summaryrefslogtreecommitdiff
path: root/modules/pam_tally2
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_tally2')
-rw-r--r--modules/pam_tally2/Makefile.am43
-rw-r--r--modules/pam_tally2/Makefile.in1227
-rw-r--r--modules/pam_tally2/README156
-rw-r--r--modules/pam_tally2/README.xml46
-rw-r--r--modules/pam_tally2/pam_tally2.8244
-rw-r--r--modules/pam_tally2/pam_tally2.8.xml450
-rw-r--r--modules/pam_tally2/pam_tally2.c1035
-rw-r--r--modules/pam_tally2/pam_tally2_app.c6
-rw-r--r--modules/pam_tally2/tallylog.h52
-rwxr-xr-xmodules/pam_tally2/tst-pam_tally22
10 files changed, 0 insertions, 3261 deletions
diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am
deleted file mode 100644
index 5c887ad7..00000000
--- a/modules/pam_tally2/Makefile.am
+++ /dev/null
@@ -1,43 +0,0 @@
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-# Copyright (c) 2008 Red Hat, Inc.
-#
-
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-
-EXTRA_DIST = $(XMLS)
-
-if HAVE_DOC
-dist_man_MANS = pam_tally2.8
-endif
-XMLS = README.xml pam_tally2.8.xml
-dist_check_SCRIPTS = tst-pam_tally2
-TESTS = $(dist_check_SCRIPTS)
-
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-noinst_HEADERS = tallylog.h
-
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-
-pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module
-pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-if HAVE_VERSIONING
- pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
-endif
-
-pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-
-securelib_LTLIBRARIES = pam_tally2.la
-sbin_PROGRAMS = pam_tally2
-
-pam_tally2_la_SOURCES = pam_tally2.c
-pam_tally2_SOURCES = pam_tally2_app.c
-
-if ENABLE_REGENERATE_MAN
-dist_noinst_DATA = README
--include $(top_srcdir)/Make.xml.rules
-endif
diff --git a/modules/pam_tally2/Makefile.in b/modules/pam_tally2/Makefile.in
deleted file mode 100644
index 4484af86..00000000
--- a/modules/pam_tally2/Makefile.in
+++ /dev/null
@@ -1,1227 +0,0 @@
-# Makefile.in generated by automake 1.16.1 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2018 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-#
-# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
-# Copyright (c) 2008 Red Hat, Inc.
-#
-
-
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
-sbin_PROGRAMS = pam_tally2$(EXEEXT)
-subdir = modules/pam_tally2
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
- $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
- $(top_srcdir)/m4/japhar_grep_cflags.m4 \
- $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
- $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
- $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
- $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
- $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
- $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
- $(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
- "$(DESTDIR)$(man8dir)"
-PROGRAMS = $(sbin_PROGRAMS)
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-LTLIBRARIES = $(securelib_LTLIBRARIES)
-am__DEPENDENCIES_1 =
-pam_tally2_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
- $(am__DEPENDENCIES_1)
-am_pam_tally2_la_OBJECTS = pam_tally2.lo
-pam_tally2_la_OBJECTS = $(am_pam_tally2_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@
-am_pam_tally2_OBJECTS = pam_tally2_app.$(OBJEXT)
-pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS)
-pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
- $(am__DEPENDENCIES_1)
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__maybe_remake_depfiles = depfiles
-am__depfiles_remade = ./$(DEPDIR)/pam_tally2.Plo \
- ./$(DEPDIR)/pam_tally2_app.Po
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES)
-DIST_SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-man8dir = $(mandir)/man8
-NROFF = nroff
-MANS = $(dist_man_MANS)
-am__dist_noinst_DATA_DIST = README
-DATA = $(dist_noinst_DATA)
-HEADERS = $(noinst_HEADERS)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__tty_colors_dummy = \
- mgn= red= grn= lgn= blu= brg= std=; \
- am__color_tests=no
-am__tty_colors = { \
- $(am__tty_colors_dummy); \
- if test "X$(AM_COLOR_TESTS)" = Xno; then \
- am__color_tests=no; \
- elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
- am__color_tests=yes; \
- elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
- am__color_tests=yes; \
- fi; \
- if test $$am__color_tests = yes; then \
- red=''; \
- grn=''; \
- lgn=''; \
- blu=''; \
- mgn=''; \
- brg=''; \
- std=''; \
- fi; \
-}
-am__recheck_rx = ^[ ]*:recheck:[ ]*
-am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
-am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
-# A command that, given a newline-separated list of test names on the
-# standard input, print the name of the tests that are to be re-run
-# upon "make recheck".
-am__list_recheck_tests = $(AWK) '{ \
- recheck = 1; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- { \
- if ((getline line2 < ($$0 ".log")) < 0) \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
- { \
- recheck = 0; \
- break; \
- } \
- else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
- { \
- break; \
- } \
- }; \
- if (recheck) \
- print $$0; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# A command that, given a newline-separated list of test names on the
-# standard input, create the global log from their .trs and .log files.
-am__create_global_log = $(AWK) ' \
-function fatal(msg) \
-{ \
- print "fatal: making $@: " msg | "cat >&2"; \
- exit 1; \
-} \
-function rst_section(header) \
-{ \
- print header; \
- len = length(header); \
- for (i = 1; i <= len; i = i + 1) \
- printf "="; \
- printf "\n\n"; \
-} \
-{ \
- copy_in_global_log = 1; \
- global_test_result = "RUN"; \
- while ((rc = (getline line < ($$0 ".trs"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".trs"); \
- if (line ~ /$(am__global_test_result_rx)/) \
- { \
- sub("$(am__global_test_result_rx)", "", line); \
- sub("[ ]*$$", "", line); \
- global_test_result = line; \
- } \
- else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
- copy_in_global_log = 0; \
- }; \
- if (copy_in_global_log) \
- { \
- rst_section(global_test_result ": " $$0); \
- while ((rc = (getline line < ($$0 ".log"))) != 0) \
- { \
- if (rc < 0) \
- fatal("failed to read from " $$0 ".log"); \
- print line; \
- }; \
- printf "\n"; \
- }; \
- close ($$0 ".trs"); \
- close ($$0 ".log"); \
-}'
-# Restructured Text title.
-am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
-# Solaris 10 'make', and several other traditional 'make' implementations,
-# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
-# by disabling -e (using the XSI extension "set +e") if it's set.
-am__sh_e_setup = case $$- in *e*) set +e;; esac
-# Default flags passed to test drivers.
-am__common_driver_flags = \
- --color-tests "$$am__color_tests" \
- --enable-hard-errors "$$am__enable_hard_errors" \
- --expect-failure "$$am__expect_failure"
-# To be inserted before the command running the test. Creates the
-# directory for the log if needed. Stores in $dir the directory
-# containing $f, in $tst the test, in $log the log. Executes the
-# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
-# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
-# will run the test scripts (or their associated LOG_COMPILER, if
-# thy have one).
-am__check_pre = \
-$(am__sh_e_setup); \
-$(am__vpath_adj_setup) $(am__vpath_adj) \
-$(am__tty_colors); \
-srcdir=$(srcdir); export srcdir; \
-case "$@" in \
- */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
- *) am__odir=.;; \
-esac; \
-test "x$$am__odir" = x"." || test -d "$$am__odir" \
- || $(MKDIR_P) "$$am__odir" || exit $$?; \
-if test -f "./$$f"; then dir=./; \
-elif test -f "$$f"; then dir=; \
-else dir="$(srcdir)/"; fi; \
-tst=$$dir$$f; log='$@'; \
-if test -n '$(DISABLE_HARD_ERRORS)'; then \
- am__enable_hard_errors=no; \
-else \
- am__enable_hard_errors=yes; \
-fi; \
-case " $(XFAIL_TESTS) " in \
- *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
- am__expect_failure=yes;; \
- *) \
- am__expect_failure=no;; \
-esac; \
-$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
-# A shell command to get the names of the tests scripts with any registered
-# extension removed (i.e., equivalently, the names of the test logs, with
-# the '.log' extension removed). The result is saved in the shell variable
-# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
-# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
-# since that might cause problem with VPATH rewrites for suffix-less tests.
-# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
-am__set_TESTS_bases = \
- bases='$(TEST_LOGS)'; \
- bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
- bases=`echo $$bases`
-RECHECK_LOGS = $(TEST_LOGS)
-AM_RECURSIVE_TARGETS = check recheck
-TEST_SUITE_LOG = test-suite.log
-TEST_EXTENSIONS = @EXEEXT@ .test
-LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
-am__set_b = \
- case '$@' in \
- */*) \
- case '$*' in \
- */*) b='$*';; \
- *) b=`echo '$@' | sed 's/\.log$$//'`; \
- esac;; \
- *) \
- b='$*';; \
- esac
-am__test_logs1 = $(TESTS:=.log)
-am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
-TEST_LOGS = $(am__test_logs2:.test.log=.log)
-TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
-TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
- $(TEST_LOG_FLAGS)
-am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BROWSER = @BROWSER@
-BUILD_CFLAGS = @BUILD_CFLAGS@
-BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
-BUILD_LDFLAGS = @BUILD_LDFLAGS@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CC_FOR_BUILD = @CC_FOR_BUILD@
-CFLAGS = @CFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-ECONF_CFLAGS = @ECONF_CFLAGS@
-ECONF_LIBS = @ECONF_LIBS@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FO2PDF = @FO2PDF@
-GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
-GMSGFMT = @GMSGFMT@
-GMSGFMT_015 = @GMSGFMT_015@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-INTLLIBS = @INTLLIBS@
-INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBAUDIT = @LIBAUDIT@
-LIBCRACK = @LIBCRACK@
-LIBCRYPT = @LIBCRYPT@
-LIBDB = @LIBDB@
-LIBDL = @LIBDL@
-LIBICONV = @LIBICONV@
-LIBINTL = @LIBINTL@
-LIBOBJS = @LIBOBJS@
-LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
-LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
-LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
-LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
-LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
-LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
-LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
-LIBS = @LIBS@
-LIBSELINUX = @LIBSELINUX@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBICONV = @LTLIBICONV@
-LTLIBINTL = @LTLIBINTL@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MSGFMT = @MSGFMT@
-MSGFMT_015 = @MSGFMT_015@
-MSGMERGE = @MSGMERGE@
-NIS_CFLAGS = @NIS_CFLAGS@
-NIS_LIBS = @NIS_LIBS@
-NM = @NM@
-NMEDIT = @NMEDIT@
-NSL_CFLAGS = @NSL_CFLAGS@
-NSL_LIBS = @NSL_LIBS@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PIE_CFLAGS = @PIE_CFLAGS@
-PIE_LDFLAGS = @PIE_LDFLAGS@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-POSUB = @POSUB@
-RANLIB = @RANLIB@
-SCONFIGDIR = @SCONFIGDIR@
-SECUREDIR = @SECUREDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
-STRIP = @STRIP@
-TIRPC_CFLAGS = @TIRPC_CFLAGS@
-TIRPC_LIBS = @TIRPC_LIBS@
-USE_NLS = @USE_NLS@
-VERSION = @VERSION@
-WARN_CFLAGS = @WARN_CFLAGS@
-XGETTEXT = @XGETTEXT@
-XGETTEXT_015 = @XGETTEXT_015@
-XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
-XMLCATALOG = @XMLCATALOG@
-XMLLINT = @XMLLINT@
-XML_CATALOG_FILE = @XML_CATALOG_FILE@
-XSLTPROC = @XSLTPROC@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-datadir = @datadir@
-datarootdir = @datarootdir@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-libc_cv_fpie = @libc_cv_fpie@
-libdir = @libdir@
-libexecdir = @libexecdir@
-localedir = @localedir@
-localstatedir = @localstatedir@
-mandir = @mandir@
-mkdir_p = @mkdir_p@
-oldincludedir = @oldincludedir@
-pam_cv_ld_O1 = @pam_cv_ld_O1@
-pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
-pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
-pam_xauth_path = @pam_xauth_path@
-pdfdir = @pdfdir@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-sbindir = @sbindir@
-sharedstatedir = @sharedstatedir@
-srcdir = @srcdir@
-sysconfdir = @sysconfdir@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-CLEANFILES = *~
-MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = $(XMLS)
-@HAVE_DOC_TRUE@dist_man_MANS = pam_tally2.8
-XMLS = README.xml pam_tally2.8.xml
-dist_check_SCRIPTS = tst-pam_tally2
-TESTS = $(dist_check_SCRIPTS)
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-noinst_HEADERS = tallylog.h
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- $(WARN_CFLAGS)
-
-pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module \
- $(am__append_1)
-pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
-securelib_LTLIBRARIES = pam_tally2.la
-pam_tally2_la_SOURCES = pam_tally2.c
-pam_tally2_SOURCES = pam_tally2_app.c
-@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally2/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu modules/pam_tally2/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-install-sbinPROGRAMS: $(sbin_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-sbinPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(sbindir)" && rm -f $$files
-
-clean-sbinPROGRAMS:
- @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
- }
-
-uninstall-securelibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
- done
-
-clean-securelibLTLIBRARIES:
- -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
- @list='$(securelib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES)
- $(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS)
-
-pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES)
- @rm -f pam_tally2$(EXEEXT)
- $(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2.Plo@am__quote@ # am--include-marker
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ # am--include-marker
-
-$(am__depfiles_remade):
- @$(MKDIR_P) $(@D)
- @echo '# dummy' >$@-t && $(am__mv) $@-t $@
-
-am--depfiles: $(am__depfiles_remade)
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-man8: $(dist_man_MANS)
- @$(NORMAL_INSTALL)
- @list1=''; \
- list2='$(dist_man_MANS)'; \
- test -n "$(man8dir)" \
- && test -n "`echo $$list1$$list2`" \
- || exit 0; \
- echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
- { for i in $$list1; do echo "$$i"; done; \
- if test -n "$$list2"; then \
- for i in $$list2; do echo "$$i"; done \
- | sed -n '/\.8[a-z]*$$/p'; \
- fi; \
- } | while read p; do \
- if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; echo "$$p"; \
- done | \
- sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
- sed 'N;N;s,\n, ,g' | { \
- list=; while read file base inst; do \
- if test "$$base" = "$$inst"; then list="$$list $$file"; else \
- echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
- $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
- fi; \
- done; \
- for i in $$list; do echo "$$i"; done | $(am__base_list) | \
- while read files; do \
- test -z "$$files" || { \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
- done; }
-
-uninstall-man8:
- @$(NORMAL_UNINSTALL)
- @list=''; test -n "$(man8dir)" || exit 0; \
- files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
- sed -n '/\.8[a-z]*$$/p'; \
- } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
- -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
- dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-# Recover from deleted '.trs' file; this should ensure that
-# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
-# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
-# to avoid problems with "make -n".
-.log.trs:
- rm -f $< $@
- $(MAKE) $(AM_MAKEFLAGS) $<
-
-# Leading 'am--fnord' is there to ensure the list of targets does not
-# expand to empty, as could happen e.g. with make check TESTS=''.
-am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
-am--force-recheck:
- @:
-
-$(TEST_SUITE_LOG): $(TEST_LOGS)
- @$(am__set_TESTS_bases); \
- am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
- redo_bases=`for i in $$bases; do \
- am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
- done`; \
- if test -n "$$redo_bases"; then \
- redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
- redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
- if $(am__make_dryrun); then :; else \
- rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
- fi; \
- fi; \
- if test -n "$$am__remaking_logs"; then \
- echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
- "recursion detected" >&2; \
- elif test -n "$$redo_logs"; then \
- am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
- fi; \
- if $(am__make_dryrun); then :; else \
- st=0; \
- errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
- for i in $$redo_bases; do \
- test -f $$i.trs && test -r $$i.trs \
- || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
- test -f $$i.log && test -r $$i.log \
- || { echo "$$errmsg $$i.log" >&2; st=1; }; \
- done; \
- test $$st -eq 0 || exit 1; \
- fi
- @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
- ws='[ ]'; \
- results=`for b in $$bases; do echo $$b.trs; done`; \
- test -n "$$results" || results=/dev/null; \
- all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
- pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
- fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
- skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
- xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
- xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
- error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
- if test `expr $$fail + $$xpass + $$error` -eq 0; then \
- success=true; \
- else \
- success=false; \
- fi; \
- br='==================='; br=$$br$$br$$br$$br; \
- result_count () \
- { \
- if test x"$$1" = x"--maybe-color"; then \
- maybe_colorize=yes; \
- elif test x"$$1" = x"--no-color"; then \
- maybe_colorize=no; \
- else \
- echo "$@: invalid 'result_count' usage" >&2; exit 4; \
- fi; \
- shift; \
- desc=$$1 count=$$2; \
- if test $$maybe_colorize = yes && test $$count -gt 0; then \
- color_start=$$3 color_end=$$std; \
- else \
- color_start= color_end=; \
- fi; \
- echo "$${color_start}# $$desc $$count$${color_end}"; \
- }; \
- create_testsuite_report () \
- { \
- result_count $$1 "TOTAL:" $$all "$$brg"; \
- result_count $$1 "PASS: " $$pass "$$grn"; \
- result_count $$1 "SKIP: " $$skip "$$blu"; \
- result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
- result_count $$1 "FAIL: " $$fail "$$red"; \
- result_count $$1 "XPASS:" $$xpass "$$red"; \
- result_count $$1 "ERROR:" $$error "$$mgn"; \
- }; \
- { \
- echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
- $(am__rst_title); \
- create_testsuite_report --no-color; \
- echo; \
- echo ".. contents:: :depth: 2"; \
- echo; \
- for b in $$bases; do echo $$b; done \
- | $(am__create_global_log); \
- } >$(TEST_SUITE_LOG).tmp || exit 1; \
- mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
- if $$success; then \
- col="$$grn"; \
- else \
- col="$$red"; \
- test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
- fi; \
- echo "$${col}$$br$${std}"; \
- echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
- echo "$${col}$$br$${std}"; \
- create_testsuite_report --maybe-color; \
- echo "$$col$$br$$std"; \
- if $$success; then :; else \
- echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
- if test -n "$(PACKAGE_BUGREPORT)"; then \
- echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
- fi; \
- echo "$$col$$br$$std"; \
- fi; \
- $$success || exit 1
-
-check-TESTS: $(dist_check_SCRIPTS)
- @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
- @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- trs_list=`for i in $$bases; do echo $$i.trs; done`; \
- log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
- exit $$?;
-recheck: all $(dist_check_SCRIPTS)
- @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
- @set +e; $(am__set_TESTS_bases); \
- bases=`for i in $$bases; do echo $$i; done \
- | $(am__list_recheck_tests)` || exit 1; \
- log_list=`for i in $$bases; do echo $$i.log; done`; \
- log_list=`echo $$log_list`; \
- $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
- am__force_recheck=am--force-recheck \
- TEST_LOGS="$$log_list"; \
- exit $$?
