diff options
Diffstat (limited to 'modules/pam_tally2')
-rw-r--r-- | modules/pam_tally2/Makefile.am | 43 | ||||
-rw-r--r-- | modules/pam_tally2/Makefile.in | 1227 | ||||
-rw-r--r-- | modules/pam_tally2/README | 156 | ||||
-rw-r--r-- | modules/pam_tally2/README.xml | 46 | ||||
-rw-r--r-- | modules/pam_tally2/pam_tally2.8 | 244 | ||||
-rw-r--r-- | modules/pam_tally2/pam_tally2.8.xml | 450 | ||||
-rw-r--r-- | modules/pam_tally2/pam_tally2.c | 1035 | ||||
-rw-r--r-- | modules/pam_tally2/pam_tally2_app.c | 6 | ||||
-rw-r--r-- | modules/pam_tally2/tallylog.h | 52 | ||||
-rwxr-xr-x | modules/pam_tally2/tst-pam_tally2 | 2 |
10 files changed, 0 insertions, 3261 deletions
diff --git a/modules/pam_tally2/Makefile.am b/modules/pam_tally2/Makefile.am deleted file mode 100644 index 5c887ad7..00000000 --- a/modules/pam_tally2/Makefile.am +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de> -# Copyright (c) 2008 Red Hat, Inc. -# - -CLEANFILES = *~ -MAINTAINERCLEANFILES = $(MANS) README - -EXTRA_DIST = $(XMLS) - -if HAVE_DOC -dist_man_MANS = pam_tally2.8 -endif -XMLS = README.xml pam_tally2.8.xml -dist_check_SCRIPTS = tst-pam_tally2 -TESTS = $(dist_check_SCRIPTS) - -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) - -noinst_HEADERS = tallylog.h - -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - $(WARN_CFLAGS) - -pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module -pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) -if HAVE_VERSIONING - pam_tally2_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map -endif - -pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) - -securelib_LTLIBRARIES = pam_tally2.la -sbin_PROGRAMS = pam_tally2 - -pam_tally2_la_SOURCES = pam_tally2.c -pam_tally2_SOURCES = pam_tally2_app.c - -if ENABLE_REGENERATE_MAN -dist_noinst_DATA = README --include $(top_srcdir)/Make.xml.rules -endif diff --git a/modules/pam_tally2/Makefile.in b/modules/pam_tally2/Makefile.in deleted file mode 100644 index 4484af86..00000000 --- a/modules/pam_tally2/Makefile.in +++ /dev/null @@ -1,1227 +0,0 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. -# @configure_input@ - -# Copyright (C) 1994-2018 Free Software Foundation, Inc. - -# This Makefile.in is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -# PARTICULAR PURPOSE. - -@SET_MAKE@ - -# -# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de> -# Copyright (c) 2008 Red Hat, Inc. -# - - - - -VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} -am__make_running_with_option = \ - case $${target_option-} in \ - ?) ;; \ - *) echo "am__make_running_with_option: internal error: invalid" \ - "target option '$${target_option-}' specified" >&2; \ - exit 1;; \ - esac; \ - has_opt=no; \ - sane_makeflags=$$MAKEFLAGS; \ - if $(am__is_gnu_make); then \ - sane_makeflags=$$MFLAGS; \ - else \ - case $$MAKEFLAGS in \ - *\\[\ \ ]*) \ - bs=\\; \ - sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ - | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ - esac; \ - fi; \ - skip_next=no; \ - strip_trailopt () \ - { \ - flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ - }; \ - for flg in $$sane_makeflags; do \ - test $$skip_next = yes && { skip_next=no; continue; }; \ - case $$flg in \ - *=*|--*) continue;; \ - -*I) strip_trailopt 'I'; skip_next=yes;; \ - -*I?*) strip_trailopt 'I';; \ - -*O) strip_trailopt 'O'; skip_next=yes;; \ - -*O?*) strip_trailopt 'O';; \ - -*l) strip_trailopt 'l'; skip_next=yes;; \ - -*l?*) strip_trailopt 'l';; \ - -[dEDm]) skip_next=yes;; \ - -[JT]) skip_next=yes;; \ - esac; \ - case $$flg in \ - *$$target_option*) has_opt=yes; break;; \ - esac; \ - done; \ - test $$has_opt = yes -am__make_dryrun = (target_option=n; $(am__make_running_with_option)) -am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) -pkgdatadir = $(datadir)/@PACKAGE@ -pkgincludedir = $(includedir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ -pkglibexecdir = $(libexecdir)/@PACKAGE@ -am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -install_sh_DATA = $(install_sh) -c -m 644 -install_sh_PROGRAM = $(install_sh) -c -install_sh_SCRIPT = $(install_sh) -c -INSTALL_HEADER = $(INSTALL_DATA) -transform = $(program_transform_name) -NORMAL_INSTALL = : -PRE_INSTALL = : -POST_INSTALL = : -NORMAL_UNINSTALL = : -PRE_UNINSTALL = : -POST_UNINSTALL = : -build_triplet = @build@ -host_triplet = @host@ -@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map -sbin_PROGRAMS = pam_tally2$(EXEEXT) -subdir = modules/pam_tally2 -ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ - $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \ - $(top_srcdir)/m4/japhar_grep_cflags.m4 \ - $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ - $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ - $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ - $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ - $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ - $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ - $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ - $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ - $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac -am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ - $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \ - $(am__dist_noinst_DATA_DIST) $(noinst_HEADERS) \ - $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d -CONFIG_HEADER = $(top_builddir)/config.h -CONFIG_CLEAN_FILES = -CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \ - "$(DESTDIR)$(man8dir)" -PROGRAMS = $(sbin_PROGRAMS) -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -LTLIBRARIES = $(securelib_LTLIBRARIES) -am__DEPENDENCIES_1 = -pam_tally2_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ - $(am__DEPENDENCIES_1) -am_pam_tally2_la_OBJECTS = pam_tally2.lo -pam_tally2_la_OBJECTS = $(am_pam_tally2_la_OBJECTS) -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = -pam_tally2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(pam_tally2_la_LDFLAGS) $(LDFLAGS) -o $@ -am_pam_tally2_OBJECTS = pam_tally2_app.$(OBJEXT) -pam_tally2_OBJECTS = $(am_pam_tally2_OBJECTS) -pam_tally2_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ - $(am__DEPENDENCIES_1) -AM_V_P = $(am__v_P_@AM_V@) -am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) -am__v_P_0 = false -am__v_P_1 = : -AM_V_GEN = $(am__v_GEN_@AM_V@) -am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) -am__v_GEN_0 = @echo " GEN " $@; -am__v_GEN_1 = -AM_V_at = $(am__v_at_@AM_V@) -am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) -am__v_at_0 = @ -am__v_at_1 = -DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) -depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp -am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ./$(DEPDIR)/pam_tally2.Plo \ - ./$(DEPDIR)/pam_tally2_app.Po -am__mv = mv -f -COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ - $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ - $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ - $(AM_CFLAGS) $(CFLAGS) -AM_V_CC = $(am__v_CC_@AM_V@) -am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) -am__v_CC_0 = @echo " CC " $@; -am__v_CC_1 = -CCLD = $(CC) -LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ - $(AM_LDFLAGS) $(LDFLAGS) -o $@ -AM_V_CCLD = $(am__v_CCLD_@AM_V@) -am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) -am__v_CCLD_0 = @echo " CCLD " $@; -am__v_CCLD_1 = -SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) -DIST_SOURCES = $(pam_tally2_la_SOURCES) $(pam_tally2_SOURCES) -am__can_run_installinfo = \ - case $$AM_UPDATE_INFO_DIR in \ - n|no|NO) false;; \ - *) (install-info --version) >/dev/null 2>&1;; \ - esac -man8dir = $(mandir)/man8 -NROFF = nroff -MANS = $(dist_man_MANS) -am__dist_noinst_DATA_DIST = README -DATA = $(dist_noinst_DATA) -HEADERS = $(noinst_HEADERS) -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) -# Read a list of newline-separated strings from the standard input, -# and print each of them once, without duplicates. Input order is -# *not* preserved. -am__uniquify_input = $(AWK) '\ - BEGIN { nonempty = 0; } \ - { items[$$0] = 1; nonempty = 1; } \ - END { if (nonempty) { for (i in items) print i; }; } \ -' -# Make sure the list of sources is unique. This is necessary because, -# e.g., the same source file might be shared among _SOURCES variables -# for different programs/libraries. -am__define_uniq_tagged_files = \ - list='$(am__tagged_files)'; \ - unique=`for i in $$list; do \ - if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ - done | $(am__uniquify_input)` -ETAGS = etags -CTAGS = ctags -am__tty_colors_dummy = \ - mgn= red= grn= lgn= blu= brg= std=; \ - am__color_tests=no -am__tty_colors = { \ - $(am__tty_colors_dummy); \ - if test "X$(AM_COLOR_TESTS)" = Xno; then \ - am__color_tests=no; \ - elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ - am__color_tests=yes; \ - elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ - am__color_tests=yes; \ - fi; \ - if test $$am__color_tests = yes; then \ - red='[0;31m'; \ - grn='[0;32m'; \ - lgn='[1;32m'; \ - blu='[1;34m'; \ - mgn='[0;35m'; \ - brg='[1m'; \ - std='[m'; \ - fi; \ -} -am__recheck_rx = ^[ ]*:recheck:[ ]* -am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -# A command that, given a newline-separated list of test names on the -# standard input, print the name of the tests that are to be re-run -# upon "make recheck". -am__list_recheck_tests = $(AWK) '{ \ - recheck = 1; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - { \ - if ((getline line2 < ($$0 ".log")) < 0) \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ - { \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ - { \ - break; \ - } \ - }; \ - if (recheck) \ - print $$0; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# A command that, given a newline-separated list of test names on the -# standard input, create the global log from their .trs and .log files. -am__create_global_log = $(AWK) ' \ -function fatal(msg) \ -{ \ - print "fatal: making $@: " msg | "cat >&2"; \ - exit 1; \ -} \ -function rst_section(header) \ -{ \ - print header; \ - len = length(header); \ - for (i = 1; i <= len; i = i + 1) \ - printf "="; \ - printf "\n\n"; \ -} \ -{ \ - copy_in_global_log = 1; \ - global_test_result = "RUN"; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".trs"); \ - if (line ~ /$(am__global_test_result_rx)/) \ - { \ - sub("$(am__global_test_result_rx)", "", line); \ - sub("[ ]*$$", "", line); \ - global_test_result = line; \ - } \ - else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ - copy_in_global_log = 0; \ - }; \ - if (copy_in_global_log) \ - { \ - rst_section(global_test_result ": " $$0); \ - while ((rc = (getline line < ($$0 ".log"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".log"); \ - print line; \ - }; \ - printf "\n"; \ - }; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# Restructured Text title. -am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -# Solaris 10 'make', and several other traditional 