pamh, - int flags, + int flags, int argc, - const char **argv) + const char **argv) { int retval; const char *luser = NULL; @@ -750,9 +757,9 @@ static int _pam_auth_rhosts (pam_handle_t *pamh, /* --- authentication management functions --- */ PAM_EXTERN -int pam_sm_authenticate (pam_handle_t *pamh, +int pam_sm_authenticate (pam_handle_t *pamh, int flags, - int argc, + int argc, const char **argv) { int retval; diff --git a/Linux-PAM/modules/pam_rootok/Makefile b/Linux-PAM/modules/pam_rootok/Makefile index f6c58635..b908b115 100644 --- a/Linux-PAM/modules/pam_rootok/Makefile +++ b/Linux-PAM/modules/pam_rootok/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:33 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_rootok/README b/Linux-PAM/modules/pam_rootok/README index 4e19c097..43b92e6c 100644 --- a/Linux-PAM/modules/pam_rootok/README +++ b/Linux-PAM/modules/pam_rootok/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.2 2002/09/15 20:08:57 hartmans Exp $ +# $Id: README,v 1.2 2001/11/27 05:37:30 agmorgan Exp $ # this module is an authentication module that performs one task: if the diff --git a/Linux-PAM/modules/pam_rootok/pam_rootok.c b/Linux-PAM/modules/pam_rootok/pam_rootok.c index 57ddebe5..e1e09b6e 100644 --- a/Linux-PAM/modules/pam_rootok/pam_rootok.c +++ b/Linux-PAM/modules/pam_rootok/pam_rootok.c @@ -1,7 +1,7 @@ /* pam_rootok module */ /* - * $Id: pam_rootok.c,v 1.1.1.2 2002/09/15 20:08:57 hartmans Exp $ + * $Id: pam_rootok.c,v 1.3 2002/05/26 23:00:28 agmorgan Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 */ diff --git a/Linux-PAM/modules/pam_securetty/Makefile b/Linux-PAM/modules/pam_securetty/Makefile index 65e50d51..8ac853c5 100644 --- a/Linux-PAM/modules/pam_securetty/Makefile +++ b/Linux-PAM/modules/pam_securetty/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:33 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_securetty/pam_securetty.c b/Linux-PAM/modules/pam_securetty/pam_securetty.c index 9e6121e8..3a9ae421 100644 --- a/Linux-PAM/modules/pam_securetty/pam_securetty.c +++ b/Linux-PAM/modules/pam_securetty/pam_securetty.c @@ -21,8 +21,7 @@ #include <stdarg.h> #include <pwd.h> #include <string.h> - -#define PAM_SM_AUTH +#include <ctype.h> /* * here, we make a definition for the externally accessible function @@ -32,8 +31,10 @@ */ #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include <security/pam_modules.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -71,31 +72,39 @@ static int _pam_parse(int argc, const char **argv) return ctrl; } -/* --- authentication management functions (only) --- */ - -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, + const char *function_name) { int retval = PAM_AUTH_ERR; const char *username; char *uttyname; char ttyfileline[256]; + char ptname[256]; struct stat ttyfileinfo; struct passwd *user_pwd; FILE *ttyfile; - int ctrl; - /* parse the arguments */ - ctrl = _pam_parse(argc, argv); + /* log a trail for debugging */ + if (ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_DEBUG, "pam_securetty called via %s function", + function_name); + } retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || username == NULL) { if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_WARNING, "cannot determine username"); } - return (retval == PAM_CONV_AGAIN - ? PAM_INCOMPLETE:PAM_SERVICE_ERR); + return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); + } + + user_pwd = _pammodutil_getpwnam(pamh, username); + if (user_pwd == NULL) { + return PAM_IGNORE; + } else if (user_pwd->pw_uid != 0) { /* If the user is not root, + securetty's does not apply + to them */ + return PAM_SUCCESS; } retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname); @@ -107,16 +116,8 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc } /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ - if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) + if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { uttyname += sizeof(TTY_PREFIX)-1; - - user_pwd = getpwnam(username); - if (user_pwd == NULL) { - return PAM_IGNORE; - } else if (user_pwd->pw_uid != 0) { /* If the user is not root, - securetty's does not apply - to them */ - return PAM_SUCCESS; } if (stat(SECURETTY_FILE, &ttyfileinfo)) { @@ -126,8 +127,7 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc error. */ } - if ((ttyfileinfo.st_mode & S_IWOTH) - || !S_ISREG(ttyfileinfo.st_mode)) { + if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ _pam_log(LOG_ERR, SECURETTY_FILE @@ -136,39 +136,80 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc } ttyfile = fopen(SECURETTY_FILE,"r"); - if(ttyfile == NULL) { /* Check that we opened it successfully */ + if (ttyfile == NULL) { /* Check that we opened it successfully */ _pam_log(LOG_ERR, "Error opening " SECURETTY_FILE); return PAM_SERVICE_ERR; } - /* There should be no more errors from here on */ - retval=PAM_AUTH_ERR; - /* This loop assumes that PAM_SUCCESS == 0 - and PAM_AUTH_ERR != 0 */ - while((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) - && retval) { - if(ttyfileline[strlen(ttyfileline) - 1] == '\n') + + if (isdigit(uttyname[0])) { + snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); + } else { + ptname[0] = '\0'; + } + + retval = 1; + + while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) + && retval) { + if (ttyfileline[strlen(ttyfileline) - 1] == '\n') ttyfileline[strlen(ttyfileline) - 1] = '\0'; - retval = strcmp(ttyfileline,uttyname); + + retval = ( strcmp(ttyfileline, uttyname) + && (!ptname[0] || strcmp(ptname, uttyname)) ); } fclose(ttyfile); - if(retval) { - if (ctrl & PAM_DEBUG_ARG) + + if (retval) { _pam_log(LOG_WARNING, "access denied: tty '%s' is not secure !", uttyname); - retval = PAM_AUTH_ERR; + + retval = PAM_AUTH_ERR; + } else { + if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) { + _pam_log(LOG_DEBUG, "access allowed for '%s' on '%s'", + username, uttyname); + } + retval = PAM_SUCCESS; + } - if ((retval == PAM_SUCCESS) && (ctrl & PAM_DEBUG_ARG)) - _pam_log(LOG_DEBUG, "access allowed for '%s' on '%s'", - username, uttyname); + return retval; } +/* --- authentication management functions --- */ + PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv) { - return PAM_SUCCESS; + int ctrl; + + /* parse the arguments */ + ctrl = _pam_parse(argc, argv); + + return securetty_perform_check(pamh, flags, ctrl, __FUNCTION__); +} + +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} + +/* --- account management functions --- */ + +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + int ctrl; + + /* parse the arguments */ + ctrl = _pam_parse(argc, argv); + + /* take the easy route */ + return securetty_perform_check(pamh, flags, ctrl, __FUNCTION__); } @@ -180,12 +221,12 @@ struct pam_module _pam_securetty_modstruct = { "pam_securetty", pam_sm_authenticate, pam_sm_setcred, - NULL, + pam_sm_acct_mgmt, NULL, NULL, NULL, }; -#endif +#endif /* PAM_STATIC */ /* end of module definition */ diff --git a/Linux-PAM/modules/pam_shells/Makefile b/Linux-PAM/modules/pam_shells/Makefile index 1ead26c5..f1d7ff51 100644 --- a/Linux-PAM/modules/pam_shells/Makefile +++ b/Linux-PAM/modules/pam_shells/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:33 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_shells/README b/Linux-PAM/modules/pam_shells/README index cbd5bfb5..aa63a827 100644 --- a/Linux-PAM/modules/pam_shells/README +++ b/Linux-PAM/modules/pam_shells/README @@ -1,7 +1,6 @@ pam_shells: Authentication is granted if the users shell is listed in - /etc/shells. If no shell is in /etc/passwd (empty), the - /bin/sh is used (following ftpd's convention). + /etc/shells. Also checks to make sure that /etc/shells is a plain file and not world writable. diff --git a/Linux-PAM/modules/pam_shells/pam_shells.c b/Linux-PAM/modules/pam_shells/pam_shells.c index 36dd1a91..64359eac 100644 --- a/Linux-PAM/modules/pam_shells/pam_shells.c +++ b/Linux-PAM/modules/pam_shells/pam_shells.c @@ -12,8 +12,10 @@ #include <pwd.h> #include <stdarg.h> +#include <string.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> #include <sys/stat.h> #include <syslog.h> #include <unistd.h> @@ -26,8 +28,10 @@ */ #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include <security/pam_modules.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -42,77 +46,98 @@ static void _pam_log(int err, const char *format, ...) closelog(); } -/* --- authentication management functions (only) --- */ - -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +static int perform_check(pam_handle_t *pamh, int flags) { - int retval = PAM_AUTH_ERR; - const char *userName; - char *userShell; - char shellFileLine[256]; - struct stat sb; - struct passwd * pw; - FILE * shellFile; - - retval = pam_get_user(pamh,&userName,NULL); - if(retval != PAM_SUCCESS) - return PAM_SERVICE_ERR; - - if(!userName || (strlen(userName) <= 0)) { - /* Don't let them use a NULL username... */ - pam_get_user(pamh,&userName,NULL); + int retval = PAM_AUTH_ERR; + const char *userName; + char *userShell; + char shellFileLine[256]; + struct stat sb; + struct passwd * pw; + FILE * shellFile; + + retval = pam_get_user(pamh, &userName, NULL); + if (retval != PAM_SUCCESS) { + return PAM_SERVICE_ERR; + } + + if (!userName || (userName[0] == '\0')) { + + /* Don't let them use a NULL username... */ + retval = pam_get_user(pamh,&userName,NULL); if (retval != PAM_SUCCESS) - return PAM_SERVICE_ERR; - } + return PAM_SERVICE_ERR; - pw = getpwnam(userName); - if (!pw) + /* It could still be NULL the second time. */ + if (!userName || (userName[0] == '\0')) + return PAM_SERVICE_ERR; + } + + pw = _pammodutil_getpwnam(pamh, userName); + if (!pw) { return PAM_AUTH_ERR; /* user doesn't exist */ - userShell = pw->pw_shell; + } + userShell = pw->pw_shell; - if(stat(SHELL_FILE,&sb)) { - _pam_log(LOG_ERR, - "%s cannot be stat'd (it probably does not exist)", SHELL_FILE); + if (stat(SHELL_FILE,&sb)) { + _pam_log(LOG_ERR, "%s cannot be stat'd (it probably does not exist)", + SHELL_FILE); return PAM_AUTH_ERR; /* must have /etc/shells */ - } + } - if((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { - _pam_log(LOG_ERR, - "%s is either world writable or not a normal file", SHELL_FILE); + if ((sb.st_mode & S_IWOTH) || !S_ISREG(sb.st_mode)) { + _pam_log(LOG_ERR, "%s is either world writable or not a normal file", + SHELL_FILE); return PAM_AUTH_ERR; - } + } - shellFile = fopen(SHELL_FILE,"r"); - if(shellFile == NULL) { /* Check that we opened it successfully */ + shellFile = fopen(SHELL_FILE,"r"); + if (shellFile == NULL) { /* Check that we opened it successfully */ _pam_log(LOG_ERR, - "Error opening %s", SHELL_FILE); - return PAM_SERVICE_ERR; - } - /* There should be no more errors from here on */ - retval=PAM_AUTH_ERR; - /* This loop assumes that PAM_SUCCESS == 0 - and PAM_AUTH_ERR != 0 */ - while((fgets(shellFileLine,255,shellFile) != NULL) - && retval) { - if (shellFileLine[strlen(shellFileLine) - 1] == '\n') - shellFileLine[strlen(shellFileLine) - 1] = '\0'; - retval = strcmp(shellFileLine, userShell); - } - fclose(shellFile); - if(retval) - retval = PAM_AUTH_ERR; - return retval; + "Error opening %s", SHELL_FILE); + return PAM_SERVICE_ERR; + } + + retval = 1; + + while(retval && (fgets(shellFileLine, 255, shellFile) != NULL)) { + if (shellFileLine[strlen(shellFileLine) - 1] == '\n') + shellFileLine[strlen(shellFileLine) - 1] = '\0'; + retval = strcmp(shellFileLine, userShell); + } + + fclose(shellFile); + + if (retval) { + return PAM_AUTH_ERR; + } else { + return PAM_SUCCESS; + } +} + +/* --- authentication management functions (only) --- */ + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return perform_check(pamh, flags); } PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,const char **argv) { return PAM_SUCCESS; } +/* --- account management functions (only) --- */ + +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + return perform_check(pamh, flags); +} #ifdef PAM_STATIC @@ -122,12 +147,12 @@ struct pam_module _pam_shells_modstruct = { "pam_shells", pam_sm_authenticate, pam_sm_setcred, - NULL, + pam_sm_acct_mgmt, NULL, NULL, NULL, }; -#endif +#endif /* PAM_STATIC */ /* end of module definition */ diff --git a/Linux-PAM/modules/pam_stress/Makefile b/Linux-PAM/modules/pam_stress/Makefile index 15a891c0..3512c853 100644 --- a/Linux-PAM/modules/pam_stress/Makefile +++ b/Linux-PAM/modules/pam_stress/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:33 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_stress/README b/Linux-PAM/modules/pam_stress/README index 7a88f12d..b4273f50 100644 --- a/Linux-PAM/modules/pam_stress/README +++ b/Linux-PAM/modules/pam_stress/README @@ -1,5 +1,5 @@ # -# $Id: README,v 1.1.1.1 2001/04/29 04:17:34 hartmans Exp $ +# $Id: README,v 1.1.1.1 2000/06/20 22:11:57 agmorgan Exp $ # # This describes the behavior of this module with respect to the # /etc/pam.conf file. diff --git a/Linux-PAM/modules/pam_stress/pam_stress.c b/Linux-PAM/modules/pam_stress/pam_stress.c index 8bc85f5d..2d361c3e 100644 --- a/Linux-PAM/modules/pam_stress/pam_stress.c +++ b/Linux-PAM/modules/pam_stress/pam_stress.c @@ -1,6 +1,6 @@ /* pam_stress module */ -/* $Id: pam_stress.c,v 1.1.1.1 2001/04/29 04:17:34 hartmans Exp $ +/* $Id: pam_stress.c,v 1.4 2004/09/22 09:37:50 kukuk Exp $ * * created by Andrew Morgan <morgan@linux.kernel.org> 1996/3/12 */ @@ -10,7 +10,6 @@ #include <stdlib.h> #include <stdio.h> -#define __USE_BSD #include <syslog.h> #include <stdarg.h> @@ -32,13 +31,6 @@ #include <security/pam_modules.h> #include <security/_pam_macros.h> -static char *_strdup(const char *x) -{ - char *new; - new = malloc(strlen(x)+1); - strcpy(new,x); - return new; -} /* log errors */ @@ -142,8 +134,8 @@ static int converse(pam_handle_t *pamh, int nargs int retval; struct pam_conv *conv; - if ((retval = pam_get_item(pamh,PAM_CONV,(const void **)&conv)) - == PAM_SUCCESS) { + retval = pam_get_item(pamh,PAM_CONV,(const void **)&conv); + if (retval == PAM_SUCCESS && conv) { retval = conv->conv(nargs, (const struct pam_message **) message , response, conv->appdata_ptr); if (retval != PAM_SUCCESS) { @@ -152,6 +144,8 @@ static int converse(pam_handle_t *pamh, int nargs } } else { _pam_log(LOG_ERR,"(pam_stress) converse failed to get pam_conv"); + if (retval == PAM_SUCCESS) + retval = PAM_BAD_ITEM; /* conv was null */ } return retval; @@ -168,7 +162,8 @@ static int stress_get_password(pam_handle_t *pamh, int flags && (pam_get_item(pamh,PAM_AUTHTOK,(const void **)&pass) == PAM_SUCCESS) && (pass != NULL) ) { - pass = _strdup(pass); + if ((pass = strdup(pass)) == NULL) + return PAM_BUF_ERR; } else if ((ctrl & PAM_ST_USE_PASS1)) { _pam_log(LOG_WARNING, "pam_stress: no forwarded password"); return PAM_PERM_DENIED; @@ -207,7 +202,8 @@ static int stress_get_password(pam_handle_t *pamh, int flags _pam_log(LOG_DEBUG,"getting password, but NULL returned!?"); return PAM_CONV_ERR; } - free(resp); + if (resp) + free(resp); } *password = pass; /* this *MUST* be free()'d by this module */ @@ -239,12 +235,15 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* try to get the username */ retval = pam_get_user(pamh, &username, "username: "); - if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) { - _pam_log(LOG_DEBUG, "pam_sm_authenticate: username = %s", username); - } else if (retval != PAM_SUCCESS) { + if (retval != PAM_SUCCESS || !username) { _pam_log(LOG_WARNING, "pam_sm_authenticate: failed to get username"); + if (retval == PAM_SUCCESS) + retval = PAM_USER_UNKNOWN; /* username was null */ return retval; } + else if ((ctrl & PAM_ST_DEBUG) && (retval == PAM_SUCCESS)) { + _pam_log(LOG_DEBUG, "pam_sm_authenticate: username = %s", username); + } /* now get the password */ @@ -258,20 +257,15 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* try to set password item */ retval = pam_set_item(pamh,PAM_AUTHTOK,pass); + _pam_overwrite(pass); /* clean up local copy of password */ + free(pass); + pass = NULL; if (retval != PAM_SUCCESS) { _pam_log(LOG_WARNING, "pam_sm_authenticate: " "failed to store new password"); - _pam_overwrite(pass); - free(pass); return retval; } - /* clean up local copy of password */ - - _pam_overwrite(pass); - free(pass); - pass = NULL; - /* if we are debugging then we print the password */ if (ctrl & PAM_ST_DEBUG) { @@ -320,9 +314,18 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, if (ctrl & PAM_ST_FAIL_1) return PAM_PERM_DENIED; else if (ctrl & PAM_ST_EXPIRED) { - void *text = malloc(sizeof("yes")+1); - strcpy(text,"yes"); - pam_set_data(pamh,"stress_new_pwd",text,wipe_up); + int retval; + void *text = strdup("yes"); + if (!text) + return PAM_BUF_ERR; + retval = pam_set_data(pamh,"stress_new_pwd",text,wipe_up); + if (retval != PAM_SUCCESS) { + _pam_log(LOG_DEBUG, + "pam_sm_acct_mgmt: failed setting stress_new_pwd"); + free(text); + return retval; + } + if (ctrl & PAM_ST_DEBUG) { _pam_log(LOG_DEBUG,"pam_sm_acct_mgmt: need a new password"); } @@ -344,9 +347,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, _pam_report(ctrl,"pam_sm_open_session", flags, argc, argv); if ((pam_get_item(pamh, PAM_USER, (const void **) &username) - != PAM_SUCCESS) + != PAM_SUCCESS || !username) || (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) - != PAM_SUCCESS)) { + != PAM_SUCCESS || !service)) { _pam_log(LOG_WARNING,"pam_sm_open_session: for whom?"); return PAM_SESSION_ERR; } @@ -372,9 +375,9 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, _pam_report(ctrl,"pam_sm_close_session", flags, argc, argv); if ((pam_get_item(pamh, PAM_USER, (const void **)&username) - != PAM_SUCCESS) + != PAM_SUCCESS || !username) || (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) - != PAM_SUCCESS)) { + != PAM_SUCCESS || !service)) { _pam_log(LOG_WARNING,"pam_sm_close_session: for whom?"); return PAM_SESSION_ERR; } @@ -448,15 +451,14 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, return retval; } retval = pam_set_item(pamh, PAM_OLDAUTHTOK, pass); + _pam_overwrite(pass); + free(pass); + pass = NULL; if (retval != PAM_SUCCESS) { _pam_log(LOG_DEBUG ,"pam_sm_chauthtok: could not set OLDAUTHTOK"); - _pam_overwrite(pass); - free(pass); return retval; } - _pam_overwrite(pass); - free(pass); } /* set up for conversation */ @@ -517,7 +519,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, pmsg[0] = &msg[0]; msg[0].msg_style = PAM_ERROR_MSG; msg[0].msg = "Verification mis-typed; " - "password unchaged"; + "password unchanged"; resp = NULL; (void) converse(pamh,1,pmsg,&resp); if (resp) { diff --git a/Linux-PAM/modules/pam_succeed_if/Makefile b/Linux-PAM/modules/pam_succeed_if/Makefile new file mode 100644 index 00000000..cea9be3b --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/Makefile @@ -0,0 +1,16 @@ +# +# $Id: Makefile,v 1.1 2004/09/24 11:42:39 kukuk Exp $ +# +# This Makefile controls a build process of $(TITLE) module for +# Linux-PAM. You should not modify this Makefile (unless you know +# what you are doing!). +# +# Created by Andrew Morgan <morgan@linux.kernel.org> 2000/08/27 +# + +include ../../Make.Rules + +TITLE=pam_succeed_if +MAN8=$(TITLE).8 + +include ../Simple.Rules diff --git a/Linux-PAM/modules/pam_succeed_if/README b/Linux-PAM/modules/pam_succeed_if/README new file mode 100644 index 00000000..fdb278ef --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/README @@ -0,0 +1,68 @@ +pam_succeed_if: + Succeed or fail based on account characteristics. + + pam_succeed_if.so is designed to succeed or fail authentication based + on characteristics of the account belonging to the user being + authenticated. + + The module can be given one or more conditions as module arguments, and + authentication will succeed only if all of the conditions are met. + + Conditions are expressed in the form + + ATTRIBUTE OPERATOR VALUE + + Recognized attributes: + + LOGIN - The user's login name. + UID - The user's UID. + GID - The user's primary GID. + SHELL - The user's shell. + HOME - The user's home directory. + + Recognized operators: + + < - Arithmetic less-than. + <= - Arithmetic less-than-or-equal-to. + > - Arithmetic greater-than. + >= - Arithmetic greater-than-or-equal-to. + eq - Arithmetic equality. + = - String equality. + ne - Arithmetic inequality. + != - String inequality. + =~ - Wildcard match. + !~ - Wildcard mismatch. + ingroup - Group membership check. [*] + notingroup - Group non-membership check. [*] + + * The "ingroup" and "notingroup" operators should only be + used with the USER attribute. + + Examples: + + Deny authentication to all users except those in the wheel + group, before even asking for a password: + auth requisite pam_succeed_if.so user ingroup wheel + + Assume all users with UID less than 500 ("system users") have + valid accounts. + account sufficient pam_succeed_if.so uid < 500 + + Deny login to all nologin users. + auth requisite pam_succeed_if.so shell !~ nologin + +RECOGNIZED ARGUMENTS: + debug write debugging messages to syslog + use_uid perform checks on the account of the user under whose + UID the application is running instead of the user + being authenticated + quiet don't log failure or success to syslog + quiet_fail don't log failure to syslog + quiet_success don't log success to syslog + + +MODULE SERVICES PROVIDED: + authentication, account management + +AUTHOR: + Nalin Dahyabhai <nalin@redhat.com> diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 new file mode 100644 index 00000000..da95a033 --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.8 @@ -0,0 +1,37 @@ +.\" Copyright 2003, 2004 Red Hat, Inc. +.\" Written by Nalin Dahyabhai <nalin@redhat.com> +.TH pam_succeed_if 8 2004/12/27 "Linux-PAM" "System Administrator's Manual" + +.SH NAME +pam_succeed_if \- succeed or fail based on account characteristics + +.SH SYNOPSIS +.B account sufficient pam_succeed_if.so uid < 500 + +.SH DESCRIPTION +pam_succeed_if.so is designed to succeed or fail authentication based on +characteristics of the account belonging to the user being authenticated. + +The module can be given one or more conditions as module arguments, and +authentication will succeed only if all of the conditions are met. + +.SH ARGUMENTS +.IP debug +Turns on debugging messages sent to syslog. +.IP use_uid +Evaluate conditions using the account of the user whose UID the application +is running under instead of the user being authenticated. +.IP quiet +Don't log failure or success to the system log. +.IP quiet_fail +Don't log failure to the system log. +.IP quiet_success +Don't log success to the system log. + + +.SH BUGS +Let's hope not, but if you find any, please report them via the "Bug Track" +link at http://bugzilla.redhat.com/bugzilla/ + +.SH AUTHOR +Nalin Dahyabhai <nalin@redhat.com> diff --git a/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c new file mode 100644 index 00000000..23974afa --- /dev/null +++ b/Linux-PAM/modules/pam_succeed_if/pam_succeed_if.c @@ -0,0 +1,470 @@ +/****************************************************************************** + * A simple user-attribute based module for PAM. + * + * Copyright (c) 2003 Red Hat, Inc. + * Written by Nalin Dahyabhai <nalin@redhat.com> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#define _GNU_SOURCE + +#include <sys/types.h> +#include <errno.h> +#include <fcntl.h> +#include <fnmatch.h> +#include <limits.