-tst-pam_tally2.log: tst-pam_tally2
- @p='tst-pam_tally2'; \
- b='tst-pam_tally2'; \
- $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-.test.log:
- @p='$<'; \
- $(am__set_b); \
- $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
- --log-file $$b.log --trs-file $$b.trs \
- $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
- "$$tst" $(AM_TESTS_FD_REDIRECT)
-@am__EXEEXT_TRUE@.test$(EXEEXT).log:
-@am__EXEEXT_TRUE@ @p='$<'; \
-@am__EXEEXT_TRUE@ $(am__set_b); \
-@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
-@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
-@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
-@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-
-distdir: $(BUILT_SOURCES)
- $(MAKE) $(AM_MAKEFLAGS) distdir-am
-
-distdir-am: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
- $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
- $(MAKE) $(AM_MAKEFLAGS) check-TESTS
-check: check-am
-all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
-installdirs:
- for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
- -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
- -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
- -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
- -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-clean: clean-am
-
-clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
- clean-securelibLTLIBRARIES mostlyclean-am
-
-distclean: distclean-am
- -rm -f ./$(DEPDIR)/pam_tally2.Plo
- -rm -f ./$(DEPDIR)/pam_tally2_app.Po
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-man install-securelibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am: install-sbinPROGRAMS
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man: install-man8
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -f ./$(DEPDIR)/pam_tally2.Plo
- -rm -f ./$(DEPDIR)/pam_tally2_app.Po
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-man uninstall-sbinPROGRAMS \
- uninstall-securelibLTLIBRARIES
-
-uninstall-man: uninstall-man8
-
-.MAKE: check-am install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
- check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
- clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-man8 install-pdf \
- install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
- install-securelibLTLIBRARIES install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man8 uninstall-sbinPROGRAMS \
- uninstall-securelibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/modules/pam_tally2/README b/modules/pam_tally2/README
deleted file mode 100644
index a3fd30e7..00000000
--- a/modules/pam_tally2/README
+++ /dev/null
@@ -1,156 +0,0 @@
-pam_tally2 — The login counter (tallying) module
-
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-DESCRIPTION
-
-This module maintains a count of attempted accesses, can reset count on
-success, can deny access if too many attempts fail.
-
-pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the
-PAM module and the latter, a stand-alone program. pam_tally2 is an (optional)
-application which can be used to interrogate and manipulate the counter file.
-It can display user counts, set individual counts, or clear all counts. Setting
-artificially high counts may be useful for blocking users without changing
-their passwords. For example, one might find it useful to clear all counts
-every midnight from a cron job.
-
-Normally, failed attempts to access root will not cause the root account to
-become blocked, to prevent denial-of-service: if your users aren't given shell
-accounts and root may only login via su or at the machine console (not telnet/
-rsh, etc), this is safe.
-
-OPTIONS
-
-GLOBAL OPTIONS
-
- This can be used for auth and account module types.
-
- onerr=[fail|succeed]
-
- If something weird happens (like unable to open the file), return with
- PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM
- error code.
-
- file=/path/to/counter
-
- File where to keep counts. Default is /var/log/tallylog.
-
- audit
-
- Will log the user name into the system log if the user is not found.
-
- silent
-
- Don't print informative messages. The messages printed without the
- silent option leak presence of accounts on the system because they are
- not printed for non-existing accounts.
-
- no_log_info
-
- Don't log informative messages via syslog(3).
-
- debug
-
- Always log tally count when it is incremented as a debug level message
- to the system log.
-
-AUTH OPTIONS
-
- Authentication phase first increments attempted login counter and checks if
- user should be denied access. If the user is authenticated and the login
- process continues on call to pam_setcred(3) it resets the attempts counter.
-
- deny=n
-
- Deny access if tally for this user exceeds n.
-
- lock_time=n
-
- Always deny for n seconds after failed attempt.
-
- unlock_time=n
-
- Allow access after n seconds after failed attempt. If this option is
- used the user will be locked out for the specified amount of time after
- he exceeded his maximum allowed attempts. Otherwise the account is
- locked until the lock is removed by a manual intervention of the system
- administrator.
-
- magic_root
-
- If the module is invoked by a user with uid=0 the counter is not
- incremented. The sysadmin should use this for user launched services,
- like su, otherwise this argument should be omitted.
-
- even_deny_root
-
- Root account can become unavailable.
-
- root_unlock_time=n
-
- This option implies even_deny_root option. Allow access after n seconds
- to root account after failed attempt. If this option is used the root
- user will be locked out for the specified amount of time after he
- exceeded his maximum allowed attempts.
-
- serialize
-
- Serialize access to the tally file using locks. This option might be
- used only for non-multithreaded services because it depends on the
- fcntl locking of the tally file. Also it is a good idea to use this
- option only in such configurations where the time between auth phase
- and account or setcred phase is not dependent on the authenticating
- client. Otherwise the authenticating client will be able to prevent
- simultaneous authentications by the same user by simply artificially
- prolonging the time the file record lock is held.
-
-ACCOUNT OPTIONS
-
- Account phase resets attempts counter if the user is not magic root. This
- phase can be used optionally for services which don't call pam_setcred(3)
- correctly or if the reset should be done regardless of the failure of the
- account phase of other modules.
-
- magic_root
-
- If the module is invoked by a user with uid=0 the counter is not
- changed. The sysadmin should use this for user launched services, like
- su, otherwise this argument should be omitted.
-
-NOTES
-
-pam_tally2 is not compatible with the old pam_tally faillog file format. This
-is caused by requirement of compatibility of the tallylog file format between
-32bit and 64bit architectures on multiarch systems.
-
-There is no setuid wrapper for access to the data file such as when the
-pam_tally2.so module is called from xscreensaver. As this would make it
-impossible to share PAM configuration with such services the following
-workaround is used: If the data file cannot be opened because of insufficient
-permissions (EACCES) the module returns PAM_IGNORE.
-
-EXAMPLES
-
-Add the following line to /etc/pam.d/login to lock the account after 4 failed
-logins. Root account will be locked as well. The accounts will be automatically
-unlocked after 20 minutes. The module does not have to be called in the account
-phase because the login calls pam_setcred(3) correctly.
-
-auth required pam_securetty.so
-auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
-auth required pam_env.so
-auth required pam_unix.so
-auth required pam_nologin.so
-account required pam_unix.so
-password required pam_unix.so
-session required pam_limits.so
-session required pam_unix.so
-session required pam_lastlog.so nowtmp
-session optional pam_mail.so standard
-
-
-AUTHOR
-
-pam_tally2 was written by Tim Baverstock and Tomas Mraz.