'make' implementations, -# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -# by disabling -e (using the XSI extension "set +e") if it's set. -am__sh_e_setup = case $$- in *e*) set +e;; esac -# Default flags passed to test drivers. -am__common_driver_flags = \ - --color-tests "$$am__color_tests" \ - --enable-hard-errors "$$am__enable_hard_errors" \ - --expect-failure "$$am__expect_failure" -# To be inserted before the command running the test. Creates the -# directory for the log if needed. Stores in $dir the directory -# containing $f, in $tst the test, in $log the log. Executes the -# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -# will run the test scripts (or their associated LOG_COMPILER, if -# thy have one). -am__check_pre = \ -$(am__sh_e_setup); \ -$(am__vpath_adj_setup) $(am__vpath_adj) \ -$(am__tty_colors); \ -srcdir=$(srcdir); export srcdir; \ -case "$@" in \ - */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ - *) am__odir=.;; \ -esac; \ -test "x$$am__odir" = x"." || test -d "$$am__odir" \ - || $(MKDIR_P) "$$am__odir" || exit $$?; \ -if test -f "./$$f"; then dir=./; \ -elif test -f "$$f"; then dir=; \ -else dir="$(srcdir)/"; fi; \ -tst=$$dir$$f; log='$@'; \ -if test -n '$(DISABLE_HARD_ERRORS)'; then \ - am__enable_hard_errors=no; \ -else \ - am__enable_hard_errors=yes; \ -fi; \ -case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ - am__expect_failure=yes;; \ - *) \ - am__expect_failure=no;; \ -esac; \ -$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -# A shell command to get the names of the tests scripts with any registered -# extension removed (i.e., equivalently, the names of the test logs, with -# the '.log' extension removed). The result is saved in the shell variable -# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -# since that might cause problem with VPATH rewrites for suffix-less tests. -# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -am__set_TESTS_bases = \ - bases='$(TEST_LOGS)'; \ - bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ - bases=`echo $$bases` -RECHECK_LOGS = $(TEST_LOGS) -AM_RECURSIVE_TARGETS = check recheck -TEST_SUITE_LOG = test-suite.log -TEST_EXTENSIONS = @EXEEXT@ .test -LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -am__set_b = \ - case '$@' in \ - */*) \ - case '$*' in \ - */*) b='$*';; \ - *) b=`echo '$@' | sed 's/\.log$$//'`; \ - esac;; \ - *) \ - b='$*';; \ - esac -am__test_logs1 = $(TESTS:=.log) -am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -TEST_LOGS = $(am__test_logs2:.test.log=.log) -TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver -TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ - $(TEST_LOG_FLAGS) -am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ - $(top_srcdir)/build-aux/depcomp \ - $(top_srcdir)/build-aux/test-driver -DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -ACLOCAL = @ACLOCAL@ -AMTAR = @AMTAR@ -AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ -AR = @AR@ -AUTOCONF = @AUTOCONF@ -AUTOHEADER = @AUTOHEADER@ -AUTOMAKE = @AUTOMAKE@ -AWK = @AWK@ -BROWSER = @BROWSER@ -BUILD_CFLAGS = @BUILD_CFLAGS@ -BUILD_CPPFLAGS = @BUILD_CPPFLAGS@ -BUILD_LDFLAGS = @BUILD_LDFLAGS@ -CC = @CC@ -CCDEPMODE = @CCDEPMODE@ -CC_FOR_BUILD = @CC_FOR_BUILD@ -CFLAGS = @CFLAGS@ -CPP = @CPP@ -CPPFLAGS = @CPPFLAGS@ -CYGPATH_W = @CYGPATH_W@ -DEFS = @DEFS@ -DEPDIR = @DEPDIR@ -DLLTOOL = @DLLTOOL@ -DSYMUTIL = @DSYMUTIL@ -DUMPBIN = @DUMPBIN@ -ECHO_C = @ECHO_C@ -ECHO_N = @ECHO_N@ -ECHO_T = @ECHO_T@ -ECONF_CFLAGS = @ECONF_CFLAGS@ -ECONF_LIBS = @ECONF_LIBS@ -EGREP = @EGREP@ -EXEEXT = @EXEEXT@ -FGREP = @FGREP@ -FO2PDF = @FO2PDF@ -GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ -GMSGFMT = @GMSGFMT@ -GMSGFMT_015 = @GMSGFMT_015@ -GREP = @GREP@ -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -INTLLIBS = @INTLLIBS@ -INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ -LD = @LD@ -LDFLAGS = @LDFLAGS@ -LEX = @LEX@ -LEXLIB = @LEXLIB@ -LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBAUDIT = @LIBAUDIT@ -LIBCRACK = @LIBCRACK@ -LIBCRYPT = @LIBCRYPT@ -LIBDB = @LIBDB@ -LIBDL = @LIBDL@ -LIBICONV = @LIBICONV@ -LIBINTL = @LIBINTL@ -LIBOBJS = @LIBOBJS@ -LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ -LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ -LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ -LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ -LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ -LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ -LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ -LIBS = @LIBS@ -LIBSELINUX = @LIBSELINUX@ -LIBTOOL = @LIBTOOL@ -LIPO = @LIPO@ -LN_S = @LN_S@ -LTLIBICONV = @LTLIBICONV@ -LTLIBINTL = @LTLIBINTL@ -LTLIBOBJS = @LTLIBOBJS@ -LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ -MAKEINFO = @MAKEINFO@ -MANIFEST_TOOL = @MANIFEST_TOOL@ -MKDIR_P = @MKDIR_P@ -MSGFMT = @MSGFMT@ -MSGFMT_015 = @MSGFMT_015@ -MSGMERGE = @MSGMERGE@ -NIS_CFLAGS = @NIS_CFLAGS@ -NIS_LIBS = @NIS_LIBS@ -NM = @NM@ -NMEDIT = @NMEDIT@ -NSL_CFLAGS = @NSL_CFLAGS@ -NSL_LIBS = @NSL_LIBS@ -OBJDUMP = @OBJDUMP@ -OBJEXT = @OBJEXT@ -OTOOL = @OTOOL@ -OTOOL64 = @OTOOL64@ -PACKAGE = @PACKAGE@ -PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -PACKAGE_NAME = @PACKAGE_NAME@ -PACKAGE_STRING = @PACKAGE_STRING@ -PACKAGE_TARNAME = @PACKAGE_TARNAME@ -PACKAGE_URL = @PACKAGE_URL@ -PACKAGE_VERSION = @PACKAGE_VERSION@ -PATH_SEPARATOR = @PATH_SEPARATOR@ -PIE_CFLAGS = @PIE_CFLAGS@ -PIE_LDFLAGS = @PIE_LDFLAGS@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ -POSUB = @POSUB@ -RANLIB = @RANLIB@ -SCONFIGDIR = @SCONFIGDIR@ -SECUREDIR = @SECUREDIR@ -SED = @SED@ -SET_MAKE = @SET_MAKE@ -SHELL = @SHELL@ -STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@ -STRIP = @STRIP@ -TIRPC_CFLAGS = @TIRPC_CFLAGS@ -TIRPC_LIBS = @TIRPC_LIBS@ -USE_NLS = @USE_NLS@ -VERSION = @VERSION@ -WARN_CFLAGS = @WARN_CFLAGS@ -XGETTEXT = @XGETTEXT@ -XGETTEXT_015 = @XGETTEXT_015@ -XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ -XMLCATALOG = @XMLCATALOG@ -XMLLINT = @XMLLINT@ -XML_CATALOG_FILE = @XML_CATALOG_FILE@ -XSLTPROC = @XSLTPROC@ -YACC = @YACC@ -YFLAGS = @YFLAGS@ -abs_builddir = @abs_builddir@ -abs_srcdir = @abs_srcdir@ -abs_top_builddir = @abs_top_builddir@ -abs_top_srcdir = @abs_top_srcdir@ -ac_ct_AR = @ac_ct_AR@ -ac_ct_CC = @ac_ct_CC@ -ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -am__include = @am__include@ -am__leading_dot = @am__leading_dot@ -am__quote = @am__quote@ -am__tar = @am__tar@ -am__untar = @am__untar@ -bindir = @bindir@ -build = @build@ -build_alias = @build_alias@ -build_cpu = @build_cpu@ -build_os = @build_os@ -build_vendor = @build_vendor@ -builddir = @builddir@ -datadir = @datadir@ -datarootdir = @datarootdir@ -docdir = @docdir@ -dvidir = @dvidir@ -exec_prefix = @exec_prefix@ -host = @host@ -host_alias = @host_alias@ -host_cpu = @host_cpu@ -host_os = @host_os@ -host_vendor = @host_vendor@ -htmldir = @htmldir@ -includedir = @includedir@ -infodir = @infodir@ -install_sh = @install_sh@ -libc_cv_fpie = @libc_cv_fpie@ -libdir = @libdir@ -libexecdir = @libexecdir@ -localedir = @localedir@ -localstatedir = @localstatedir@ -mandir = @mandir@ -mkdir_p = @mkdir_p@ -oldincludedir = @oldincludedir@ -pam_cv_ld_O1 = @pam_cv_ld_O1@ -pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ -pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ -pam_xauth_path = @pam_xauth_path@ -pdfdir = @pdfdir@ -prefix = @prefix@ -program_transform_name = @program_transform_name@ -psdir = @psdir@ -sbindir = @sbindir@ -sharedstatedir = @sharedstatedir@ -srcdir = @srcdir@ -sysconfdir = @sysconfdir@ -target_alias = @target_alias@ -top_build_prefix = @top_build_prefix@ -top_builddir = @top_builddir@ -top_srcdir = @top_srcdir@ -CLEANFILES = *~ -MAINTAINERCLEANFILES = $(MANS) README -EXTRA_DIST = $(XMLS) -@HAVE_DOC_TRUE@dist_man_MANS = pam_tally2.8 -XMLS = README.xml pam_tally2.8.xml -dist_check_SCRIPTS = tst-pam_tally2 -TESTS = $(dist_check_SCRIPTS) -securelibdir = $(SECUREDIR) -secureconfdir = $(SCONFIGDIR) -noinst_HEADERS = tallylog.h -AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - $(WARN_CFLAGS) - -pam_tally2_la_LDFLAGS = -no-undefined -avoid-version -module \ - $(am__append_1) -pam_tally2_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) -pam_tally2_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT) -securelib_LTLIBRARIES = pam_tally2.la -pam_tally2_la_SOURCES = pam_tally2.c -pam_tally2_SOURCES = pam_tally2_app.c -@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README -all: all-am - -.SUFFIXES: -.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs -$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) - @for dep in $?; do \ - case '$(am__configure_deps)' in \ - *$$dep*) \ - ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ - && { if test -f $@; then exit 0; else break; fi; }; \ - exit 1;; \ - esac; \ - done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_tally2/Makefile'; \ - $(am__cd) $(top_srcdir) && \ - $(AUTOMAKE) --gnu modules/pam_tally2/Makefile -Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status - @case '$?' in \ - *config.status*) \ - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ - *) \ - echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ - cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ - esac; - -$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh - -$(top_srcdir)/configure: $(am__configure_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(ACLOCAL_M4): $(am__aclocal_m4_deps) - cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -$(am__aclocal_m4_deps): -install-sbinPROGRAMS: $(sbin_PROGRAMS) - @$(NORMAL_INSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \ - fi; \ - for p in $$list; do echo "$$p $$p"; done | \ - sed 's/$(EXEEXT)$$//' | \ - while read p p1; do if test -f $$p \ - || test -f $$p1 \ - ; then echo "$$p"; echo "$$p"; else :; fi; \ - done | \ - sed -e 'p;s,.*/,,;n;h' \ - -e 's|.*|.