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <syslog.h> +#include <unistd.h> +#include <pwd.h> +#include <grp.h> +#include <security/pam_modules.h> +#include <security/_pam_modutil.h> + +#define MODULE "pam_succeed_if" + +static void +log_error(int priority, const char *fmt, ...) +{ + va_list va; + char *fmt2; + fmt2 = malloc(strlen(fmt) + strlen(MODULE) + 3); + va_start(va, fmt); + if (fmt2 == NULL) { + vsyslog(LOG_AUTHPRIV | priority, fmt, va); + } else { + snprintf(fmt2, strlen(fmt) + strlen(MODULE) + 3, + "%s: %s", MODULE, fmt); + vsyslog(LOG_AUTHPRIV | priority, fmt2, va); + free(fmt2); + } + va_end(va); +} + +/* Basically, run cmp(atol(left), atol(right)), returning PAM_SUCCESS if + * the function returns non-zero, PAM_AUTH_ERR if it returns zero, and + * PAM_SYSTEM_ERR if the arguments can't be parsed as numbers. */ +static int +evaluate_num(const char *left, const char *right, int (*cmp)(int, int)) +{ + long l, r; + char *p; + int ret = PAM_SUCCESS; + + errno = 0; + l = strtol(left, &p, 0); + if ((p == NULL) || (*p != '\0') || errno) { + log_error(LOG_INFO, "\"%s\" is not a number", left); + ret = PAM_SERVICE_ERR; + } + + r = strtol(right, &p, 0); + if ((p == NULL) || (*p != '\0') || errno) { + log_error(LOG_INFO, "\"%s\" is not a number", right); + ret = PAM_SERVICE_ERR; + } + + if (ret != PAM_SUCCESS) { + return ret; + } + + return cmp(l, r) ? PAM_SUCCESS : PAM_AUTH_ERR; +} + +/* Simple numeric comparison callbacks. */ +static int +eq(int i, int j) +{ + return i == j; +} +static int +ne(int i, int j) +{ + return i != j; +} +static int +lt(int i, int j) +{ + return i < j; +} +static int +le(int i, int j) +{ + return lt(i, j) || eq(i, j); +} +static int +gt(int i, int j) +{ + return i > j; +} +static int +ge(int i, int j) +{ + return gt(i, j) || eq(i, j); +} + +/* Test for numeric equality. */ +static int +evaluate_eqn(const char *left, const char *right) +{ + return evaluate_num(left, right, eq); +} +/* Test for string equality. */ +static int +evaluate_eqs(const char *left, const char *right) +{ + return (strcmp(left, right) == 0) ? PAM_SUCCESS : PAM_AUTH_ERR; +} +/* Test for numeric inequality. */ +static int +evaluate_nen(const char *left, const char *right) +{ + return evaluate_num(left, right, ne); +} +/* Test for string inequality. */ +static int +evaluate_nes(const char *left, const char *right) +{ + return (strcmp(left, right) != 0) ? PAM_SUCCESS : PAM_AUTH_ERR; +} +/* Test for numeric less-than-ness(?) */ +static int +evaluate_lt(const char *left, const char *right) +{ + return evaluate_num(left, right, lt); +} +/* Test for numeric less-than-or-equal-ness(?) */ +static int +evaluate_le(const char *left, const char *right) +{ + return evaluate_num(left, right, le); +} +/* Test for numeric greater-than-ness(?) */ +static int +evaluate_gt(const char *left, const char *right) +{ + return evaluate_num(left, right, gt); +} +/* Test for numeric greater-than-or-equal-ness(?) */ +static int +evaluate_ge(const char *left, const char *right) +{ + return evaluate_num(left, right, ge); +} +/* Check for file glob match. */ +static int +evaluate_glob(const char *left, const char *right) +{ + return (fnmatch(right, left, 0) == 0) ? PAM_SUCCESS : PAM_AUTH_ERR; +} +/* Check for file glob mismatch. */ +static int +evaluate_noglob(const char *left, const char *right) +{ + return (fnmatch(right, left, 0) != 0) ? PAM_SUCCESS : PAM_AUTH_ERR; +} +/* Return PAM_SUCCESS if the user is in the group. */ +static int +evaluate_ingroup(pam_handle_t *pamh, const char *user, const char *group) +{ + int ret; + ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); + switch (ret) { + case 1: + return PAM_SUCCESS; + break; + default: + break; + } + return PAM_AUTH_ERR; +} +/* Return PAM_SUCCESS if the user is NOT in the group. */ +static int +evaluate_notingroup(pam_handle_t *pamh, const char *user, const char *group) +{ + int ret; + ret = _pammodutil_user_in_group_nam_nam(pamh, user, group); + switch (ret) { + case 0: + return PAM_SUCCESS; + break; + default: + break; + } + return PAM_AUTH_ERR; +} + +/* Match a triple. */ +static int +evaluate(pam_handle_t *pamh, int debug, + const char *left, const char *qual, const char *right, + struct passwd *pwd) +{ + char buf[LINE_MAX] = ""; + const char *attribute = left; + /* Figure out what we're evaluating here, and convert it to a string.*/ + if ((strcasecmp(left, "login") == 0) || + (strcasecmp(left, "name") == 0) || + (strcasecmp(left, "user") == 0)) { + snprintf(buf, sizeof(buf), "%s", pwd->pw_name); + left = buf; + } + if (strcasecmp(left, "uid") == 0) { + snprintf(buf, sizeof(buf), "%lu", (unsigned long) pwd->pw_uid); + left = buf; + } + if (strcasecmp(left, "gid") == 0) { + snprintf(buf, sizeof(buf), "%lu", (unsigned long) pwd->pw_gid); + left = buf; + } + if (strcasecmp(left, "shell") == 0) { + snprintf(buf, sizeof(buf), "%s", pwd->pw_shell); + left = buf; + } + if ((strcasecmp(left, "home") == 0) || + (strcasecmp(left, "dir") == 0) || + (strcasecmp(left, "homedir") == 0)) { + snprintf(buf, sizeof(buf), "%s", pwd->pw_dir); + left = buf; + } + /* If we have no idea what's going on, return an error. */ + if (left != buf) { + log_error(LOG_CRIT, "unknown attribute \"%s\"", left); + return PAM_SERVICE_ERR; + } + if (debug) { + log_error(LOG_DEBUG, "'%s' resolves to '%s'", attribute, left); + } + + /* Attribute value < some threshold. */ + if ((strcasecmp(qual, "<") == 0) || + (strcasecmp(qual, "lt") == 0)) { + return evaluate_lt(left, right); + } + /* Attribute value <= some threshold. */ + if ((strcasecmp(qual, "<=") == 0) || + (strcasecmp(qual, "le") == 0)) { + return evaluate_le(left, right); + } + /* Attribute value > some threshold. */ + if ((strcasecmp(qual, ">") == 0) || + (strcasecmp(qual, "gt") == 0)) { + return evaluate_gt(left, right); + } + /* Attribute value >= some threshold. */ + if ((strcasecmp(qual, ">=") == 0) || + (strcasecmp(qual, "ge") == 0)) { + return evaluate_ge(left, right); + } + /* Attribute value == some threshold. */ + if (strcasecmp(qual, "eq") == 0) { + return evaluate_eqn(left, right); + } + /* Attribute value = some string. */ + if (strcasecmp(qual, "=") == 0) { + return evaluate_eqs(left, right); + } + /* Attribute value != some threshold. */ + if (strcasecmp(qual, "ne") == 0) { + return evaluate_nen(left, right); + } + /* Attribute value != some string. */ + if (strcasecmp(qual, "!=") == 0) { + return evaluate_nes(left, right); + } + /* Attribute value matches some pattern. */ + if ((strcasecmp(qual, "=~") == 0) || + (strcasecmp(qual, "glob") == 0)) { + return evaluate_glob(left, right); + } + if ((strcasecmp(qual, "!~") == 0) || + (strcasecmp(qual, "noglob") == 0)) { + return evaluate_noglob(left, right); + } + /* User is in this group. */ + if (strcasecmp(qual, "ingroup") == 0) { + return evaluate_ingroup(pamh, pwd->pw_name, right); + } + /* User is not in this group. */ + if (strcasecmp(qual, "notingroup") == 0) { + return evaluate_notingroup(pamh, pwd->pw_name, right); + } + /* Fail closed. */ + return PAM_SERVICE_ERR; +} + +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + const char *prompt; + const char *user; + struct passwd *pwd; + int ret, i, count, use_uid, debug; + const char *left, *right, *qual; + int quiet_fail, quiet_succ; + + /* Get the user prompt. */ + ret = pam_get_item(pamh, PAM_USER_PROMPT, (const void**) &prompt); + if ((ret != PAM_SUCCESS) || (prompt == NULL) || (strlen(prompt) == 0)) { + prompt = "login: "; + } + + quiet_fail = 0; + quiet_succ = 0; + for (use_uid = 0, debug = 0, i = 0; i < argc; i++) { + if (strcmp(argv[i], "debug") == 0) { + debug++; + } + if (strcmp(argv[i], "use_uid") == 0) { + use_uid++; + } + if (strcmp(argv[i], "quiet") == 0) { + quiet_fail++; + quiet_succ++; + } + if (strcmp(argv[i], "quiet_fail") == 0) { + quiet_fail++; + } + if (strcmp(argv[i], "quiet_success") == 0) { + quiet_succ++; + } + } + + if (use_uid) { + /* Get information about the user. */ + pwd = _pammodutil_getpwuid(pamh, getuid()); + if (pwd == NULL) { + log_error(LOG_CRIT, + "error retrieving information about user %ld", + (long)getuid()); + return PAM_SERVICE_ERR; + } + } else { + /* Get the user's name. */ + ret = pam_get_user(pamh, &user, prompt); + if ((ret != PAM_SUCCESS) || (user == NULL)) { + log_error(LOG_CRIT, "error retrieving user name: %s", + pam_strerror(pamh, ret)); + return ret; + } + + /* Get information about the user. */ + pwd = _pammodutil_getpwnam(pamh, user); + if (pwd == NULL) { + log_error(LOG_CRIT, + "error retrieving information about user %s", + user); + return PAM_SERVICE_ERR; + } + } + + /* Walk the argument list. */ + i = count = 0; + left = qual = right = NULL; + while (i <= argc) { + if ((left != NULL) && (qual != NULL) && (right != NULL)) { + ret = evaluate(pamh, debug, + left, qual, right, + pwd); + if (ret != PAM_SUCCESS) { + if(!quiet_fail) + log_error(LOG_INFO, + "requirement \"%s %s %s\" " + "not met by user \"%s\"", + left, qual, right, user); + break; + } + else + if(!quiet_succ) + log_error(LOG_INFO, + "requirement \"%s %s %s\" " + "was met by user \"%s\"", + left, qual, right, user); + left = qual = right = NULL; + } + if ((i < argc) && (strcmp(argv[i], "debug") == 0)) { + i++; + continue; + } + if ((i < argc) && (strcmp(argv[i], "use_uid") == 0)) { + i++; + continue; + } + if ((i < argc) && (strcmp(argv[i], "quiet") == 0)) { + i++; + continue; + } + if ((i < argc) && (strcmp(argv[i], "quiet_fail") == 0)) { + i++; + continue; + } + if ((i < argc) && (strcmp(argv[i], "quiet_success") == 0)) { + i++; + continue; + } + if ((i < argc) && (left == NULL)) { + left = argv[i++]; + count++; + continue; + } + if ((i < argc) && (qual == NULL)) { + qual = argv[i++]; + count++; + continue; + } + if ((i < argc) && (right == NULL)) { + right = argv[i++]; + count++; + continue; + } + i++; + } + + return ret; +} + +int +pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return PAM_SUCCESS; +} + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + return pam_sm_authenticate(pamh, flags, argc, argv); +} diff --git a/Linux-PAM/modules/pam_tally/Makefile b/Linux-PAM/modules/pam_tally/Makefile index d173b080..40617a1a 100644 --- a/Linux-PAM/modules/pam_tally/Makefile +++ b/Linux-PAM/modules/pam_tally/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:08:58 hartmans Exp $ +# $Id: Makefile,v 1.5 2004/09/24 13:13:21 kukuk Exp $ # # This Makefile controls a build process of $(TITLE) module and # application for Linux-PAM. You should not modify this Makefile @@ -44,6 +44,12 @@ endif APPLICATION = $(TITLE) APPMODE = 755 +LINK_PAMMODUTILS = -L../pammodutil -lpammodutil -L../../libpam -lpam +INCLUDE_PAMMODUTILS = -I../pammodutil/include + +LDFLAGS += $(LINK_PAMMODUTILS) +CFLAGS += $(INCLUDE_PAMMODUTILS) + ####################### don't edit below ####################### all: dirs $(LIBSHARED) $(LIBSTATIC) register $(APPLICATION) @@ -65,10 +71,10 @@ ifdef DYNAMIC $(LIBOBJD): $(LIBSRC) $(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) + $(LD_D) -o $@ $(LIBOBJD) $(LDFLAGS) $(APPLICATION): $(APPOBJD) $(TITLE).c - $(CC) $(CFLAGS) -o $@ $(APPOBJD) $(LOADLIBES) + $(CC) $(CFLAGS) -o $@ $(APPOBJD) $(LDFLAGS) $(LOADLIBES) endif diff --git a/Linux-PAM/modules/pam_tally/README b/Linux-PAM/modules/pam_tally/README index 4c421648..c8b715bd 100644 --- a/Linux-PAM/modules/pam_tally/README +++ b/Linux-PAM/modules/pam_tally/README @@ -1,5 +1,5 @@ SUMMARY: - pam_tally: + pam_tally.so: Maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail. @@ -9,43 +9,57 @@ SUMMARY: * onerr=[succeed|fail] (if something weird happens such as unable to open the file, what to do?) * file=/where/to/keep/counts (default /var/log/faillog) + * audit (will display the username typed if the user is not found) (auth) - Authentication phase increments attempted login counter. - * no_magic_root (root DOES increment counter. Use for - daemon-based stuff, like telnet/rsh/login) + Authentication phase first checks if user should be denied access + and if not it increments attempted login counter. Then on call to + pam_setcred it resets the attempts counter if the user is NOT + magic root. + * deny=n (deny access if tally for this user exceeds n) + + * lock_time=n (always deny for n seconds after failed attempt) + + * unlock_time=n (allow access after n seconds after the last + failed attempt with exceeded tally) - (account) - Account phase can deny access and/or reset attempts counter. - * deny=n (deny access if tally for this user exceeds n; - The presence of deny=n changes the default for - reset/no_reset to reset, unless the user trying to - gain access is root and the no_magic_root option - has NOT been specified.) - - * no_magic_root (access attempts by root DON'T ignore deny. - Use this for daemon-based stuff, like telnet/rsh/login) + * magic_root (access attempts by root as requesting user ignore + deny and don't change counter. + Use this for su and similar services.) + * even_deny_root_account (Root can become unavailable. BEWARE. Note that magic root trying to gain root bypasses this, but normal users can be locked out.) - * reset (reset count to 0 on successful entry, even for - magic root) - * no_reset (don't reset count on successful entry) - This is the default unless deny exists and the - user attempting access is NOT magic root. - * per_user (If /var/log/faillog contains a non-zero - .fail_max field for this user then use it - instead of deny=n parameter) + .fail_max/.fail_locktime field for this user then use it + instead of deny=n/lock_time=n parameter.) * no_lock_time (Don't use .fail_locktime filed in /var/log/faillog for this user) + * no_reset (don't reset count on successful entry, + only decrement) + + + (account) + Account phase resets attempts counter if the user is NOT magic root. + This phase can be used optionaly for services which don't call + pam_setcred correctly or if the reset should be done regardless + of the failure of the account phase of other modules. + + * magic_root (access attempts by root as requesting user + don't change counter. + Use this for su and similar services.) + + * no_reset (don't reset count on successful entry, + only decrement) + Also checks to make sure that the counts file is a plain file and not world writable. - Tim Baverstock <warwick@sable.demon.co.uk>, v0.1 5 March 1997 + - Tomas Mraz <tmraz@redhat.com>, v0.2 5 January 2005 LONGER: @@ -53,20 +67,20 @@ pam_tally comes in two parts: pam_tally.so and pam_tally. pam_tally.so sits in a pam config file, in the auth and account sections. -In the auth section, it increments a per-uid counter for each attempted -login, in the account section, it denies access if attempted logins -exceed some threashold and/or resets that counter to zero on successful -login. +In the auth section, it denies access if attempted logins exceed some +threshold and it increments a per-uid counter for each attempted login, +in the account section, it resets that counter to zero on successful +login. If the module isn't used in the account section it resets the counter +to zero on call to pam_setcred. Root is treated specially: -1. When a process already running as root tries to access some service, the -access is `magic', and bypasses pam_tally's checks: handy for `su'ing from -root into an account otherwise blocked. However, for services like telnet or -login which always effectively run from the root account, root (ie everyone) -shouldn't be granted this magic status, and the flag `no_magic_root' should -be set in this situation, as noted in the summary above. [This option may -be obsolete, with `sufficient root' processing.] +1. When a process already running as root tries to access some service and the +'magic_root' flag is set, the access is `magic', and bypasses pam_tally's +checks: handy for `su'ing from root into an account otherwise blocked. +NOTE: This was changed from the previous version of pam_tally where the default +was to treat root as magic and there were the 'no_magic_root' flag. However +for most of services the current default make sense. 2. Normally, failed attempts to access root will NOT cause the root account to become blocked, to prevent denial-of-service: if your users aren't @@ -93,3 +107,10 @@ The (4.0 Redhat) utilities seem to do funny things with uid, and I'm not wholly sure I understood what I should have been doing anyway so the `keep a count of current logins' bit has been #ifdef'd out and you can only reset the counter on successful authentication, for now. + +IMPORTANT NOTICE: +In the original version of pam_tally there was a bug where the information +if the password was correct or not was leaked by returning error from +different pam management phases. This was solved by moving the denying +functionality to the auth phase. However it's necessary to update the pam +configuration by moving the required options (as deny=N) to the auth phase. diff --git a/Linux-PAM/modules/pam_tally/faillog.h b/Linux-PAM/modules/pam_tally/faillog.h index fa9c414f..0f16261b 100644 --- a/Linux-PAM/modules/pam_tally/faillog.h +++ b/Linux-PAM/modules/pam_tally/faillog.h @@ -30,7 +30,7 @@ /* * faillog.h - login failure logging file format * - * $Id: faillog.h,v 1.1.1.1 2001/04/29 04:17:35 hartmans Exp $ + * $Id: faillog.h,v 1.1.1.1 2000/06/20 22:11:59 agmorgan Exp $ * * The login failure file is maintained by login(1) and faillog(8) * Each record in the file represents a separate UID and the file diff --git a/Linux-PAM/modules/pam_tally/pam_tally.c b/Linux-PAM/modules/pam_tally/pam_tally.c index a2fed80b..1e48662e 100644 --- a/Linux-PAM/modules/pam_tally/pam_tally.c +++ b/Linux-PAM/modules/pam_tally/pam_tally.c @@ -1,7 +1,7 @@ /* * pam_tally.c * - * $Id: pam_tally.c,v 1.1.1.2 2002/09/15 20:08:59 hartmans Exp $ + * $Id: pam_tally.c,v 1.15 2005/01/24 14:04:17 t8m Exp $ */ @@ -9,6 +9,9 @@ * 5 March 1997 * * Stuff stolen from pam_rootok and pam_listfile + * + * Changes by Tomas Mraz <tmraz@redhat.com> 5 January 2005 + * Audit option added for Tomas patch by Sebastien Tricaud <toady@gscore.org> 13 January 2005 */ #include <security/_pam_aconf.h> @@ -49,18 +52,13 @@ /* #define PAM_SM_PASSWORD */ #include <security/pam_modules.h> +#include <security/_pam_modutil.h> /*---------------------------------------------------------------------*/ #define DEFAULT_LOGFILE "/var/log/faillog" #define MODULE_NAME "pam_tally" -enum TALLY_RESET { - TALLY_RESET_DEFAULT, - TALLY_RESET_RESET, - TALLY_RESET_NO_RESET -}; - #define tally_t unsigned short int #define TALLY_FMT "%hu" #define TALLY_HI ((tally_t)~0L) @@ -78,6 +76,28 @@ struct fail_s { #endif /* ndef MAIN */ }; +struct tally_options { + const char *filename; + tally_t deny; + long lock_time; + long unlock_time; + unsigned int ctrl; +}; + +#define PHASE_UNKNOWN 0 +#define PHASE_AUTH 1 +#define PHASE_ACCOUNT 2 +#define PHASE_SESSION 3 + +#define OPT_MAGIC_ROOT 01 +#define OPT_FAIL_ON_ERROR 02 +#define OPT_DENY_ROOT 04 +#define OPT_PER_USER 010 +#define OPT_NO_LOCK_TIME 020 +#define OPT_NO_RESET 040 +#define OPT_AUDIT 100 + + /*---------------------------------------------------------------------*/ /* some syslogging */ @@ -100,6 +120,94 @@ static void _pam_log(int err, const char *format, ...) /*---------------------------------------------------------------------*/ +/* --- Support function: parse arguments --- */ + +static void log_phase_no_auth( int phase, const char *argv ) +{ + if ( phase != PHASE_AUTH ) { + _pam_log(LOG_ERR, + MODULE_NAME ": option %s allowed in auth phase only", argv); + } +} + +static int tally_parse_args( struct tally_options *opts, int phase, + int argc, const char **argv ) +{ + memset(opts, 0, sizeof(*opts)); + opts->filename = DEFAULT_LOGFILE; + + for ( ; argc-- > 0; ++argv ) { + + if ( ! strncmp( *argv, "file=", 5 ) ) { + const char *from = *argv + 5; + if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) { + _pam_log(LOG_ERR, + MODULE_NAME ": filename not /rooted or too long; ", + *argv); + return PAM_AUTH_ERR; + } + opts->filename = from; + } + else if ( ! strcmp( *argv, "onerr=fail" ) ) { + opts->ctrl |= OPT_FAIL_ON_ERROR; + } + else if ( ! strcmp( *argv, "onerr=succeed" ) ) { + opts->ctrl &= ~OPT_FAIL_ON_ERROR; + } + else if ( ! strcmp( *argv, "magic_root" ) ) { + opts->ctrl |= OPT_MAGIC_ROOT; + } + else if ( ! strcmp( *argv, "even_deny_root_account" ) ) { + log_phase_no_auth(phase, *argv); + opts->ctrl |= OPT_DENY_ROOT; + } + else if ( ! strncmp( *argv, "deny=", 5 ) ) { + log_phase_no_auth(phase, *argv); + if ( sscanf((*argv)+5,TALLY_FMT,&opts->deny) != 1 ) { + _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + return PAM_AUTH_ERR; + } + } + else if ( ! strncmp( *argv, "lock_time=", 10 ) ) { + log_phase_no_auth(phase, *argv); + if ( sscanf((*argv)+10,"%ld",&opts->lock_time) != 1 ) { + _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + return PAM_AUTH_ERR; + } + } + else if ( ! strncmp( *argv, "unlock_time=", 12 ) ) { + log_phase_no_auth(phase, *argv); + if ( sscanf((*argv)+12,"%ld",&opts->unlock_time) != 1 ) { + _pam_log(LOG_ERR,"bad number supplied; %s",*argv); + return PAM_AUTH_ERR; + } + } + else if ( ! strcmp( *argv, "per_user" ) ) + { + log_phase_no_auth(phase, *argv); + opts->ctrl |= OPT_PER_USER; + } + else if ( ! strcmp( *argv, "no_lock_time") ) + { + log_phase_no_auth(phase, *argv); + opts->ctrl |= OPT_NO_LOCK_TIME; + } + else if ( ! strcmp( *argv, "no_reset" ) ) { + opts->ctrl |= OPT_NO_RESET; + } + else if ( ! strcmp ( *argv, "audit") ) { + opts->ctrl |= OPT_AUDIT; + } + else { + _pam_log(LOG_ERR, MODULE_NAME ": unknown option; %s",*argv); + } + } + + return PAM_SUCCESS; +} + +/*---------------------------------------------------------------------*/ + /* --- Support function: get uid (and optionally username) from PAM or cline_user --- */ @@ -107,9 +215,9 @@ static void _pam_log(int err, const char *format, ...) static char *cline_user=0; /* cline_user is used in the administration prog */ #endif -static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp ) +static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) { - const char *user; + const char *user = NULL; struct passwd *pw; #ifdef MAIN @@ -123,8 +231,10 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp ) return PAM_AUTH_ERR; } - if ( ! ( pw = getpwnam( user ) ) ) { - _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user %s",user); + if ( ! ( pw = _pammodutil_getpwnam( pamh, user ) ) ) { + opts->ctrl & OPT_AUDIT ? + _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user %s",user) : + _pam_log(LOG_ERR,MODULE_NAME ": pam_get_uid; no such user"); return PAM_USER_UNKNOWN; } @@ -135,6 +245,42 @@ static int pam_get_uid( pam_handle_t *pamh, uid_t *uid, const char **userp ) /*---------------------------------------------------------------------*/ +/* --- Support functions: set/get tally data --- */ + +static void _cleanup( pam_handle_t *pamh, void *data, int error_status ) + { + free(data); + } + +static void tally_set_data( pam_handle_t *pamh, time_t oldtime ) + { + time_t *data; + + if ( (data=malloc(sizeof(time_t))) != NULL ) { + *data = oldtime; + pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); + } + } + +static int tally_get_data( pam_handle_t *pamh, time_t *oldtime ) + { + int rv; + const void *data; + + rv = pam_get_data(pamh, MODULE_NAME, &data); + if ( rv == PAM_SUCCESS && oldtime != NULL ) { + *oldtime = *(const time_t *)data; + pam_set_data(pamh, MODULE_NAME, NULL, NULL); + } + else { + rv = -1; + *oldtime = 0; + } + return rv; + } + +/*---------------------------------------------------------------------*/ + /* --- Support function: open/create tallyfile and return tally for uid --- */ /* If on entry *tally==TALLY_HI, tallyfile is opened READONLY */ @@ -189,7 +335,8 @@ static int get_tally( tally_t *tally, if ( fseek( *TALLY, uid * sizeof(struct faillog), SEEK_SET ) ) { _pam_log(LOG_ALERT, "fseek failed %s", filename); - return PAM_AUTH_ERR; + fclose(*TALLY); + return PAM_AUTH_ERR; } if ( fileinfo.st_size <= uid * sizeof(struct faillog) ) { @@ -253,82 +400,42 @@ static int set_tally( tally_t tally, #define PAM_FUNCTION(name) \ PAM_EXTERN int name (pam_handle_t *pamh,int flags,int argc,const char **argv) -#define RETURN_ERROR(i) return ((fail_on_error)?