-
diff --git a/modules/pam_tally2/README.xml b/modules/pam_tally2/README.xml
deleted file mode 100644
index aa470570..00000000
--- a/modules/pam_tally2/README.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
-"http://www.docbook.org/xml/4.3/docbookx.dtd"
-[
-<!--
-<!ENTITY pamaccess SYSTEM "pam_tally2.8.xml">
--->
-]>
-
-<article>
-
- <articleinfo>
-
- <title>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/>
- </title>
-
- </articleinfo>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-description"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-options"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-notes"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-examples"]/*)'/>
- </section>
-
- <section>
- <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
- href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-author"]/*)'/>
- </section>
-
-</article>
diff --git a/modules/pam_tally2/pam_tally2.8 b/modules/pam_tally2/pam_tally2.8
deleted file mode 100644
index 2673682e..00000000
--- a/modules/pam_tally2/pam_tally2.8
+++ /dev/null
@@ -1,244 +0,0 @@
-'\" t
-.\" Title: pam_tally2
-.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
-.\" Date: 06/08/2020
-.\" Manual: Linux-PAM Manual
-.\" Source: Linux-PAM Manual
-.\" Language: English
-.\"
-.TH "PAM_TALLY2" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-pam_tally2 \- The login counter (tallying) module
-.SH "SYNOPSIS"
-.HP \w'\fBpam_tally2\&.so\fR\ 'u
-\fBpam_tally2\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [serialize] [audit] [silent] [no_log_info] [debug]
-.HP \w'\fBpam_tally2\fR\ 'u
-\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet]
-.SH "DESCRIPTION"
-.PP
-This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&.
-.PP
-pam_tally2 comes in two parts:
-\fBpam_tally2\&.so\fR
-and
-\fBpam_tally2\fR\&. The former is the PAM module and the latter, a stand\-alone program\&.
-\fBpam_tally2\fR
-is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display user counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&.
-.PP
-Normally, failed attempts to access
-\fIroot\fR
-will
-\fBnot\fR
-cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
-\fBsu\fR
-or at the machine console (not telnet/rsh, etc), this is safe\&.
-.SH "OPTIONS"
-.PP
-GLOBAL OPTIONS
-.RS 4
-This can be used for
-\fIauth\fR
-and
-\fIaccount\fR
-module types\&.
-.PP
-\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR
-.RS 4
-If something weird happens (like unable to open the file), return with
-\fBPAM_SUCCESS\fR
-if
-\fBonerr=\fR\fB\fIsucceed\fR\fR
-is given, else with the corresponding PAM error code\&.
-.RE
-.PP
-\fBfile=\fR\fB\fI/path/to/counter\fR\fR
-.RS 4
-File where to keep counts\&. Default is
-/var/log/tallylog\&.
-.RE
-.PP
-\fBaudit\fR
-.RS 4
-Will log the user name into the system log if the user is not found\&.
-.RE
-.PP
-\fBsilent\fR
-.RS 4
-Don\*(Aqt print informative messages\&. The messages printed without the
-\fIsilent\fR
-option leak presence of accounts on the system because they are not printed for non\-existing accounts\&.
-.RE
-.PP
-\fBno_log_info\fR
-.RS 4
-Don\*(Aqt log informative messages via
-\fBsyslog\fR(3)\&.
-.RE
-.PP
-\fBdebug\fR
-.RS 4
-Always log tally count when it is incremented as a debug level message to the system log\&.
-.RE
-.RE
-.PP
-AUTH OPTIONS
-.RS 4
-Authentication phase first increments attempted login counter and checks if user should be denied access\&. If the user is authenticated and the login process continues on call to
-\fBpam_setcred\fR(3)
-it resets the attempts counter\&.
-.PP
-\fBdeny=\fR\fB\fIn\fR\fR
-.RS 4
-Deny access if tally for this user exceeds
-\fIn\fR\&.
-.RE
-.PP
-\fBlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Always deny for
-\fIn\fR
-seconds after failed attempt\&.
-.RE
-.PP
-\fBunlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-Allow access after
-\fIn\fR
-seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&.
-.RE
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not incremented\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.PP
-\fBeven_deny_root\fR
-.RS 4
-Root account can become unavailable\&.
-.RE
-.PP
-\fBroot_unlock_time=\fR\fB\fIn\fR\fR
-.RS 4
-This option implies
-\fBeven_deny_root\fR
-option\&. Allow access after
-\fIn\fR
-seconds to root account after failed attempt\&. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&.
-.RE
-.PP
-\fBserialize\fR
-.RS 4
-Serialize access to the tally file using locks\&. This option might be used only for non\-multithreaded services because it depends on the fcntl locking of the tally file\&. Also it is a good idea to use this option only in such configurations where the time between auth phase and account or setcred phase is not dependent on the authenticating client\&. Otherwise the authenticating client will be able to prevent simultaneous authentications by the same user by simply artificially prolonging the time the file record lock is held\&.
-.RE
-.RE
-.PP
-ACCOUNT OPTIONS
-.RS 4
-Account phase resets attempts counter if the user is
-\fBnot\fR
-magic root\&. This phase can be used optionally for services which don\*(Aqt call
-\fBpam_setcred\fR(3)
-correctly or if the reset should be done regardless of the failure of the account phase of other modules\&.
-.PP
-\fBmagic_root\fR
-.RS 4
-If the module is invoked by a user with uid=0 the counter is not changed\&. The sysadmin should use this for user launched services, like
-\fBsu\fR, otherwise this argument should be omitted\&.
-.RE
-.RE
-.SH "MODULE TYPES PROVIDED"
-.PP
-The
-\fBauth\fR
-and
-\fBaccount\fR
-module types are provided\&.
-.SH "RETURN VALUES"
-.PP
-PAM_AUTH_ERR
-.RS 4
-A invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
-.RE
-.PP
-PAM_SUCCESS
-.RS 4
-Everything was successful\&.
-.RE
-.PP
-PAM_USER_UNKNOWN
-.RS 4
-User not known\&.
-.RE
-.SH "NOTES"
-.PP
-pam_tally2 is not compatible with the old pam_tally faillog file format\&. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\&.
-.PP
-There is no setuid wrapper for access to the data file such as when the
-\fBpam_tally2\&.so\fR
-module is called from xscreensaver\&. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEACCES\fR) the module returns
-\fBPAM_IGNORE\fR\&.
-.SH "EXAMPLES"
-.PP
-Add the following line to
-/etc/pam\&.d/login
-to lock the account after 4 failed logins\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. The module does not have to be called in the account phase because the
-\fBlogin\fR
-calls
-\fBpam_setcred\fR(3)
-correctly\&.
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-auth required pam_securetty\&.so
-auth required pam_tally2\&.so deny=4 even_deny_root unlock_time=1200
-auth required pam_env\&.so
-auth required pam_unix\&.so
-auth required pam_nologin\&.so
-account required pam_unix\&.so
-password required pam_unix\&.so
-session required pam_limits\&.so
-session required pam_unix\&.so
-session required pam_lastlog\&.so nowtmp
-session optional pam_mail\&.so standard
-
-.fi
-.if n \{\
-.RE
-.\}
-.SH "FILES"
-.PP
-/var/log/tallylog
-.RS 4
-failure count logging file
-.RE
-.SH "SEE ALSO"
-.PP
-\fBpam.conf\fR(5),
-\fBpam.d\fR(5),
-\fBpam\fR(8)
-.SH "AUTHOR"
-.PP
-pam_tally2 was written by Tim Baverstock and Tomas Mraz\&.
diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml
deleted file mode 100644
index d058cf91..00000000
--- a/modules/pam_tally2/pam_tally2.8.xml
+++ /dev/null
@@ -1,450 +0,0 @@
-<?xml version="1.0" encoding='UTF-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
-
-<refentry id="pam_tally2">
-
- <refmeta>
- <refentrytitle>pam_tally2</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
-
- <refnamediv id="pam_tally2-name">
- <refname>pam_tally2</refname>
- <refpurpose>The login counter (tallying) module</refpurpose>
- </refnamediv>
-
- <refsynopsisdiv>
- <cmdsynopsis id="pam_tally2-cmdsynopsis1">
- <command>pam_tally2.so</command>
- <arg choice="opt">
- file=<replaceable>/path/to/counter</replaceable>
- </arg>
- <arg choice="opt">
- onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]
- </arg>
- <arg choice="opt">
- magic_root
- </arg>
- <arg choice="opt">
- even_deny_root
- </arg>
- <arg choice="opt">
- deny=<replaceable>n</replaceable>
- </arg>
- <arg choice="opt">
- lock_time=<replaceable>n</replaceable>
- </arg>
- <arg choice="opt">
- unlock_time=<replaceable>n</replaceable>
- </arg>
- <arg choice="opt">
- root_unlock_time=<replaceable>n</replaceable>
- </arg>
- <arg choice="opt">
- serialize
- </arg>
- <arg choice="opt">
- audit
- </arg>
- <arg choice="opt">
- silent
- </arg>
- <arg choice="opt">
- no_log_info
- </arg>
- <arg choice="opt">
- debug
- </arg>
- </cmdsynopsis>
- <cmdsynopsis id="pam_tally2-cmdsynopsis2">
- <command>pam_tally2</command>
- <arg choice="opt">
- --file <replaceable>/path/to/counter</replaceable>
- </arg>
- <arg choice="opt">
- --user <replaceable>username</replaceable>
- </arg>
- <arg choice="opt">
- --reset[=<replaceable>n</replaceable>]
- </arg>
- <arg choice="opt">
- --quiet
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
-
- <refsect1 id="pam_tally2-description">
-
- <title>DESCRIPTION</title>
-
- <para>
- This module maintains a count of attempted accesses, can
- reset count on success, can deny access if too many attempts fail.