|' \ - -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ - sed 'N;N;N;s,\n, ,g' | \ - $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ - { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ - if ($$2 == $$4) files[d] = files[d] " " $$1; \ - else { print "f", $$3 "/" $$4, $$1; } } \ - END { for (d in files) print "f", d, files[d] }' | \ - while read type dir files; do \ - if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ - test -z "$$files" || { \ - echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ - $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ - } \ - ; done - -uninstall-sbinPROGRAMS: - @$(NORMAL_UNINSTALL) - @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ - files=`for p in $$list; do echo "$$p"; done | \ - sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ - -e 's/$$/$(EXEEXT)/' \ - `; \ - test -n "$$list" || exit 0; \ - echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ - cd "$(DESTDIR)$(sbindir)" && rm -f $$files - -clean-sbinPROGRAMS: - @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - -install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) - @$(NORMAL_INSTALL) - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - list2=; for p in $$list; do \ - if test -f $$p; then \ - list2="$$list2 $$p"; \ - else :; fi; \ - done; \ - test -z "$$list2" || { \ - echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ - } - -uninstall-securelibLTLIBRARIES: - @$(NORMAL_UNINSTALL) - @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ - for p in $$list; do \ - $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ - done - -clean-securelibLTLIBRARIES: - -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) - @list='$(securelib_LTLIBRARIES)'; \ - locs=`for p in $$list; do echo $$p; done | \ - sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ - sort -u`; \ - test -z "$$locs" || { \ - echo rm -f $${locs}; \ - rm -f $${locs}; \ - } - -pam_tally2.la: $(pam_tally2_la_OBJECTS) $(pam_tally2_la_DEPENDENCIES) $(EXTRA_pam_tally2_la_DEPENDENCIES) - $(AM_V_CCLD)$(pam_tally2_la_LINK) -rpath $(securelibdir) $(pam_tally2_la_OBJECTS) $(pam_tally2_la_LIBADD) $(LIBS) - -pam_tally2$(EXEEXT): $(pam_tally2_OBJECTS) $(pam_tally2_DEPENDENCIES) $(EXTRA_pam_tally2_DEPENDENCIES) - @rm -f pam_tally2$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(pam_tally2_OBJECTS) $(pam_tally2_LDADD) $(LIBS) - -mostlyclean-compile: - -rm -f *.$(OBJEXT) - -distclean-compile: - -rm -f *.tab.c - -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_tally2_app.Po@am__quote@ # am--include-marker - -$(am__depfiles_remade): - @$(MKDIR_P) $(@D) - @echo '# dummy' >$@-t && $(am__mv) $@-t $@ - -am--depfiles: $(am__depfiles_remade) - -.c.o: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< - -.c.obj: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` - -.c.lo: -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< - -mostlyclean-libtool: - -rm -f *.lo - -clean-libtool: - -rm -rf .libs _libs -install-man8: $(dist_man_MANS) - @$(NORMAL_INSTALL) - @list1=''; \ - list2='$(dist_man_MANS)'; \ - test -n "$(man8dir)" \ - && test -n "`echo $$list1$$list2`" \ - || exit 0; \ - echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ - { for i in $$list1; do echo "$$i"; done; \ - if test -n "$$list2"; then \ - for i in $$list2; do echo "$$i"; done \ - | sed -n '/\.8[a-z]*$$/p'; \ - fi; \ - } | while read p; do \ - if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; echo "$$p"; \ - done | \ - sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ - sed 'N;N;s,\n, ,g' | { \ - list=; while read file base inst; do \ - if test "$$base" = "$$inst"; then list="$$list $$file"; else \ - echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ - $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ - fi; \ - done; \ - for i in $$list; do echo "$$i"; done | $(am__base_list) | \ - while read files; do \ - test -z "$$files" || { \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ - done; } - -uninstall-man8: - @$(NORMAL_UNINSTALL) - @list=''; test -n "$(man8dir)" || exit 0; \ - files=`{ for i in $$list; do echo "$$i"; done; \ - l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ - sed -n '/\.8[a-z]*$$/p'; \ - } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ - -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ - dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) - -ID: $(am__tagged_files) - $(am__define_uniq_tagged_files); mkid -fID $$unique -tags: tags-am -TAGS: tags - -tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - set x; \ - here=`pwd`; \ - $(am__define_uniq_tagged_files); \ - shift; \ - if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ - test -n "$$unique" || unique=$$empty_fix; \ - if test $$# -gt 0; then \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - "$$@" $$unique; \ - else \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$unique; \ - fi; \ - fi -ctags: ctags-am - -CTAGS: ctags -ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) - $(am__define_uniq_tagged_files); \ - test -z "$(CTAGS_ARGS)$$unique" \ - || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$unique - -GTAGS: - here=`$(am__cd) $(top_builddir) && pwd` \ - && $(am__cd) $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) "$$here" -cscopelist: cscopelist-am - -cscopelist-am: $(am__tagged_files) - list='$(am__tagged_files)'; \ - case "$(srcdir)" in \ - [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ - *) sdir=$(subdir)/$(srcdir) ;; \ - esac; \ - for i in $$list; do \ - if test -f "$$i"; then \ - echo "$(subdir)/$$i"; \ - else \ - echo "$$sdir/$$i"; \ - fi; \ - done >> $(top_builddir)/cscope.files - -distclean-tags: - -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags - -# Recover from deleted '.trs' file; this should ensure that -# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -# to avoid problems with "make -n". -.log.trs: - rm -f $< $@ - $(MAKE) $(AM_MAKEFLAGS) $< - -# Leading 'am--fnord' is there to ensure the list of targets does not -# expand to empty, as could happen e.g. with make check TESTS=''. -am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -am--force-recheck: - @: - -$(TEST_SUITE_LOG): $(TEST_LOGS) - @$(am__set_TESTS_bases); \ - am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ - redo_bases=`for i in $$bases; do \ - am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ - done`; \ - if test -n "$$redo_bases"; then \ - redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ - redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ - if $(am__make_dryrun); then :; else \ - rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ - fi; \ - if test -n "$$am__remaking_logs"; then \ - echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ - "recursion detected" >&2; \ - elif test -n "$$redo_logs"; then \ - am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ - fi; \ - if $(am__make_dryrun); then :; else \ - st=0; \ - errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ - for i in $$redo_bases; do \ - test -f $$i.trs && test -r $$i.trs \ - || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ - test -f $$i.log && test -r $$i.log \ - || { echo "$$errmsg $$i.log" >&2; st=1; }; \ - done; \ - test $$st -eq 0 || exit 1; \ - fi - @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ - ws='[ ]'; \ - results=`for b in $$bases; do echo $$b.trs; done`; \ - test -n "$$results" || results=/dev/null; \ - all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ - pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ - fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ - skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ - xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ - xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ - error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ - if test `expr $$fail + $$xpass + $$error` -eq 0; then \ - success=true; \ - else \ - success=false; \ - fi; \ - br='==================='; br=$$br$$br$$br$$br; \ - result_count () \ - { \ - if test x"$$1" = x"--maybe-color"; then \ - maybe_colorize=yes; \ - elif test x"$$1" = x"--no-color"; then \ - maybe_colorize=no; \ - else \ - echo "$@: invalid 'result_count' usage" >&2; exit 4; \ - fi; \ - shift; \ - desc=$$1 count=$$2; \ - if test $$maybe_colorize = yes && test $$count -gt 0; then \ - color_start=$$3 color_end=$$std; \ - else \ - color_start= color_end=; \ - fi; \ - echo "$${color_start}# $$desc $$count$${color_end}"; \ - }; \ - create_testsuite_report () \ - { \ - result_count $$1 "TOTAL:" $$all "$$brg"; \ - result_count $$1 "PASS: " $$pass "$$grn"; \ - result_count $$1 "SKIP: " $$skip "$$blu"; \ - result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ - result_count $$1 "FAIL: " $$fail "$$red"; \ - result_count $$1 "XPASS:" $$xpass "$$red"; \ - result_count $$1 "ERROR:" $$error "$$mgn"; \ - }; \ - { \ - echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ - $(am__rst_title); \ - create_testsuite_report --no-color; \ - echo; \ - echo ".. contents:: :depth: 2"; \ - echo; \ - for b in $$bases; do echo $$b; done \ - | $(am__create_global_log); \ - } >$(TEST_SUITE_LOG).tmp || exit 1; \ - mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ - if $$success; then \ - col="$$grn"; \ - else \ - col="$$red"; \ - test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ - fi; \ - echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ - echo "$${col}$$br$${std}"; \ - create_testsuite_report --maybe-color; \ - echo "$$col$$br$$std"; \ - if $$success; then :; else \ - echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ - if test -n "$(PACKAGE_BUGREPORT)"; then \ - echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ - fi; \ - echo "$$col$$br$$std"; \ - fi; \ - $$success || exit 1 - -check-TESTS: $(dist_check_SCRIPTS) - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - trs_list=`for i in $$bases; do echo $$i.trs; done`; \ - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ - exit $$?; -recheck: all $(dist_check_SCRIPTS) - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - bases=`for i in $$bases; do echo $$i; done \ - | $(am__list_recheck_tests)` || exit 1; \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - log_list=`echo $$log_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ - am__force_recheck=am--force-recheck \ - TEST_LOGS="$$log_list"; \ - exit $$? -tst-pam_tally2.log: tst-pam_tally2 - @p='tst-pam_tally2'; \ - b='tst-pam_tally2'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -.test.log: - @p='$<'; \ - $(am__set_b); \ - $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -@am__EXEEXT_TRUE@.test$(EXEEXT).log: -@am__EXEEXT_TRUE@ @p='$<'; \ -@am__EXEEXT_TRUE@ $(am__set_b); \ -@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) - -distdir: $(BUILT_SOURCES) - $(MAKE) $(AM_MAKEFLAGS) distdir-am - -distdir-am: $(DISTFILES) - @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ - list='$(DISTFILES)'; \ - dist_files=`for file in $$list; do echo $$file; done | \ - sed -e "s|^$$srcdirstrip/||;t" \ - -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ - case $$dist_files in \ - */*) $(MKDIR_P) `echo "$$dist_files" | \ - sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ - sort -u` ;; \ - esac; \ - for file in $$dist_files; do \ - if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ - if test -d $$d/$$file; then \ - dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ - if test -d "$(distdir)/$$file"; then \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ - find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ - fi; \ - cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ - else \ - test -f "$(distdir)/$$file" \ - || cp -p $$d/$$file "$(distdir)/$$file" \ - || exit 1; \ - fi; \ - done -check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS) - $(MAKE) $(AM_MAKEFLAGS) check-TESTS -check: check-am -all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) -installdirs: - for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ - done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am - -install-am: all-am - @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am - -installcheck: installcheck-am -install-strip: - if test -z '$(STRIP)'; then \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - install; \ - else \ - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ - fi -mostlyclean-generic: - -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) - -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) - -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - -clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) - -distclean-generic: - -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) - -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) - -maintainer-clean-generic: - @echo "This command is intended for maintainers to use" - @echo "it deletes files that may require special tools to rebuild." - -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) -clean: clean-am - -clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ - clean-securelibLTLIBRARIES mostlyclean-am - -distclean: distclean-am - -rm -f ./$(DEPDIR)/pam_tally2.Plo - -rm -f ./$(DEPDIR)/pam_tally2_app.Po - -rm -f Makefile -distclean-am: clean-am distclean-compile distclean-generic \ - distclean-tags - -dvi: dvi-am - -dvi-am: - -html: html-am - -html-am: - -info: info-am - -info-am: - -install-data-am: install-man install-securelibLTLIBRARIES - -install-dvi: install-dvi-am - -install-dvi-am: - -install-exec-am: install-sbinPROGRAMS - -install-html: install-html-am - -install-html-am: - -install-info: install-info-am - -install-info-am: - -install-man: install-man8 - -install-pdf: install-pdf-am - -install-pdf-am: - -install-ps: install-ps-am - -install-ps-am: - -installcheck-am: - -maintainer-clean: maintainer-clean-am - -rm -f ./$(DEPDIR)/pam_tally2.Plo - -rm -f ./$(DEPDIR)/pam_tally2_app.Po - -rm -f Makefile -maintainer-clean-am: distclean-am maintainer-clean-generic - -mostlyclean: mostlyclean-am - -mostlyclean-am: mostlyclean-compile mostlyclean-generic \ - mostlyclean-libtool - -pdf: pdf-am - -pdf-am: - -ps: ps-am - -ps-am: - -uninstall-am: uninstall-man uninstall-sbinPROGRAMS \ - uninstall-securelibLTLIBRARIES - -uninstall-man: uninstall-man8 - -.MAKE: check-am install-am install-strip - -.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \ - check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \ - clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \ - distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-man8 install-pdf \ - install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \ - install-securelibLTLIBRARIES install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - recheck tags tags-am uninstall uninstall-am uninstall-man \ - uninstall-man8 uninstall-sbinPROGRAMS \ - uninstall-securelibLTLIBRARIES - -.PRECIOUS: Makefile - -@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules - -# Tell versions [3.59,3.63) of GNU make to not export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/modules/pam_tally2/README b/modules/pam_tally2/README deleted file mode 100644 index a3fd30e7..00000000 --- a/modules/pam_tally2/README +++ /dev/null @@ -1,156 +0,0 @@ -pam_tally2 — The login counter (tallying) module - -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -DESCRIPTION - -This module maintains a count of attempted accesses, can reset count on -success, can deny access if too many attempts fail. - -pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the -PAM module and the latter, a stand-alone program. pam_tally2 is an (optional) -application which can be used to interrogate and manipulate the counter file. -It can display user counts, set individual counts, or clear all counts. Setting -artificially high counts may be useful for blocking users without changing -their passwords. For example, one might find it useful to clear all counts -every midnight from a cron job. - -Normally, failed attempts to access root will not cause the root account to -become blocked, to prevent denial-of-service: if your users aren't given shell -accounts and root may only login via su or at the machine console (not telnet/ -rsh, etc), this is safe. - -OPTIONS - -GLOBAL OPTIONS - - This can be used for auth and account module types. - - onerr=[fail|succeed] - - If something weird happens (like unable to open the file), return with - PAM_SUCCESS if onerr=succeed is given, else with the corresponding PAM - error code. - - file=/path/to/counter - - File where to keep counts. Default is /var/log/tallylog. - - audit - - Will log the user name into the system log if the user is not found. - - silent - - Don't print informative messages. The messages printed without the - silent option leak presence of accounts on the system because they are - not printed for non-existing accounts. - - no_log_info - - Don't log informative messages via syslog(3). - - debug - - Always log tally count when it is incremented as a debug level message - to the system log. - -AUTH OPTIONS - - Authentication phase first increments attempted login counter and checks if - user should be denied access. If the user is authenticated and the login - process continues on call to pam_setcred(3) it resets the attempts counter. - - deny=n - - Deny access if tally for this user exceeds n. - - lock_time=n - - Always deny for n seconds after failed attempt. - - unlock_time=n - - Allow access after n seconds after failed attempt. If this option is - used the user will be locked out for the specified amount of time after - he exceeded his maximum allowed attempts. Otherwise the account is - locked until the lock is removed by a manual intervention of the system - administrator. - - magic_root - - If the module is invoked by a user with uid=0 the counter is not - incremented. The sysadmin should use this for user launched services, - like su, otherwise this argument should be omitted. - - even_deny_root - - Root account can become unavailable. - - root_unlock_time=n - - This option implies even_deny_root option. Allow access after n seconds - to root account after failed attempt. If this option is used the root - user will be locked out for the specified amount of time after he - exceeded his maximum allowed attempts. - - serialize - - Serialize access to the tally file using locks. This option might be - used only for non-multithreaded services because it depends on the - fcntl locking of the tally file. Also it is a good idea to use this - option only in such configurations where the time between auth phase - and account or setcred phase is not dependent on the authenticating - client. Otherwise the authenticating client will be able to prevent - simultaneous authentications by the same user by simply artificially - prolonging the time the file record lock is held. - -ACCOUNT OPTIONS - - Account phase resets attempts counter if the user is not magic root. This - phase can be used optionally for services which don't call pam_setcred(3) - correctly or if the reset should be done regardless of the failure of the - account phase of other modules. - - magic_root - - If the module is invoked by a user with uid=0 the counter is not - changed. The sysadmin should use this for user launched services, like - su, otherwise this argument should be omitted. - -NOTES - -pam_tally2 is not compatible with the old pam_tally faillog file format. This -is caused by requirement of compatibility of the tallylog file format between -32bit and 64bit architectures on multiarch systems. - -There is no setuid wrapper for access to the data file such as when the -pam_tally2.so module is called from xscreensaver. As this would make it -impossible to share PAM configuration with such services the following -workaround is used: If the data file cannot be opened because of insufficient -permissions (EACCES) the module returns PAM_IGNORE. - -EXAMPLES - -Add the following line to /etc/pam.d/login to lock the account after 4 failed -logins. Root account will be locked as well. The accounts will be automatically -unlocked after 20 minutes. The module does not have to be called in the account -phase because the login calls pam_setcred(3) correctly. - -auth required pam_securetty.so -auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 -auth required pam_env.so -auth required pam_unix.so -auth required pam_nologin.so -account required pam_unix.so -password required pam_unix.so -session required pam_limits.so -session required pam_unix.so -session required pam_lastlog.so nowtmp -session optional pam_mail.so standard - - -AUTHOR - -pam_tally2 was written by Tim Baverstock and Tomas Mraz. - diff --git a/modules/pam_tally2/README.xml b/modules/pam_tally2/README.xml deleted file mode 100644 index aa470570..00000000 --- a/modules/pam_tally2/README.xml +++ /dev/null @@ -1,46 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -"http://www.docbook.org/xml/4.3/docbookx.dtd" -[ -<!-- -<!ENTITY pamaccess SYSTEM "pam_tally2.8.xml"> ---> -]> - -<article> - - <articleinfo> - - <title> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_tally2-name"]/*)'/> - </title> - - </articleinfo> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-description"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-options"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-notes"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-examples"]/*)'/> - </section> - - <section> - <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" - href="pam_tally2.8.xml" xpointer='xpointer(//refsect1[@id = "pam_tally2-author"]/*)'/> - </section> - -</article> diff --git a/modules/pam_tally2/pam_tally2.8 b/modules/pam_tally2/pam_tally2.8 deleted file mode 100644 index 2673682e..00000000 --- a/modules/pam_tally2/pam_tally2.8 +++ /dev/null @@ -1,244 +0,0 @@ -'\" t -.\" Title: pam_tally2 -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> -.\" Date: 06/08/2020 -.\" Manual: Linux-PAM Manual -.\" Source: Linux-PAM Manual -.\" Language: English -.\" -.TH "PAM_TALLY2" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual" -.\" ----------------------------------------------------------------- -.\" * Define some portability stuff -.\" ----------------------------------------------------------------- -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.\" http://bugs.debian.org/507673 -.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html -.