(i):(PAM_SUCCESS)) +#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) /*---------------------------------------------------------------------*/ /* --- tally bump function: bump tally for uid by (signed) inc --- */ -static int tally_bump (int inc, +static int tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, - int flags, - int argc, - const char **argv) { - uid_t uid; - - int - fail_on_error = FALSE; + uid_t uid, + const char *user, + struct tally_options *opts) { tally_t tally = 0; /* !TALLY_HI --> Log opened for update */ - char - no_magic_root = FALSE; - - char - filename[ FILENAME_MAX ] = DEFAULT_LOGFILE; - - /* Should probably decode the parameters before anything else. */ - - { - for ( ; argc-- > 0; ++argv ) { - - /* generic options.. um, ignored. :] */ - - if ( ! strcmp( *argv, "no_magic_root" ) ) { - no_magic_root = TRUE; - } - else if ( ! strncmp( *argv, "file=", 5 ) ) { - char const - *from = (*argv)+5; - char - *to = filename; - if ( *from!='/' || strlen(from)>FILENAME_MAX-1 ) { - _pam_log(LOG_ERR, - MODULE_NAME ": filename not /rooted or too long; ", - *argv); - RETURN_ERROR( PAM_AUTH_ERR ); - } - while ( ( *to++ = *from++ ) ); - } - else if ( ! strcmp( *argv, "onerr=fail" ) ) { - fail_on_error=TRUE; - } - else if ( ! strcmp( *argv, "onerr=succeed" ) ) { - fail_on_error=FALSE; - } - else { - _pam_log(LOG_ERR, MODULE_NAME ": unknown option; %s",*argv); - } - } /* for() */ - } - - { FILE *TALLY = NULL; const char - *user = NULL, *remote_host = NULL, *cur_tty = NULL; struct fail_s fs, *fsp = &fs; + int i; - int i=pam_get_uid(pamh, &uid, &user); - if ( i != PAM_SUCCESS ) RETURN_ERROR( i ); - - i=get_tally( &tally, uid, filename, &TALLY, fsp ); + i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); /* to remember old fail time (for locktime) */ fsp->fs_fail_time = fsp->fs_faillog.fail_time; - fsp->fs_faillog.fail_time = time(NULL); + if ( inc > 0 ) { + if ( oldtime ) { + *oldtime = fsp->fs_faillog.fail_time; + } + fsp->fs_faillog.fail_time = time(NULL); + } else { + if ( oldtime ) { + fsp->fs_faillog.fail_time = *oldtime; + } + } (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host); if (!remote_host) { @@ -350,7 +457,7 @@ static int tally_bump (int inc, } if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } - if ( no_magic_root || getuid() ) { /* no_magic_root kills uid test */ + if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) { /* magic_root doesn't change tally */ tally+=inc; @@ -361,213 +468,215 @@ static int tally_bump (int inc, } } - i=set_tally( tally, uid, filename, &TALLY, fsp ); + i=set_tally( tally, uid, opts->filename, &TALLY, fsp ); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } - } - return PAM_SUCCESS; + return PAM_SUCCESS; } -/*---------------------------------------------------------------------*/ - -/* --- authentication management functions (only) --- */ - -#ifdef PAM_SM_AUTH - -PAM_FUNCTION( pam_sm_authenticate ) { - return tally_bump( 1, pamh, flags, argc, argv); -} - -/* --- Seems to need this function. Ho hum. --- */ - -PAM_FUNCTION( pam_sm_setcred ) { return PAM_SUCCESS; } - -#endif - -/*---------------------------------------------------------------------*/ - -/* --- session management functions (only) --- */ - -/* - * Unavailable until .so files can be suid - */ - -#ifdef PAM_SM_SESSION - -/* To maintain a balance-tally of successful login/outs */ - -PAM_FUNCTION( pam_sm_open_session ) { - return tally_bump( 1, pamh, flags, argc, argv); -} - -PAM_FUNCTION( pam_sm_close_session ) { - return tally_bump(-1, pamh, flags, argc, argv); -} - -#endif - -/*---------------------------------------------------------------------*/ - -/* --- authentication management functions (only) --- */ - -#ifdef PAM_SM_AUTH - -/* To lock out a user with an unacceptably high tally */ - -PAM_FUNCTION( pam_sm_acct_mgmt ) { - uid_t - uid; - - int - fail_on_error = FALSE; +static int tally_check (time_t oldtime, + pam_handle_t *pamh, + uid_t uid, + const char *user, + struct tally_options *opts) { tally_t - deny = 0; + deny = opts->deny; tally_t tally = 0; /* !TALLY_HI --> Log opened for update */ + long + lock_time = opts->lock_time; - char - no_magic_root = FALSE, - even_deny_root_account = FALSE; - char per_user = FALSE; /* if true then deny=.fail_max for user */ - char no_lock_time = FALSE; /* if true then don't use .fail_locktime */ - - const char - *user = NULL; - - enum TALLY_RESET - reset = TALLY_RESET_DEFAULT; - - char - filename[ FILENAME_MAX ] = DEFAULT_LOGFILE; - - /* Should probably decode the parameters before anything else. */ - - { - for ( ; argc-- > 0; ++argv ) { - - /* generic options.. um, ignored. :] */ - - if ( ! strcmp( *argv, "no_magic_root" ) ) { - no_magic_root = TRUE; - } - else if ( ! strcmp( *argv, "even_deny_root_account" ) ) { - even_deny_root_account = TRUE; - } - else if ( ! strcmp( *argv, "reset" ) ) { - reset = TALLY_RESET_RESET; - } - else if ( ! strcmp( *argv, "no_reset" ) ) { - reset = TALLY_RESET_NO_RESET; - } - else if ( ! strncmp( *argv, "file=", 5 ) ) { - char const - *from = (*argv)+5; - char - *to = filename; - if ( *from != '/' || strlen(from) > FILENAME_MAX-1 ) { - _pam_log(LOG_ERR, - MODULE_NAME ": filename not /rooted or too long; ", - *argv); - RETURN_ERROR( PAM_AUTH_ERR ); - } - while ( ( *to++ = *from++ ) ); - } - else if ( ! strncmp( *argv, "deny=", 5 ) ) { - if ( sscanf((*argv)+5,TALLY_FMT,&deny) != 1 ) { - _pam_log(LOG_ERR,"bad number supplied; %s",*argv); - RETURN_ERROR( PAM_AUTH_ERR ); - } - } - else if ( ! strcmp( *argv, "onerr=fail" ) ) { - fail_on_error=TRUE; - } - else if ( ! strcmp( *argv, "onerr=succeed" ) ) { - fail_on_error=FALSE; - } - else if ( ! strcmp( *argv, "per_user" ) ) - { - per_user = TRUE; - } - else if ( ! strcmp( *argv, "no_lock_time") ) - { - no_lock_time = TRUE; - } - else { - _pam_log(LOG_ERR, MODULE_NAME ": unknown option; %s",*argv); - } - } /* for() */ - } - - { struct fail_s fs, *fsp = &fs; FILE *TALLY=0; - int i=pam_get_uid(pamh, &uid, &user); - if ( i != PAM_SUCCESS ) RETURN_ERROR( i ); + int i; - i=get_tally( &tally, uid, filename, &TALLY, fsp ); - if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } + i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); + if (TALLY) fclose(TALLY); + if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); } - if ( no_magic_root || getuid() ) { /* no_magic_root kills uid test */ + if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) { /* magic_root skips tally check */ /* To deny or not to deny; that is the question */ /* if there's .fail_max entry and per_user=TRUE then deny=.fail_max */ - if ( (fsp->fs_faillog.fail_max) && (per_user) ) { + if ( (fsp->fs_faillog.fail_max) && (opts->ctrl & OPT_PER_USER) ) { deny = fsp->fs_faillog.fail_max; } - if (fsp->fs_faillog.fail_locktime && fsp->fs_fail_time - && (!no_lock_time) ) + if ( (fsp->fs_faillog.fail_locktime) && (opts->ctrl & OPT_PER_USER) ) { + lock_time = fsp->fs_faillog.fail_locktime; + } + if (lock_time && oldtime + && !(opts->ctrl & OPT_NO_LOCK_TIME) ) { - if ( (fsp->fs_faillog.fail_locktime + fsp->fs_fail_time) > time(NULL) ) + if ( lock_time + oldtime > time(NULL) ) { _pam_log(LOG_NOTICE, "user %s ("UID_FMT") has time limit [%lds left]" " since last failure.", user,uid, - fsp->fs_fail_time+fsp->fs_faillog.fail_locktime + oldtime+lock_time -time(NULL)); return PAM_AUTH_ERR; } } + if (opts->unlock_time && oldtime) + { + if ( opts->unlock_time + oldtime <= time(NULL) ) + { /* ignore deny check after unlock_time elapsed */ + return PAM_SUCCESS; + } + } if ( ( deny != 0 ) && /* deny==0 means no deny */ ( tally > deny ) && /* tally>deny means exceeded */ - ( even_deny_root_account || uid ) /* even_deny stops uid check */ + ( ((opts->ctrl & OPT_DENY_ROOT) || uid) ) /* even_deny stops uid check */ ) { _pam_log(LOG_NOTICE,"user %s ("UID_FMT") tally "TALLY_FMT", deny "TALLY_FMT, user, uid, tally, deny); return PAM_AUTH_ERR; /* Only unconditional failure */ } - - /* resets for explicit reset - * or by default if deny exists and not magic-root - */ - - if ( ( reset == TALLY_RESET_RESET ) || - ( reset == TALLY_RESET_DEFAULT && deny ) ) { tally=0; } } - else /* is magic root */ { - /* Magic root skips deny test... */ + return PAM_SUCCESS; +} + +static int tally_reset (pam_handle_t *pamh, + uid_t uid, + const char *user, + struct tally_options *opts) { + tally_t + tally = 0; /* !TALLY_HI --> Log opened for update */ + + struct fail_s fs, *fsp = &fs; + FILE *TALLY=0; + int i; + + i=get_tally( &tally, uid, opts->filename, &TALLY, fsp ); + if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } + + /* resets if not magic root + */ - /* Magic root only resets on explicit reset, regardless of deny */ + if ( (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) + && !(opts->ctrl & OPT_NO_RESET) ) + { tally=0; } - if ( reset == TALLY_RESET_RESET ) { tally=0; } - } if (tally == 0) { fsp->fs_faillog.fail_time = (time_t) 0; strcpy(fsp->fs_faillog.fail_line, ""); } - i=set_tally( tally, uid, filename, &TALLY, fsp ); + + i=set_tally( tally, uid, opts->filename, &TALLY, fsp ); if ( i != PAM_SUCCESS ) { if (TALLY) fclose(TALLY); RETURN_ERROR( i ); } - } - return PAM_SUCCESS; + return PAM_SUCCESS; +} + +/*---------------------------------------------------------------------*/ + +/* --- authentication management functions (only) --- */ + +#ifdef PAM_SM_AUTH + +PAM_FUNCTION( pam_sm_authenticate ) { + int + rvcheck, rvbump; + time_t + oldtime = 0; + struct tally_options + options, *opts = &options; + uid_t + uid; + const char + *user; + + rvcheck = tally_parse_args(opts, PHASE_AUTH, argc, argv); + if ( rvcheck != PAM_SUCCESS ) + RETURN_ERROR( rvcheck ); + + rvcheck = pam_get_uid(pamh, &uid, &user, opts); + if ( rvcheck != PAM_SUCCESS ) + RETURN_ERROR( rvcheck ); + + rvbump = tally_bump(1, &oldtime, pamh, uid, user, opts); + rvcheck = tally_check(oldtime, pamh, uid, user, opts); + + tally_set_data(pamh, oldtime); + + return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; +} + +PAM_FUNCTION( pam_sm_setcred ) { + int + rv; + time_t + oldtime = 0; + struct tally_options + options, *opts = &options; + uid_t + uid; + const char + *user; + + rv = tally_parse_args(opts, PHASE_AUTH, argc, argv); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + + rv = pam_get_uid(pamh, &uid, &user, opts); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + + if ( tally_get_data(pamh, &oldtime) != 0 ) + /* no data found */ + return PAM_SUCCESS; + + if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS ) + return rv; + return tally_reset(pamh, uid, user, opts); +} + +#endif + +/*---------------------------------------------------------------------*/ + +/* --- authentication management functions (only) --- */ + +#ifdef PAM_SM_ACCOUNT + +/* To reset failcount of user on successfull login */ + +PAM_FUNCTION( pam_sm_acct_mgmt ) { + int + rv; + time_t + oldtime = 0; + struct tally_options + options, *opts = &options; + uid_t + uid; + const char + *user; + + rv = tally_parse_args(opts, PHASE_ACCOUNT, argc, argv); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + + rv = pam_get_uid(pamh, &uid, &user, opts); + if ( rv != PAM_SUCCESS ) + RETURN_ERROR( rv ); + + if ( tally_get_data(pamh, &oldtime) != 0 ) + /* no data found */ + return PAM_SUCCESS; + + if ( (rv=tally_bump(-1, &oldtime, pamh, uid, user, opts)) != PAM_SUCCESS ) + return rv; + return tally_reset(pamh, uid, user, opts); } -#endif /* #ifdef PAM_SM_AUTH */ +#endif /* #ifdef PAM_SM_ACCOUNT */ /*-----------------------------------------------------------------------*/ @@ -589,18 +698,9 @@ struct pam_module _pam_tally_modstruct = { #else NULL, #endif -#ifdef PAM_SM_SESSION - pam_sm_open_session, - pam_sm_close_session, -#else NULL, NULL, -#endif -#ifdef PAM_SM_PASSWORD - pam_sm_chauthtok, -#else NULL, -#endif }; #endif /* #ifdef PAM_STATIC */ @@ -670,7 +770,12 @@ int main ( int argc, char **argv ) { uid_t uid; tally_t tally=cline_reset; FILE *TALLY=0; - int i=pam_get_uid( NULL, &uid, NULL); + struct tally_options opts; + int i; + + memset(&opts, 0, sizeof(opts)); + opts.ctrl = OPT_AUDIT; + i=pam_get_uid( NULL, &uid, NULL, &opts); if ( i != PAM_SUCCESS ) { fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); exit(0); diff --git a/Linux-PAM/modules/pam_time/Makefile b/Linux-PAM/modules/pam_time/Makefile index 647d3081..4aa4e276 100644 --- a/Linux-PAM/modules/pam_time/Makefile +++ b/Linux-PAM/modules/pam_time/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:35 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:05 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_time/README b/Linux-PAM/modules/pam_time/README index 4ef51531..0228b907 100644 --- a/Linux-PAM/modules/pam_time/README +++ b/Linux-PAM/modules/pam_time/README @@ -1,4 +1,4 @@ -$Id: README,v 1.1.1.1 2001/04/29 04:17:35 hartmans Exp $ +$Id: README,v 1.2 2000/12/04 19:02:35 baggins Exp $ This is a help file for the pam_time module. It explains the need for pam_time and also the syntax of the /etc/security/time.conf file. diff --git a/Linux-PAM/modules/pam_time/pam_time.c b/Linux-PAM/modules/pam_time/pam_time.c index 5757a557..c04180f2 100644 --- a/Linux-PAM/modules/pam_time/pam_time.c +++ b/Linux-PAM/modules/pam_time/pam_time.c @@ -1,15 +1,15 @@ /* pam_time module */ /* - * $Id: pam_time.c,v 1.1.1.2 2002/09/15 20:08:59 hartmans Exp $ + * $Id: pam_time.c,v 1.5 2004/09/22 09:37:50 kukuk Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/6/22 * (File syntax and much other inspiration from the shadow package * shadow-960129) */ -const static char rcsid[] = -"$Id: pam_time.c,v 1.1.1.2 2002/09/15 20:08:59 hartmans Exp $;\n" +static const char rcsid[] = +"$Id: pam_time.c,v 1.5 2004/09/22 09:37:50 kukuk Exp $;\n" "\t\tVersion 0.22 for Linux-PAM\n" "Copyright (C) Andrew G. Morgan 1996 <morgan@linux.kernel.org>\n"; @@ -127,6 +127,7 @@ static int read_field(int fd, char **buf, int *from, int *to) i = read(fd, *to + *buf, PAM_TIME_BUFLEN - *to); if (i < 0) { _log_err("error reading " PAM_TIME_CONF); + close(fd); return -1; } else if (!i) { close(fd); @@ -166,6 +167,7 @@ static int read_field(int fd, char **buf, int *from, int *to) } else { _log_err("internal error in " __FILE__ " at line %d", __LINE__ ); + close(fd); return -1; } break; diff --git a/Linux-PAM/modules/pam_unix/CHANGELOG b/Linux-PAM/modules/pam_unix/CHANGELOG index 206d30dd..509ce0a3 100644 --- a/Linux-PAM/modules/pam_unix/CHANGELOG +++ b/Linux-PAM/modules/pam_unix/CHANGELOG @@ -1,4 +1,4 @@ -$Id: CHANGELOG,v 1.1.1.1 2001/04/29 04:17:36 hartmans Exp $ +$Id: CHANGELOG,v 1.1.1.1 2000/06/20 22:12:01 agmorgan Exp $ * Mon Aug 16 1999 Jan Rêkorajski <baggins@pld.org.pl> - fixed reentrancy problems diff --git a/Linux-PAM/modules/pam_unix/Makefile b/Linux-PAM/modules/pam_unix/Makefile index 03374512..7f32e073 100644 --- a/Linux-PAM/modules/pam_unix/Makefile +++ b/Linux-PAM/modules/pam_unix/Makefile @@ -1,4 +1,4 @@ -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:36 hartmans Exp $ +# $Id: Makefile,v 1.8 2004/11/08 08:58:37 kukuk Exp $ # # This Makefile controls a build process of the pam_unix modules # for Linux-PAM. You should not modify this Makefile. @@ -18,6 +18,19 @@ include ../../Make.Rules #USE_CRACKLIB=-D"USE_CRACKLIB" #endif +ifeq ($(shell if [ -f /usr/lib/cracklib_dict.hwm ]; then echo yes ; fi),yes) + CRACKLIB_DICTPATH=/usr/lib/cracklib_dict +else + CRACKLIB_DICTPATH=/usr/share/dict/cracklib_dict +endif +EXTRAS += -DCRACKLIB_DICTS=\"$(CRACKLIB_DICTPATH)\" + +ifeq ($(HAVE_LIBCRYPT),yes) + EXTRALS += -lcrypt +endif +ifeq ($(HAVE_LIBNSL),yes) + EXTRALS += -lnsl +endif # do you want to use lckpwdf? ifeq ($(WITH_LCKPWDF),yes) USE_LCKPWDF=-D"USE_LCKPWDF" @@ -37,12 +50,19 @@ endif CHKPWD=unix_chkpwd +BIGCRYPT=bigcrypt + EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\" +LINK_PAMMODUTILS = -L../pammodutil -lpammodutil +INCLUDE_PAMMODUTILS = -I../pammodutil/include + ######################################################################## -CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) -LDLIBS = $(EXTRALS) +CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) \ + $(INCLUDE_PAMMODUTILS) + +LDLIBS = $(EXTRALS) $(LINK_PAMMODUTILS) ifdef USE_CRACKLIB CRACKLIB = -lcrack @@ -69,7 +89,8 @@ endif ########################### don't edit below ####################### -all: dirs info $(PLUS) $(LIBSHARED) $(LIBSTATIC) $(CHKPWD) register +all: dirs info $(PLUS) $(LIBSHARED) $(LIBSTATIC) $(CHKPWD) $(BIGCRYPT) \ + register dynamic/%.o : %.c $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ @@ -107,7 +128,7 @@ ifdef DYNAMIC $(LIBOBJD): $(LIBSRC) $(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT) + $(LD_D) -o $@ $(LIBOBJD) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT) $(NEED_LINK_LIB_C) -L../../libpam -lpam endif ifdef STATIC @@ -120,7 +141,10 @@ endif $(CHKPWD): unix_chkpwd.o md5_good.o md5_broken.o \ md5_crypt_good.o md5_crypt_broken.o \ bigcrypt.o - $(CC) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT) + $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT) + +$(BIGCRYPT): bigcrypt_main.o bigcrypt.o + $(CC) -o $(BIGCRYPT) $^ $(LDLIBS) $(LIBCRYPT) unix_chkpwd.o: unix_chkpwd.c $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ @@ -158,7 +182,7 @@ remove: rm -f $(FAKEROOT)$(SUPLEMENTED)/$(CHKPWD) clean: - rm -f $(LIBOBJD) $(LIBOBJS) $(CHKPWD) *.o *.so core + rm -f $(LIBOBJD) $(LIBOBJS) $(CHKPWD) $(BIGCRYPT) *.o *.so core rm -f *~ *.a *.out *.bak rm -rf dynamic static diff --git a/Linux-PAM/modules/pam_unix/README b/Linux-PAM/modules/pam_unix/README index d6b1f395..afeee3da 100644 --- a/Linux-PAM/modules/pam_unix/README +++ b/Linux-PAM/modules/pam_unix/README @@ -31,5 +31,7 @@ The following options are recognized: nis - use NIS RPC for setting new password remember=X - remember X old passwords, they are kept in /etc/security/opasswd in MD5 crypted form + broken_shadow - ignore errors reading shadow information for + users in the account management module invalid arguments are logged to syslog. diff --git a/Linux-PAM/modules/pam_unix/bigcrypt_main.c b/Linux-PAM/modules/pam_unix/bigcrypt_main.c new file mode 100644 index 00000000..70819072 --- /dev/null +++ b/Linux-PAM/modules/pam_unix/bigcrypt_main.c @@ -0,0 +1,18 @@ +#include <stdio.h> +#include <string.h> + +extern const char *bigcrypt(const char *password, const char *salt); + +int +main(int argc, char **argv) +{ + if (argc < 3) { + fprintf(stderr, "Usage: %s password salt\n", + strchr(argv[0], '/') ? + (strchr(argv[0], '/') + 1) : + argv[0]); + return 0; + } + fprintf(stdout, "%s\n", bigcrypt(argv[1], argv[2])); + return 0; +} diff --git a/Linux-PAM/modules/pam_unix/md5.c b/Linux-PAM/modules/pam_unix/md5.c index 3fb50137..7ee9ed00 100644 --- a/Linux-PAM/modules/pam_unix/md5.c +++ b/Linux-PAM/modules/pam_unix/md5.c @@ -1,5 +1,5 @@ /* - * $Id: md5.c,v 1.1.1.1 2001/04/29 04:17:37 hartmans Exp $ + * $Id: md5.c,v 1.1.1.1 2000/06/20 22:12:03 agmorgan Exp $ * * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was diff --git a/Linux-PAM/modules/pam_unix/md5_crypt.c b/Linux-PAM/modules/pam_unix/md5_crypt.c index 8ae84588..8b7bc66b 100644 --- a/Linux-PAM/modules/pam_unix/md5_crypt.c +++ b/Linux-PAM/modules/pam_unix/md5_crypt.c @@ -1,5 +1,5 @@ /* - * $Id: md5_crypt.c,v 1.1.1.2 2002/09/15 20:09:01 hartmans Exp $ + * $Id: md5_crypt.c,v 1.2 2001/07/10 20:24:16 vorlon Exp $ * * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): diff --git a/Linux-PAM/modules/pam_unix/pam_unix_acct.c b/Linux-PAM/modules/pam_unix/pam_unix_acct.c index 178b6037..02e07ba6 100644 --- a/Linux-PAM/modules/pam_unix/pam_unix_acct.c +++ b/Linux-PAM/modules/pam_unix/pam_unix_acct.c @@ -53,6 +53,7 @@ #define PAM_SM_ACCOUNT #include <security/pam_modules.h> +#include <security/_pam_modutil.h> #ifndef LINUX_PAM #include <security/pam_appl.h> @@ -89,7 +90,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return PAM_USER_UNKNOWN; } - pwent = getpwnam(uname); + pwent = _pammodutil_getpwnam(pamh, uname); if (!pwent) { _log_err(LOG_ALERT, pamh ,"could not identify user (from getpwnam(%s))" @@ -113,7 +114,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, return PAM_CRED_INSUFFICIENT; } } - spent = getspnam( uname ); + spent = _pammodutil_getspnam (pamh, uname); if (save_uid == pwent->pw_uid) setreuid( save_uid, save_euid ); else { @@ -122,19 +123,21 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, setreuid( -1, save_euid ); } - } else if (!strcmp( pwent->pw_passwd, "x" )) { - spent = getspnam(uname); - } else { + } else if (_unix_shadowed (pwent)) + spent = _pammodutil_getspnam (pamh, uname); + else return PAM_SUCCESS; - } + + if (!spent) + if (on(UNIX_BROKEN_SHADOW,ctrl)) + return PAM_SUCCESS; if (!spent) return PAM_AUTHINFO_UNAVAIL; /* Couldn't get username from shadow */ curdays = time(NULL) / (60 * 60 * 24); D(("today is %d, last change %d", curdays, spent->sp_lstchg)); - if ((curdays > spent->sp_expire) && (spent->sp_expire != -1) - && (spent->sp_lstchg != 0)) { + if ((curdays > spent->sp_expire) && (spent->sp_expire != -1)) { _log_err(LOG_NOTICE, pamh ,"account %s has expired (account expired)" ,uname); @@ -143,18 +146,6 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("account expired")); return PAM_ACCT_EXPIRED; } - if ((curdays > (spent->sp_lstchg + spent->sp_max + spent->sp_inact)) - && (spent->sp_max != -1) && (spent->sp_inact != -1) - && (spent->sp_lstchg != 0)) { - _log_err(LOG_NOTICE, pamh - ,"account %s has expired (failed to change password)" - ,uname); - _make_remark(pamh, ctrl, PAM_ERROR_MSG, - "Your account has expired; please contact your system administrator"); - D(("account expired 2")); - return PAM_ACCT_EXPIRED; - } - D(("when was the last change")); if (spent->sp_lstchg == 0) { _log_err(LOG_NOTICE, pamh ,"expired password for user %s (root enforced)" @@ -164,7 +155,25 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("need a new password")); return PAM_NEW_AUTHTOK_REQD; } - if (((spent->sp_lstchg + spent->sp_max) < curdays) && (spent->sp_max != -1)) { + if (curdays < spent->sp_lstchg) { + _log_err(LOG_DEBUG, pamh + ,"account %s has password changed in future" + ,uname); + return PAM_SUCCESS; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) + && (curdays - spent->sp_lstchg > spent->sp_inact) + && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) + && (spent->sp_max != -1) && (spent->sp_inact != -1)) { + _log_err(LOG_NOTICE, pamh + ,"account %s has expired (failed to change password)" + ,uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + "Your account has expired; please contact your system administrator"); + D(("account expired 2")); + return PAM_ACCT_EXPIRED; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) { _log_err(LOG_DEBUG, pamh ,"expired password for user %s (password aged)" ,uname); @@ -173,7 +182,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, D(("need a new password 2")); return PAM_NEW_AUTHTOK_REQD; } - if ((curdays > (spent->sp_lstchg + spent->sp_max - spent->sp_warn)) + if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn) && (spent->sp_max != -1) && (spent->sp_warn != -1)) { daysleft = (spent->sp_lstchg + spent->sp_max) - curdays; _log_err(LOG_DEBUG, pamh diff --git a/Linux-PAM/modules/pam_unix/pam_unix_auth.c b/Linux-PAM/modules/pam_unix/pam_unix_auth.c index 67497e06..39e0cde5 100644 --- a/Linux-PAM/modules/pam_unix/pam_unix_auth.c +++ b/Linux-PAM/modules/pam_unix/pam_unix_auth.c @@ -15,13 +15,13 @@ * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE @@ -88,7 +88,8 @@ do { \ *ret_data = retval; \ pam_set_data(pamh, "unix_setcred_return", \ (void *) ret_data, setcred_free); \ - } \ + } else if (ret_data) \ + free (ret_data); \ D(("done. [%s]", pam_strerror(pamh, retval))); \ return retval; \ } while (0) @@ -148,7 +149,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags /* if this user does not have a password... */ - if (_unix_blankpasswd(ctrl, name)) { + if (_unix_blankpasswd(pamh, ctrl, name)) { D(("user '%s' has blank passwd", name)); name = NULL; retval = PAM_SUCCESS; @@ -183,7 +184,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags } -/* +/* * The only thing _pam_set_credentials_unix() does is initialization of * UNIX group IDs. * @@ -203,7 +204,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags retval = PAM_SUCCESS; D(("recovering return code from auth call")); - /* We will only find something here if UNIX_LIKE_AUTH is set -- + /* We will only find something here if UNIX_LIKE_AUTH is set -- don't worry about an explicit check of argv. */ pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval); if(pretval) { diff --git a/Linux-PAM/modules/pam_unix/pam_unix_passwd.c b/Linux-PAM/modules/pam_unix/pam_unix_passwd.c index 6b51a6b2..2ea57cc6 100644 --- a/Linux-PAM/modules/pam_unix/pam_unix_passwd.c +++ b/Linux-PAM/modules/pam_unix/pam_unix_passwd.c @@ -1,5 +1,5 @@ /* - * Main coding by Elliot Lee <sopwith@redhat.com>, Red Hat Software. + * Main coding by Elliot Lee <sopwith@redhat.com>, Red Hat Software. * Copyright (C) 1996. * Copyright (c) Jan Rêkorajski, 1999. * @@ -73,6 +73,8 @@ #include <security/pam_appl.h> #endif /* LINUX_PAM */ +#include <security/_pam_modutil.h> + #include "yppasswd.h" #include "md5.h" #include "support.h" @@ -88,7 +90,7 @@ extern int getrpcport(const char *host, unsigned long prognum, */ #ifdef NEED_LCKPWDF -#include "./lckpwdf.