- </para>
- <para>
- pam_tally2 comes in two parts:
- <emphasis remap='B'>pam_tally2.so</emphasis> and
- <command>pam_tally2</command>. The former is the PAM module and
- the latter, a stand-alone program. <command>pam_tally2</command>
- is an (optional) application which can be used to interrogate and
- manipulate the counter file. It can display user counts, set
- individual counts, or clear all counts. Setting artificially high
- counts may be useful for blocking users without changing their
- passwords. For example, one might find it useful to clear all counts
- every midnight from a cron job.
- </para>
- <para>
- Normally, failed attempts to access <emphasis>root</emphasis> will
- <emphasis remap='B'>not</emphasis> cause the root account to become
- blocked, to prevent denial-of-service: if your users aren't given
- shell accounts and root may only login via <command>su</command> or
- at the machine console (not telnet/rsh, etc), this is safe.
- </para>
- </refsect1>
-
- <refsect1 id="pam_tally2-options">
-
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- GLOBAL OPTIONS
- </term>
- <listitem>
- <para>
- This can be used for <emphasis>auth</emphasis> and
- <emphasis>account</emphasis> module types.
- </para>
- <variablelist>
- <varlistentry>
- <term>
- <option>onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]</option>
- </term>
- <listitem>
- <para>
- If something weird happens (like unable to open the file),
- return with <errorcode>PAM_SUCCESS</errorcode> if
- <option>onerr=<replaceable>succeed</replaceable></option>
- is given, else with the corresponding PAM error code.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>file=<replaceable>/path/to/counter</replaceable></option>
- </term>
- <listitem>
- <para>
- File where to keep counts. Default is
- <filename>/var/log/tallylog</filename>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>audit</option>
- </term>
- <listitem>
- <para>
- Will log the user name into the system log if the user is not found.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>silent</option>
- </term>
- <listitem>
- <para>
- Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>no_log_info</option>
- </term>
- <listitem>
- <para>
- Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Always log tally count when it is incremented as a debug level message to the system log.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>
- AUTH OPTIONS
- </term>
- <listitem>
- <para>
- Authentication phase first increments attempted login counter and
- checks if user should be denied access. If the user is authenticated
- and the login process continues on call to <citerefentry>
- <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry> it resets the attempts counter.
- </para>
- <variablelist>
- <varlistentry>
- <term>
- <option>deny=<replaceable>n</replaceable></option>
- </term>
- <listitem>
- <para>
- Deny access if tally for this user exceeds
- <replaceable>n</replaceable>.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>lock_time=<replaceable>n</replaceable></option>
- </term>
- <listitem>
- <para>
- Always deny for <replaceable>n</replaceable> seconds
- after failed attempt.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>unlock_time=<replaceable>n</replaceable></option>
- </term>
- <listitem>
- <para>
- Allow access after <replaceable>n</replaceable> seconds
- after failed attempt. If this option is used the user will
- be locked out for the specified amount of time after he
- exceeded his maximum allowed attempts. Otherwise the
- account is locked until the lock is removed by a manual
- intervention of the system administrator.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>magic_root</option>
- </term>
- <listitem>
- <para>
- If the module is invoked by a user with uid=0 the
- counter is not incremented. The sysadmin should use this
- for user launched services, like <command>su</command>,
- otherwise this argument should be omitted.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>even_deny_root</option>
- </term>
- <listitem>
- <para>
- Root account can become unavailable.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>root_unlock_time=<replaceable>n</replaceable></option>
- </term>
- <listitem>
- <para>
- This option implies <option>even_deny_root</option> option.
- Allow access after <replaceable>n</replaceable> seconds
- to root account after failed attempt. If this option is used
- the root user will be locked out for the specified amount of
- time after he exceeded his maximum allowed attempts.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>serialize</option>
- </term>
- <listitem>
- <para>
- Serialize access to the tally file using locks. This option might
- be used only for non-multithreaded services because it depends on
- the fcntl locking of the tally file. Also it is a good idea to use
- this option only in such configurations where the time between auth
- phase and account or setcred phase is not dependent on the
- authenticating client. Otherwise the authenticating client will be
- able to prevent simultaneous authentications by the same user by
- simply artificially prolonging the time the file record lock is held.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
-
-
- <varlistentry>
- <term>
- ACCOUNT OPTIONS
- </term>
- <listitem>
- <para>
- Account phase resets attempts counter if the user is
- <emphasis remap='B'>not</emphasis> magic root.
- This phase can be used optionally for services which don't call
- <citerefentry>
- <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry> correctly or if the reset should be done regardless
- of the failure of the account phase of other modules.
- </para>
- <variablelist>
- <varlistentry>
- <term>
- <option>magic_root</option>
- </term>
- <listitem>
- <para>
- If the module is invoked by a user with uid=0 the
- counter is not changed. The sysadmin should use this
- for user launched services, like <command>su</command>,
- otherwise this argument should be omitted.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id="pam_tally2-types">
- <title>MODULE TYPES PROVIDED</title>
- <para>
- The <option>auth</option> and <option>account</option>
- module types are provided.
- </para>
- </refsect1>
-
- <refsect1 id='pam_tally2-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- A invalid option was given, the module was not able
- to retrieve the user name, no valid counter file
- was found, or too many failed logins.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- Everything was successful.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_USER_UNKNOWN</term>
- <listitem>
- <para>
- User not known.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_tally2-notes'>
- <title>NOTES</title>
- <para>
- pam_tally2 is not compatible with the old pam_tally faillog file format.
- This is caused by requirement of compatibility of the tallylog file
- format between 32bit and 64bit architectures on multiarch systems.
- </para>
- <para>
- There is no setuid wrapper for access to the data file such as when the
- <emphasis remap='B'>pam_tally2.so</emphasis> module is called from
- xscreensaver. As this would make it impossible to share PAM configuration
- with such services the following workaround is used: If the data file
- cannot be opened because of insufficient permissions
- (<errorcode>EACCES</errorcode>) the module returns
- <errorcode>PAM_IGNORE</errorcode>.
- </para>
- </refsect1>
-
- <refsect1 id='pam_tally2-examples'>
- <title>EXAMPLES</title>
- <para>
- Add the following line to <filename>/etc/pam.d/login</filename> to
- lock the account after 4 failed logins. Root account will be locked
- as well. The accounts will be automatically unlocked after 20 minutes.
- The module does not have to be called in the account phase because the
- <command>login</command> calls <citerefentry>
- <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry> correctly.
- </para>
- <programlisting>
-auth required pam_securetty.so
-auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200
-auth required pam_env.so
-auth required pam_unix.so
-auth required pam_nologin.so
-account required pam_unix.so
-password required pam_unix.so
-session required pam_limits.so
-session required pam_unix.so
-session required pam_lastlog.so nowtmp
-session optional pam_mail.so standard
- </programlisting>
- </refsect1>
-
- <refsect1 id="pam_tally2-files">
- <title>FILES</title>
- <variablelist>
- <varlistentry>
- <term><filename>/var/log/tallylog</filename></term>
- <listitem>
- <para>failure count logging file</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
-
- <refsect1 id='pam_tally2-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
-
- <refsect1 id='pam_tally2-author'>
- <title>AUTHOR</title>
- <para>
- pam_tally2 was written by Tim Baverstock and Tomas Mraz.
- </para>
- </refsect1>
-
-</refentry>
diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c
deleted file mode 100644
index 117df699..00000000
--- a/modules/pam_tally2/pam_tally2.c
+++ /dev/null
@@ -1,1035 +0,0 @@
-/*
- * pam_tally2 module
- *
- * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd.
- * 5 March 1997
- *
- * Stuff stolen from pam_rootok and pam_listfile
- *
- * Changes by Tomas Mraz <tmraz@redhat.com> 5 January 2005, 26 January 2006
- * Audit option added for Tomas patch by Sebastien Tricaud <toady@gscore.org> 13 January 2005
- * Portions Copyright 2006, Red Hat, Inc.