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.ie \n(.g .ds Aq \(aq -.el .ds Aq ' -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -pam_tally2 \- The login counter (tallying) module -.SH "SYNOPSIS" -.HP \w'\fBpam_tally2\&.so\fR\ 'u -\fBpam_tally2\&.so\fR [file=\fI/path/to/counter\fR] [onerr=[\fIfail\fR|\fIsucceed\fR]] [magic_root] [even_deny_root] [deny=\fIn\fR] [lock_time=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [serialize] [audit] [silent] [no_log_info] [debug] -.HP \w'\fBpam_tally2\fR\ 'u -\fBpam_tally2\fR [\-\-file\ \fI/path/to/counter\fR] [\-\-user\ \fIusername\fR] [\-\-reset[=\fIn\fR]] [\-\-quiet] -.SH "DESCRIPTION" -.PP -This module maintains a count of attempted accesses, can reset count on success, can deny access if too many attempts fail\&. -.PP -pam_tally2 comes in two parts: -\fBpam_tally2\&.so\fR -and -\fBpam_tally2\fR\&. The former is the PAM module and the latter, a stand\-alone program\&. -\fBpam_tally2\fR -is an (optional) application which can be used to interrogate and manipulate the counter file\&. It can display user counts, set individual counts, or clear all counts\&. Setting artificially high counts may be useful for blocking users without changing their passwords\&. For example, one might find it useful to clear all counts every midnight from a cron job\&. -.PP -Normally, failed attempts to access -\fIroot\fR -will -\fBnot\fR -cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via -\fBsu\fR -or at the machine console (not telnet/rsh, etc), this is safe\&. -.SH "OPTIONS" -.PP -GLOBAL OPTIONS -.RS 4 -This can be used for -\fIauth\fR -and -\fIaccount\fR -module types\&. -.PP -\fBonerr=[\fR\fB\fIfail\fR\fR\fB|\fR\fB\fIsucceed\fR\fR\fB]\fR -.RS 4 -If something weird happens (like unable to open the file), return with -\fBPAM_SUCCESS\fR -if -\fBonerr=\fR\fB\fIsucceed\fR\fR -is given, else with the corresponding PAM error code\&. -.RE -.PP -\fBfile=\fR\fB\fI/path/to/counter\fR\fR -.RS 4 -File where to keep counts\&. Default is -/var/log/tallylog\&. -.RE -.PP -\fBaudit\fR -.RS 4 -Will log the user name into the system log if the user is not found\&. -.RE -.PP -\fBsilent\fR -.RS 4 -Don\*(Aqt print informative messages\&. The messages printed without the -\fIsilent\fR -option leak presence of accounts on the system because they are not printed for non\-existing accounts\&. -.RE -.PP -\fBno_log_info\fR -.RS 4 -Don\*(Aqt log informative messages via -\fBsyslog\fR(3)\&. -.RE -.PP -\fBdebug\fR -.RS 4 -Always log tally count when it is incremented as a debug level message to the system log\&. -.RE -.RE -.PP -AUTH OPTIONS -.RS 4 -Authentication phase first increments attempted login counter and checks if user should be denied access\&. If the user is authenticated and the login process continues on call to -\fBpam_setcred\fR(3) -it resets the attempts counter\&. -.PP -\fBdeny=\fR\fB\fIn\fR\fR -.RS 4 -Deny access if tally for this user exceeds -\fIn\fR\&. -.RE -.PP -\fBlock_time=\fR\fB\fIn\fR\fR -.RS 4 -Always deny for -\fIn\fR -seconds after failed attempt\&. -.RE -.PP -\fBunlock_time=\fR\fB\fIn\fR\fR -.RS 4 -Allow access after -\fIn\fR -seconds after failed attempt\&. If this option is used the user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. Otherwise the account is locked until the lock is removed by a manual intervention of the system administrator\&. -.RE -.PP -\fBmagic_root\fR -.RS 4 -If the module is invoked by a user with uid=0 the counter is not incremented\&. The sysadmin should use this for user launched services, like -\fBsu\fR, otherwise this argument should be omitted\&. -.RE -.PP -\fBeven_deny_root\fR -.RS 4 -Root account can become unavailable\&. -.RE -.PP -\fBroot_unlock_time=\fR\fB\fIn\fR\fR -.RS 4 -This option implies -\fBeven_deny_root\fR -option\&. Allow access after -\fIn\fR -seconds to root account after failed attempt\&. If this option is used the root user will be locked out for the specified amount of time after he exceeded his maximum allowed attempts\&. -.RE -.PP -\fBserialize\fR -.RS 4 -Serialize access to the tally file using locks\&. This option might be used only for non\-multithreaded services because it depends on the fcntl locking of the tally file\&. Also it is a good idea to use this option only in such configurations where the time between auth phase and account or setcred phase is not dependent on the authenticating client\&. Otherwise the authenticating client will be able to prevent simultaneous authentications by the same user by simply artificially prolonging the time the file record lock is held\&. -.RE -.RE -.PP -ACCOUNT OPTIONS -.RS 4 -Account phase resets attempts counter if the user is -\fBnot\fR -magic root\&. This phase can be used optionally for services which don\*(Aqt call -\fBpam_setcred\fR(3) -correctly or if the reset should be done regardless of the failure of the account phase of other modules\&. -.PP -\fBmagic_root\fR -.RS 4 -If the module is invoked by a user with uid=0 the counter is not changed\&. The sysadmin should use this for user launched services, like -\fBsu\fR, otherwise this argument should be omitted\&. -.RE -.RE -.SH "MODULE TYPES PROVIDED" -.PP -The -\fBauth\fR -and -\fBaccount\fR -module types are provided\&. -.SH "RETURN VALUES" -.PP -PAM_AUTH_ERR -.RS 4 -A invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&. -.RE -.PP -PAM_SUCCESS -.RS 4 -Everything was successful\&. -.RE -.PP -PAM_USER_UNKNOWN -.RS 4 -User not known\&. -.RE -.SH "NOTES" -.PP -pam_tally2 is not compatible with the old pam_tally faillog file format\&. This is caused by requirement of compatibility of the tallylog file format between 32bit and 64bit architectures on multiarch systems\&. -.PP -There is no setuid wrapper for access to the data file such as when the -\fBpam_tally2\&.so\fR -module is called from xscreensaver\&. As this would make it impossible to share PAM configuration with such services the following workaround is used: If the data file cannot be opened because of insufficient permissions (\fBEACCES\fR) the module returns -\fBPAM_IGNORE\fR\&. -.SH "EXAMPLES" -.PP -Add the following line to -/etc/pam\&.d/login -to lock the account after 4 failed logins\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&. The module does not have to be called in the account phase because the -\fBlogin\fR -calls -\fBpam_setcred\fR(3) -correctly\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf -auth required pam_securetty\&.so -auth required pam_tally2\&.so deny=4 even_deny_root unlock_time=1200 -auth required pam_env\&.so -auth required pam_unix\&.so -auth required pam_nologin\&.so -account required pam_unix\&.so -password required pam_unix\&.so -session required pam_limits\&.so -session required pam_unix\&.so -session required pam_lastlog\&.so nowtmp -session optional pam_mail\&.so standard - -.fi -.if n \{\ -.RE -.\} -.SH "FILES" -.PP -/var/log/tallylog -.RS 4 -failure count logging file -.RE -.SH "SEE ALSO" -.PP -\fBpam.conf\fR(5), -\fBpam.d\fR(5), -\fBpam\fR(8) -.SH "AUTHOR" -.PP -pam_tally2 was written by Tim Baverstock and Tomas Mraz\&. diff --git a/modules/pam_tally2/pam_tally2.8.xml b/modules/pam_tally2/pam_tally2.8.xml deleted file mode 100644 index d058cf91..00000000 --- a/modules/pam_tally2/pam_tally2.8.xml +++ /dev/null @@ -1,450 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_tally2"> - - <refmeta> - <refentrytitle>pam_tally2</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_tally2-name"> - <refname>pam_tally2</refname> - <refpurpose>The login counter (tallying) module</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_tally2-cmdsynopsis1"> - <command>pam_tally2.so</command> - <arg choice="opt"> - file=<replaceable>/path/to/counter</replaceable> - </arg> - <arg choice="opt"> - onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>] - </arg> - <arg choice="opt"> - magic_root - </arg> - <arg choice="opt"> - even_deny_root - </arg> - <arg choice="opt"> - deny=<replaceable>n</replaceable> - </arg> - <arg choice="opt"> - lock_time=<replaceable>n</replaceable> - </arg> - <arg choice="opt"> - unlock_time=<replaceable>n</replaceable> - </arg> - <arg choice="opt"> - root_unlock_time=<replaceable>n</replaceable> - </arg> - <arg choice="opt"> - serialize - </arg> - <arg choice="opt"> - audit - </arg> - <arg choice="opt"> - silent - </arg> - <arg choice="opt"> - no_log_info - </arg> - <arg choice="opt"> - debug - </arg> - </cmdsynopsis> - <cmdsynopsis id="pam_tally2-cmdsynopsis2"> - <command>pam_tally2</command> - <arg choice="opt"> - --file <replaceable>/path/to/counter</replaceable> - </arg> - <arg choice="opt"> - --user <replaceable>username</replaceable> - </arg> - <arg choice="opt"> - --reset[=<replaceable>n</replaceable>] - </arg> - <arg choice="opt"> - --quiet - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_tally2-description"> - - <title>DESCRIPTION</title> - - <para> - This module maintains a count of attempted accesses, can - reset count on success, can deny access if too many attempts fail. - </para> - <para> - pam_tally2 comes in two parts: - <emphasis remap='B'>pam_tally2.so</emphasis> and - <command>pam_tally2</command>. The former is the PAM module and - the latter, a stand-alone program. <command>pam_tally2</command> - is an (optional) application which can be used to interrogate and - manipulate the counter file. It can display user counts, set - individual counts, or clear all counts. Setting artificially high - counts may be useful for blocking users without changing their - passwords. For example, one might find it useful to clear all counts - every midnight from a cron job. - </para> - <para> - Normally, failed attempts to access <emphasis>root</emphasis> will - <emphasis remap='B'>not</emphasis> cause the root account to become - blocked, to prevent denial-of-service: if your users aren't given - shell accounts and root may only login via <command>su</command> or - at the machine console (not telnet/rsh, etc), this is safe. - </para> - </refsect1> - - <refsect1 id="pam_tally2-options"> - - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - GLOBAL OPTIONS - </term> - <listitem> - <para> - This can be used for <emphasis>auth</emphasis> and - <emphasis>account</emphasis> module types. - </para> - <variablelist> - <varlistentry> - <term> - <option>onerr=[<replaceable>fail</replaceable>|<replaceable>succeed</replaceable>]</option> - </term> - <listitem> - <para> - If something weird happens (like unable to open the file), - return with <errorcode>PAM_SUCCESS</errorcode> if - <option>onerr=<replaceable>succeed</replaceable></option> - is given, else with the corresponding PAM error code. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>file=<replaceable>/path/to/counter</replaceable></option> - </term> - <listitem> - <para> - File where to keep counts. Default is - <filename>/var/log/tallylog</filename>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>audit</option> - </term> - <listitem> - <para> - Will log the user name into the system log if the user is not found. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>silent</option> - </term> - <listitem> - <para> - Don't print informative messages. The messages printed without the <emphasis>silent</emphasis> option leak presence of accounts on the system because they are not printed for non-existing accounts. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>no_log_info</option> - </term> - <listitem> - <para> - Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Always log tally count when it is incremented as a debug level message to the system log. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - </varlistentry> - - <varlistentry> - <term> - AUTH OPTIONS - </term> - <listitem> - <para> - Authentication phase first increments attempted login counter and - checks if user should be denied access. If the user is authenticated - and the login process continues on call to <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> it resets the attempts counter. - </para> - <variablelist> - <varlistentry> - <term> - <option>deny=<replaceable>n</replaceable></option> - </term> - <listitem> - <para> - Deny access if tally for this user exceeds - <replaceable>n</replaceable>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>lock_time=<replaceable>n</replaceable></option> - </term> - <listitem> - <para> - Always deny for <replaceable>n</replaceable> seconds - after failed attempt. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>unlock_time=<replaceable>n</replaceable></option> - </term> - <listitem> - <para> - Allow access after <replaceable>n</replaceable> seconds - after failed attempt. If this option is used the user will - be locked out for the specified amount of time after he - exceeded his maximum allowed attempts. Otherwise the - account is locked until the lock is removed by a manual - intervention of the system administrator. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>magic_root</option> - </term> - <listitem> - <para> - If the module is invoked by a user with uid=0 the - counter is not incremented. The sysadmin should use this - for user launched services, like <command>su</command>, - otherwise this argument should be omitted. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>even_deny_root</option> - </term> - <listitem> - <para> - Root account can become unavailable. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>root_unlock_time=<replaceable>n</replaceable></option> - </term> - <listitem> - <para> - This option implies <option>even_deny_root</option> option. - Allow access after <replaceable>n</replaceable> seconds - to root account after failed attempt. If this option is used - the root user will be locked out for the specified amount of - time after he exceeded his maximum allowed attempts. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>serialize</option> - </term> - <listitem> - <para> - Serialize access to the tally file using locks. This option might - be used only for non-multithreaded services because it depends on - the fcntl locking of the tally file. Also it is a good idea to use - this option only in such configurations where the time between auth - phase and account or setcred phase is not dependent on the - authenticating client. Otherwise the authenticating client will be - able to prevent simultaneous authentications by the same user by - simply artificially prolonging the time the file record lock is held. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - </varlistentry> - - - <varlistentry> - <term> - ACCOUNT OPTIONS - </term> - <listitem> - <para> - Account phase resets attempts counter if the user is - <emphasis remap='B'>not</emphasis> magic root. - This phase can be used optionally for services which don't call - <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> correctly or if the reset should be done regardless - of the failure of the account phase of other modules. - </para> - <variablelist> - <varlistentry> - <term> - <option>magic_root</option> - </term> - <listitem> - <para> - If the module is invoked by a user with uid=0 the - counter is not changed. The sysadmin should use this - for user launched services, like <command>su</command>, - otherwise this argument should be omitted. - </para> - </listitem> - </varlistentry> - </variablelist> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_tally2-types"> - <title>MODULE TYPES PROVIDED</title> - <para> - The <option>auth</option> and <option>account</option> - module types are provided. - </para> - </refsect1> - - <refsect1 id='pam_tally2-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - A invalid option was given, the module was not able - to retrieve the user name, no valid counter file - was found, or too many failed logins. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - Everything was successful. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - User not known. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_tally2-notes'> - <title>NOTES</title> - <para> - pam_tally2 is not compatible with the old pam_tally faillog file format. - This is caused by requirement of compatibility of the tallylog file - format between 32bit and 64bit architectures on multiarch systems. - </para> - <para> - There is no setuid wrapper for access to the data file such as when the - <emphasis remap='B'>pam_tally2.so</emphasis> module is called from - xscreensaver. As this would make it impossible to share PAM configuration - with such services the following workaround is used: If the data file - cannot be opened because of insufficient permissions - (<errorcode>EACCES</errorcode>) the module returns - <errorcode>PAM_IGNORE</errorcode>. - </para> - </refsect1> - - <refsect1 id='pam_tally2-examples'> - <title>EXAMPLES</title> - <para> - Add the following line to <filename>/etc/pam.d/login</filename> to - lock the account after 4 failed logins. Root account will be locked - as well. The accounts will be automatically unlocked after 20 minutes. - The module does not have to be called in the account phase because the - <command>login</command> calls <citerefentry> - <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum> - </citerefentry> correctly. - </para> - <programlisting> -auth required pam_securetty.so -auth required pam_tally2.so deny=4 even_deny_root unlock_time=1200 -auth required pam_env.so -auth required pam_unix.so -auth required pam_nologin.so -account required pam_unix.so -password required pam_unix.so -session required pam_limits.so -session required pam_unix.so -session required pam_lastlog.so nowtmp -session optional pam_mail.so standard - </programlisting> - </refsect1> - - <refsect1 id="pam_tally2-files"> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/var/log/tallylog</filename></term> - <listitem> - <para>failure count logging file</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_tally2-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_tally2-author'> - <title>AUTHOR</title> - <para> - pam_tally2 was written by Tim Baverstock and Tomas Mraz. - </para> - </refsect1> - -</refentry> diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c deleted file mode 100644 index 117df699..00000000 --- a/modules/pam_tally2/pam_tally2.c +++ /dev/null @@ -1,1035 +0,0 @@ -/* - * pam_tally2 module - * - * By Tim Baverstock <warwick@mmm.co.uk>, Multi Media Machine Ltd. - * 5 March 1997 - * - * Stuff stolen from pam_rootok and pam_listfile - * - * Changes by Tomas Mraz <tmraz@redhat.com> 5 January 2005, 26 January 2006 - * Audit option added for Tomas patch by Sebastien Tricaud <toady@gscore.org> 13 January 2005 - * Portions Copyright 2006, Red Hat, Inc. - * Portions Copyright 1989 - 1993, Julianne Frances Haugh - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Julianne F. Haugh nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "config.h" - -#if defined(MAIN) && defined(MEMORY_DEBUG) -# undef exit -#endif /* defined(MAIN) && defined(MEMORY_DEBUG) */ - -#include <stdio.h> -#include <string.h> -#include <unistd.h> -#include <stdarg.h> -#include <stdlib.h> -#include <syslog.h> -#include <pwd.h> -#include <time.h> -#include <stdint.h> -#include <errno.h> -#ifdef HAVE_LIBAUDIT -#include <libaudit.h> -#endif - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/param.h> -#include <fcntl.h> -#include <signal.h> -#include "tallylog.h" - -#ifndef TRUE -#define TRUE 1L -#define FALSE 0L -#endif - -#ifndef HAVE_FSEEKO -#define fseeko fseek -#endif - -#ifndef MAIN -#include <security/pam_ext.h> -#endif -#include <security/pam_modutil.h> -#include <security/pam_modules.h> -#include "pam_inline.h" - -/*---------------------------------------------------------------------*/ - -#define DEFAULT_LOGFILE "/var/log/tallylog" -#define MODULE_NAME "pam_tally2" - -#define tally_t uint16_t -#define TALLY_HI ((tally_t)~0L) - -struct tally_options { - const char *filename; - tally_t deny; - long lock_time; - long unlock_time; - long root_unlock_time; - unsigned int ctrl; -}; - -#define PHASE_UNKNOWN 0 -#define PHASE_AUTH 1 -#define PHASE_ACCOUNT 2 -#define PHASE_SESSION 3 - -#define OPT_MAGIC_ROOT 01 -#define OPT_FAIL_ON_ERROR 02 -#define OPT_DENY_ROOT 04 -#define OPT_QUIET 040 -#define OPT_AUDIT 0100 -#define OPT_NOLOGNOTICE 0400 -#define OPT_SERIALIZE 01000 -#define OPT_DEBUG 02000 - -#define MAX_LOCK_WAITING_TIME 10 - -/*---------------------------------------------------------------------*/ - -/* some syslogging */ - -#ifdef MAIN -#define pam_syslog tally_log -static void -tally_log (const pam_handle_t *pamh UNUSED, int priority UNUSED, - const char *fmt, ...) -{ - va_list args; - - va_start(args, fmt); - fprintf(stderr, "%s: ", MODULE_NAME); - vfprintf(stderr, fmt, args); - fprintf(stderr,"\n"); - va_end(args); -} - -#define pam_modutil_getpwnam(pamh, user) getpwnam(user) -#endif - -/*---------------------------------------------------------------------*/ - -/* --- Support function: parse arguments --- */ - -#ifndef MAIN - -static void -log_phase_no_auth(pam_handle_t *pamh, int phase, const char *argv) -{ - if ( phase != PHASE_AUTH ) { - pam_syslog(pamh, LOG_ERR, - "option %s allowed in auth phase only", argv); - } -} - -static int -tally_parse_args(pam_handle_t *pamh, struct tally_options *opts, - int phase, int argc, const char **argv) -{ - memset(opts, 0, sizeof(*opts)); - opts->filename = DEFAULT_LOGFILE; - opts->ctrl = OPT_FAIL_ON_ERROR; - opts->root_unlock_time = -1; - - for ( ; argc-- > 0; ++argv ) { - const char *str; - - if ((str = pam_str_skip_prefix(*argv, "file=")) != NULL) { - const char *from = str; - if ( *from!