-c" +# include "./lckpwdf.-c" #endif extern char *bigcrypt(const char *key, const char *salt); @@ -114,7 +116,9 @@ extern char *bigcrypt(const char *key, const char *salt); #define MAX_PASSWD_TRIES 3 #define PW_TMPFILE "/etc/npasswd" #define SH_TMPFILE "/etc/nshadow" +#ifndef CRACKLIB_DICTS #define CRACKLIB_DICTS "/usr/share/dict/cracklib_dict" +#endif #define OPW_TMPFILE "/etc/security/nopasswd" #define OLD_PASSWORDS_FILE "/etc/security/opasswd" @@ -215,7 +219,7 @@ static int check_old_password(const char *forwho, const char *newpass) opwfile = fopen(OLD_PASSWORDS_FILE, "r"); if (opwfile == NULL) - return PAM_AUTHTOK_ERR; + return PAM_ABORT; while (fgets(buf, 16380, opwfile)) { if (!strncmp(buf, forwho, strlen(forwho))) { @@ -242,7 +246,8 @@ static int check_old_password(const char *forwho, const char *newpass) return retval; } -static int save_old_password(const char *forwho, const char *oldpass, +static int save_old_password(pam_handle_t *pamh, + const char *forwho, const char *oldpass, int howmany) { static char buf[16384]; @@ -254,6 +259,7 @@ static int save_old_password(const char *forwho, const char *oldpass, int oldmask; int found = 0; struct passwd *pwd = NULL; + struct stat st; if (howmany < 0) { return PAM_SUCCESS; @@ -276,8 +282,25 @@ static int save_old_password(const char *forwho, const char *oldpass, return PAM_AUTHTOK_ERR; } - chown(OPW_TMPFILE, 0, 0); - chmod(OPW_TMPFILE, 0600); + if (fstat (fileno (opwfile), &st) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + + if (fchown (fileno (pwfile), st.st_uid, st.st_gid) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + if (fchmod (fileno (pwfile), st.st_mode) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } while (fgets(buf, 16380, opwfile)) { if (!strncmp(buf, forwho, strlen(forwho))) { @@ -314,7 +337,7 @@ static int save_old_password(const char *forwho, const char *oldpass, fclose(opwfile); if (!found) { - pwd = getpwnam(forwho); + pwd = _pammodutil_getpwnam(pamh, forwho); if (pwd == NULL) { err = 1; } else { @@ -335,18 +358,20 @@ static int save_old_password(const char *forwho, const char *oldpass, } if (!err) { - rename(OPW_TMPFILE, OLD_PASSWORDS_FILE); - return PAM_SUCCESS; - } else { - unlink(OPW_TMPFILE); - return PAM_AUTHTOK_ERR; + if (!rename(OPW_TMPFILE, OLD_PASSWORDS_FILE)) { + return PAM_SUCCESS; + } } + + unlink(OPW_TMPFILE); + return PAM_AUTHTOK_ERR; } static int _update_passwd(pam_handle_t *pamh, const char *forwho, const char *towhat) { struct passwd *tmpent = NULL; + struct stat st; FILE *pwfile, *opwfile; int err = 1; int oldmask; @@ -364,9 +389,26 @@ static int _update_passwd(pam_handle_t *pamh, return PAM_AUTHTOK_ERR; } - chown(PW_TMPFILE, 0, 0); - chmod(PW_TMPFILE, 0644); - tmpent = fgetpwent(opwfile); + if (fstat (fileno (opwfile), &st) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + + if (fchown (fileno (pwfile), st.st_uid, st.st_gid) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + if (fchmod (fileno (pwfile), st.st_mode) == -1) + { + fclose (opwfile); + fclose (pwfile); + } + + tmpent = fgetpwent (opwfile); while (tmpent) { if (!strcmp(tmpent->pw_name, forwho)) { /* To shut gcc up */ @@ -375,7 +417,7 @@ static int _update_passwd(pam_handle_t *pamh, char *charp; } assigned_passwd; assigned_passwd.const_charp = towhat; - + tmpent->pw_passwd = assigned_passwd.charp; err = 0; } @@ -394,18 +436,20 @@ static int _update_passwd(pam_handle_t *pamh, } if (!err) { - rename(PW_TMPFILE, "/etc/passwd"); - _log_err(LOG_NOTICE, pamh, "password changed for %s", forwho); - return PAM_SUCCESS; - } else { - unlink(PW_TMPFILE); - return PAM_AUTHTOK_ERR; + if (!rename(PW_TMPFILE, "/etc/passwd")) { + _log_err(LOG_NOTICE, pamh, "password changed for %s", forwho); + return PAM_SUCCESS; + } } + + unlink(PW_TMPFILE); + return PAM_AUTHTOK_ERR; } -static int _update_shadow(const char *forwho, char *towhat) +static int _update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) { struct spwd *spwdent = NULL, *stmpent = NULL; + struct stat st; FILE *pwfile, *opwfile; int err = 1; int oldmask; @@ -427,8 +471,26 @@ static int _update_shadow(const char *forwho, char *towhat) return PAM_AUTHTOK_ERR; } - chown(SH_TMPFILE, 0, 0); - chmod(SH_TMPFILE, 0600); + if (fstat (fileno (opwfile), &st) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + + if (fchown (fileno (pwfile), st.st_uid, st.st_gid) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + if (fchmod (fileno (pwfile), st.st_mode) == -1) + { + fclose (opwfile); + fclose (pwfile); + return PAM_AUTHTOK_ERR; + } + stmpent = fgetspent(opwfile); while (stmpent) { @@ -455,12 +517,14 @@ static int _update_shadow(const char *forwho, char *towhat) } if (!err) { - rename(SH_TMPFILE, "/etc/shadow"); - return PAM_SUCCESS; - } else { - unlink(SH_TMPFILE); - return PAM_AUTHTOK_ERR; + if (!rename(SH_TMPFILE, "/etc/shadow")) { + _log_err(LOG_NOTICE, pamh, "password changed for %s", forwho); + return PAM_SUCCESS; + } } + + unlink(SH_TMPFILE); + return PAM_AUTHTOK_ERR; } static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, @@ -471,14 +535,28 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, D(("called")); - setpwent(); pwd = getpwnam(forwho); - endpwent(); - if (pwd == NULL) - return PAM_AUTHTOK_ERR; + if (pwd == NULL) { + retval = PAM_AUTHTOK_ERR; + goto done; + } - if (on(UNIX_NIS, ctrl)) { + if (_unix_comesfromsource(pamh, forwho, 1, 0)) { + /* first, save old password */ + if (save_old_password(pamh, forwho, fromwhat, remember)) { + retval = PAM_AUTHTOK_ERR; + goto done; + } + if (on(UNIX_SHADOW, ctrl) || _unix_shadowed(pwd)) { + retval = _update_shadow(pamh, forwho, towhat); + if (retval == PAM_SUCCESS) + if (!_unix_shadowed(pwd)) + retval = _update_passwd(pamh, forwho, "x"); + } else { + retval = _update_passwd(pamh, forwho, towhat); + } + } else if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { struct timeval timeout; struct yppasswd yppwd; CLIENT *clnt; @@ -486,6 +564,10 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, int status; int err = 0; + /* Unlock passwd file to avoid deadlock */ +#ifdef USE_LCKPWDF + ulckpwdf(); +#endif /* Make RPC call to NIS server */ if ((master = getNISserver(pamh)) == NULL) return PAM_TRY_AGAIN; @@ -498,7 +580,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, yppwd.newpw.pw_gecos = pwd->pw_gecos; yppwd.newpw.pw_dir = pwd->pw_dir; yppwd.newpw.pw_shell = pwd->pw_shell; - yppwd.oldpass = fromwhat; + yppwd.oldpass = fromwhat ? fromwhat : ""; yppwd.newpw.pw_passwd = towhat; D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho)); @@ -540,17 +622,11 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, #endif return retval; } - /* first, save old password */ - if (save_old_password(forwho, fromwhat, remember)) { - return PAM_AUTHTOK_ERR; - } - if (on(UNIX_SHADOW, ctrl) || (strcmp(pwd->pw_passwd, "x") == 0)) { - retval = _update_shadow(forwho, towhat); - if (retval == PAM_SUCCESS) - retval = _update_passwd(pamh, forwho, "x"); - } else { - retval = _update_passwd(pamh, forwho, towhat); - } + +done: +#ifdef USE_LCKPWDF + ulckpwdf(); +#endif return retval; } @@ -563,13 +639,11 @@ static int _unix_verify_shadow(const char *user, unsigned int ctrl) int retval = PAM_SUCCESS; /* UNIX passwords area */ - setpwent(); pwd = getpwnam(user); /* Get password file entry... */ - endpwent(); if (pwd == NULL) return PAM_AUTHINFO_UNAVAIL; /* We don't need to do the rest... */ - if (strcmp(pwd->pw_passwd, "x") == 0) { + if (_unix_shadowed(pwd)) { /* ...and shadow password file entry for this user, if shadowing is enabled */ setspent(); @@ -579,7 +653,7 @@ static int _unix_verify_shadow(const char *user, unsigned int ctrl) if (spwdent == NULL) return PAM_AUTHINFO_UNAVAIL; } else { - if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ + if (strcmp(pwd->pw_passwd,"*NP*") == 0) { /* NIS+ */ uid_t save_uid; save_uid = geteuid(); @@ -661,11 +735,17 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh #else if (strlen(pass_new) < 6) remark = "You must choose a longer password"; - D(("lenth check [%s]", remark)); + D(("length check [%s]", remark)); #endif - if (on(UNIX_REMEMBER_PASSWD, ctrl)) - if ((retval = check_old_password(user, pass_new)) != PAM_SUCCESS) + if (on(UNIX_REMEMBER_PASSWD, ctrl)) { + if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) remark = "Password has been already used. Choose another."; + if (retval == PAM_ABORT) { + _log_err(LOG_ERR, pamh, "can't open %s file to check old passwords", + OLD_PASSWORDS_FILE); + return retval; + } + } } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); @@ -689,33 +769,12 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, D(("called.")); -#ifdef USE_LCKPWDF - /* our current locking system requires that we lock the - entire password database. This avoids both livelock - and deadlock. */ - /* These values for the number of attempts and the sleep time - are, of course, completely arbitrary. - My reading of the PAM docs is that, once pam_chauthtok() has been - called with PAM_UPDATE_AUTHTOK, we are obliged to take any - reasonable steps to make sure the token is updated; so retrying - for 1/10 sec. isn't overdoing it. - The other possibility is to call lckpwdf() on the first - pam_chauthtok() pass, and hold the lock until released in the - second pass--but is this guaranteed to work? -SRL */ - i=0; - while((retval = lckpwdf()) != 0 && i < 100) { - usleep(1000); - } - if(retval != 0) { - return PAM_AUTHTOK_LOCK_BUSY; - } -#endif ctrl = _set_ctrl(pamh, flags, &remember, argc, argv); /* * First get the name of a user */ - retval = pam_get_user(pamh, &user, "Username: "); + retval = pam_get_user(pamh, &user, NULL); if (retval == PAM_SUCCESS) { /* * Various libraries at various times have had bugs related to @@ -725,9 +784,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, */ if (user == NULL || !isalnum(*user)) { _log_err(LOG_ERR, pamh, "bad username [%s]", user); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return PAM_USER_UNKNOWN; } if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) @@ -737,15 +793,42 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (on(UNIX_DEBUG, ctrl)) _log_err(LOG_DEBUG, pamh, "password - could not identify user"); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } D(("Got username of %s", user)); /* + * Before we do anything else, check to make sure that the user's + * info is in one of the databases we can modify from this module, + * which currently is 'files' and 'nis'. We have to do this because + * getpwnam() doesn't tell you *where* the information it gives you + * came from, nor should it. That's our job. + */ + if (_unix_comesfromsource(pamh, user, 1, 1) == 0) { + _log_err(LOG_DEBUG, pamh, + "user \"%s\" does not exist in /etc/passwd or NIS", + user); + return PAM_USER_UNKNOWN; + } else { + struct passwd *pwd; + _unix_getpwnam(pamh, user, 1, 1, &pwd); + if (pwd == NULL) { + _log_err(LOG_DEBUG, pamh, + "user \"%s\" has corrupted passwd entry", + user); + return PAM_USER_UNKNOWN; + } + if (!_unix_shadowed(pwd) && + (strchr(pwd->pw_passwd, '*') != NULL)) { + _log_err(LOG_DEBUG, pamh, + "user \"%s\" does not have modifiable password", + user); + return PAM_USER_UNKNOWN; + } + } + + /* * This is not an AUTH module! */ if (on(UNIX__NONULL, ctrl)) @@ -760,10 +843,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, D(("prelim check")); - if (_unix_blankpasswd(ctrl, user)) { -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif + if (_unix_blankpasswd(pamh, ctrl, user)) { return PAM_SUCCESS; } else if (off(UNIX__IAMROOT, ctrl)) { @@ -773,9 +853,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (Announce == NULL) { _log_err(LOG_CRIT, pamh, "password - out of memory"); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return PAM_BUF_ERR; } (void) strcpy(Announce, greeting); @@ -795,9 +872,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval != PAM_SUCCESS) { _log_err(LOG_NOTICE, pamh ,"password - (old) token not obtained"); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } /* verify that this is the password for this user */ @@ -812,9 +886,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval != PAM_SUCCESS) { D(("Authentication failed")); pass_old = NULL; -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); @@ -867,19 +938,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (retval != PAM_SUCCESS) { _log_err(LOG_NOTICE, pamh, "user not authenticated"); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif - return retval; - } - retval = _unix_verify_shadow(user, ctrl); - if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, pamh, "user not authenticated 2"); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } + D(("get new password now")); lctrl = ctrl; @@ -908,9 +969,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ,"password - new password not obtained"); } pass_old = NULL; /* tidy up */ -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } D(("returned to _unix_chauthtok")); @@ -931,11 +989,56 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, _log_err(LOG_NOTICE, pamh, "new password not acceptable"); pass_new = pass_old = NULL; /* tidy up */ + return retval; + } +#ifdef USE_LCKPWDF + /* These values for the number of attempts and the sleep time + are, of course, completely arbitrary. + My reading of the PAM docs is that, once pam_chauthtok() has been + called with PAM_UPDATE_AUTHTOK, we are obliged to take any + reasonable steps to make sure the token is updated; so retrying + for 1/10 sec. isn't overdoing it. */ + i=0; + while((retval = lckpwdf()) != 0 && i < 100) { + usleep(1000); + i++; + } + if(retval != 0) { + return PAM_AUTHTOK_LOCK_BUSY; + } +#endif + + if (pass_old) { + retval = _unix_verify_password(pamh, user, pass_old, ctrl); + if (retval != PAM_SUCCESS) { + _log_err(LOG_NOTICE, pamh, "user password changed by another process"); +#ifdef USE_LCKPWDF + ulckpwdf(); +#endif + return retval; + } + } + + retval = _unix_verify_shadow(user, ctrl); + if (retval != PAM_SUCCESS) { + _log_err(LOG_NOTICE, pamh, "user not authenticated 2"); #ifdef USE_LCKPWDF ulckpwdf(); #endif return retval; } + + retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); + if (retval != PAM_SUCCESS) { + _log_err(LOG_NOTICE, pamh, + "new password not acceptable 2"); + pass_new = pass_old = NULL; /* tidy up */ +#ifdef USE_LCKPWDF + ulckpwdf(); +#endif + return retval; + } + /* * By reaching here we have approved the passwords and must now * rebuild the password database file. @@ -962,7 +1065,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, salt[2] = '\0'; if (off(UNIX_BIGCRYPT, ctrl) && strlen(pass_new) > 8) { - /* + /* * to avoid using the _extensions_ of the bigcrypt() * function we truncate the newly entered password * [Problems that followed from this are fixed as per @@ -998,6 +1101,8 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, retval = _do_setpass(pamh, user, pass_old, tpass, ctrl, remember); + /* _do_setpass has called ulckpwdf for us */ + _pam_delete(tpass); pass_old = pass_new = NULL; } else { /* something has broken with the module */ @@ -1008,9 +1113,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, D(("retval was %d", retval)); -#ifdef USE_LCKPWDF - ulckpwdf(); -#endif return retval; } @@ -1027,4 +1129,3 @@ struct pam_module _pam_unix_passwd_modstruct = { pam_sm_chauthtok, }; #endif - diff --git a/Linux-PAM/modules/pam_unix/pam_unix_sess.c b/Linux-PAM/modules/pam_unix/pam_unix_sess.c index 0784bff8..a29a7085 100644 --- a/Linux-PAM/modules/pam_unix/pam_unix_sess.c +++ b/Linux-PAM/modules/pam_unix/pam_unix_sess.c @@ -1,5 +1,5 @@ /* - * $Id: pam_unix_sess.c,v 1.1.1.1 2001/04/29 04:17:39 hartmans Exp $ + * $Id: pam_unix_sess.c,v 1.5 2005/03/23 14:35:21 t8m Exp $ * * Copyright Alexander O. Yuriev, 1996. All rights reserved. * Copyright Jan Rêkorajski, 1999. All rights reserved. @@ -53,6 +53,7 @@ #include <security/_pam_macros.h> #include <security/pam_modules.h> +#include <security/_pam_modutil.h> #ifndef LINUX_PAM #include <security/pam_appl.h> @@ -71,27 +72,31 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, char *user_name, *service; unsigned int ctrl; int retval; + const char *login_name; D(("called.")); ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); - if (user_name == NULL || retval != PAM_SUCCESS) { + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { _log_err(LOG_CRIT, pamh, "open_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ } retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service); - if (service == NULL || retval != PAM_SUCCESS) { + if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) { _log_err(LOG_CRIT, pamh, "open_session - error recovering service"); return PAM_SESSION_ERR; } - _log_err(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)" - ,user_name - ,PAM_getlogin() == NULL ? "" : PAM_getlogin(), getuid()); + login_name = _pammodutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + _log_err(LOG_INFO, pamh, "session opened for user %s by %s(uid=%d)", + user_name, login_name, getuid()); return PAM_SUCCESS; } @@ -108,14 +113,14 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t * pamh, int flags, ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); - if (user_name == NULL || retval != PAM_SUCCESS) { + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { _log_err(LOG_CRIT, pamh, "close_session - error recovering username"); return PAM_SESSION_ERR; /* How did we get authenticated with no username?! */ } retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service); - if (service == NULL || retval != PAM_SUCCESS) { + if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) { _log_err(LOG_CRIT, pamh, "close_session - error recovering service"); return PAM_SESSION_ERR; diff --git a/Linux-PAM/modules/pam_unix/support.c b/Linux-PAM/modules/pam_unix/support.c index 15861af6..1584f2f1 100644 --- a/Linux-PAM/modules/pam_unix/support.c +++ b/Linux-PAM/modules/pam_unix/support.c @@ -1,5 +1,5 @@ /* - * $Id: support.c,v 1.1.1.2 2002/09/15 20:09:02 hartmans Exp $ + * $Id: support.c,v 1.25 2005/01/10 09:45:37 kukuk Exp $ * * Copyright information at end of file. */ @@ -9,6 +9,7 @@ #include <stdlib.h> #include <unistd.h> #include <stdarg.h> +#include <stdio.h> #include <string.h> #include <malloc.h> #include <pwd.h> @@ -16,9 +17,13 @@ #include <limits.h> #include <utmp.h> #include <errno.h> +#include <signal.h> +#include <ctype.h> +#include <rpcsvc/ypclnt.h> #include <security/_pam_macros.h> #include <security/pam_modules.h> +#include <security/_pam_modutil.h> #include "md5.h" #include "support.h" @@ -106,36 +111,6 @@ int _make_remark(pam_handle_t * pamh, unsigned int ctrl return retval; } - /* - * Beacause getlogin() is braindead and sometimes it just - * doesn't work, we reimplement it here. - */ -char *PAM_getlogin(void) -{ - struct utmp *ut, line; - char *curr_tty, *retval; - static char curr_user[sizeof(ut->ut_user) + 4]; - - retval = NULL; - - curr_tty = ttyname(0); - if (curr_tty != NULL) { - D(("PAM_getlogin ttyname: %s", curr_tty)); - curr_tty += 5; - setutent(); - strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); - if ((ut = getutline(&line)) != NULL) { - strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); - curr_user[sizeof(curr_user) - 1] = '\0'; - retval = curr_user; - } - endutent(); - } - D(("PAM_getlogin retval: %s", retval)); - - return retval; -} - /* * set the control flags for the UNIX module. */ @@ -163,10 +138,6 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int argc, D(("PRELIM_CHECK")); set(UNIX__PRELIM, ctrl); } - if (flags & PAM_DISALLOW_NULL_AUTHTOK) { - D(("DISALLOW_NULL_AUTHTOK")); - set(UNIX__NONULL, ctrl); - } if (flags & PAM_SILENT) { D(("SILENT")); set(UNIX__QUIET, ctrl); @@ -195,7 +166,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int argc, if (remember != NULL) { if (j == UNIX_REMEMBER_PASSWD) { *remember = strtol(*argv + 9, NULL, 10); - if ((*remember == LONG_MIN) || (*remember == LONG_MAX)) + if ((*remember == INT_MIN) || (*remember == INT_MAX)) *remember = -1; if (*remember > 400) *remember = 400; @@ -206,6 +177,11 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int argc, ++argv; /* step to next argument */ } + if (flags & PAM_DISALLOW_NULL_AUTHTOK) { + D(("DISALLOW_NULL_AUTHTOK")); + set(UNIX__NONULL, ctrl); + } + /* auditing is a more sensitive version of debug */ if (on(UNIX_AUDIT, ctrl)) { @@ -304,25 +280,178 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) } /* + * _unix_getpwnam() searches only /etc/passwd and NIS to find user information + */ +static void _unix_cleanup(pam_handle_t *pamh, void *data, int error_status) +{ + free(data); +} + +int _unix_getpwnam(pam_handle_t *pamh, const char *name, + int files, int nis, struct passwd **ret) +{ + FILE *passwd; + char buf[16384]; + int matched = 0, buflen; + char *slogin, *spasswd, *suid, *sgid, *sgecos, *shome, *sshell, *p; + + memset(buf, 0, sizeof(buf)); + + if (!matched && files) { + int userlen = strlen(name); + passwd = fopen("/etc/passwd", "r"); + if (passwd != NULL) { + while (fgets(buf, sizeof(buf), passwd) != NULL) { + if ((buf[userlen] == ':') && + (strncmp(name, buf, userlen) == 0)) { + p = buf + strlen(buf) - 1; + while (isspace(*p) && (p >= buf)) { + *p-- = '\0'; + } + matched = 1; + break; + } + } + fclose(passwd); + } + } + + if (!matched && nis) { + char *userinfo = NULL, *domain = NULL; + int len = 0, i; + len = yp_get_default_domain(&domain); + if (len == YPERR_SUCCESS) { + len = yp_bind(domain); + } + if (len == YPERR_SUCCESS) { + i = yp_match(domain, "passwd.byname", name, + strlen(name), &userinfo, &len); + yp_unbind(domain); + if ((i == YPERR_SUCCESS) && (len < sizeof(buf))) { + strncpy(buf, userinfo, sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; + matched = 1; + } + } + } + + if (matched && (ret != NULL)) { + *ret = NULL; + + slogin = buf; + + spasswd = strchr(slogin, ':'); + if (spasswd == NULL) { + return matched; + } + *spasswd++ = '\0'; + + suid = strchr(spasswd, ':'); + if (suid == NULL) { + return matched; + } + *suid++ = '\0'; + + sgid = strchr(suid, ':'); + if (sgid == NULL) { + return matched; + } + *sgid++ = '\0'; + + sgecos = strchr(sgid, ':'); + if (sgecos == NULL) { + return matched; + } + *sgecos++ = '\0'; + + shome = strchr(sgecos, ':'); + if (shome == NULL) { + return matched; + } + *shome++ = '\0'; + + sshell = strchr(shome, ':'); + if (sshell == NULL) { + return matched; + } + *sshell++ = '\0'; + + buflen = sizeof(struct passwd) + + strlen(slogin) + 1 + + strlen(spasswd) + 1 + + strlen(suid) + 1 + + strlen(sgid) + 1 + + strlen(sgecos) + 1 + + strlen(shome) + 1 + + strlen(sshell) + 1; + *ret = malloc(buflen); + if (*ret == NULL) { + return matched; + } + memset(*ret, '\0', buflen); + + (*ret)->pw_uid = strtol(suid, &p, 10); + if ((strlen(sgid) == 0) || (*p != '\0')) { + free(*ret); + *ret = NULL; + return matched; + } + + (*ret)->pw_gid = strtol(sgid, &p, 10); + if ((strlen(sgid) == 0) || (*p != '\0')) { + free(*ret); + *ret = NULL; + return matched; + } + + p = ((char*)(*ret)) + sizeof(struct passwd); + (*ret)->pw_name = strcpy(p, slogin); + p += strlen(p) + 1; + (*ret)->pw_passwd = strcpy(p, spasswd); + p += strlen(p) + 1; + (*ret)->pw_gecos = strcpy(p, sgecos); + p += strlen(p) + 1; + (*ret)->pw_dir = strcpy(p, shome); + p += strlen(p) + 1; + (*ret)->pw_shell = strcpy(p, sshell); + + snprintf(buf, sizeof(buf), "_pam_unix_getpwnam_%s", name); + + if (pam_set_data(pamh, buf, + *ret, _unix_cleanup) != PAM_SUCCESS) { + free(*ret); + *ret = NULL; + } + } + + return matched; +} + +/* + * _unix_comsefromsource() is a quick check to see if information about a given + * user comes from a particular source (just files and nis for now) + * + */ +int _unix_comesfromsource(pam_handle_t *pamh, + const char *name, int files, int nis) +{ + return _unix_getpwnam(pamh, name, files, nis, NULL); +} + +/* * _unix_blankpasswd() is a quick check for a blank password * * returns TRUE if user does not have a password * - to avoid prompting for one in such cases (CG) */ -int _unix_blankpasswd(unsigned int ctrl, const char *name) +int +_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) { struct passwd *pwd = NULL; struct spwd *spwdent = NULL; char *salt = NULL; int retval; -#if HAVE_GETPWNAM_R - char *buf = NULL; - int bufsize = 0; - struct passwd pwd_buf; - - pwd = &pwd_buf; -#endif D(("called")); @@ -338,23 +467,7 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name) /* UNIX passwords area */ /* Get password file entry... */ -#if HAVE_GETPWNAM_R - bufsize = 1024; - buf = malloc(bufsize); - - if ((retval = getpwnam_r(name, pwd, buf, bufsize, &pwd))) { - pwd = NULL; - } - while (retval == ERANGE) { - bufsize += 1024; - buf = realloc(buf, bufsize); - if ((retval = getpwnam_r(name, pwd, buf, bufsize, &pwd))) { - pwd = NULL; - } - } -#else - pwd = getpwnam(name); -#endif + pwd = _pammodutil_getpwnam (pamh, name); if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) @@ -372,28 +485,24 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name) setreuid( 0, -1 ); if(setreuid( -1, pwd->pw_uid ) == -1) /* Will fail elsewhere. */ -#if HAVE_GETPWNAM_R - if (buf) - free(buf); -#endif return 0; } } - spwdent = getspnam( name ); + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); else { if (setreuid( -1, 0 ) == -1) - setreuid( save_uid, -1 ); + setreuid( save_uid, -1 ); setreuid( -1, save_euid ); } - } else if (strcmp(pwd->pw_passwd, "x") == 0) { + } else if (_unix_shadowed(pwd)) { /* * ...and shadow password file entry for this user, * if shadowing is enabled */ - spwdent = getspnam(name); + spwdent = _pammodutil_getspnam(pamh, name); } if (spwdent) salt = x_strdup(spwdent->sp_pwdp); @@ -415,11 +524,6 @@ int _unix_blankpasswd(unsigned int ctrl, const char *name) if (salt) _pam_delete(salt); -#if HAVE_GETPWNAM_R - if (buf) - free(buf); -#endif - return retval; } @@ -434,6 +538,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, unsigned int ctrl, const char *user) { int retval, child, fds[2]; + void (*sighandler)(int) = NULL; D(("called.")); /* create a pipe for the password */ @@ -442,6 +547,18 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, return PAM_AUTH_ERR; } + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + sighandler = signal(SIGCHLD, SIG_DFL); + } + /* fork */ child = fork(); if (child == 0) { @@ -486,6 +603,10 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, retval = PAM_AUTH_ERR; } + if (sighandler != NULL) { + (void) signal(SIGCHLD, sighandler); /* restore old signal handler */ + } + D(("returning %d", retval)); return retval; } @@ -514,7 +635,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name D(("locating user's record")); /* UNIX passwords area */ - pwd = getpwnam(name); /* Get password file entry... */ + pwd = _pammodutil_getpwnam (pamh, name); /* Get password file entry... */ if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) @@ -535,7 +656,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } - spwdent = getspnam( name ); + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); else { @@ -543,12 +664,12 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name setreuid( save_uid, -1 ); setreuid( -1, save_euid ); } - } else if (strcmp(pwd->pw_passwd, "x") == 0) { + } else if (_unix_shadowed(pwd)) { /* * ...and shadow password file entry for this user, * if shadowing is enabled */ - spwdent = getspnam(name); + spwdent = _pammodutil_getspnam (pamh, name); } if (spwdent) salt = x_strdup(spwdent->sp_pwdp); @@ -565,7 +686,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } retval = PAM_SUCCESS; - if (pwd == NULL || salt == NULL || !strcmp(salt, "x")) { + if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) { if (geteuid()) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary")); @@ -577,6 +698,11 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } else { D(("user's record unavailable")); + p = NULL; + if (pwd == NULL) + retval = PAM_USER_UNKNOWN; + else + retval = PAM_AUTHINFO_UNAVAIL; if (on(UNIX_AUDIT, ctrl)) { /* this might be a typo and the user has given a password instead of a username. Careful with this. */ @@ -584,54 +710,58 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name "check pass; user (%s) unknown", name); } else { name = NULL; - _log_err(LOG_ALERT, pamh, - "check pass; user unknown"); + if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { + _log_err(LOG_ALERT, pamh, + "check pass; user unknown"); + } else { + /* don't log failure as another pam module can succeed */ + goto cleanup; + } } - p = NULL; - retval = PAM_AUTHINFO_UNAVAIL; } } else { - if (!strlen(salt)) { - /* the stored password is NULL */ - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ - D(("user has empty password - access granted")); - retval = PAM_SUCCESS; - } else { - D(("user has empty password - access denied")); - retval = PAM_AUTH_ERR; - } - } else if (!p) { - retval = PAM_AUTH_ERR; + int salt_len = strlen(salt); + if (!salt_len) { + /* the stored password is NULL */ + if (off(UNIX__NONULL, ctrl)) {/* this means we've succeeded */ + D(("user has empty password - access granted")); + retval = PAM_SUCCESS; } else { - if (!strncmp(salt, "$1$", 3)) { - pp = Goodcrypt_md5(p, salt); - if (strcmp(pp, salt) != 0) { - _pam_delete(pp); - pp = Brokencrypt_md5(p, salt); - } - } else { - pp = bigcrypt(p, salt); - } - p = NULL; /* no longer needed here */ + D(("user has empty password - access denied")); + retval = PAM_AUTH_ERR; + } + } else if (!p || (*salt == '*') || (salt_len < 13)) { + retval = PAM_AUTH_ERR; + } else { + if (!strncmp(salt, "$1$", 3)) { + pp = Goodcrypt_md5(p, salt); + if (strcmp(pp, salt) != 0) { + _pam_delete(pp); + pp = Brokencrypt_md5(p, salt); + } + } else { + pp = bigcrypt(p, salt); + } + p = NULL; /* no longer needed here */ - /* the moment of truth -- do we agree with the password? */ - D(("comparing state of pp[%s] and salt[%s]", pp, salt)); + /* the moment of truth -- do we agree with the password? */ + D(("comparing state of pp[%s] and salt[%s]", pp, salt)); - /* - * Note, we are comparing the bigcrypt of the password with - * the contents of the password field. If the latter was - * encrypted with regular crypt (and not bigcrypt) it will - * have been truncated for storage relative to the output - * of bigcrypt here. As such we need to compare only the - * stored string with the subset of bigcrypt's result. - * Bug 521314: The strncmp comparison is for legacy support. - */ - if (strncmp(pp, salt, strlen(salt)) == 0) { - retval = PAM_SUCCESS; - } else { - retval = PAM_AUTH_ERR; - } + /* + * Note, we are comparing the bigcrypt of the password with + * the contents of the password field. If the latter was + * encrypted with regular crypt (and not bigcrypt) it will + * have been truncated for storage relative to the output + * of bigcrypt here. As such we need to compare only the + * stored string with the subset of bigcrypt's result. + * Bug 521314: The strncmp comparison is for legacy support. + */ + if (strncmp(pp, salt, salt_len) == 0) { + retval = PAM_SUCCESS; + } else { + retval = PAM_AUTH_ERR; } + } } if (retval == PAM_SUCCESS) { @@ -649,10 +779,17 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (new != NULL) { - new->user = x_strdup(name ? name : ""); + const char *login_name; + + login_name = _pammodutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + + new->user = x_strdup(name ? name : ""); new->uid = getuid(); new->euid = geteuid(); - new->name = x_strdup(PAM_getlogin()? PAM_getlogin() : ""); + new->name = x_strdup(login_name); /* any previous failures for this user ? */ pam_get_data(pamh, data_name, (const void **) &old); @@ -702,6 +839,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name } } +cleanup: if (data_name) _pam_delete(data_name); if (salt) @@ -762,7 +900,7 @@ int _unix_read_password(pam_handle_t * pamh return PAM_AUTHTOK_RECOVER_ERR; /* didn't work */ } else if (on(UNIX_USE_AUTHTOK, ctrl) && off(UNIX__OLD_PASSWD, ctrl)) { - return PAM_AUTHTOK_RECOVER_ERR; + return PAM_AUTHTOK_ERR; } } /* @@ -884,6 +1022,21 @@ int _unix_read_password(pam_handle_t * pamh return PAM_SUCCESS; } +int _unix_shadowed(const struct passwd *pwd) +{ + if (pwd != NULL) { + if (strcmp(pwd->pw_passwd, "x") == 0) { + return 1; + } + if ((pwd->pw_passwd[0] == '#') && + (pwd->pw_passwd[1] == '#') && + (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)) { + return 1; + } + } + return 0; +} + /* ****************************************************************** * * Copyright (c) Jan Rêkorajski 1999. * Copyright (c) Andrew G. Morgan 1996-8. diff --git a/Linux-PAM/modules/pam_unix/support.h b/Linux-PAM/modules/pam_unix/support.h index 368a4e8f..39abadd5 100644 --- a/Linux-PAM/modules/pam_unix/support.h +++ b/Linux-PAM/modules/pam_unix/support.h @@ -1,10 +1,11 @@ /* - * $Id: support.h,v 1.1.1.1 2001/04/29 04:17:41 hartmans Exp $ + * $Id: support.h,v 1.8 2004/10/06 13:42:36 kukuk Exp $ */ #ifndef _PAM_UNIX_SUPPORT_H #define _PAM_UNIX_SUPPORT_H +#include <pwd.h> /* * here is the string to inform the user that the new passwords they @@ -80,8 +81,11 @@ typedef struct { #define UNIX_BIGCRYPT 18 /* use DEC-C2 crypt()^x function */ #define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */ #define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */ +#define UNIX_NOREAP 21 /* don't reap child process */ +#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging + * information during acct management */ /* -------------- */ -#define UNIX_CTRLS_ 21 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 23 /* number of ctrl arguments defined */ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = @@ -110,6 +114,8 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = /* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(020000), 0400000}, /* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000}, /* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -123,13 +129,18 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = _pam_drop(xx); \ } -extern char *PAM_getlogin(void); extern void _log_err(int err, pam_handle_t *pamh, const char *format,...); extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl ,int type, const char *text); extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int argc, const char **argv); -extern int _unix_blankpasswd(unsigned int ctrl, const char *name); +extern int _unix_getpwnam (pam_handle_t *pamh, + const char *name, int files, int nis, + struct passwd **ret); +extern int _unix_comesfromsource (pam_handle_t *pamh, + const char *name, int files, int nis); +extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, + const char *name); extern int _unix_verify_password(pam_handle_t * pamh, const char *name ,const char *p, unsigned int ctrl); extern int _unix_read_password(pam_handle_t * pamh @@ -139,6 +150,6 @@ extern int _unix_read_password(pam_handle_t * pamh ,const char *prompt2 ,const char *data_name ,const char **pass); +extern int _unix_shadowed(const struct passwd *pwd); #endif /* _PAM_UNIX_SUPPORT_H */ - diff --git a/Linux-PAM/modules/pam_unix/unix_chkpwd.c b/Linux-PAM/modules/pam_unix/unix_chkpwd.c index 6188435f..be32348f 100644 --- a/Linux-PAM/modules/pam_unix/unix_chkpwd.c +++ b/Linux-PAM/modules/pam_unix/unix_chkpwd.c @@ -1,5 +1,5 @@ /* - * $Id: unix_chkpwd.c,v 1.1.1.2 2002/09/15 20:09:02 hartmans Exp $ + * $Id: unix_chkpwd.c,v 1.11 2004/11/16 14:27:42 toady Exp $ * * This program is designed to run setuid(root) or with sufficient * privilege to read all of the unix password databases. It is designed @@ -57,8 +57,31 @@ static void _log_err(int err, const char *format,...) closelog(); } +static int _unix_shadowed(const struct passwd *pwd) +{ + char hashpass[1024]; + if (pwd != NULL) { + if (strcmp(pwd->pw_passwd, "x") == 0) { + return 1; + } + if (strlen(pwd->pw_name) < sizeof(hashpass) - 2) { + strcpy(hashpass, "##"); + strcpy(hashpass + 2, pwd->pw_name); + if (strcmp(pwd->pw_passwd, hashpass) == 0) { + return 1; + } + } + } + return 0; +} + static void su_sighandler(int sig) { +#ifndef SA_RESETHAND + /* emulate the behaviour of the SA_RESETHAND flag */ + if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) + signal(sig, SIG_DFL); +#endif if (sig > 0) { _log_err(LOG_NOTICE, "caught signal %d.", sig); exit(sig); @@ -74,7 +97,9 @@ static void setup_signals(void) */ (void) memset((void *) &action, 0, sizeof(action)); action.sa_handler = su_sighandler; +#ifdef SA_RESETHAND action.sa_flags = SA_RESETHAND; +#endif (void) sigaction(SIGILL, &action, NULL); (void) sigaction(SIGTRAP, &action, NULL); (void) sigaction(SIGBUS, &action, NULL); @@ -87,20 +112,21 @@ static void setup_signals(void) (void) sigaction(SIGQUIT, &action, NULL); } -static int _unix_verify_password(const char *name, const char *p, int opt) +static int _unix_verify_password(const char *name, const char *p, int nullok) { struct passwd *pwd = NULL; struct spwd *spwdent = NULL; char *salt = NULL; char *pp = NULL; int retval = UNIX_FAILED; + int salt_len; /* UNIX passwords area */ setpwent(); pwd = getpwnam(name); /* Get password file entry... */ endpwent(); if (pwd != NULL) { - if (strcmp(pwd->pw_passwd, "x") == 0) { + if (_unix_shadowed(pwd)) { /* * ...and shadow password file entry for this user, * if shadowing is enabled @@ -133,8 +159,11 @@ static int _unix_verify_password(const char *name, const char *p, int opt) return retval; } - if (strlen(salt) == 0) - return (opt == 0) ? UNIX_FAILED : UNIX_PASSED; + salt_len = strlen(salt); + if (salt_len == 0) + return (nullok == 0) ? UNIX_FAILED : UNIX_PASSED; + else if (p == NULL || strlen(p) == 0) + return UNIX_FAILED; /* the moment of truth -- do we agree with the password? */ retval = UNIX_FAILED; @@ -147,6 +176,8 @@ static int _unix_verify_password(const char *name, const char *p, int opt) if (strcmp(pp, salt) == 0) retval = UNIX_PASSED; } + } else if ((*salt == '*') || (salt_len < 13)) { + retval = UNIX_FAILED; } else { pp = bigcrypt(p, salt); /* @@ -158,7 +189,7 @@ static int _unix_verify_password(const char *name, const char *p, int opt) * stored string with the subset of bigcrypt's result. * Bug 521314: the strncmp comparison is for legacy support. */ - if (strncmp(pp, salt, strlen(salt)) == 0) { + if (strncmp(pp, salt, salt_len) == 0) { retval = UNIX_PASSED; } } @@ -197,7 +228,7 @@ int main(int argc, char *argv[]) { char pass[MAXPASS + 1]; char option[8]; - int npass, opt; + int npass, nullok; int force_failure = 0; int retval = UNIX_FAILED; char *user; @@ -250,9 +281,9 @@ int main(int argc, char *argv[]) } else { option[7] = '\0'; if (strncmp(option, "nullok", 8) == 0) - opt = 1; + nullok = 1; else - opt = 0; + nullok = 0; } /* read the password from stdin (a pipe from the pam_unix module) */ @@ -271,13 +302,13 @@ int main(int argc, char *argv[]) if (npass == 0) { /* the password is NULL */ - retval = _unix_verify_password(user, NULL, opt); + retval = _unix_verify_password(user, NULL, nullok); } else { /* does pass agree with the official one? */ pass[npass] = '\0'; /* NUL terminate */ - retval = _unix_verify_password(user, pass, opt); + retval = _unix_verify_password(user, pass, nullok); } } diff --git a/Linux-PAM/modules/pam_userdb/Makefile b/Linux-PAM/modules/pam_userdb/Makefile index bb774ddb..4da7310d 100644 --- a/Linux-PAM/modules/pam_userdb/Makefile +++ b/Linux-PAM/modules/pam_userdb/Makefile @@ -3,7 +3,7 @@ # Linux-PAM. You should not modify this Makefile (unless you know # what you are doing!). -# $Id: Makefile,v 1.1.1.2 2002/09/15 20:09:02 hartmans Exp $ +# $Id: Makefile,v 1.6 2004/09/14 14:22:40 kukuk Exp $ # Created by Cristian Gafton <gafton@redhat.com> include ../../Make.Rules @@ -24,6 +24,10 @@ else endif endif +ifeq ($(HAVE_LIBCRYPT),yes) + MODULE_SIMPLE_EXTRALIBS += -lcrypt +endif + ifeq ($(WHICH_DB),none) include ../dont_makefile diff --git a/Linux-PAM/modules/pam_userdb/README b/Linux-PAM/modules/pam_userdb/README index f4423781..1cab7b74 100644 --- a/Linux-PAM/modules/pam_userdb/README +++ b/Linux-PAM/modules/pam_userdb/README @@ -1,6 +1,7 @@ pam_userdb: Look up users in a .db database and verify their password against - what is contained in that database. + what is contained in that database. The database will have been + created using db_load. RECOGNIZED ARGUMENTS: debug write a message to syslog indicating success or @@ -8,16 +9,46 @@ RECOGNIZED ARGUMENTS: db=[path] use the [path] database for performing lookup. There is no default; the module will return PAM_IGNORE if - no database is provided. + no database is provided. Some versions of DB will + automatically append ".db" to whatever pathname you + supply here. + crypt=[mode] indicates whether encrypted or plaintext passwords + are stored in the database. If [mode] is "crypt", + passwords should be stored in the database in + crypt(3) form. If [mode] is "none" or any other + value, passwords should be stored in the database in + plaintext. + icase make the password verification to be case insensitive (ie when working with registration numbers and such) + only works with plaintext password storage. dump dump all the entries in the database to the log (eek, don't do this by default!) + use_authtok use the authentication token previously obtained by + another module that did the conversation with the + application. If this token can not be obtained then + the module will try to converse again. This option can + be used for stacking different modules that need to + deal with the authentication tokens. + + unknown_ok do not return error when checking for a user that is + not in the database. This can be used to stack more + than one pam_userdb module that will check a + username/password pair in more than a database. + + key_only the username and password are concatenated together + in the database hash as 'username-password' with a + random value. if the concatenation of the username and + password with a dash in the middle returns any result, + the user is valid. this is useful in cases where + the username may not be unique but the username and + password pair are. + MODULE SERVICES PROVIDED: - auth _authetication and _setcred (blank) + auth _authentication and _setcred (blank) EXAMPLE USE: auth sufficient pam_userdb.so icase db=/tmp/dbtest.db @@ -27,4 +58,4 @@ AUTHOR: -$Id: README,v 1.1.1.1 2001/04/29 04:17:42 hartmans Exp $ +$Id: README,v 1.3 2004/09/28 13:48:47 kukuk Exp $ diff --git a/Linux-PAM/modules/pam_userdb/conv.c b/Linux-PAM/modules/pam_userdb/conv.c index 0f13d03a..de5d12f2 100644 --- a/Linux-PAM/modules/pam_userdb/conv.c +++ b/Linux-PAM/modules/pam_userdb/conv.c @@ -5,8 +5,6 @@ /* $Id */ /* Copyright at the end of the file */ -#define _BSD_SOURCE - #include <stdlib.h> #include <string.h> diff --git a/Linux-PAM/modules/pam_userdb/create.pl b/Linux-PAM/modules/pam_userdb/create.pl index 2668ef4a..28088102 100644 --- a/Linux-PAM/modules/pam_userdb/create.pl +++ b/Linux-PAM/modules/pam_userdb/create.pl @@ -2,12 +2,12 @@ # this program creates a database in ARGV[1] from pairs given on # stdandard input # -# $Id: create.pl,v 1.1.1.1 2001/04/29 04:17:42 hartmans Exp $ +# $Id: create.pl,v 1.2 2004/09/28 13:48:47 kukuk Exp $ use DB_File; my $database = $ARGV[0]; -die "Use: check,pl <database>\n" unless ($database); +die "Use: create.pl <database>\n" unless ($database); print "Using database: $database\n"; my %lusers = (); diff --git a/Linux-PAM/modules/pam_userdb/pam_userdb.c b/Linux-PAM/modules/pam_userdb/pam_userdb.c index 337d217b..86c7238b 100644 --- a/Linux-PAM/modules/pam_userdb/pam_userdb.c +++ b/Linux-PAM/modules/pam_userdb/pam_userdb.c @@ -1,13 +1,14 @@ /* pam_userdb module */ - + /* - * $Id: pam_userdb.c,v 1.1.1.2 2002/09/15 20:09:03 hartmans Exp $ + * $Id: pam_userdb.c,v 1.7 2004/09/28 13:48:47 kukuk Exp $ * Written by Cristian Gafton <gafton@redhat.com> 1996/09/10 * See the end of the file for Copyright Information */ #include <security/_pam_aconf.h> +#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> @@ -56,33 +57,53 @@ static void _pam_log(int err, const char *format, ...) closelog(); } -char * database = NULL; -static int ctrl = 0; - -static int _pam_parse(int argc, const char **argv) +static int +_pam_parse (int argc, const char **argv, + char **database, char **cryptmode) { - /* step through arguments */ - for (ctrl = 0; argc-- > 0; ++argv) { - - /* generic options */ - - if (!strcmp(*argv,"debug")) - ctrl |= PAM_DEBUG_ARG; - else if (!strcasecmp(*argv, "icase")) - ctrl |= PAM_ICASE_ARG; - else if (!strcasecmp(*argv, "dump")) - ctrl |= PAM_DUMP_ARG; - else if (!strncasecmp(*argv,"db=", 3)) { - database = strdup((*argv) + 3); - if (database == NULL) - _pam_log(LOG_ERR, "pam_parse: could not parse argument \"%s\"", - *argv); - } else { - _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv); - } - } + int ctrl; + + *database = NULL; + *cryptmode = NULL; + + /* step through arguments */ + for (ctrl = 0; argc-- > 0; ++argv) + { + /* generic options */ + + if (!strcmp(*argv,"debug")) + ctrl |= PAM_DEBUG_ARG; + else if (!strcasecmp(*argv, "icase")) + ctrl |= PAM_ICASE_ARG; + else if (!strcasecmp(*argv, "dump")) + ctrl |= PAM_DUMP_ARG; + else if (!strcasecmp(*argv, "unknown_ok")) + ctrl |= PAM_UNKNOWN_OK_ARG; + else if (!strcasecmp(*argv, "key_only")) + ctrl |= PAM_KEY_ONLY_ARG; + else