- * Portions Copyright 1989 - 1993, Julianne Frances Haugh
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "config.h"
-
-#if defined(MAIN) && defined(MEMORY_DEBUG)
-# undef exit
-#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <pwd.h>
-#include <time.h>
-#include <stdint.h>
-#include <errno.h>
-#ifdef HAVE_LIBAUDIT
-#include <libaudit.h>
-#endif
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <signal.h>
-#include "tallylog.h"
-
-#ifndef TRUE
-#define TRUE 1L
-#define FALSE 0L
-#endif
-
-#ifndef HAVE_FSEEKO
-#define fseeko fseek
-#endif
-
-#ifndef MAIN
-#include <security/pam_ext.h>
-#endif
-#include <security/pam_modutil.h>
-#include <security/pam_modules.h>
-#include "pam_inline.h"
-
-/*---------------------------------------------------------------------*/
-
-#define DEFAULT_LOGFILE "/var/log/tallylog"
-#define MODULE_NAME "pam_tally2"
-
-#define tally_t uint16_t
-#define TALLY_HI ((tally_t)~0L)
-
-struct tally_options {
- const char *filename;
- tally_t deny;
- long lock_time;
- long unlock_time;
- long root_unlock_time;
- unsigned int ctrl;
-};
-
-#define PHASE_UNKNOWN 0
-#define PHASE_AUTH 1
-#define PHASE_ACCOUNT 2
-#define PHASE_SESSION 3
-
-#define OPT_MAGIC_ROOT 01
-#define OPT_FAIL_ON_ERROR 02
-#define OPT_DENY_ROOT 04
-#define OPT_QUIET 040
-#define OPT_AUDIT 0100
-#define OPT_NOLOGNOTICE 0400
-#define OPT_SERIALIZE 01000
-#define OPT_DEBUG 02000
-
-#define MAX_LOCK_WAITING_TIME 10
-
-/*---------------------------------------------------------------------*/
-
-/* some syslogging */
-
-#ifdef MAIN
-#define pam_syslog tally_log
-static void
-tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED,
- const char *fmt, ...)
-{
- va_list args;
-
- va_start(args, fmt);
- fprintf(stderr, "%s: ", MODULE_NAME);
- vfprintf(stderr, fmt, args);
- fprintf(stderr,"\n");
- va_end(args);
-}
-
-#define pam_modutil_getpwnam(pamh, user) getpwnam(user)
-#endif
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: parse arguments --- */
-
-#ifndef MAIN
-
-static void
-log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv)
-{
- if ( phase != PHASE_AUTH ) {
- pam_syslog(pamh, LOG_ERR,
- "option %s allowed in auth phase only", argv);
- }
-}
-
-static int
-tally_parse_args(pam_handle_t *pamh, struct tally_options *opts,
- int phase, int argc, const char **argv)
-{
- memset(opts, 0, sizeof(*opts));
- opts->filename = DEFAULT_LOGFILE;
- opts->ctrl = OPT_FAIL_ON_ERROR;
- opts->root_unlock_time = -1;
-
- for ( ; argc-- > 0; ++argv ) {
- const char *str;
-
- if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) {
- const char *from = str;
- if ( *from!='/' ) {
- pam_syslog(pamh, LOG_ERR,
- "filename not /rooted; %s", *argv);
- return PAM_AUTH_ERR;
- }
- opts->filename = from;
- }
- else if ( ! strcmp( *argv, "onerr=fail" ) ) {
- opts->ctrl |= OPT_FAIL_ON_ERROR;
- }
- else if ( ! strcmp( *argv, "onerr=succeed" ) ) {
- opts->ctrl &= ~OPT_FAIL_ON_ERROR;
- }
- else if ( ! strcmp( *argv, "magic_root" ) ) {
- opts->ctrl |= OPT_MAGIC_ROOT;
- }
- else if ( ! strcmp( *argv, "serialize" ) ) {
- opts->ctrl |= OPT_SERIALIZE;
- }
- else if ( ! strcmp( *argv, "debug" ) ) {
- opts->ctrl |= OPT_DEBUG;
- }
- else if ( ! strcmp( *argv, "even_deny_root_account" ) ||
- ! strcmp( *argv, "even_deny_root" ) ) {
- log_phase_no_auth(pamh, phase, *argv);
- opts->ctrl |= OPT_DENY_ROOT;
- }
- else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) {
- log_phase_no_auth(pamh, phase, *argv);
- if (sscanf(str, "%hu", &opts->deny) != 1) {
- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
- return PAM_AUTH_ERR;
- }
- }
- else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) {
- log_phase_no_auth(pamh, phase, *argv);
- if (sscanf(str, "%ld", &opts->lock_time) != 1) {
- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
- return PAM_AUTH_ERR;
- }
- }
- else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) {
- log_phase_no_auth(pamh, phase, *argv);
- if (sscanf(str, "%ld", &opts->unlock_time) != 1) {
- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
- return PAM_AUTH_ERR;
- }
- }
- else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) {
- log_phase_no_auth(pamh, phase, *argv);
- if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) {
- pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv);
- return PAM_AUTH_ERR;
- }
- opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */
- }
- else if ( ! strcmp( *argv, "quiet" ) ||
- ! strcmp ( *argv, "silent")) {
- opts->ctrl |= OPT_QUIET;
- }
- else if ( ! strcmp ( *argv, "no_log_info") ) {
- opts->ctrl |= OPT_NOLOGNOTICE;
- }
- else if ( ! strcmp ( *argv, "audit") ) {
- opts->ctrl |= OPT_AUDIT;
- }
- else {
- pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
- }
- }
-
- if (opts->root_unlock_time == -1)
- opts->root_unlock_time = opts->unlock_time;
-
- return PAM_SUCCESS;
-}
-
-#endif /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: get uid (and optionally username) from PAM or
- cline_user --- */
-
-#ifdef MAIN
-static const char *cline_user=0; /* cline_user is used in the administration prog */
-#endif
-
-static int
-pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts)
-{
- const char *user = NULL;
- struct passwd *pw;
-
-#ifdef MAIN
- user = cline_user;
-
- if ( !user ) {
- pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
- return PAM_AUTH_ERR;
- }
-#else
- if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) {
- user = NULL;
- }
-#endif
-
- if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) {
- opts->ctrl & OPT_AUDIT ?
- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) :
- pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user");
- return PAM_USER_UNKNOWN;
- }
-
- if ( uid ) *uid = pw->pw_uid;
- if ( userp ) *userp = user;
- return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support functions: set/get tally data --- */
-
-#ifndef MAIN
-
-struct tally_data {
- time_t time;
- int tfile;
-};
-
-static void
-_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED)
-{
- struct tally_data *data = void_data;
- if (data->tfile != -1)
- close(data->tfile);
- free(data);
-}
-
-static void
-tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile )
-{
- struct tally_data *data;
-
- if ( (data=malloc(sizeof(*data))) != NULL ) {
- data->time = oldtime;
- data->tfile = tfile;
- pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup);
- }
-}
-
-static int
-tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile )
-{
- int rv;
- const void *void_data;
- const struct tally_data *data;
-
- rv = pam_get_data(pamh, MODULE_NAME, &void_data);
- if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) {
- data = void_data;
- *oldtime = data->time;
- *tfile = data->tfile;
- }
- else {
- rv = -1;
- *oldtime = 0;
- }
- return rv;
-}
-#endif /* #ifndef MAIN */
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: open/create tallyfile and return tally for uid --- */
-
-/* If on entry tallyfile doesn't exist, creation is attempted. */
-
-static void
-alarm_handler(int sig UNUSED)
-{ /* we just need to ignore it */
-}
-
-static int
-get_tally(pam_handle_t *pamh, uid_t uid, const char *filename,
- int *tfile, struct tallylog *tally, unsigned int ctrl)
-{
- struct stat fileinfo;
- int lstat_ret;
- void *void_tally = tally;
- int preopened = 0;
-
- if (*tfile != -1) {
- preopened = 1;
- goto skip_open;
- }
-
- lstat_ret = lstat(filename, &fileinfo);
- if (lstat_ret) {
- *tfile=open(filename, O_APPEND|O_CREAT, S_IRUSR|S_IWUSR);
- /* Create file, or append-open in pathological case. */
- if (*tfile == -1) {
-#ifndef MAIN
- if (errno == EACCES) {
- return PAM_IGNORE; /* called with insufficient access rights */
- }
-#endif
- pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename);
- return PAM_AUTH_ERR;
- }
- lstat_ret = fstat(*tfile, &fileinfo);
- close(*tfile);
- }
-
- *tfile = -1;
-
- if ( lstat_ret ) {
- pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename);
- return PAM_AUTH_ERR;
- }
-
- if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) {
- /* If the file is world writable or is not a
- normal file, return error */
- pam_syslog(pamh, LOG_ALERT,
- "%s is either world writable or not a normal file",
- filename);
- return PAM_AUTH_ERR;
- }
-
- if ((*tfile = open(filename, O_RDWR)) == -1) {
-#ifndef MAIN
- if (errno == EACCES) /* called with insufficient access rights */
- return PAM_IGNORE;
-#endif
- pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename);
-
- return PAM_AUTH_ERR;
- }
-
-skip_open:
- if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) {
- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename);
- if (!preopened) {
- close(*tfile);
- *tfile = -1;
- }
- return PAM_AUTH_ERR;
- }
-
- if (!preopened && (ctrl & OPT_SERIALIZE)) {
- /* this code is not thread safe as it uses fcntl locks and alarm()
- so never use serialize with multithreaded services */
- struct sigaction newsa, oldsa;
- unsigned int oldalarm;
- int rv;
-
- memset(&newsa, '\0', sizeof(newsa));
- newsa.sa_handler = alarm_handler;
- sigaction(SIGALRM, &newsa, &oldsa);
- oldalarm = alarm(MAX_LOCK_WAITING_TIME);
-
- rv = lockf(*tfile, F_LOCK, sizeof(*tally));
- /* lock failure is not fatal, we attempt to read the tally anyway */
-
- /* reinstate the eventual old alarm handler */
- if (rv == -1 && errno == EINTR) {
- if (oldalarm > MAX_LOCK_WAITING_TIME) {
- oldalarm -= MAX_LOCK_WAITING_TIME;
- } else if (oldalarm > 0) {
- oldalarm = 1;
- }
- }
- sigaction(SIGALRM, &oldsa, NULL);
- alarm(oldalarm);
- }
-
- if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) {
- memset(tally, 0, sizeof(*tally));
- }
-
- tally->fail_line[sizeof(tally->fail_line)-1] = '\0';
-
- return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- Support function: update tallyfile with tally!=TALLY_HI --- */
-
-static int
-set_tally(pam_handle_t *pamh, uid_t uid,
- const char *filename, int *tfile, struct tallylog *tally)
-{
- void *void_tally = tally;
- if (tally->fail_cnt != TALLY_HI) {
- if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) {
- pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename);
- return PAM_AUTH_ERR;
- }
- if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) {
- pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename);
- return PAM_AUTH_ERR;
- }
- }
-
- return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- PAM bits --- */
-
-#ifndef MAIN
-
-#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS))
-
-/*---------------------------------------------------------------------*/
-
-static int
-tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid,
- const char *user, struct tally_options *opts,
- struct tallylog *tally)
-{
- int rv = PAM_SUCCESS;
- int loglevel = LOG_DEBUG;
-#ifdef HAVE_LIBAUDIT
- char buf[64];
- int audit_fd = -1;
- const void *rhost = NULL, *tty = NULL;
-#endif
-
- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
- return PAM_SUCCESS;
- }
- /* magic_root skips tally check */
-#ifdef HAVE_LIBAUDIT
- audit_fd = audit_open();
- /* If there is an error & audit support is in the kernel report error */
- if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
- errno == EAFNOSUPPORT))
- return PAM_SYSTEM_ERR;
- (void)pam_get_item(pamh, PAM_TTY, &tty);
- (void)pam_get_item(pamh, PAM_RHOST, &rhost);
-#endif
- if (opts->deny != 0 && /* deny==0 means no deny */
- tally->fail_cnt > opts->deny && /* tally>deny means exceeded */
- ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */
-#ifdef HAVE_LIBAUDIT
- if (tally->fail_cnt == opts->deny+1) {
- /* First say that max number was hit. */
- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
- audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
- rhost, NULL, tty, 1);
- }
-#endif
- if (uid) {
- /* Unlock time check */
- if (opts->unlock_time && oldtime) {
- if (opts->unlock_time + oldtime <= time(NULL)) {
- /* ignore deny check after unlock_time elapsed */
-#ifdef HAVE_LIBAUDIT
- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
- rhost, NULL, tty, 1);
-#endif
- rv = PAM_SUCCESS;
- goto cleanup;
- }
- }
- } else {
- /* Root unlock time check */
- if (opts->root_unlock_time && oldtime) {
- if (opts->root_unlock_time + oldtime <= time(NULL)) {
- /* ignore deny check after unlock_time elapsed */
-#ifdef HAVE_LIBAUDIT
- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid);
- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
- rhost, NULL, tty, 1);
-#endif
- rv = PAM_SUCCESS;
- goto cleanup;
- }
- }
- }
-
-#ifdef HAVE_LIBAUDIT
- if (tally->fail_cnt == opts->deny+1) {
- /* First say that max number was hit. */
- audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
- rhost, NULL, tty, 1);
- }
-#endif
-
- if (!(opts->ctrl & OPT_QUIET)) {
- pam_info(pamh, _("The account is locked due to %u failed logins."),
- (unsigned int)tally->fail_cnt);
- }
- loglevel = LOG_NOTICE;
- rv = PAM_AUTH_ERR; /* Only unconditional failure */
- goto cleanup;
- }
-
- /* Lock time check */
- if (opts->lock_time && oldtime) {
- if (opts->lock_time + oldtime > time(NULL)) {
- /* don't increase fail_cnt or update fail_time when
- lock_time applies */
- tally->fail_cnt = oldcnt;
- tally->fail_time = oldtime;
-
- if (!(opts->ctrl & OPT_QUIET)) {
- pam_info(pamh,
- _("The account is temporarily locked (%ld seconds left)."),
- (long int) (oldtime+opts->lock_time-time(NULL)));
- }
- if (!(opts->ctrl & OPT_NOLOGNOTICE)) {
- pam_syslog(pamh, LOG_NOTICE,
- "user %s (%lu) has time limit [%lds left]"
- " since last failure.",
- user, (unsigned long)uid,
- (long int) (oldtime+opts->lock_time-time(NULL)));
- }
- rv = PAM_AUTH_ERR;
- goto cleanup;
- }
- }
-
-cleanup:
- if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) {
- pam_syslog(pamh, loglevel,
- "user %s (%lu) tally %hu, deny %hu",
- user, (unsigned long)uid, tally->fail_cnt, opts->deny);
- }
-#ifdef HAVE_LIBAUDIT
- if (audit_fd != -1) {
- close(audit_fd);
- }
-#endif
- return rv;
-}
-
-/* --- tally bump function: bump tally for uid by (signed) inc --- */
-
-static int
-tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh,
- uid_t uid, const char *user, struct tally_options *opts, int *tfile)
-{
- struct tallylog tally;
- tally_t oldcnt;
- const void *remote_host = NULL;
- int i, rv;
-
- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */
-
- i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl);
- if (i != PAM_SUCCESS) {
- if (*tfile != -1) {
- close(*tfile);
- *tfile = -1;
- }
- RETURN_ERROR(i);
- }
-
- /* to remember old fail time (for locktime) */
- if (oldtime) {
- *oldtime = (time_t)tally.fail_time;
- }
-
- tally.fail_time = time(NULL);
-
- (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
- if (!remote_host) {
- (void) pam_get_item(pamh, PAM_TTY, &remote_host);
- if (!remote_host) {
- remote_host = "unknown";
- }
- }
-
- strncpy(tally.fail_line, remote_host,
- sizeof(tally.fail_line)-1);
- tally.fail_line[sizeof(tally.fail_line)-1] = 0;
-
- oldcnt = tally.fail_cnt;
-
- if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) {
- /* magic_root doesn't change tally */
- tally.fail_cnt += inc;
-
- if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */
- tally.fail_cnt -= inc;
- pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s",
- (inc<0)?"under":"over",user);
- }
- }
-
- rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally);
-
- i = set_tally(pamh, uid, opts->filename, tfile, &tally);
- if (i != PAM_SUCCESS) {
- if (*tfile != -1) {
- close(*tfile);
- *tfile = -1;
- }
- if (rv == PAM_SUCCESS)
- RETURN_ERROR( i );
- /* fallthrough */
- } else if (!(opts->ctrl & OPT_SERIALIZE)) {
- close(*tfile);
- *tfile = -1;
- }
-
- return rv;
-}
-
-static int
-tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile)
-{
- struct tallylog tally;
- int tfile = old_tfile;
- int i;
-
- /* resets only if not magic root */
-
- if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) {
- return PAM_SUCCESS;
- }
-
- tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */
-
- i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl);
- if (i != PAM_SUCCESS) {
- if (tfile != old_tfile) /* the descriptor is not owned by pam data */
- close(tfile);
- RETURN_ERROR(i);
- }
-
- memset(&tally, 0, sizeof(tally));
-
- i=set_tally(pamh, uid, opts->filename, &tfile, &tally);
- if (i != PAM_SUCCESS) {
- if (tfile != old_tfile) /* the descriptor is not owned by pam data */
- close(tfile);
- RETURN_ERROR(i);
- }
-
- if (tfile != old_tfile)
- close(tfile);
-
- return PAM_SUCCESS;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-int
-pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int
- rv, tfile = -1;
- time_t
- oldtime = 0;
- struct tally_options
- options, *opts = &options;
- uid_t
- uid;
- const char
- *user;
-
- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
- if (rv != PAM_SUCCESS)
- RETURN_ERROR(rv);
-
- if (flags & PAM_SILENT)