='/' ) { - pam_syslog(pamh, LOG_ERR, - "filename not /rooted; %s", *argv); - return PAM_AUTH_ERR; - } - opts->filename = from; - } - else if ( ! strcmp( *argv, "onerr=fail" ) ) { - opts->ctrl |= OPT_FAIL_ON_ERROR; - } - else if ( ! strcmp( *argv, "onerr=succeed" ) ) { - opts->ctrl &= ~OPT_FAIL_ON_ERROR; - } - else if ( ! strcmp( *argv, "magic_root" ) ) { - opts->ctrl |= OPT_MAGIC_ROOT; - } - else if ( ! strcmp( *argv, "serialize" ) ) { - opts->ctrl |= OPT_SERIALIZE; - } - else if ( ! strcmp( *argv, "debug" ) ) { - opts->ctrl |= OPT_DEBUG; - } - else if ( ! strcmp( *argv, "even_deny_root_account" ) || - ! strcmp( *argv, "even_deny_root" ) ) { - log_phase_no_auth(pamh, phase, *argv); - opts->ctrl |= OPT_DENY_ROOT; - } - else if ((str = pam_str_skip_prefix(*argv, "deny=")) != NULL) { - log_phase_no_auth(pamh, phase, *argv); - if (sscanf(str, "%hu", &opts->deny) != 1) { - pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); - return PAM_AUTH_ERR; - } - } - else if ((str = pam_str_skip_prefix(*argv, "lock_time=")) != NULL) { - log_phase_no_auth(pamh, phase, *argv); - if (sscanf(str, "%ld", &opts->lock_time) != 1) { - pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); - return PAM_AUTH_ERR; - } - } - else if ((str = pam_str_skip_prefix(*argv, "unlock_time=")) != NULL) { - log_phase_no_auth(pamh, phase, *argv); - if (sscanf(str, "%ld", &opts->unlock_time) != 1) { - pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); - return PAM_AUTH_ERR; - } - } - else if ((str = pam_str_skip_prefix(*argv, "root_unlock_time=")) != NULL) { - log_phase_no_auth(pamh, phase, *argv); - if (sscanf(str, "%ld", &opts->root_unlock_time) != 1) { - pam_syslog(pamh, LOG_ERR, "bad number supplied: %s", *argv); - return PAM_AUTH_ERR; - } - opts->ctrl |= OPT_DENY_ROOT; /* even_deny_root implied */ - } - else if ( ! strcmp( *argv, "quiet" ) || - ! strcmp ( *argv, "silent")) { - opts->ctrl |= OPT_QUIET; - } - else if ( ! strcmp ( *argv, "no_log_info") ) { - opts->ctrl |= OPT_NOLOGNOTICE; - } - else if ( ! strcmp ( *argv, "audit") ) { - opts->ctrl |= OPT_AUDIT; - } - else { - pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); - } - } - - if (opts->root_unlock_time == -1) - opts->root_unlock_time = opts->unlock_time; - - return PAM_SUCCESS; -} - -#endif /* #ifndef MAIN */ - -/*---------------------------------------------------------------------*/ - -/* --- Support function: get uid (and optionally username) from PAM or - cline_user --- */ - -#ifdef MAIN -static const char *cline_user=0; /* cline_user is used in the administration prog */ -#endif - -static int -pam_get_uid(pam_handle_t *pamh, uid_t *uid, const char **userp, struct tally_options *opts) -{ - const char *user = NULL; - struct passwd *pw; - -#ifdef MAIN - user = cline_user; - - if ( !user ) { - pam_syslog(pamh, LOG_NOTICE, "cannot determine user name"); - return PAM_AUTH_ERR; - } -#else - if ((pam_get_user( pamh, &user, NULL )) != PAM_SUCCESS) { - user = NULL; - } -#endif - - if ( ! ( pw = pam_modutil_getpwnam( pamh, user ) ) ) { - opts->ctrl & OPT_AUDIT ? - pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user %s", user) : - pam_syslog(pamh, LOG_NOTICE, "pam_get_uid; no such user"); - return PAM_USER_UNKNOWN; - } - - if ( uid ) *uid = pw->pw_uid; - if ( userp ) *userp = user; - return PAM_SUCCESS; -} - -/*---------------------------------------------------------------------*/ - -/* --- Support functions: set/get tally data --- */ - -#ifndef MAIN - -struct tally_data { - time_t time; - int tfile; -}; - -static void -_cleanup(pam_handle_t *pamh UNUSED, void *void_data, int error_status UNUSED) -{ - struct tally_data *data = void_data; - if (data->tfile != -1) - close(data->tfile); - free(data); -} - -static void -tally_set_data( pam_handle_t *pamh, time_t oldtime, int tfile ) -{ - struct tally_data *data; - - if ( (data=malloc(sizeof(*data))) != NULL ) { - data->time = oldtime; - data->tfile = tfile; - pam_set_data(pamh, MODULE_NAME, (void *)data, _cleanup); - } -} - -static int -tally_get_data( pam_handle_t *pamh, time_t *oldtime, int *tfile ) -{ - int rv; - const void *void_data; - const struct tally_data *data; - - rv = pam_get_data(pamh, MODULE_NAME, &void_data); - if ( rv == PAM_SUCCESS && void_data != NULL && oldtime != NULL ) { - data = void_data; - *oldtime = data->time; - *tfile = data->tfile; - } - else { - rv = -1; - *oldtime = 0; - } - return rv; -} -#endif /* #ifndef MAIN */ - -/*---------------------------------------------------------------------*/ - -/* --- Support function: open/create tallyfile and return tally for uid --- */ - -/* If on entry tallyfile doesn't exist, creation is attempted. */ - -static void -alarm_handler(int sig UNUSED) -{ /* we just need to ignore it */ -} - -static int -get_tally(pam_handle_t *pamh, uid_t uid, const char *filename, - int *tfile, struct tallylog *tally, unsigned int ctrl) -{ - struct stat fileinfo; - int lstat_ret; - void *void_tally = tally; - int preopened = 0; - - if (*tfile != -1) { - preopened = 1; - goto skip_open; - } - - lstat_ret = lstat(filename, &fileinfo); - if (lstat_ret) { - *tfile=open(filename, O_APPEND|O_CREAT, S_IRUSR|S_IWUSR); - /* Create file, or append-open in pathological case. */ - if (*tfile == -1) { -#ifndef MAIN - if (errno == EACCES) { - return PAM_IGNORE; /* called with insufficient access rights */ - } -#endif - pam_syslog(pamh, LOG_ALERT, "Couldn't create %s: %m", filename); - return PAM_AUTH_ERR; - } - lstat_ret = fstat(*tfile, &fileinfo); - close(*tfile); - } - - *tfile = -1; - - if ( lstat_ret ) { - pam_syslog(pamh, LOG_ALERT, "Couldn't stat %s", filename); - return PAM_AUTH_ERR; - } - - if ((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { - /* If the file is world writable or is not a - normal file, return error */ - pam_syslog(pamh, LOG_ALERT, - "%s is either world writable or not a normal file", - filename); - return PAM_AUTH_ERR; - } - - if ((*tfile = open(filename, O_RDWR)) == -1) { -#ifndef MAIN - if (errno == EACCES) /* called with insufficient access rights */ - return PAM_IGNORE; -#endif - pam_syslog(pamh, LOG_ALERT, "Error opening %s for update: %m", filename); - - return PAM_AUTH_ERR; - } - -skip_open: - if (lseek(*tfile, (off_t)uid*(off_t)sizeof(*tally), SEEK_SET) == (off_t)-1) { - pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); - if (!preopened) { - close(*tfile); - *tfile = -1; - } - return PAM_AUTH_ERR; - } - - if (!preopened && (ctrl & OPT_SERIALIZE)) { - /* this code is not thread safe as it uses fcntl locks and alarm() - so never use serialize with multithreaded services */ - struct sigaction newsa, oldsa; - unsigned int oldalarm; - int rv; - - memset(&newsa, '\0', sizeof(newsa)); - newsa.sa_handler = alarm_handler; - sigaction(SIGALRM, &newsa, &oldsa); - oldalarm = alarm(MAX_LOCK_WAITING_TIME); - - rv = lockf(*tfile, F_LOCK, sizeof(*tally)); - /* lock failure is not fatal, we attempt to read the tally anyway */ - - /* reinstate the eventual old alarm handler */ - if (rv == -1 && errno == EINTR) { - if (oldalarm > MAX_LOCK_WAITING_TIME) { - oldalarm -= MAX_LOCK_WAITING_TIME; - } else if (oldalarm > 0) { - oldalarm = 1; - } - } - sigaction(SIGALRM, &oldsa, NULL); - alarm(oldalarm); - } - - if (pam_modutil_read(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { - memset(tally, 0, sizeof(*tally)); - } - - tally->fail_line[sizeof(tally->fail_line)-1] = '\0'; - - return PAM_SUCCESS; -} - -/*---------------------------------------------------------------------*/ - -/* --- Support function: update tallyfile with tally!=TALLY_HI --- */ - -static int -set_tally(pam_handle_t *pamh, uid_t uid, - const char *filename, int *tfile, struct tallylog *tally) -{ - void *void_tally = tally; - if (tally->fail_cnt != TALLY_HI) { - if (lseek(*tfile, (off_t)uid * sizeof(*tally), SEEK_SET) == (off_t)-1) { - pam_syslog(pamh, LOG_ALERT, "lseek failed for %s: %m", filename); - return PAM_AUTH_ERR; - } - if (pam_modutil_write(*tfile, void_tally, sizeof(*tally)) != sizeof(*tally)) { - pam_syslog(pamh, LOG_ALERT, "update (write) failed for %s: %m", filename); - return PAM_AUTH_ERR; - } - } - - return PAM_SUCCESS; -} - -/*---------------------------------------------------------------------*/ - -/* --- PAM bits --- */ - -#ifndef MAIN - -#define RETURN_ERROR(i) return ((opts->ctrl & OPT_FAIL_ON_ERROR)?(i):(PAM_SUCCESS)) - -/*---------------------------------------------------------------------*/ - -static int -tally_check (tally_t oldcnt, time_t oldtime, pam_handle_t *pamh, uid_t uid, - const char *user, struct tally_options *opts, - struct tallylog *tally) -{ - int rv = PAM_SUCCESS; - int loglevel = LOG_DEBUG; -#ifdef HAVE_LIBAUDIT - char buf[64]; - int audit_fd = -1; - const void *rhost = NULL, *tty = NULL; -#endif - - if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { - return PAM_SUCCESS; - } - /* magic_root skips tally check */ -#ifdef HAVE_LIBAUDIT - audit_fd = audit_open(); - /* If there is an error & audit support is in the kernel report error */ - if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT || - errno == EAFNOSUPPORT)) - return PAM_SYSTEM_ERR; - (void)pam_get_item(pamh, PAM_TTY, &tty); - (void)pam_get_item(pamh, PAM_RHOST, &rhost); -#endif - if (opts->deny != 0 && /* deny==0 means no deny */ - tally->fail_cnt > opts->deny && /* tally>deny means exceeded */ - ((opts->ctrl & OPT_DENY_ROOT) || uid)) { /* even_deny stops uid check */ -#ifdef HAVE_LIBAUDIT - if (tally->fail_cnt == opts->deny+1) { - /* First say that max number was hit. */ - snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); - audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf, - rhost, NULL, tty, 1); - } -#endif - if (uid) { - /* Unlock time check */ - if (opts->unlock_time && oldtime) { - if (opts->unlock_time + oldtime <= time(NULL)) { - /* ignore deny check after unlock_time elapsed */ -#ifdef HAVE_LIBAUDIT - snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); - audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, - rhost, NULL, tty, 1); -#endif - rv = PAM_SUCCESS; - goto cleanup; - } - } - } else { - /* Root unlock time check */ - if (opts->root_unlock_time && oldtime) { - if (opts->root_unlock_time + oldtime <= time(NULL)) { - /* ignore deny check after unlock_time elapsed */ -#ifdef HAVE_LIBAUDIT - snprintf(buf, sizeof(buf), "pam_tally2 uid=%u ", uid); - audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf, - rhost, NULL, tty, 1); -#endif - rv = PAM_SUCCESS; - goto cleanup; - } - } - } - -#ifdef HAVE_LIBAUDIT - if (tally->fail_cnt == opts->deny+1) { - /* First say that max number was hit. */ - audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf, - rhost, NULL, tty, 1); - } -#endif - - if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, _("The account is locked due to %u failed logins."), - (unsigned int)tally->fail_cnt); - } - loglevel = LOG_NOTICE; - rv = PAM_AUTH_ERR; /* Only unconditional failure */ - goto cleanup; - } - - /* Lock time check */ - if (opts->lock_time && oldtime) { - if (opts->lock_time + oldtime > time(NULL)) { - /* don't increase fail_cnt or update fail_time when - lock_time applies */ - tally->fail_cnt = oldcnt; - tally->fail_time = oldtime; - - if (!(opts->ctrl & OPT_QUIET)) { - pam_info(pamh, - _("The account is temporarily locked (%ld seconds left)."), - (long int) (oldtime+opts->lock_time-time(NULL))); - } - if (!(opts->ctrl & OPT_NOLOGNOTICE)) { - pam_syslog(pamh, LOG_NOTICE, - "user %s (%lu) has time limit [%lds left]" - " since last failure.", - user, (unsigned long)uid, - (long int) (oldtime+opts->lock_time-time(NULL))); - } - rv = PAM_AUTH_ERR; - goto cleanup; - } - } - -cleanup: - if (!(opts->ctrl & OPT_NOLOGNOTICE) && (loglevel != LOG_DEBUG || opts->ctrl & OPT_DEBUG)) { - pam_syslog(pamh, loglevel, - "user %s (%lu) tally %hu, deny %hu", - user, (unsigned long)uid, tally->fail_cnt, opts->deny); - } -#ifdef HAVE_LIBAUDIT - if (audit_fd != -1) { - close(audit_fd); - } -#endif - return rv; -} - -/* --- tally bump function: bump tally for uid by (signed) inc --- */ - -static int -tally_bump (int inc, time_t *oldtime, pam_handle_t *pamh, - uid_t uid, const char *user, struct tally_options *opts, int *tfile) -{ - struct tallylog tally; - tally_t oldcnt; - const void *remote_host = NULL; - int i, rv; - - tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - - i = get_tally(pamh, uid, opts->filename, tfile, &tally, opts->ctrl); - if (i != PAM_SUCCESS) { - if (*tfile != -1) { - close(*tfile); - *tfile = -1; - } - RETURN_ERROR(i); - } - - /* to remember old fail time (for locktime) */ - if (oldtime) { - *oldtime = (time_t)tally.fail_time; - } - - tally.fail_time = time(NULL); - - (void) pam_get_item(pamh, PAM_RHOST, &remote_host); - if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, &remote_host); - if (!remote_host) { - remote_host = "unknown"; - } - } - - strncpy(tally.fail_line, remote_host, - sizeof(tally.fail_line)-1); - tally.fail_line[sizeof(tally.fail_line)-1] = 0; - - oldcnt = tally.fail_cnt; - - if (!