if (!strncasecmp(*argv,"db=", 3)) + { + *database = strdup((*argv) + 3); + if ((*database == NULL) || (strlen (*database) == 0)) + _pam_log(LOG_ERR, + "pam_parse: could not parse argument \"%s\"", + *argv); + } + else if (!strncasecmp(*argv,"crypt=", 6)) + { + *cryptmode = strdup((*argv) + 6); + if ((*cryptmode == NULL) || (strlen (*cryptmode) == 0)) + _pam_log(LOG_ERR, + "pam_parse: could not parse argument \"%s\"", + *argv); + } + else + { + _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *argv); + } + } - return ctrl; + return ctrl; } @@ -95,7 +116,9 @@ static int _pam_parse(int argc, const char **argv) * -1 = Password incorrect * -2 = System error */ -static int user_lookup(const char *user, const char *pass) +static int +user_lookup (const char *database, const char *cryptmode, + const char *user, const char *pass, int ctrl) { DBM *dbm; datum key, data; @@ -108,7 +131,8 @@ static int user_lookup(const char *user, const char *pass) return -2; } - if (ctrl &PAM_DUMP_ARG) { + /* dump out the database contents for debugging */ + if (ctrl & PAM_DUMP_ARG) { _pam_log(LOG_INFO, "Database dump:"); for (key = dbm_firstkey(dbm); key.dptr != NULL; key = dbm_nextkey(dbm)) { @@ -116,14 +140,19 @@ static int user_lookup(const char *user, const char *pass) _pam_log(LOG_INFO, "key[len=%d] = `%s', data[len=%d] = `%s'", key.dsize, key.dptr, data.dsize, data.dptr); } - } - /* do some more init work */ + } + /* do some more init work */ memset(&key, 0, sizeof(key)); memset(&data, 0, sizeof(data)); - key.dptr = x_strdup(user); - key.dsize = strlen(user); - user = NULL; + if (ctrl & PAM_KEY_ONLY_ARG) { + key.dptr = malloc(strlen(user) + 1 + strlen(pass) + 1); + sprintf(key.dptr, "%s-%s", user, pass); + key.dsize = strlen(key.dptr); + } else { + key.dptr = x_strdup(user); + key.dsize = strlen(user); + } if (key.dptr) { data = dbm_fetch(dbm, key); @@ -138,27 +167,121 @@ static int user_lookup(const char *user, const char *pass) if (data.dptr != NULL) { int compare = 0; - + + if (ctrl & PAM_KEY_ONLY_ARG) + { + dbm_close (dbm); + return 0; /* found it, data contents don't matter */ + } + + if (strncasecmp(cryptmode, "crypt", 5) == 0) { + + /* crypt(3) password storage */ + + char *cryptpw; + char salt[2]; + + if (data.dsize != 13) { + compare = -2; + } else if (ctrl & PAM_ICASE_ARG) { + compare = -2; + } else { + salt[0] = *data.dptr; + salt[1] = *(data.dptr + 1); + + cryptpw = crypt (pass, salt); + + if (cryptpw) { + compare = strncasecmp (data.dptr, cryptpw, data.dsize); + } else { + compare = -2; + if (ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_INFO, "crypt() returned NULL"); + } + }; + + }; + + } else { + + /* Unknown password encryption method - + * default to plaintext password storage + */ + if (strlen(pass) != data.dsize) { - compare = 1; + compare = 1; /* wrong password len -> wrong password */ } else if (ctrl & PAM_ICASE_ARG) { compare = strncasecmp(data.dptr, pass, data.dsize); } else { compare = strncmp(data.dptr, pass, data.dsize); } + + if (strncasecmp(cryptmode, "none", 4) && ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_INFO, "invalid value for crypt parameter: %s", + cryptmode); + _pam_log(LOG_INFO, "defaulting to plaintext password mode"); + } + + } + dbm_close(dbm); if (compare == 0) return 0; /* match */ else return -1; /* wrong */ } else { - if (ctrl & PAM_DEBUG_ARG) { + int saw_user = 0; + + if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_INFO, "error returned by dbm_fetch: %s", strerror(errno)); } - dbm_close(dbm); + /* probably we should check dbm_error() here */ - return 1; /* not found */ + + if ((ctrl & PAM_KEY_ONLY_ARG) == 0) { + dbm_close(dbm); + return 1; /* not key_only, so no entry => no entry for the user */ + } + + /* now handle the key_only case */ + for (key = dbm_firstkey(dbm); + key.dptr != NULL; + key = dbm_nextkey(dbm)) { + int compare; + /* first compare the user portion (case sensitive) */ + compare = strncmp(key.dptr, user, strlen(user)); + if (compare == 0) { + /* assume failure */ + compare = -1; + /* if we have the divider where we expect it to be... */ + if (key.dptr[strlen(user)] == '-') { + saw_user = 1; + if (key.dsize == strlen(user) + 1 + strlen(pass)) { + if (ctrl & PAM_ICASE_ARG) { + /* compare the password portion (case insensitive)*/ + compare = strncasecmp(key.dptr + strlen(user) + 1, + pass, + strlen(pass)); + } else { + /* compare the password portion (case sensitive) */ + compare = strncmp(key.dptr + strlen(user) + 1, + pass, + strlen(pass)); + } + } + } + if (compare == 0) { + dbm_close(dbm); + return 0; /* match */ + } + } + } + dbm_close(dbm); + if (saw_user) + return -1; /* saw the user, but password mismatch */ + else + return 1; /* not found */ } /* NOT REACHED */ @@ -173,10 +296,17 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, { const char *username; const char *password; - int retval = PAM_AUTH_ERR; - + char *database = NULL; + char *cryptmode = NULL; + int retval = PAM_AUTH_ERR, ctrl; + /* parse arguments */ - ctrl = _pam_parse(argc, argv); + ctrl = _pam_parse(argc, argv, &database, &cryptmode); + if ((database == NULL) || (strlen(database) == 0)) { + if (ctrl & PAM_DEBUG_ARG) + _pam_log(LOG_DEBUG,"can not get the database name"); + return PAM_SERVICE_ERR; + } /* Get the username */ retval = pam_get_user(pamh, &username, NULL); @@ -185,32 +315,47 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, _pam_log(LOG_DEBUG,"can not get the username"); return PAM_SERVICE_ERR; } - - /* Converse just to be sure we have the password */ + + /* Converse just to be sure we have a password */ retval = conversation(pamh); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "could not obtain password for `%s'", username); - return -2; + return PAM_CONV_ERR; } - + + /* Check if we got a password. The docs say that if we didn't have one, + * and use_authtok was specified as an argument, that we converse with the + * user anyway, so check for one and handle a failure for that case. If + * use_authtok wasn't specified, then we've already asked once and needn't + * do so again. */ + retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &password); + if ((retval != PAM_SUCCESS) && ((ctrl & PAM_USE_AUTHTOK_ARG) != 0)) { + retval = conversation(pamh); + if (retval != PAM_SUCCESS) { + _pam_log(LOG_ERR, "could not obtain password for `%s'", + username); + return PAM_CONV_ERR; + } + } + /* Get the password */ retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password); if (retval != PAM_SUCCESS) { - _pam_log(LOG_ERR, "Could not retrive user's password"); + _pam_log(LOG_ERR, "Could not retrieve user's password"); return -2; } - + if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_INFO, "Verify user `%s' with password `%s'", username, password); - + /* Now use the username to look up password in the database file */ - retval = user_lookup(username, password); + retval = user_lookup(database, cryptmode, username, password, ctrl); switch (retval) { case -2: /* some sort of system error. The log was already printed */ - return PAM_SERVICE_ERR; + return PAM_SERVICE_ERR; case -1: /* incorrect password */ _pam_log(LOG_WARNING, @@ -247,9 +392,47 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, } PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { + const char *username; + char *database = NULL; + char *cryptmode = NULL; + int retval = PAM_AUTH_ERR, ctrl; + + /* parse arguments */ + ctrl = _pam_parse(argc, argv, &database, &cryptmode); + + /* Get the username */ + retval = pam_get_user(pamh, &username, NULL); + if ((retval != PAM_SUCCESS) || (!username)) { + if (ctrl & PAM_DEBUG_ARG) + _pam_log(LOG_DEBUG,"can not get the username"); + return PAM_SERVICE_ERR; + } + + /* Now use the username to look up password in the database file */ + retval = user_lookup(database, cryptmode, username, "", ctrl); + switch (retval) { + case -2: + /* some sort of system error. The log was already printed */ + return PAM_SERVICE_ERR; + case -1: + /* incorrect password, but we don't care */ + /* FALL THROUGH */ + case 0: + /* authentication succeeded. dumbest password ever. */ + return PAM_SUCCESS; + case 1: + /* the user does not exist in the database */ + return PAM_USER_UNKNOWN; + default: + /* we don't know anything about this return value */ + _pam_log(LOG_ERR, + "internal module error (retval = %d, user = `%s'", + retval, username); + return PAM_SERVICE_ERR; + } + return PAM_SUCCESS; } @@ -262,7 +445,7 @@ struct pam_module _pam_userdb_modstruct = { "pam_userdb", pam_sm_authenticate, pam_sm_setcred, - NULL, + pam_sm_acct_mgmt, NULL, NULL, NULL, diff --git a/Linux-PAM/modules/pam_userdb/pam_userdb.h b/Linux-PAM/modules/pam_userdb/pam_userdb.h index 88a93f0d..af03676b 100644 --- a/Linux-PAM/modules/pam_userdb/pam_userdb.h +++ b/Linux-PAM/modules/pam_userdb/pam_userdb.h @@ -1,7 +1,7 @@ #ifndef _PAM_USERSDB_H #define _PAM_USERSDB_H -/* $Id: pam_userdb.h,v 1.1.1.1 2001/04/29 04:17:42 hartmans Exp $ */ +/* $Id: pam_userdb.h,v 1.2 2004/09/28 13:48:47 kukuk Exp $ */ /* Header files */ #include <security/pam_appl.h> @@ -10,6 +10,9 @@ #define PAM_DEBUG_ARG 0x0001 #define PAM_ICASE_ARG 0x0002 #define PAM_DUMP_ARG 0x0004 +#define PAM_USE_AUTHTOK_ARG 0x0008 +#define PAM_UNKNOWN_OK_ARG 0x0010 +#define PAM_KEY_ONLY_ARG 0x0020 /* Useful macros */ #define x_strdup(s) ( (s) ? strdup(s):NULL ) diff --git a/Linux-PAM/modules/pam_warn/Makefile b/Linux-PAM/modules/pam_warn/Makefile index 657570e6..b1420538 100644 --- a/Linux-PAM/modules/pam_warn/Makefile +++ b/Linux-PAM/modules/pam_warn/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:43 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:06 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_warn/README b/Linux-PAM/modules/pam_warn/README index ab128179..3c4bde8a 100644 --- a/Linux-PAM/modules/pam_warn/README +++ b/Linux-PAM/modules/pam_warn/README @@ -1,4 +1,4 @@ -# $Id: README,v 1.1.1.1 2001/04/29 04:17:43 hartmans Exp $ +# $Id: README,v 1.1.1.1 2000/06/20 22:12:10 agmorgan Exp $ # This module is an authentication module that does not authenticate. diff --git a/Linux-PAM/modules/pam_warn/pam_warn.c b/Linux-PAM/modules/pam_warn/pam_warn.c index f84490e8..90170c01 100644 --- a/Linux-PAM/modules/pam_warn/pam_warn.c +++ b/Linux-PAM/modules/pam_warn/pam_warn.c @@ -1,7 +1,7 @@ /* pam_warn module */ /* - * $Id: pam_warn.c,v 1.1.1.2 2002/09/15 20:09:04 hartmans Exp $ + * $Id: pam_warn.c,v 1.2 2002/05/29 04:44:43 agmorgan Exp $ * * Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11 */ diff --git a/Linux-PAM/modules/pam_wheel/Makefile b/Linux-PAM/modules/pam_wheel/Makefile index e4f8a450..67947f81 100644 --- a/Linux-PAM/modules/pam_wheel/Makefile +++ b/Linux-PAM/modules/pam_wheel/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2001/04/29 04:17:43 hartmans Exp $ +# $Id: Makefile,v 1.2 2000/11/19 23:54:06 agmorgan Exp $ # # This Makefile controls a build process of $(TITLE) module for # Linux-PAM. You should not modify this Makefile (unless you know diff --git a/Linux-PAM/modules/pam_wheel/README b/Linux-PAM/modules/pam_wheel/README index 336bb31e..2cd156c0 100644 --- a/Linux-PAM/modules/pam_wheel/README +++ b/Linux-PAM/modules/pam_wheel/README @@ -1,17 +1,17 @@ pam_wheel: - only permit root authentication too members of wheel group + only permit root authentication to members of wheel group RECOGNIZED ARGUMENTS: - debug write a message to syslog indicating success or + debug Write a message to syslog indicating success or failure. - use_uid the check for wheel membership will be done against + use_uid The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to - another for example) - - trust the pam_wheel module will return PAM_SUCCESS instead + another for example). + + trust The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without @@ -21,13 +21,19 @@ RECOGNIZED ARGUMENTS: is trying to get UID 0 access and is a member of the wheel group, deny access (well, kind of nonsense, but for use in conjunction with 'group' argument... :-) + Conversely, if the user is not in the group, return + PAM_IGNORE (unless 'trust' was also specified, in + which case we return PAM_SUCCESS). + + group=xxxx Instead of checking the wheel or GID 0 groups, use + the xxxx group to perform the authentification. - group=xxxx Instead of checking the GID 0 group, use the xxxx - group to perform the authentification. + root_only The check for wheel membership is done only + if the uid of requested account is 0. MODULE SERVICES PROVIDED: - auth _authetication and _setcred (blank) + auth _authentication, _setcred (blank) and _acct_mgmt AUTHOR: - Cristian Gafton <gafton@sorosis.ro> + Cristian Gafton <gafton@redhat.com> diff --git a/Linux-PAM/modules/pam_wheel/pam_wheel.c b/Linux-PAM/modules/pam_wheel/pam_wheel.c index d629819f..92cd44b9 100644 --- a/Linux-PAM/modules/pam_wheel/pam_wheel.c +++ b/Linux-PAM/modules/pam_wheel/pam_wheel.c @@ -40,8 +40,10 @@ */ #define PAM_SM_AUTH +#define PAM_SM_ACCOUNT #include <security/pam_modules.h> +#include <security/_pam_modutil.h> /* some syslogging */ @@ -60,7 +62,7 @@ static void _pam_log(int err, const char *format, ...) static int is_on_list(char * const *list, const char *member) { - while (*list) { + while (list && *list) { if (strcmp(*list, member) == 0) return 1; list++; @@ -73,7 +75,8 @@ static int is_on_list(char * const *list, const char *member) #define PAM_DEBUG_ARG 0x0001 #define PAM_USE_UID_ARG 0x0002 #define PAM_TRUST_ARG 0x0004 -#define PAM_DENY_ARG 0x0010 +#define PAM_DENY_ARG 0x0010 +#define PAM_ROOT_ONLY_ARG 0x0020 static int _pam_parse(int argc, const char **argv, char *use_group, size_t group_length) @@ -95,6 +98,8 @@ static int _pam_parse(int argc, const char **argv, char *use_group, ctrl |= PAM_TRUST_ARG; else if (!strcmp(*argv,"deny")) ctrl |= PAM_DENY_ARG; + else if (!strcmp(*argv,"root_only")) + ctrl |= PAM_ROOT_ONLY_ARG; else if (!strncmp(*argv,"group=",6)) strncpy(use_group,*argv+6,group_length-1); else { @@ -105,139 +110,185 @@ static int _pam_parse(int argc, const char **argv, char *use_group, return ctrl; } - -/* --- authentication management functions (only) --- */ - -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +static int perform_check(pam_handle_t *pamh, int flags, int ctrl, + const char *use_group) { - int ctrl; - const char *username; - char *fromsu; - struct passwd *pwd, *tpwd; - struct group *grp; - int retval = PAM_AUTH_ERR; - char use_group[BUFSIZ]; - - /* Init the optional group */ - bzero(use_group,BUFSIZ); - - ctrl = _pam_parse(argc, argv, use_group, sizeof(use_group)); - retval = pam_get_user(pamh, &username, NULL); - if ((retval != PAM_SUCCESS) || (!username)) { - if (ctrl & PAM_DEBUG_ARG) + const char *username = NULL; + const char *fromsu; + struct passwd *pwd, *tpwd = NULL; + struct group *grp; + int retval = PAM_AUTH_ERR; + + retval = pam_get_user(pamh, &username, NULL); + if ((retval != PAM_SUCCESS) || (!username)) { + if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_DEBUG,"can not get the username"); + } return PAM_SERVICE_ERR; - } + } - /* su to a uid 0 account ? */ - pwd = getpwnam(username); - if (!pwd) { - if (ctrl & PAM_DEBUG_ARG) + pwd = _pammodutil_getpwnam (pamh, username); + if (!pwd) { + if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_NOTICE,"unknown user %s",username); + } return PAM_USER_UNKNOWN; - } + } + if (ctrl & PAM_ROOT_ONLY_ARG) { + /* su to a non uid 0 account ? */ + if (pwd->pw_uid != 0) { + return PAM_IGNORE; + } + } - /* Now we know that the username exists, pass on to other modules... - * the call to pam_get_user made this obsolete, so is commented out - * - * pam_set_item(pamh,PAM_USER,(const void *)username); - */ - - /* is this user an UID 0 account ? */ - if(pwd->pw_uid) { - /* no need to check for wheel */ - return PAM_IGNORE; - } + if (ctrl & PAM_USE_UID_ARG) { + tpwd = _pammodutil_getpwuid (pamh, getuid()); + if (!tpwd) { + if (ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_NOTICE, "who is running me ?!"); + } + return PAM_SERVICE_ERR; + } + fromsu = tpwd->pw_name; + } else { + fromsu = _pammodutil_getlogin(pamh); + if (fromsu) { + tpwd = _pammodutil_getpwnam (pamh, fromsu); + } + if (!fromsu || !tpwd) { + if (ctrl & PAM_DEBUG_ARG) { + _pam_log(LOG_NOTICE, "who is running me ?!"); + } + return PAM_SERVICE_ERR; + } + } + + /* + * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu + */ - if (ctrl & PAM_USE_UID_ARG) { - tpwd = getpwuid(getuid()); - if (!tpwd) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_NOTICE,"who is running me ?!"); - return PAM_SERVICE_ERR; - } - fromsu = tpwd->pw_name; - } else { - fromsu = getlogin(); - if (!fromsu) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_NOTICE,"who is running me ?!"); - return PAM_SERVICE_ERR; - } - } + if (!use_group[0]) { + if ((grp = _pammodutil_getgrnam (pamh, "wheel")) == NULL) { + grp = _pammodutil_getgrgid (pamh, 0); + } + } else { + grp = _pammodutil_getgrnam (pamh, use_group); + } + + if (!grp || (!grp->gr_mem && (tpwd->pw_gid != grp->gr_gid))) { + if (ctrl & PAM_DEBUG_ARG) { + if (!use_group[0]) { + _pam_log(LOG_NOTICE,"no members in a GID 0 group"); + } else { + _pam_log(LOG_NOTICE,"no members in '%s' group", use_group); + } + } + if (ctrl & PAM_DENY_ARG) { + /* if this was meant to deny access to the members + * of this group and the group does not exist, allow + * access + */ + return PAM_IGNORE; + } else { + return PAM_AUTH_ERR; + } + } - if (!use_group[0]) { - if ((grp = getgrnam("wheel")) == NULL) { - grp = getgrgid(0); - } - } else - grp = getgrnam(use_group); - - if (!grp || !grp->gr_mem) { - if (ctrl & PAM_DEBUG_ARG) { - if (!use_group[0]) - _pam_log(LOG_NOTICE,"no members in a GID 0 group"); - else - _pam_log(LOG_NOTICE,"no members in '%s' group",use_group); - } - if (ctrl & PAM_DENY_ARG) - /* if this was meant to deny access to the members - * of this group and the group does not exist, allow - * access - */ - return PAM_IGNORE; - else - return PAM_AUTH_ERR; - } - - if (is_on_list(grp->gr_mem, fromsu)) { - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_NOTICE,"Access %s to '%s' for '%s'", - (ctrl & PAM_DENY_ARG)?"denied":"granted", - fromsu,username); - if (ctrl & PAM_DENY_ARG) - return PAM_PERM_DENIED; - else - if (ctrl & PAM_TRUST_ARG) - return PAM_SUCCESS; - else - return PAM_IGNORE; - } + /* + * test if the user is a member of the group, or if the + * user has the "wheel" (sic) group as its primary group. + */ + + if (is_on_list(grp->gr_mem, fromsu) || (tpwd->pw_gid == grp->gr_gid)) { + + if (ctrl & PAM_DENY_ARG) { + retval = PAM_PERM_DENIED; + + } else if (ctrl & PAM_TRUST_ARG) { + retval = PAM_SUCCESS; /* this can be a sufficient check */ + + } else { + retval = PAM_IGNORE; + } + + } else { + + if (ctrl & PAM_DENY_ARG) { + + if (ctrl & PAM_TRUST_ARG) { + retval = PAM_SUCCESS; /* this can be a sufficient check */ + } else { + retval = PAM_IGNORE; + } + + } else { + retval = PAM_PERM_DENIED; + } + } + + if (ctrl & PAM_DEBUG_ARG) { + if (retval == PAM_IGNORE) { + _pam_log(LOG_NOTICE, "Ignoring access request '%s' for '%s'", + fromsu, username); + } else { + _pam_log(LOG_NOTICE, "Access %s to '%s' for '%s'", + (retval != PAM_SUCCESS) ? "denied":"granted", + fromsu, username); + } + } - if (ctrl & PAM_DEBUG_ARG) - _pam_log(LOG_NOTICE,"Access %s for '%s' to '%s'", - (ctrl & PAM_DENY_ARG)?"granted":"denied",fromsu,username); - if (ctrl & PAM_DENY_ARG) - return PAM_SUCCESS; - else - return PAM_PERM_DENIED; + return retval; +} + +/* --- authentication management functions --- */ + +PAM_EXTERN +int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + char use_group[BUFSIZ]; + int ctrl; + + ctrl = _pam_parse(argc, argv, use_group, sizeof(use_group)); + + return perform_check(pamh, flags, ctrl, use_group); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc ,const char **argv) { - return PAM_SUCCESS; + return PAM_SUCCESS; } +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, + const char **argv) +{ + char use_group[BUFSIZ]; + int ctrl; + + ctrl = _pam_parse(argc, argv, use_group, sizeof(use_group)); + + return perform_check(pamh, flags, ctrl, use_group); +} #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_wheel_modstruct = { - "pam_wheel", - pam_sm_authenticate, - pam_sm_setcred, - NULL, - NULL, - NULL, - NULL, + "pam_wheel", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + NULL, + NULL, + NULL, + NULL, }; -#endif +#endif /* PAM_STATIC */ /* * Copyright (c) Cristian Gafton <gafton@redhat.com>, 1996, 1997 diff --git a/Linux-PAM/modules/pam_xauth/Makefile b/Linux-PAM/modules/pam_xauth/Makefile new file mode 100644 index 00000000..385466a2 --- /dev/null +++ b/Linux-PAM/modules/pam_xauth/Makefile @@ -0,0 +1,12 @@ +# +# This Makefile controls a build process of $(TITLE) module for +# Linux-PAM. You should not modify this Makefile (unless you know +# what you are doing!). +# + +include ../../Make.Rules + +TITLE=pam_xauth +MAN8=pam_xauth.8 + +include ../Simple.Rules diff --git a/Linux-PAM/modules/pam_xauth/README b/Linux-PAM/modules/pam_xauth/README new file mode 100644 index 00000000..dd65292f --- /dev/null +++ b/Linux-PAM/modules/pam_xauth/README @@ -0,0 +1,41 @@ +pam_xauth: + Forward xauth cookies from user to user, normally used by su, sudo, or + userhelper. + + Primitive access control is provided by ~/.xauth/export in the invoking + user's home directory and ~/.xauth/import in the target user's home + directory. + + If a user has a ~/.xauth/import file, the user will only receive cookies + from users listed in the file. If there is no ~/.xauth/import file, + the user will accept cookies from any other user. + + If a user has a .xauth/export file, the user will only forward cookies + to users listed in the file. If there is no ~/.xauth/export file, and + the invoking user is not "root", the user will forward cookies to + any other user. If there is no ~/.xauth/export file, and the invoking + user is "root", the user will NOT forward cookies to other users. + + Both the import and export files support wildcards (such as "*"). Both + the import and export files can be empty, signifying that no users are + allowed. + +RECOGNIZED ARGUMENTS: + debug write debugging messages to syslog + xauthpath= the path to the xauth program, by default + /usr/X11R6/bin/xauth + systemuser= highest user id assigned to system users, defaults + to 499 (pam_xauth will refuse to forward creds to + target users with id equal to or below this number, + except for root and possibly another specified user) + targetuser= a target user id which is excepted from the systemuser + checks + + +MODULE SERVICES PROVIDED: + session open session copies xauth cookie to new user + close session deletes copied xauth cookie + +AUTHOR: + Nalin Dahyabhai <nalin@redhat.com>, based on original version by + Michael K. Johnson <johnsonm@redhat.com> diff --git a/Linux-PAM/modules/pam_xauth/pam_xauth.8 b/Linux-PAM/modules/pam_xauth/pam_xauth.8 new file mode 100644 index 00000000..9acb7249 --- /dev/null +++ b/Linux-PAM/modules/pam_xauth/pam_xauth.8 @@ -0,0 +1,82 @@ +.\" Copyright 2001,2003 Red Hat, Inc. +.\" Written by Nalin Dahyabhai <nalin@redhat.com>, based on the original +.