- opts->ctrl |= OPT_QUIET;
-
- rv = pam_get_uid(pamh, &uid, &user, opts);
- if (rv != PAM_SUCCESS)
- RETURN_ERROR(rv);
-
- rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile);
-
- tally_set_data(pamh, oldtime, tfile);
-
- return rv;
-}
-
-int
-pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int
- rv, tfile = -1;
- time_t
- oldtime = 0;
- struct tally_options
- options, *opts = &options;
- uid_t
- uid;
- const char
- *user;
-
- rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv);
- if ( rv != PAM_SUCCESS )
- RETURN_ERROR( rv );
-
- rv = pam_get_uid(pamh, &uid, &user, opts);
- if ( rv != PAM_SUCCESS )
- RETURN_ERROR( rv );
-
- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 )
- /* no data found */
- return PAM_SUCCESS;
-
- rv = tally_reset(pamh, uid, opts, tfile);
-
- pam_set_data(pamh, MODULE_NAME, NULL, NULL);
-
- return rv;
-}
-
-/*---------------------------------------------------------------------*/
-
-/* --- authentication management functions (only) --- */
-
-/* To reset failcount of user on successful login */
-
-int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
-{
- int
- rv, tfile = -1;
- time_t
- oldtime = 0;
- struct tally_options
- options, *opts = &options;
- uid_t
- uid;
- const char
- *user;
-
- rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv);
- if ( rv != PAM_SUCCESS )
- RETURN_ERROR( rv );
-
- rv = pam_get_uid(pamh, &uid, &user, opts);
- if ( rv != PAM_SUCCESS )
- RETURN_ERROR( rv );
-
- if ( tally_get_data(pamh, &oldtime, &tfile) != 0 )
- /* no data found */
- return PAM_SUCCESS;
-
- rv = tally_reset(pamh, uid, opts, tfile);
-
- pam_set_data(pamh, MODULE_NAME, NULL, NULL);
-
- return rv;
-}
-
-/*-----------------------------------------------------------------------*/
-
-#else /* #ifndef MAIN */
-
-static const char *cline_filename = DEFAULT_LOGFILE;
-static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */
-static int cline_quiet = 0;
-
-/*
- * Not going to link with pamlib just for these.. :)
- */
-
-static const char *
-pam_errors( int i )
-{
- switch (i) {
- case PAM_AUTH_ERR: return _("Authentication error");
- case PAM_SERVICE_ERR: return _("Service error");
- case PAM_USER_UNKNOWN: return _("Unknown user");
- default: return _("Unknown error");
- }
-}
-
-static int
-getopts( char **argv )
-{
- const char *pname = *argv;
- for ( ; *argv ; (void)(*argv && ++argv) ) {
- const char *str;
- if ( !strcmp (*argv,"--file") ) cline_filename=*++argv;
- else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv;
- else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL)
- cline_filename = str;
- else if ( !strcmp (*argv,"--user") ) cline_user=*++argv;
- else if ( !strcmp (*argv,"-u") ) cline_user=*++argv;
- else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL)
- cline_user = str;
- else if ( !strcmp (*argv,"--reset") ) cline_reset=0;
- else if ( !strcmp (*argv,"-r") ) cline_reset=0;
- else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) {
- if (sscanf(str, "%hu", &cline_reset) != 1)
- fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0);
- }
- else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1;
- else {
- fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv);
- return FALSE;
- }
- }
- return TRUE;
-}
-
-static void
-print_one(const struct tallylog *tally, uid_t uid)
-{
- static int once;
- const char *cp = "[UNKNOWN]";
- time_t fail_time;
- struct tm *tm;
- struct passwd *pwent;
- const char *username = "[NONAME]";
- char ptime[80];
-
- pwent = getpwuid(uid);
- fail_time = tally->fail_time;
- if ((tm = localtime(&fail_time)) != NULL) {
- strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm);
- cp = ptime;
- }
- if (pwent) {
- username = pwent->pw_name;
- }
- if (!once) {
- printf (_("Login Failures Latest failure From\n"));
- once++;
- }
- printf ("%-15.15s %5hu ", username, tally->fail_cnt);
- if (tally->fail_time) {
- printf ("%-17.17s %s", cp, tally->fail_line);
- }
- putchar ('\n');
-}
-
-int
-main( int argc UNUSED, char **argv )
-{
- struct tallylog tally;
-
- if ( ! getopts( argv+1 ) ) {
- printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n"
- " [-u username] [--user username]\n"
- " [-r] [--reset[=n]] [--quiet]\n"),
- *argv);
- exit(2);
- }
-
- umask(077);
-
- /*
- * Major difference between individual user and all users:
- * --user just handles one user, just like PAM.
- * without --user it handles all users, sniffing cline_filename for nonzeros
- */
-
- if ( cline_user ) {
- uid_t uid;
- int tfile = -1;
- struct tally_options opts;
- int i;
-
- memset(&opts, 0, sizeof(opts));
- opts.ctrl = OPT_AUDIT;
- i=pam_get_uid(NULL, &uid, NULL, &opts);
- if ( i != PAM_SUCCESS ) {
- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
- exit(1);
- }
-
- if (cline_reset == 0) {
- struct stat st;
-
- if (stat(cline_filename, &st) && errno == ENOENT) {
- if (!cline_quiet) {
- memset(&tally, 0, sizeof(tally));
- print_one(&tally, uid);
- }
- return 0; /* no file => nothing to reset */
- }
- }
-
- i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0);
- if ( i != PAM_SUCCESS ) {
- if (tfile != -1)
- close(tfile);
- fprintf(stderr, "%s: %s\n", *argv, pam_errors(i));
- exit(1);
- }
-
- if ( !cline_quiet )
- print_one(&tally, uid);
-
- if (cline_reset != TALLY_HI) {
-#ifdef HAVE_LIBAUDIT
- char buf[64];
- int audit_fd = audit_open();
- snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset);
- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
- buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
- if (audit_fd >=0)
- close(audit_fd);
-#endif
- if (cline_reset == 0) {
- memset(&tally, 0, sizeof(tally));
- } else {
- tally.fail_cnt = cline_reset;
- }
- i=set_tally(NULL, uid, cline_filename, &tfile, &tally);
- close(tfile);
- if (i != PAM_SUCCESS) {
- fprintf(stderr,"%s: %s\n",*argv,pam_errors(i));
- exit(1);
- }
- } else {
- close(tfile);
- }
- }
- else /* !cline_user (ie, operate on all users) */ {
- FILE *tfile=fopen(cline_filename, "r");
- uid_t uid=0;
- if (!tfile && cline_reset != 0) {
- perror(*argv);
- exit(1);
- }
-
- for ( ; tfile && !feof(tfile); uid++ ) {
- if ( !fread(&tally, sizeof(tally), 1, tfile)
- || !tally.fail_cnt ) {
- continue;
- }
- print_one(&tally, uid);
- }
- if (tfile)
- fclose(tfile);
- if ( cline_reset!=0 && cline_reset!=TALLY_HI ) {
- fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv);
- }
- else if ( !cline_reset ) {
-#ifdef HAVE_LIBAUDIT
- char buf[64];
- int audit_fd = audit_open();
- snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0");
- audit_log_user_message(audit_fd, AUDIT_USER_ACCT,
- buf, NULL, NULL, ttyname(STDIN_FILENO), 1);
- if (audit_fd >=0)
- close(audit_fd);
-#endif
- tfile=fopen(cline_filename, "w");
- if ( !tfile ) perror(*argv), exit(0);
- fclose(tfile);
- }
- }
- return 0;
-}
-
-
-#endif /* #ifndef MAIN */
diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c
deleted file mode 100644
index b72e9bfd..00000000
--- a/modules/pam_tally2/pam_tally2_app.c
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- # This seemed like such a good idea at the time. :)
- */
-
-#define MAIN
-#include "pam_tally2.c"
diff --git a/modules/pam_tally2/tallylog.h b/modules/pam_tally2/tallylog.h
deleted file mode 100644
index 596b1dac..00000000
--- a/modules/pam_tally2/tallylog.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright 2006, Red Hat, Inc.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of Red Hat, Inc. nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/*
- * tallylog.h - login failure data file format
- *
- * The new login failure file is not compatible with the old faillog(8) format
- * Each record in the file represents a separate UID and the file
- * is indexed in that fashion.
- */
-
-
-#ifndef _TALLYLOG_H
-#define _TALLYLOG_H
-
-#include <stdint.h>
-
-struct tallylog {
- char fail_line[52]; /* rhost or tty of last failure */
- uint16_t reserved; /* reserved for future use */
- uint16_t fail_cnt; /* failures since last success */
- uint64_t fail_time; /* time of last failure */
-};
-/* 64 bytes / entry */
-
-#endif
diff --git a/modules/pam_tally2/tst-pam_tally2 b/modules/pam_tally2/tst-pam_tally2
deleted file mode 100755
index 83c71f41..00000000
--- a/modules/pam_tally2/tst-pam_tally2
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/sh
-../../tests/tst-dlopen .libs/pam_tally2.so
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-28 12:43:22 +0000