(opts->ctrl & OPT_MAGIC_ROOT) || getuid()) { - /* magic_root doesn't change tally */ - tally.fail_cnt += inc; - - if (tally.fail_cnt == TALLY_HI) { /* Overflow *and* underflow. :) */ - tally.fail_cnt -= inc; - pam_syslog(pamh, LOG_ALERT, "Tally %sflowed for user %s", - (inc<0)?"under":"over",user); - } - } - - rv = tally_check(oldcnt, *oldtime, pamh, uid, user, opts, &tally); - - i = set_tally(pamh, uid, opts->filename, tfile, &tally); - if (i != PAM_SUCCESS) { - if (*tfile != -1) { - close(*tfile); - *tfile = -1; - } - if (rv == PAM_SUCCESS) - RETURN_ERROR( i ); - /* fallthrough */ - } else if (!(opts->ctrl & OPT_SERIALIZE)) { - close(*tfile); - *tfile = -1; - } - - return rv; -} - -static int -tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_tfile) -{ - struct tallylog tally; - int tfile = old_tfile; - int i; - - /* resets only if not magic root */ - - if ((opts->ctrl & OPT_MAGIC_ROOT) && getuid() == 0) { - return PAM_SUCCESS; - } - - tally.fail_cnt = 0; /* !TALLY_HI --> Log opened for update */ - - i=get_tally(pamh, uid, opts->filename, &tfile, &tally, opts->ctrl); - if (i != PAM_SUCCESS) { - if (tfile != old_tfile) /* the descriptor is not owned by pam data */ - close(tfile); - RETURN_ERROR(i); - } - - memset(&tally, 0, sizeof(tally)); - - i=set_tally(pamh, uid, opts->filename, &tfile, &tally); - if (i != PAM_SUCCESS) { - if (tfile != old_tfile) /* the descriptor is not owned by pam data */ - close(tfile); - RETURN_ERROR(i); - } - - if (tfile != old_tfile) - close(tfile); - - return PAM_SUCCESS; -} - -/*---------------------------------------------------------------------*/ - -/* --- authentication management functions (only) --- */ - -int -pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int - rv, tfile = -1; - time_t - oldtime = 0; - struct tally_options - options, *opts = &options; - uid_t - uid; - const char - *user; - - rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if (rv != PAM_SUCCESS) - RETURN_ERROR(rv); - - if (flags & PAM_SILENT) - opts->ctrl |= OPT_QUIET; - - rv = pam_get_uid(pamh, &uid, &user, opts); - if (rv != PAM_SUCCESS) - RETURN_ERROR(rv); - - rv = tally_bump(1, &oldtime, pamh, uid, user, opts, &tfile); - - tally_set_data(pamh, oldtime, tfile); - - return rv; -} - -int -pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int - rv, tfile = -1; - time_t - oldtime = 0; - struct tally_options - options, *opts = &options; - uid_t - uid; - const char - *user; - - rv = tally_parse_args(pamh, opts, PHASE_AUTH, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - - rv = pam_get_uid(pamh, &uid, &user, opts); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - - if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) - /* no data found */ - return PAM_SUCCESS; - - rv = tally_reset(pamh, uid, opts, tfile); - - pam_set_data(pamh, MODULE_NAME, NULL, NULL); - - return rv; -} - -/*---------------------------------------------------------------------*/ - -/* --- authentication management functions (only) --- */ - -/* To reset failcount of user on successful login */ - -int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) -{ - int - rv, tfile = -1; - time_t - oldtime = 0; - struct tally_options - options, *opts = &options; - uid_t - uid; - const char - *user; - - rv = tally_parse_args(pamh, opts, PHASE_ACCOUNT, argc, argv); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - - rv = pam_get_uid(pamh, &uid, &user, opts); - if ( rv != PAM_SUCCESS ) - RETURN_ERROR( rv ); - - if ( tally_get_data(pamh, &oldtime, &tfile) != 0 ) - /* no data found */ - return PAM_SUCCESS; - - rv = tally_reset(pamh, uid, opts, tfile); - - pam_set_data(pamh, MODULE_NAME, NULL, NULL); - - return rv; -} - -/*-----------------------------------------------------------------------*/ - -#else /* #ifndef MAIN */ - -static const char *cline_filename = DEFAULT_LOGFILE; -static tally_t cline_reset = TALLY_HI; /* Default is `interrogate only' */ -static int cline_quiet = 0; - -/* - * Not going to link with pamlib just for these.. :) - */ - -static const char * -pam_errors( int i ) -{ - switch (i) { - case PAM_AUTH_ERR: return _("Authentication error"); - case PAM_SERVICE_ERR: return _("Service error"); - case PAM_USER_UNKNOWN: return _("Unknown user"); - default: return _("Unknown error"); - } -} - -static int -getopts( char **argv ) -{ - const char *pname = *argv; - for ( ; *argv ; (void)(*argv && ++argv) ) { - const char *str; - if ( !strcmp (*argv,"--file") ) cline_filename=*++argv; - else if ( !strcmp(*argv,"-f") ) cline_filename=*++argv; - else if ((str = pam_str_skip_prefix(*argv, "--file=")) != NULL) - cline_filename = str; - else if ( !strcmp (*argv,"--user") ) cline_user=*++argv; - else if ( !strcmp (*argv,"-u") ) cline_user=*++argv; - else if ((str = pam_str_skip_prefix(*argv, "--user=")) != NULL) - cline_user = str; - else if ( !strcmp (*argv,"--reset") ) cline_reset=0; - else if ( !strcmp (*argv,"-r") ) cline_reset=0; - else if ((str = pam_str_skip_prefix(*argv, "--reset=")) != NULL) { - if (sscanf(str, "%hu", &cline_reset) != 1) - fprintf(stderr,_("%s: Bad number given to --reset=\n"),pname), exit(0); - } - else if ( !strcmp (*argv,"--quiet") ) cline_quiet=1; - else { - fprintf(stderr,_("%s: Unrecognised option %s\n"),pname,*argv); - return FALSE; - } - } - return TRUE; -} - -static void -print_one(const struct tallylog *tally, uid_t uid) -{ - static int once; - const char *cp = "[UNKNOWN]"; - time_t fail_time; - struct tm *tm; - struct passwd *pwent; - const char *username = "[NONAME]"; - char ptime[80]; - - pwent = getpwuid(uid); - fail_time = tally->fail_time; - if ((tm = localtime(&fail_time)) != NULL) { - strftime (ptime, sizeof (ptime), "%D %H:%M:%S", tm); - cp = ptime; - } - if (pwent) { - username = pwent->pw_name; - } - if (!once) { - printf (_("Login Failures Latest failure From\n")); - once++; - } - printf ("%-15.15s %5hu ", username, tally->fail_cnt); - if (tally->fail_time) { - printf ("%-17.17s %s", cp, tally->fail_line); - } - putchar ('\n'); -} - -int -main( int argc UNUSED, char **argv ) -{ - struct tallylog tally; - - if ( ! getopts( argv+1 ) ) { - printf(_("%s: [-f rooted-filename] [--file rooted-filename]\n" - " [-u username] [--user username]\n" - " [-r] [--reset[=n]] [--quiet]\n"), - *argv); - exit(2); - } - - umask(077); - - /* - * Major difference between individual user and all users: - * --user just handles one user, just like PAM. - * without --user it handles all users, sniffing cline_filename for nonzeros - */ - - if ( cline_user ) { - uid_t uid; - int tfile = -1; - struct tally_options opts; - int i; - - memset(&opts, 0, sizeof(opts)); - opts.ctrl = OPT_AUDIT; - i=pam_get_uid(NULL, &uid, NULL, &opts); - if ( i != PAM_SUCCESS ) { - fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); - exit(1); - } - - if (cline_reset == 0) { - struct stat st; - - if (stat(cline_filename, &st) && errno == ENOENT) { - if (!cline_quiet) { - memset(&tally, 0, sizeof(tally)); - print_one(&tally, uid); - } - return 0; /* no file => nothing to reset */ - } - } - - i=get_tally(NULL, uid, cline_filename, &tfile, &tally, 0); - if ( i != PAM_SUCCESS ) { - if (tfile != -1) - close(tfile); - fprintf(stderr, "%s: %s\n", *argv, pam_errors(i)); - exit(1); - } - - if ( !cline_quiet ) - print_one(&tally, uid); - - if (cline_reset != TALLY_HI) { -#ifdef HAVE_LIBAUDIT - char buf[64]; - int audit_fd = audit_open(); - snprintf(buf, sizeof(buf), "pam_tally2 uid=%u reset=%hu", uid, cline_reset); - audit_log_user_message(audit_fd, AUDIT_USER_ACCT, - buf, NULL, NULL, ttyname(STDIN_FILENO), 1); - if (audit_fd >=0) - close(audit_fd); -#endif - if (cline_reset == 0) { - memset(&tally, 0, sizeof(tally)); - } else { - tally.fail_cnt = cline_reset; - } - i=set_tally(NULL, uid, cline_filename, &tfile, &tally); - close(tfile); - if (i != PAM_SUCCESS) { - fprintf(stderr,"%s: %s\n",*argv,pam_errors(i)); - exit(1); - } - } else { - close(tfile); - } - } - else /* !cline_user (ie, operate on all users) */ { - FILE *tfile=fopen(cline_filename, "r"); - uid_t uid=0; - if (!tfile && cline_reset != 0) { - perror(*argv); - exit(1); - } - - for ( ; tfile && !feof(tfile); uid++ ) { - if ( !fread(&tally, sizeof(tally), 1, tfile) - || !tally.fail_cnt ) { - continue; - } - print_one(&tally, uid); - } - if (tfile) - fclose(tfile); - if ( cline_reset!=0 && cline_reset!=TALLY_HI ) { - fprintf(stderr,_("%s: Can't reset all users to non-zero\n"),*argv); - } - else if ( !cline_reset ) { -#ifdef HAVE_LIBAUDIT - char buf[64]; - int audit_fd = audit_open(); - snprintf(buf, sizeof(buf), "pam_tally2 uid=all reset=0"); - audit_log_user_message(audit_fd, AUDIT_USER_ACCT, - buf, NULL, NULL, ttyname(STDIN_FILENO), 1); - if (audit_fd >=0) - close(audit_fd); -#endif - tfile=fopen(cline_filename, "w"); - if ( !tfile ) perror(*argv), exit(0); - fclose(tfile); - } - } - return 0; -} - - -#endif /* #ifndef MAIN */ diff --git a/modules/pam_tally2/pam_tally2_app.c b/modules/pam_tally2/pam_tally2_app.c deleted file mode 100644 index b72e9bfd..00000000 --- a/modules/pam_tally2/pam_tally2_app.c +++ /dev/null @@ -1,6 +0,0 @@ -/* - # This seemed like such a good idea at the time. :) - */ - -#define MAIN -#include "pam_tally2.c" diff --git a/modules/pam_tally2/tallylog.h b/modules/pam_tally2/tallylog.h deleted file mode 100644 index 596b1dac..00000000 --- a/modules/pam_tally2/tallylog.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - * Copyright 2006, Red Hat, Inc. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of Red Hat, Inc. nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY RED HAT, INC. AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * tallylog.h - login failure data file format - * - * The new login failure file is not compatible with the old faillog(8) format - * Each record in the file represents a separate UID and the file - * is indexed in that fashion. - */ - - -#ifndef _TALLYLOG_H -#define _TALLYLOG_H - -#include <stdint.h> - -struct tallylog { - char fail_line[52]; /* rhost or tty of last failure */ - uint16_t reserved; /* reserved for future use */ - uint16_t fail_cnt; /* failures since last success */ - uint64_t fail_time; /* time of last failure */ -}; -/* 64 bytes / entry */ - -#endif diff --git a/modules/pam_tally2/tst-pam_tally2 b/modules/pam_tally2/tst-pam_tally2 deleted file mode 100755 index 83c71f41..00000000 --- a/modules/pam_tally2/tst-pam_tally2 +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -../../tests/tst-dlopen .libs/pam_tally2.so |