\" version by Michael K. Johnson +.TH pam_xauth 8 2003/7/24 "Red Hat Linux" "System Administrator's Manual" +.SH NAME +pam_xauth \- forward xauth keys between users +.SH SYNOPSIS +.B session optional /lib/security/pam_xauth.so \fIarguments\fP +.SH DESCRIPTION +pam_xauth.so is designed to forward xauth keys (sometimes referred +to as "cookies") between users. + +Without pam_xauth, when xauth is enabled and a user uses the \fBsu\fP command +to assume another user's priviledges, that user is no longer able to access +the original user's X display because the new user does not have the key +needed to access the display. pam_xauth solves the problem by forwarding the +key from the user running su (the source user) to the user whose +identity the source user is assuming (the target user) when the session +is created, and destroying the key when the session is torn down. + +This means, for example, that when you run \fBsu\fP from an xterm sesssion, +you will be able to run X programs without explicitly dealing with the +xauth command or ~/.Xauthority files. + +pam_xauth will only forward keys if xauth can list a key connected +to the $DISPLAY environment variable. + +Primitive access control is provided by \fB~/.xauth/export\fP in the invoking +user's home directory and \fB~/.xauth/import\fP in the target user's home +directory. + +If a user has a \fB~/.xauth/import\fP file, the user will only receive cookies +from users listed in the file. If there is no \fB~/.xauth/import\fP file, +the user will accept cookies from any other user. + +If a user has a \fB.xauth/export\fP file, the user will only forward cookies +to users listed in the file. If there is no \fB~/.xauth/export\fP file, and +the invoking user is not \fBroot\fP, the user will forward cookies to +any other user. If there is no \fB~/.xauth/export\fP file, and the invoking +user is \fBroot\fP, the user will \fInot\fP forward cookies to other users. + +Both the import and export files support wildcards (such as \fI*\fP). Both +the import and export files can be empty, signifying that no users are allowed. + +.SH ARGUMENTS +.IP debug +Turns on debugging messages sent to syslog. +.IP xauthpath=\fI/usr/X11R6/bin/xauth\fP +Specify the path the xauth program (the default is /usr/X11R6/bin/xauth). +.IP systemuser=\fInumber\fP +Specify the highest UID which will be assumed to belong to a "system" user. +pam_xauth will refuse to forward credentials to users with UID less than or +equal to this number, except for root and the "targetuser", if specified. +.IP targetuser=\fInumber\fP +Specify a single target UID which is exempt from the systemuser check. +.SH "IMPLEMENTATION DETAILS" +pam_xauth will work \fIonly\fP if it is used from a setuid application +in which the getuid() call returns the id of the user running the +application, and for which PAM can supply the name of the account that +the user is attempting to assume. The typical application of this +type is \fBsu\fP. The application must call both pam_open_session() and +pam_close_session() with the ruid set to the uid of the calling user +and the euid set to root, and must have provided as the PAM_USER item +the name of the target user. + +pam_xauth calls \fBxauth\fP as the source user to extract the key for +$DISPLAY, then calls xauth as the target user to merge the key +into the a temporary database and later remove the database. + +pam_xauth cannot be told not to remove the keys when the session +is closed. +.SH "SEE ALSO" +\fI/usr/share/doc/pam*/html/index.html\fP +.SH FILES +\fI~/.xauth/import\fP +\fI~/.xauth/export\fP +.SH BUGS +Let's hope not, but if you find any, please report them via the "Bug Track" +link at http://bugzilla.redhat.com/bugzilla/ +.SH AUTHOR +Nalin Dahyabhai <nalin@redhat.com>, based on original version by +Michael K. Johnson <johnsonm@redhat.com> diff --git a/Linux-PAM/modules/pam_xauth/pam_xauth.c b/Linux-PAM/modules/pam_xauth/pam_xauth.c new file mode 100644 index 00000000..2bf72eb6 --- /dev/null +++ b/Linux-PAM/modules/pam_xauth/pam_xauth.c @@ -0,0 +1,641 @@ +/* + * Copyright 2001-2003 Red Hat, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* "$Id: pam_xauth.c,v 1.4 2005/03/14 09:42:28 kukuk Exp $" */ + +#include "../../_pam_aconf.h" +#include <sys/types.h> +#include <sys/fsuid.h> +#include <sys/wait.h> +#include <errno.h> +#include <fnmatch.h> +#include <grp.h> +#include <limits.h> +#include <netdb.h> +#include <pwd.h> +#include <stdarg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <syslog.h> +#include <unistd.h> + +#include <security/pam_modules.h> +#include <security/_pam_macros.h> +#include <security/_pam_modutil.h> + +#define DATANAME "pam_xauth_cookie_file" +#define XAUTHBIN "/usr/X11R6/bin/xauth" +#define XAUTHENV "XAUTHORITY" +#define HOMEENV "HOME" +#define XAUTHDEF ".Xauthority" +#define XAUTHTMP ".xauthXXXXXX" + +/* Run a given command (with a NULL-terminated argument list), feeding it the + * given input on stdin, and storing any output it generates. */ +static int +run_coprocess(const char *input, char **output, + uid_t uid, gid_t gid, const char *command, ...) +{ + int ipipe[2], opipe[2], i; + char buf[LINE_MAX]; + pid_t child; + char *buffer = NULL; + size_t buffer_size = 0; + va_list ap; + + *output = NULL; + + /* Create stdio pipery. */ + if (pipe(ipipe) == -1) { + return -1; + } + if (pipe(opipe) == -1) { + close(ipipe[0]); + close(ipipe[1]); + return -1; + } + + /* Fork off a child. */ + child = fork(); + if (child == -1) { + close(ipipe[0]); + close(ipipe[1]); + close(opipe[0]); + close(opipe[1]); + return -1; + } + + if (child == 0) { + /* We're the child. */ + char *args[10]; + const char *tmp; + /* Drop privileges. */ + setgid(gid); + setgroups(0, NULL); + setuid(uid); + /* Initialize the argument list. */ + memset(args, 0, sizeof(args)); + /* Set the pipe descriptors up as stdin and stdout, and close + * everything else, including the original values for the + * descriptors. */ + dup2(ipipe[0], STDIN_FILENO); + dup2(opipe[1], STDOUT_FILENO); + for (i = 0; i < sysconf(_SC_OPEN_MAX); i++) { + if ((i != STDIN_FILENO) && (i != STDOUT_FILENO)) { + close(i); + } + } + /* Convert the varargs list into a regular array of strings. */ + va_start(ap, command); + args[0] = strdup(command); + for (i = 1; i < ((sizeof(args) / sizeof(args[0])) - 1); i++) { + tmp = va_arg(ap, const char*); + if (tmp == NULL) { + break; + } + args[i] = strdup(tmp); + } + /* Run the command. */ + execvp(command, args); + /* Never reached. */ + exit(1); + } + + /* We're the parent, so close the other ends of the pipes. */ + close(ipipe[0]); + close(opipe[1]); + /* Send input to the process (if we have any), then send an EOF. */ + if (input) { + (void)_pammodutil_write(ipipe[1], input, strlen(input)); + } + close(ipipe[1]); + + /* Read data output until we run out of stuff to read. */ + i = _pammodutil_read(opipe[0], buf, sizeof(buf)); + while ((i != 0) && (i != -1)) { + char *tmp; + /* Resize the buffer to hold the data. */ + tmp = realloc(buffer, buffer_size + i + 1); + if (tmp == NULL) { + /* Uh-oh, bail. */ + if (buffer != NULL) { + free(buffer); + } + close(opipe[0]); + waitpid(child, NULL, 0); + return -1; + } + /* Save the new buffer location, copy the newly-read data into + * the buffer, and make sure the result will be + * nul-terminated. */ + buffer = tmp; + memcpy(buffer + buffer_size, buf, i); + buffer[buffer_size + i] = '\0'; + buffer_size += i; + /* Try to read again. */ + i = _pammodutil_read(opipe[0], buf, sizeof(buf)); + } + /* No more data. Clean up and return data. */ + close(opipe[0]); + *output = buffer; + waitpid(child, NULL, 0); + return 0; +} + +/* Free a data item. */ +static void +cleanup(pam_handle_t *pamh, void *data, int err) +{ + free(data); +} + +/* Check if we want to allow export to the other user, or import from the + * other user. */ +static int +check_acl(pam_handle_t *pamh, + const char *sense, const char *this_user, const char *other_user, + int noent_code, int debug) +{ + char path[PATH_MAX]; + struct passwd *pwd; + FILE *fp; + int i; + uid_t euid; + /* Check this user's <sense> file. */ + pwd = _pammodutil_getpwnam(pamh, this_user); + if (pwd == NULL) { + syslog(LOG_ERR, "pam_xauth: error determining " + "home directory for '%s'", this_user); + return PAM_SESSION_ERR; + } + /* Figure out what that file is really named. */ + i = snprintf(path, sizeof(path), "%s/.xauth/%s", pwd->pw_dir, sense); + if ((i >= sizeof(path)) || (i < 0)) { + syslog(LOG_ERR, "pam_xauth: name of user's home directory " + "is too long"); + return PAM_SESSION_ERR; + } + euid = geteuid(); + setfsuid(pwd->pw_uid); + fp = fopen(path, "r"); + setfsuid(euid); + if (fp != NULL) { + char buf[LINE_MAX], *tmp; + /* Scan the file for a list of specs of users to "trust". */ + while (fgets(buf, sizeof(buf), fp) != NULL) { + tmp = memchr(buf, '\r', sizeof(buf)); + if (tmp != NULL) { + *tmp = '\0'; + } + tmp = memchr(buf, '\n', sizeof(buf)); + if (tmp != NULL) { + *tmp = '\0'; + } + if (fnmatch(buf, other_user, 0) == 0) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: %s %s " + "allowed by %s", + other_user, sense, path); + } + fclose(fp); + return PAM_SUCCESS; + } + } + /* If there's no match in the file, we fail. */ + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: %s not listed in %s", + other_user, path); + } + fclose(fp); + return PAM_PERM_DENIED; + } else { + /* Default to okay if the file doesn't exist. */ + switch (errno) { + case ENOENT: + if (noent_code == PAM_SUCCESS) { + if (debug) { + syslog(LOG_DEBUG, "%s does not exist, " + "ignoring", path); + } + } else { + if (debug) { + syslog(LOG_DEBUG, "%s does not exist, " + "failing", path); + } + } + return noent_code; + default: + if (debug) { + syslog(LOG_ERR, "%s opening %s", + strerror(errno), path); + } + return PAM_PERM_DENIED; + } + } +} + +int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + char xauthpath[] = XAUTHBIN; + char *cookiefile = NULL, *xauthority = NULL, + *cookie = NULL, *display = NULL, *tmp = NULL; + const char *user, *xauth = xauthpath; + struct passwd *tpwd, *rpwd; + int fd, i, debug = 0; + uid_t systemuser = 499, targetuser = 0, euid; + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ + for (i = 0; i < argc; i++) { + if (strcmp(argv[i], "debug") == 0) { + debug = 1; + continue; + } + if (strncmp(argv[i], "xauthpath=", 10) == 0) { + xauth = argv[i] + 10; + continue; + } + if (strncmp(argv[i], "targetuser=", 11) == 0) { + long l = strtol(argv[i] + 11, &tmp, 10); + if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) { + targetuser = l; + } else { + syslog(LOG_WARNING, "pam_xauth: invalid value " + "for targetuser (`%s')", argv[i] + 11); + } + continue; + } + if (strncmp(argv[i], "systemuser=", 11) == 0) { + long l = strtol(argv[i] + 11, &tmp, 10); + if ((strlen(argv[i] + 11) > 0) && (*tmp == '\0')) { + systemuser = l; + } else { + syslog(LOG_WARNING, "pam_xauth: invalid value " + "for systemuser (`%s')", argv[i] + 11); + } + continue; + } + syslog(LOG_WARNING, "pam_xauth: unrecognized option `%s'", + argv[i]); + } + + /* If DISPLAY isn't set, we don't really care, now do we? */ + if ((display = getenv("DISPLAY")) == NULL) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: user has no DISPLAY," + " doing nothing"); + } + return PAM_SUCCESS; + } + + /* Read the target user's name. */ + if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { + syslog(LOG_ERR, "pam_xauth: error determining target " + "user's name"); + return PAM_SESSION_ERR; + } + rpwd = _pammodutil_getpwuid(pamh, getuid()); + if (rpwd == NULL) { + syslog(LOG_ERR, "pam_xauth: error determining invoking " + "user's name"); + return PAM_SESSION_ERR; + } + + /* Get the target user's UID and primary GID, which we'll need to set + * on the xauthority file we create later on. */ + tpwd = _pammodutil_getpwnam(pamh, user); + if (tpwd == NULL) { + syslog(LOG_ERR, "pam_xauth: error determining target " + "user's UID"); + return PAM_SESSION_ERR; + } + + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: requesting user %lu/%lu, " + "target user %lu/%lu", + (unsigned long) rpwd->pw_uid, + (unsigned long) rpwd->pw_gid, + (unsigned long) tpwd->pw_uid, + (unsigned long) tpwd->pw_gid); + } + + /* If the UID is a system account (and not the superuser), forget + * about forwarding keys. */ + if ((tpwd->pw_uid != 0) && + (tpwd->pw_uid != targetuser) && + (tpwd->pw_uid <= systemuser)) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: not forwarding cookies " + "to user ID %ld", (long) tpwd->pw_uid); + } + return PAM_SESSION_ERR; + } + + /* Check that both users are amenable to this. By default, this + * boils down to this policy: + * export(ruser=root): only if <user> is listed in .xauth/export + * export(ruser=*) if <user> is listed in .xauth/export, or + * if .xauth/export does not exist + * import(user=*): if <ruser> is listed in .xauth/import, or + * if .xauth/import does not exist */ + i = (getuid() != 0) ? PAM_SUCCESS : PAM_PERM_DENIED; + i = check_acl(pamh, "export", rpwd->pw_name, user, i, debug); + if (i != PAM_SUCCESS) { + return PAM_SESSION_ERR; + } + i = PAM_SUCCESS; + i = check_acl(pamh, "import", user, rpwd->pw_name, i, debug); + if (i != PAM_SUCCESS) { + return PAM_SESSION_ERR; + } + + /* Figure out where the source user's .Xauthority file is. */ + if (getenv(XAUTHENV) != NULL) { + cookiefile = strdup(getenv(XAUTHENV)); + } else { + cookiefile = malloc(strlen(rpwd->pw_dir) + 1 + + strlen(XAUTHDEF) + 1); + if (cookiefile == NULL) { + return PAM_SESSION_ERR; + } + strcpy(cookiefile, rpwd->pw_dir); + strcat(cookiefile, "/"); + strcat(cookiefile, XAUTHDEF); + } + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: reading keys from `%s'", + cookiefile); + } + + /* Read the user's .Xauthority file. Because the current UID is + * the original user's UID, this will only fail if something has + * gone wrong, or we have no cookies. */ + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: running \"%s %s %s %s %s\" as " + "%lu/%lu", + xauth, + "-f", + cookiefile, + "nlist", + display, + (unsigned long) getuid(), + (unsigned long) getgid()); + } + if (run_coprocess(NULL, &cookie, + getuid(), getgid(), + xauth, "-f", cookiefile, "nlist", display, + NULL) == 0) { + /* Check that we got a cookie. If not, we get creative. */ + if (((cookie == NULL) || (strlen(cookie) == 0)) && + ((strncmp(display, "localhost:", 10) == 0) || + (strncmp(display, "localhost/unix:", 15) == 0))) { + char *t, *screen; + size_t tlen, slen; + /* Free the useless cookie string. */ + if (cookie != NULL) { + free(cookie); + cookie = NULL; + } + /* Allocate enough space to hold an adjusted name. */ + tlen = strlen(display) + LINE_MAX + 1; + t = malloc(tlen); + if (t != NULL) { + memset(t, 0, tlen); + if (gethostname(t, tlen - 1) != -1) { + /* Append the protocol and then the + * screen number. */ + if (strlen(t) < tlen - 6) { + strcat(t, "/unix:"); + } + screen = strchr(display, ':'); + if (screen != NULL) { + screen++; + slen = strlen(screen); + if (strlen(t) + slen < tlen) { + strcat(t, screen); + } + } + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: " + "no key for `%s', trying" + " `%s'", display, t); + } + /* Read the cookie for this display. */ + if (debug) { + syslog(LOG_DEBUG, + "pam_xauth: running " + "\"%s %s %s %s %s\" as " + "%lu/%lu", + xauth, + "-f", + cookiefile, + "nlist", + t, + (unsigned long) getuid(), + (unsigned long) getgid()); + } + run_coprocess(NULL, &cookie, + getuid(), getgid(), + xauth, "-f", cookiefile, + "nlist", t, NULL); + } + free(t); + t = NULL; + } + } + + /* Check that we got a cookie, this time for real. */ + if ((cookie == NULL) || (strlen(cookie) == 0)) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: no key"); + } + return PAM_SESSION_ERR; + } + + /* Generate the environment variable + * "XAUTHORITY=<homedir>/filename". */ + xauthority = malloc(strlen(XAUTHENV) + 1 + + strlen(tpwd->pw_dir) + 1 + + strlen(XAUTHTMP) + 1); + if (xauthority == NULL) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: no free memory"); + } + free(cookiefile); + free(cookie); + return PAM_SESSION_ERR; + } + strcpy(xauthority, XAUTHENV); + strcat(xauthority, "="); + strcat(xauthority, tpwd->pw_dir); + strcat(xauthority, "/"); + strcat(xauthority, XAUTHTMP); + + /* Generate a new file to hold the data. */ + euid = geteuid(); + setfsuid(tpwd->pw_uid); + fd = mkstemp(xauthority + strlen(XAUTHENV) + 1); + setfsuid(euid); + if (fd == -1) { + syslog(LOG_ERR, "pam_xauth: error creating " + "temporary file `%s': %s", + xauthority + strlen(XAUTHENV) + 1, + strerror(errno)); + free(cookiefile); + free(cookie); + free(xauthority); + return PAM_SESSION_ERR; + } + /* Set permissions on the new file and dispose of the + * descriptor. */ + fchown(fd, tpwd->pw_uid, tpwd->pw_gid); + close(fd); + + /* Get a copy of the filename to save as a data item for + * removal at session-close time. */ + free(cookiefile); + cookiefile = strdup(xauthority + strlen(XAUTHENV) + 1); + + /* Save the filename. */ + if (pam_set_data(pamh, DATANAME, cookiefile, cleanup) != PAM_SUCCESS) { + syslog(LOG_ERR, "pam_xauth: error saving name of " + "temporary file `%s'", cookiefile); + unlink(cookiefile); + free(xauthority); + free(cookiefile); + free(cookie); + return PAM_SESSION_ERR; + } + + /* Unset any old XAUTHORITY variable in the environment. */ + if (getenv (XAUTHENV)) + unsetenv (XAUTHENV); + + /* Set the new variable in the environment. */ + if (pam_putenv (pamh, xauthority) != PAM_SUCCESS) + syslog (LOG_DEBUG, "pam_xauth: can't set environment variable '%s'", + xauthority); + putenv (xauthority); /* The environment owns this string now. */ + + /* set $DISPLAY in pam handle to make su - work */ + { + char *d = (char *) malloc (strlen ("DISPLAY=") + + strlen (display) + 1); + if (d == NULL) + { + syslog (LOG_DEBUG, "pam_xauth: memory exhausted\n"); + return PAM_SESSION_ERR; + } + strcpy (d, "DISPLAY="); + strcat (d, display); + + if (pam_putenv (pamh, d) != PAM_SUCCESS) + syslog (LOG_DEBUG, + "pam_xauth: can't set environment variable '%s'", + d); + free (d); + } + + /* Merge the cookie we read before into the new file. */ + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: writing key `%s' to " + "temporary file `%s'", cookie, cookiefile); + } + if (debug) { + syslog(LOG_DEBUG, + "pam_xauth: running \"%s %s %s %s %s\" as " + "%lu/%lu", + xauth, + "-f", + cookiefile, + "nmerge", + "-", + (unsigned long) tpwd->pw_uid, + (unsigned long) tpwd->pw_gid); + } + run_coprocess(cookie, &tmp, + tpwd->pw_uid, tpwd->pw_gid, + xauth, "-f", cookiefile, "nmerge", "-", NULL); + + /* We don't need to keep a copy of these around any more. */ + free(cookie); + cookie = NULL; + } + return PAM_SUCCESS; +} + +int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + void *cookiefile; + int i, debug = 0; + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ + for (i = 0; i < argc; i++) { + if (strcmp(argv[i], "debug") == 0) { + debug = 1; + continue; + } + if (strncmp(argv[i], "xauthpath=", 10) == 0) { + continue; + } + if (strncmp(argv[i], "systemuser=", 11) == 0) { + continue; + } + if (strncmp(argv[i], "targetuser=", 11) == 0) { + continue; + } + syslog(LOG_WARNING, "pam_xauth: unrecognized option `%s'", + argv[i]); + } + + /* Try to retrieve the name of a file we created when the session was + * opened. */ + if (pam_get_data(pamh, DATANAME, (const void**) &cookiefile) == PAM_SUCCESS) { + /* We'll only try to remove the file once. */ + if (strlen((char*)cookiefile) > 0) { + if (debug) { + syslog(LOG_DEBUG, "pam_xauth: removing `%s'", + (char*)cookiefile); + } + unlink((char*)cookiefile); + *((char*)cookiefile) = '\0'; + } + } + return PAM_SUCCESS; +} diff --git a/Linux-PAM/modules/pammodutil/Makefile b/Linux-PAM/modules/pammodutil/Makefile index 03334326..bad1bf62 100644 --- a/Linux-PAM/modules/pammodutil/Makefile +++ b/Linux-PAM/modules/pammodutil/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ +# $Id: Makefile,v 1.4 2004/09/24 13:13:22 kukuk Exp $ # # @@ -18,7 +18,9 @@ CFLAGS += $(PIC) $(STATIC) $(MOREFLAGS) \ -DLIBPAM_VERSION_MINOR=$(MINOR_REL) # all the object files we care about -LIBOBJECTS = modutil_cleanup.o modutil_getpwnam.o modutil_getpwuid.o +LIBOBJECTS = modutil_cleanup.o modutil_getpwnam.o modutil_getpwuid.o \ + modutil_getspnam.o modutil_getgrnam.o modutil_getgrgid.o \ + modutil_ingroup.o modutil_getlogin.o modutil_ioloop.o # static library name LIBSTATIC = $(LIBNAME).a diff --git a/Linux-PAM/modules/pammodutil/README b/Linux-PAM/modules/pammodutil/README index bd957247..ea44f310 100644 --- a/Linux-PAM/modules/pammodutil/README +++ b/Linux-PAM/modules/pammodutil/README @@ -1,4 +1,4 @@ -$Id: README,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ +$Id: README,v 1.1 2001/12/09 22:15:12 agmorgan Exp $ This is a libarary of routines for use by modules. The routines seem to have a common use for modules, but are not part of libpam and never diff --git a/Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h b/Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h index d36fcfa0..ec0c8964 100644 --- a/Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h +++ b/Linux-PAM/modules/pammodutil/include/security/_pam_modutil.h @@ -2,7 +2,7 @@ #define _PAM_MODUTIL_H /* - * $Id: _pam_modutil.h,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ + * $Id: _pam_modutil.h,v 1.4 2004/09/24 13:13:22 kukuk Exp $ * * This file is a list of handy libc wrappers that attempt to provide some * thread-safe and other convenient functionality to modules in a form that @@ -15,10 +15,12 @@ * On systems that simply can't support thread safe programming, these * functions don't support it either - sorry. * - * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org> + * Copyright (c) 2001-2002 Andrew Morgan <morgan@kernel.org> */ #include <pwd.h> +#include <grp.h> +#include <shadow.h> #include <sys/types.h> extern struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, @@ -27,7 +29,38 @@ extern struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, extern struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid); +extern struct group *_pammodutil_getgrnam(pam_handle_t *pamh, + const char *group); + +extern struct group *_pammodutil_getgrgid(pam_handle_t *pamh, + gid_t gid); + +extern struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, + const char *user); + +extern int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh, + const char *user, + const char *group); + +extern int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh, + const char *user, + gid_t group); + +extern int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh, + uid_t user, + const char *group); + +extern int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh, + uid_t user, + gid_t group); + extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data, int error_status); +extern const char *_pammodutil_getlogin(pam_handle_t *pamh); + +extern int _pammodutil_read(int fd, char *buffer, int count); + +extern int _pammodutil_write(int fd, const char *buffer, int count); + #endif /* _PAM_MODUTIL_H */ diff --git a/Linux-PAM/modules/pammodutil/modutil_cleanup.c b/Linux-PAM/modules/pammodutil/modutil_cleanup.c index 76662133..5477481f 100644 --- a/Linux-PAM/modules/pammodutil/modutil_cleanup.c +++ b/Linux-PAM/modules/pammodutil/modutil_cleanup.c @@ -1,5 +1,5 @@ /* - * $Id: modutil_cleanup.c,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ + * $Id: modutil_cleanup.c,v 1.1 2001/12/09 22:15:12 agmorgan Exp $ * * This function provides a common pam_set_data() friendly version of free(). */ diff --git a/Linux-PAM/modules/pammodutil/modutil_getgrgid.c b/Linux-PAM/modules/pammodutil/modutil_getgrgid.c new file mode 100644 index 00000000..f97a9239 --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_getgrgid.c @@ -0,0 +1,150 @@ +/* + * $Id: modutil_getgrgid.c,v 1.3 2005/03/30 14:59:41 kukuk Exp $ + * + * This function provides a thread safer version of getgrgid() for use + * with PAM modules that care about this sort of thing. + * + * XXX - or at least it should provide a thread-safe alternative. + */ + +#include "pammodutil.h" + +#include <errno.h> +#include <limits.h> +#include <grp.h> +#include <pthread.h> +#include <stdio.h> +#include <stdlib.h> + +static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +static void _pammodutil_lock(void) +{ + pthread_mutex_lock(&_pammodutil_mutex); +} +static void _pammodutil_unlock(void) +{ + pthread_mutex_unlock(&_pammodutil_mutex); +} + +static int intlen(int number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + +static int longlen(long number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + +struct group *_pammodutil_getgrgid(pam_handle_t *pamh, gid_t gid) +{ +#ifdef HAVE_GETGRGID_R + + void *buffer=NULL; + size_t length = PWD_INITIAL_LENGTH; + + do { + int status; + void *new_buffer; + struct group *result = NULL; + + new_buffer = realloc(buffer, sizeof(struct group) + length); + if (new_buffer == NULL) { + + D(("out of memory")); + + /* no memory for the user - so delete the memory */ + if (buffer) { + free(buffer); + } + return NULL; + } + buffer = new_buffer; + + /* make the re-entrant call to get the grp structure */ + errno = 0; + status = getgrgid_r(gid, buffer, + sizeof(struct group) + (char *) buffer, + length, &result); + if (!status && (result == buffer)) { + char *data_name; + const void *ignore; + int i; + + data_name = malloc(strlen("_pammodutil_getgrgid") + 1 + + longlen((long)gid) + 1 + intlen(INT_MAX) + 1); + if ((pamh != NULL) && (data_name == NULL)) { + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + free(buffer); + return NULL; + } + + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", + (long) gid, i); + _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, _pammodutil_cleanup); + } + _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } + } + } else { + status = PAM_SUCCESS; + } + + free(data_name); + + if (status == PAM_SUCCESS) { + D(("success")); + return result; + } + + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + + free(buffer); + return NULL; + + } else if (errno != ERANGE && errno != EINTR) { + /* no sense in repeating the call */ + break; + } + + length <<= 2; + + } while (length < PWD_ABSURD_PWD_LENGTH); + + D(("grp structure took %u bytes or so of memory", + length+sizeof(struct group))); + + free(buffer); + return NULL; + +#else /* ie. ifndef HAVE_GETGRGID_R */ + + /* + * Sorry, there does not appear to be a reentrant version of + * getgrgid(). So, we use the standard libc function. + */ + + return getgrgid(gid); + +#endif /* def HAVE_GETGRGID_R */ +} diff --git a/Linux-PAM/modules/pammodutil/modutil_getgrnam.c b/Linux-PAM/modules/pammodutil/modutil_getgrnam.c new file mode 100644 index 00000000..0727618c --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_getgrnam.c @@ -0,0 +1,139 @@ +/* + * $Id: modutil_getgrnam.c,v 1.3 2005/03/30 14:59:41 kukuk Exp $ + * + * This function provides a thread safer version of getgrnam() for use + * with PAM modules that care about this sort of thing. + * + * XXX - or at least it should provide a thread-safe alternative. + */ + +#include "pammodutil.h" + +#include <errno.h> +#include <limits.h> +#include <grp.h> +#include <pthread.h> +#include <stdio.h> +#include <stdlib.h> + +static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +static void _pammodutil_lock(void) +{ + pthread_mutex_lock(&_pammodutil_mutex); +} +static void _pammodutil_unlock(void) +{ + pthread_mutex_unlock(&_pammodutil_mutex); +} + +static int intlen(int number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + +struct group *_pammodutil_getgrnam(pam_handle_t *pamh, const char *group) +{ +#ifdef HAVE_GETGRNAM_R + + void *buffer=NULL; + size_t length = PWD_INITIAL_LENGTH; + + do { + int status; + void *new_buffer; + struct group *result = NULL; + + new_buffer = realloc(buffer, sizeof(struct group) + length); + if (new_buffer == NULL) { + + D(("out of memory")); + + /* no memory for the group - so delete the memory */ + if (buffer) { + free(buffer); + } + return NULL; + } + buffer = new_buffer; + + /* make the re-entrant call to get the grp structure */ + errno = 0; + status = getgrnam_r(group, buffer, + sizeof(struct group) + (char *) buffer, + length, &result); + if (!status && (result == buffer)) { + char *data_name; + const void *ignore; + int i; + + data_name = malloc(strlen("_pammodutil_getgrnam") + 1 + + strlen(group) + 1 + intlen(INT_MAX) + 1); + if ((pamh != NULL) && (data_name == NULL)) { + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + free(buffer); + return NULL; + } + + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i); + _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, _pammodutil_cleanup); + } + _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } + } + } else { + status = PAM_SUCCESS; + } + + free(data_name); + + if (status == PAM_SUCCESS) { + D(("success")); + return result; + } + + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + + free(buffer); + return NULL; + + } else if (errno != ERANGE && errno != EINTR) { + /* no sense in repeating the call */ + break; + } + + length <<= 2; + + } while (length < PWD_ABSURD_PWD_LENGTH); + + D(("grp structure took %u bytes or so of memory", + length+sizeof(struct group))); + + free(buffer); + return NULL; + +#else /* ie. ifndef HAVE_GETGRNAM_R */ + + /* + * Sorry, there does not appear to be a reentrant version of + * getgrnam(). So, we use the standard libc function. + */ + + return getgrnam(group); + +#endif /* def HAVE_GETGRNAM_R */ +} diff --git a/Linux-PAM/modules/pammodutil/modutil_getlogin.c b/Linux-PAM/modules/pammodutil/modutil_getlogin.c new file mode 100644 index 00000000..0e4a48d8 --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_getlogin.c @@ -0,0 +1,72 @@ +/* + * $Id: modutil_getlogin.c,v 1.4 2004/11/08 10:57:15 t8m Exp $ + * + * A central point for invoking getlogin(). Hopefully, this is a + * little harder to spoof than all the other versions that are out + * there. + */ + +#include "pammodutil.h" + +#include <stdlib.h> +#include <unistd.h> +#include <utmp.h> + +#define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" + +const char *_pammodutil_getlogin(pam_handle_t *pamh) +{ + int status; + char *logname; + const char *curr_tty; + char *curr_user; + struct utmp *ut, line; + + status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, + (const void **) &logname); + if (status == PAM_SUCCESS) { + return logname; + } + + status = pam_get_item(pamh, PAM_TTY, (const void **) &curr_tty); + if ((status != PAM_SUCCESS) || (curr_tty == NULL)) { + curr_tty = ttyname(0); + } + + if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) { + return NULL; + } + + curr_tty += 5; /* strlen("/dev/") */ + logname = NULL; + + setutent(); + strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); + + if ((ut = getutline(&line)) == NULL) { + goto clean_up_and_go_home; + } + + curr_user = calloc(sizeof(line.ut_user)+1, 1); + if (curr_user == NULL) { + goto clean_up_and_go_home; + } + + strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); + /* calloc already zeroed the memory */ + + status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user, + _pammodutil_cleanup); + if (status != PAM_SUCCESS) { + free(curr_user); + goto clean_up_and_go_home; + } + + logname = curr_user; + +clean_up_and_go_home: + + endutent(); + + return logname; +} diff --git a/Linux-PAM/modules/pammodutil/modutil_getpwnam.c b/Linux-PAM/modules/pammodutil/modutil_getpwnam.c index e3a8f270..eb359544 100644 --- a/Linux-PAM/modules/pammodutil/modutil_getpwnam.c +++ b/Linux-PAM/modules/pammodutil/modutil_getpwnam.c @@ -1,5 +1,5 @@ /* - * $Id: modutil_getpwnam.c,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ + * $Id: modutil_getpwnam.c,v 1.4 2005/03/30 14:59:41 kukuk Exp $ * * This function provides a thread safer version of getpwnam() for use * with PAM modules that care about this sort of thing. @@ -9,9 +9,33 @@ #include "pammodutil.h" +#include <errno.h> +#include <limits.h> +#include <pthread.h> #include <pwd.h> +#include <stdio.h> #include <stdlib.h> +static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +static void _pammodutil_lock(void) +{ + pthread_mutex_lock(&_pammodutil_mutex); +} +static void _pammodutil_unlock(void) +{ + pthread_mutex_unlock(&_pammodutil_mutex); +} + +static int intlen(int number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user) { #ifdef HAVE_GETPWNAM_R @@ -38,12 +62,44 @@ struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user) buffer = new_buffer; /* make the re-entrant call to get the pwd structure */ + errno = 0; status = getpwnam_r(user, buffer, sizeof(struct passwd) + (char *) buffer, length, &result); - if (!status && result) { - status = pam_set_data(pamh, "_pammodutil_getpwnam", result, - _pammodutil_cleanup); + if (!status && (result == buffer)) { + char *data_name; + const void *ignore; + int i; + + data_name = malloc(strlen("_pammodutil_getpwnam") + 1 + + strlen(user) + 1 + intlen(INT_MAX) + 1); + if ((pamh != NULL) && (data_name == NULL)) { + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + free(buffer); + return NULL; + } + + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i); + _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, _pammodutil_cleanup); + } + _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } + } + } else { + status = PAM_SUCCESS; + } + + free(data_name); + if (status == PAM_SUCCESS) { D(("success")); return result; @@ -55,9 +111,12 @@ struct passwd *_pammodutil_getpwnam(pam_handle_t *pamh, const char *user) free(buffer); return NULL; - } + } else if (errno != ERANGE && errno != EINTR) { + /* no sense in repeating the call */ + break; + } - length <<= 1; + length <<= 2; } while (length < PWD_ABSURD_PWD_LENGTH); diff --git a/Linux-PAM/modules/pammodutil/modutil_getpwuid.c b/Linux-PAM/modules/pammodutil/modutil_getpwuid.c index cd93ded4..8ba20d17 100644 --- a/Linux-PAM/modules/pammodutil/modutil_getpwuid.c +++ b/Linux-PAM/modules/pammodutil/modutil_getpwuid.c @@ -1,5 +1,5 @@ /* - * $Id: modutil_getpwuid.c,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ + * $Id: modutil_getpwuid.c,v 1.4 2005/03/30 14:59:41 kukuk Exp $ * * This function provides a thread safer version of getpwuid() for use * with PAM modules that care about this sort of thing. @@ -9,12 +9,46 @@ #include "pammodutil.h" +#include <errno.h> +#include <limits.h> +#include <pthread.h> #include <pwd.h> +#include <stdio.h> #include <stdlib.h> +static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +static void _pammodutil_lock(void) +{ + pthread_mutex_lock(&_pammodutil_mutex); +} +static void _pammodutil_unlock(void) +{ + pthread_mutex_unlock(&_pammodutil_mutex); +} + +static int intlen(int number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + +static int longlen(long number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) { -#ifdef HAVE_GETPWNAM_R +#ifdef HAVE_GETPWUID_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; @@ -38,12 +72,45 @@ struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) buffer = new_buffer; /* make the re-entrant call to get the pwd structure */ + errno = 0; status = getpwuid_r(uid, buffer, sizeof(struct passwd) + (char *) buffer, length, &result); - if (!status && result) { - status = pam_set_data(pamh, "_pammodutil_getpwuid", result, - _pammodutil_cleanup); + if (!status && (result == buffer)) { + char *data_name; + const void *ignore; + int i; + + data_name = malloc(strlen("_pammodutil_getpwuid") + 1 + + longlen((long) uid) + 1 + intlen(INT_MAX) + 1); + if ((pamh != NULL) && (data_name == NULL)) { + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + free(buffer); + return NULL; + } + + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", + (long) uid, i); + _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, _pammodutil_cleanup); + } + _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } + } + } else { + status = PAM_SUCCESS; + } + + free(data_name); + if (status == PAM_SUCCESS) { D(("success")); return result; @@ -55,9 +122,12 @@ struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) free(buffer); return NULL; - } + } else if (errno != ERANGE && errno != EINTR) { + /* no sense in repeating the call */ + break; + } - length <<= 1; + length <<= 2; } while (length < PWD_ABSURD_PWD_LENGTH); @@ -67,14 +137,14 @@ struct passwd *_pammodutil_getpwuid(pam_handle_t *pamh, uid_t uid) free(buffer); return NULL; -#else /* ie. ifndef HAVE_GETPWNAM_R */ +#else /* ie. ifndef HAVE_GETPWUID_R */ /* * Sorry, there does not appear to be a reentrant version of - * getpwnam(). So, we use the standard libc function. + * getpwuid(). So, we use the standard libc function. */ return getpwuid(uid); -#endif /* def HAVE_GETPWNAM_R */ +#endif /* def HAVE_GETPWUID_R */ } diff --git a/Linux-PAM/modules/pammodutil/modutil_getspnam.c b/Linux-PAM/modules/pammodutil/modutil_getspnam.c new file mode 100644 index 00000000..e966bb52 --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_getspnam.c @@ -0,0 +1,139 @@ +/* + * $Id: modutil_getspnam.c,v 1.3 2005/03/30 14:59:41 kukuk Exp $ + * + * This function provides a thread safer version of getspnam() for use + * with PAM modules that care about this sort of thing. + * + * XXX - or at least it should provide a thread-safe alternative. + */ + +#include "pammodutil.h" + +#include <errno.h> +#include <limits.h> +#include <pthread.h> +#include <shadow.h> +#include <stdio.h> +#include <stdlib.h> + +static pthread_mutex_t _pammodutil_mutex = PTHREAD_MUTEX_INITIALIZER; +static void _pammodutil_lock(void) +{ + pthread_mutex_lock(&_pammodutil_mutex); +} +static void _pammodutil_unlock(void) +{ + pthread_mutex_unlock(&_pammodutil_mutex); +} + +static int intlen(int number) +{ + int len = 2; + while (number != 0) { + number /= 10; + len++; + } + return len; +} + +struct spwd *_pammodutil_getspnam(pam_handle_t *pamh, const char *user) +{ +#ifdef HAVE_GETSPNAM_R + + void *buffer=NULL; + size_t length = PWD_INITIAL_LENGTH; + + do { + int status; + void *new_buffer; + struct spwd *result = NULL; + + new_buffer = realloc(buffer, sizeof(struct spwd) + length); + if (new_buffer == NULL) { + + D(("out of memory")); + + /* no memory for the user - so delete the memory */ + if (buffer) { + free(buffer); + } + return NULL; + } + buffer = new_buffer; + + /* make the re-entrant call to get the spwd structure */ + errno = 0; + status = getspnam_r(user, buffer, + sizeof(struct spwd) + (char *) buffer, + length, &result); + if (!status && (result == buffer)) { + char *data_name; + const void *ignore; + int i; + + data_name = malloc(strlen("_pammodutil_getspnam") + 1 + + strlen(user) + 1 + intlen(INT_MAX) + 1); + if ((pamh != NULL) && (data_name == NULL)) { + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + free(buffer); + return NULL; + } + + if (pamh != NULL) { + for (i = 0; i < INT_MAX; i++) { + sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i); + _pammodutil_lock(); + status = PAM_NO_MODULE_DATA; + if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { + status = pam_set_data(pamh, data_name, + result, _pammodutil_cleanup); + } + _pammodutil_unlock(); + if (status == PAM_SUCCESS) { + break; + } + } + } else { + status = PAM_SUCCESS; + } + + free(data_name); + + if (status == PAM_SUCCESS) { + D(("success")); + return result; + } + + D(("was unable to register the data item [%s]", + pam_strerror(pamh, status))); + + free(buffer); + return NULL; + + } else if (errno != ERANGE && errno != EINTR) { + /* no sense in repeating the call */ + break; + } + + length <<= 2; + + } while (length < PWD_ABSURD_PWD_LENGTH); + + D(("spwd structure took %u bytes or so of memory", + length+sizeof(struct spwd))); + + free(buffer); + return NULL; + +#else /* ie. ifndef HAVE_GETSPNAM_R */ + + /* + * Sorry, there does not appear to be a reentrant version of + * getspnam(). So, we use the standard libc function. + */ + + return getspnam(user); + +#endif /* def HAVE_GETSPNAM_R */ +} diff --git a/Linux-PAM/modules/pammodutil/modutil_ingroup.c b/Linux-PAM/modules/pammodutil/modutil_ingroup.c new file mode 100644 index 00000000..e1f88b81 --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_ingroup.c @@ -0,0 +1,121 @@ +/* + * $Id: modutil_ingroup.c,v 1.1 2004/09/24 13:14:14 kukuk Exp $ + * + * This function provides common methods for checking if a user is in a + * specified group. + */ + +#include "pammodutil.h" +#include "include/security/_pam_modutil.h" +#include <pwd.h> +#include <grp.h> + +#ifdef HAVE_GETGROUPLIST +static int checkgrouplist(const char *user, gid_t primary, gid_t target) +{ + gid_t *grouplist = NULL; + int agroups, ngroups, i; + ngroups = agroups = 3; + do { + grouplist = malloc(sizeof(gid_t) * agroups); + if (grouplist == NULL) { + return 0; + } + ngroups = agroups; + i = getgrouplist(user, primary, grouplist, &ngroups); + if ((i < 0) || (ngroups < 1)) { + agroups *= 2; + free(grouplist); + } else { + for (i = 0; i < ngroups; i++) { + if (grouplist[i] == target) { + free(grouplist); + return 1; + } + } + free(grouplist); + } + } while (((i < 0) || (ngroups < 1)) && (agroups < 10000)); + return 0; +} +#endif + +static int _pammodutil_user_in_group_common(pam_handle_t *pamh, + struct passwd *pwd, + struct group *grp) +{ + int i; + + if (pwd == NULL) { + return 0; + } + if (grp == NULL) { + return 0; + } + + if (pwd->pw_gid == grp->gr_gid) { + return 1; + } + + for (i = 0; (grp->gr_mem != NULL) && (grp->gr_mem[i] != NULL); i++) { + if (strcmp(pwd->pw_name, grp->gr_mem[i]) == 0) { + return 1; + } + } + +#ifdef HAVE_GETGROUPLIST + if (checkgrouplist(pwd->pw_name, pwd->pw_gid, grp->gr_gid)) { + return 1; + } +#endif + + return 0; +} + +int _pammodutil_user_in_group_nam_nam(pam_handle_t *pamh, + const char *user, const char *group) +{ + struct passwd *pwd; + struct group *grp; + + pwd = _pammodutil_getpwnam(pamh, user); + grp = _pammodutil_getgrnam(pamh, group); + + return _pammodutil_user_in_group_common(pamh, pwd, grp); +} + +int _pammodutil_user_in_group_nam_gid(pam_handle_t *pamh, + const char *user, gid_t group) +{ + struct passwd *pwd; + struct group *grp; + + pwd = _pammodutil_getpwnam(pamh, user); + grp = _pammodutil_getgrgid(pamh, group); + + return _pammodutil_user_in_group_common(pamh, pwd, grp); +} + +int _pammodutil_user_in_group_uid_nam(pam_handle_t *pamh, + uid_t user, const char *group) +{ + struct passwd *pwd; + struct group *grp; + + pwd = _pammodutil_getpwuid(pamh, user); + grp = _pammodutil_getgrnam(pamh, group); + + return _pammodutil_user_in_group_common(pamh, pwd, grp); +} + +int _pammodutil_user_in_group_uid_gid(pam_handle_t *pamh, + uid_t user, gid_t group) +{ + struct passwd *pwd; + struct group *grp; + + pwd = _pammodutil_getpwuid(pamh, user); + grp = _pammodutil_getgrgid(pamh, group); + + return _pammodutil_user_in_group_common(pamh, pwd, grp); +} diff --git a/Linux-PAM/modules/pammodutil/modutil_ioloop.c b/Linux-PAM/modules/pammodutil/modutil_ioloop.c new file mode 100644 index 00000000..37ac76fc --- /dev/null +++ b/Linux-PAM/modules/pammodutil/modutil_ioloop.c @@ -0,0 +1,52 @@ +/* + * $Id: modutil_ioloop.c,v 1.2 2004/09/24 09:18:22 kukuk Exp $ + * + * These functions provides common methods for ensure a complete read or + * write occurs. It handles EINTR and partial read/write returns. + */ + +#include <unistd.h> +#include <errno.h> + +#include <security/pam_modules.h> +#include "include/security/_pam_modutil.h" + +int _pammodutil_read(int fd, char *buffer, int count) +{ + int block, offset = 0; + + while (count > 0) { + block = read(fd, &buffer[offset], count); + + if (block < 0) { + if (errno == EINTR) continue; + return block; + } + if (block == 0) return offset; + + offset += block; + count -= block; + } + + return offset; +} + +int _pammodutil_write(int fd, const char *buffer, int count) +{ + int block, offset = 0; + + while (count > 0) { + block = write(fd, &buffer[offset], count); + + if (block < 0) { + if (errno == EINTR) continue; + return block; + } + if (block == 0) return offset; + + offset += block; + count -= block; + } + + return offset; +} diff --git a/Linux-PAM/modules/pammodutil/pammodutil.h b/Linux-PAM/modules/pammodutil/pammodutil.h index 78d7e517..2b80c852 100644 --- a/Linux-PAM/modules/pammodutil/pammodutil.h +++ b/Linux-PAM/modules/pammodutil/pammodutil.h @@ -2,7 +2,7 @@ #define PAMMODUTIL_H /* - * $Id: pammodutil.h,v 1.1.1.1 2002/09/15 20:09:04 hartmans Exp $ + * $Id: pammodutil.h,v 1.2 2005/03/30 10:42:54 t8m Exp $ * * Copyright (c) 2001 Andrew Morgan <morgan@kernel.org> */ @@ -13,7 +13,7 @@ #include <security/_pam_modutil.h> #define PWD_INITIAL_LENGTH 0x100 -#define PWD_ABSURD_PWD_LENGTH 0x1000 +#define PWD_ABSURD_PWD_LENGTH 0x8000 /* This is a simple cleanup, it just free()s the 'data' memory */ extern void _pammodutil_cleanup(pam_handle_t *pamh, void *data, diff --git a/Linux-PAM/pgp.keys.asc b/Linux-PAM/pgp.keys.asc index a516c379..583accd9 100644 --- a/Linux-PAM/pgp.keys.asc +++ b/Linux-PAM/pgp.keys.asc @@ -1,3 +1,54 @@ + +pub 1024D/D41A6DF2 2002-09-23 Andrew G. Morgan <morgan@kernel.org> +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.0.6 (GNU/Linux) +Comment: For info see http://www.gnupg.org + +mQGiBD2PVCcRBADmR2dfKJIaGj120v0EjrGbnYic8nKCrDLUHmtiZyIlMeTNqnw/ +/Q2m057SIyFC5K5W7XV8LIsOcpEBAdIS5QLClwec/wqVj1FU5TLHNifR9fBq+DaI +tyMH+LX/HUo4xPaJ5KnE62/3M/SyUx/S69RURfRdDsC+9ucKZkW9mnRiUwCgm18E ++aUKNBKGyqHaNK+n50jxW0ED/2epmE6porj12MyTlTvmxHuq7SSqgzTP8KoNoOE4 +mtZnYAkopb8uksBo4yj4abfBZNiVXEttc+XpwhnRODfy576wVy/lmDMTFAz7CYw8 +5Qmsf9HZXyAS+XovscbYYAWq11BycqHzVNqOevMZPX4Om7+rHBcIPI6pCd3ouPlW +ObE5A/oDWXC35DcgFdmgVH2qr5COEvrDs9T5w4UdRXBMj2khE+32rdP0qqGYCW13 +by84+Cpoekmg+6/FqL/At0Xl2a87czur5xR9mrDd32iknws0DggEuf+zL3Twt9kA +ftnqgiGr33iaNeXwgqfgQYMbxruLvjaAOayKPhr+tgJU6bIpWbQkQW5kcmV3IEcu +IE1vcmdhbiA8bW9yZ2FuQGtlcm5lbC5vcmc+iFcEExECABcFAj2PVCcFCwcKAwQD +FQMCAxYCAQIXgAAKCRBCF4Sr1Bpt8u+VAJ958HbiLmhrpWjAauN9GrtKudijkACf +R2XasdjQs2ECc2qMX19QwNohDAc= +=7XTB +-----END PGP PUBLIC KEY BLOCK----- + + +The following is my DSA key 'D41A6DF2' signed with my old '2A398175' +RSA key. + +-----BEGIN PGP MESSAGE----- +Version: 2.6.3a + +owF9k82L42QAxmccVjFzUNjbHLQLHlbDTJq0aZuRAd+8+WgmaZqkTZtWWchHk6Zt +vpOmGcT1A1zm5EVZPXhQYW972IMHFVxQPK14UNjLICKiexBkEQQ9iI7zB/hcf4eH +B57f6dY7O5e2jt76ab/58Db7HPVasb3NvLvzT/5G44+H1uSpW0/fffDih3Dv9+uv +/ka/9Nh3n/h865FH0Qd1/f7Ny4/jg28/uPJ9tvvRjTdPrz1z+vVnyf4t50T95vmr +/gtninr/q7NP56+8/4Xb/tlJl9d/vXNj9+bnly6/vHX2p56urvwQ/3j3y92Pt/eO +3w57h3vO7O+/tn+5dw17HT555/bOe9YTQZR6ZrjPNHHQYjhi6zz7/4VmeUGuKbxS +U3RaEmBNZCc1WupD8QIjo1ma+VF4WOPDQuFra/ygftCqXeVlHZP8sNg8i8AoCGZh +fljjorTmh25Uy2az2jzP40MMK8vywAuL2Ds470eQQOV9miGUEbQ1GjCBRjiueCyY +/AIn6us6u0h5K5z4dicUYcpIejfI/WklrHqzoZyEJYZgKhHUyfZAqDhIiuS4bYw6 +kpD17ZilgSMMSFWCq3JmY2UyWuCcTg6lruy7GuXSCcqYApJXvS4qGVhXj5obxTwm +xZBtEVijhw0qfYMNWpSma67mMBlEqcIWp8sxFYSar5fQC/AOi6CmLsq0yFdJ15RF +NCTri824zjIYMYsDthVH6fmWXjVcDdfBplsk7cEg8U6GSkeM5KjPNpEgn4YTsIxi +q1MsMzpqVoumabn0VPZHBpvnNmrE5TzU+oxbke1WOaqwVcD0hhw4acNJ2UFINchc +qjs1KjBAjWid2dZkAsYJjtOVnXRPRnLSn617U8Vo9oM2mnZpW1CEVgydRlQoqzHS +t1gSYBEzNmCDZGyPcwJv1CWSlIR9dp0yGTUky6buaAbdWxDLOYs2iNRR6knCT+AY +byBW1WmiMI5my8BDWxiXSBjI68aKMDtt+6RIyY1GBSnjNAh/GZZZnfE8tnDRE6kx +LHNqCRA3DxPP59NGwzflmVF6ieupk561SQtpvTBB36xEZZ6iuXestywhHlvqUh2T +SzsYNQTWLhCBxdd24MwtH3SsMVVNCa5Q+XxlB+TKguQ5s1Gfs1l2w0JA2xxYXJyO +g6UtglJlEE7tQbCZQKAKhgeACDUacs1BitNx3inQETimyE7X8qVgnsbjBTALmeLT +XCwcf7EE0EU0wjAzZ6FmBAttIukZOKWWcjRngH2EHLWNIY1cGMTKzP/o9S8= +=cdkf +-----END PGP MESSAGE----- + Type Bits/KeyID Date User ID pub 1024/2A398175 1996/11/17 Andrew G. Morgan <morgan@linux.kernel.org> Andrew G. Morgan <morgan@transmeta.com> |