summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/Makefile.am107
-rw-r--r--modules/Makefile.in120
-rw-r--r--modules/pam_access/Makefile.am21
-rw-r--r--modules/pam_access/Makefile.in146
-rw-r--r--modules/pam_access/README4
-rw-r--r--modules/pam_access/access.conf.512
-rw-r--r--modules/pam_access/access.conf.5.xml6
-rw-r--r--modules/pam_access/pam_access.86
-rw-r--r--modules/pam_access/pam_access.c66
-rw-r--r--modules/pam_cracklib/Makefile.am20
-rw-r--r--modules/pam_cracklib/Makefile.in117
-rw-r--r--modules/pam_cracklib/README9
-rw-r--r--modules/pam_cracklib/pam_cracklib.810
-rw-r--r--modules/pam_cracklib/pam_cracklib.8.xml4
-rw-r--r--modules/pam_cracklib/pam_cracklib.c99
-rw-r--r--modules/pam_debug/Makefile.am19
-rw-r--r--modules/pam_debug/Makefile.in150
-rw-r--r--modules/pam_debug/pam_debug.86
-rw-r--r--modules/pam_debug/pam_debug.c49
-rw-r--r--modules/pam_debug/tst-pam_debug-retval.c65
-rw-r--r--modules/pam_deny/Makefile.am23
-rw-r--r--modules/pam_deny/Makefile.in150
-rw-r--r--modules/pam_deny/pam_deny.86
-rw-r--r--modules/pam_deny/pam_deny.c18
-rw-r--r--modules/pam_deny/tst-pam_deny-retval.c58
-rw-r--r--modules/pam_echo/Makefile.am20
-rw-r--r--modules/pam_echo/Makefile.in150
-rw-r--r--modules/pam_echo/pam_echo.86
-rw-r--r--modules/pam_echo/pam_echo.c11
-rw-r--r--modules/pam_echo/tst-pam_echo-retval.c101
-rw-r--r--modules/pam_env/Makefile.am20
-rw-r--r--modules/pam_env/Makefile.in151
-rw-r--r--modules/pam_env/README14
-rw-r--r--modules/pam_env/environment.52
-rw-r--r--modules/pam_env/pam_env.814
-rw-r--r--modules/pam_env/pam_env.8.xml8
-rw-r--r--modules/pam_env/pam_env.c123
-rw-r--r--modules/pam_env/pam_env.conf2
-rw-r--r--modules/pam_env/pam_env.conf.56
-rw-r--r--modules/pam_exec/Makefile.am20
-rw-r--r--modules/pam_exec/Makefile.in112
-rw-r--r--modules/pam_exec/README2
-rw-r--r--modules/pam_exec/pam_exec.823
-rw-r--r--modules/pam_exec/pam_exec.8.xml31
-rw-r--r--modules/pam_exec/pam_exec.c69
-rw-r--r--modules/pam_faildelay/Makefile.am19
-rw-r--r--modules/pam_faildelay/Makefile.in151
-rw-r--r--modules/pam_faildelay/pam_faildelay.86
-rw-r--r--modules/pam_faildelay/pam_faildelay.c82
-rw-r--r--modules/pam_faildelay/tst-pam_faildelay-retval.c88
-rw-r--r--modules/pam_faillock/Makefile.am50
-rw-r--r--modules/pam_faillock/Makefile.in1340
-rw-r--r--modules/pam_faillock/README140
-rw-r--r--modules/pam_faillock/README.xml46
-rw-r--r--modules/pam_faillock/faillock.878
-rw-r--r--modules/pam_faillock/faillock.8.xml123
-rw-r--r--modules/pam_faillock/faillock.c161
-rw-r--r--modules/pam_faillock/faillock.conf62
-rw-r--r--modules/pam_faillock/faillock.conf.5166
-rw-r--r--modules/pam_faillock/faillock.conf.5.xml243
-rw-r--r--modules/pam_faillock/faillock.h75
-rw-r--r--modules/pam_faillock/main.c232
-rw-r--r--modules/pam_faillock/pam_faillock.8262
-rw-r--r--modules/pam_faillock/pam_faillock.8.xml362
-rw-r--r--modules/pam_faillock/pam_faillock.c775
-rwxr-xr-xmodules/pam_faillock/tst-pam_faillock2
-rw-r--r--modules/pam_filter/Makefile.am15
-rw-r--r--modules/pam_filter/Makefile.in104
-rw-r--r--modules/pam_filter/pam_filter.86
-rw-r--r--modules/pam_filter/pam_filter.c60
-rw-r--r--modules/pam_filter/upperLOWER/Makefile.am2
-rw-r--r--modules/pam_filter/upperLOWER/Makefile.in87
-rw-r--r--modules/pam_ftp/Makefile.am16
-rw-r--r--modules/pam_ftp/Makefile.in112
-rw-r--r--modules/pam_ftp/pam_ftp.86
-rw-r--r--modules/pam_ftp/pam_ftp.c34
-rw-r--r--modules/pam_group/Makefile.am17
-rw-r--r--modules/pam_group/Makefile.in146
-rw-r--r--modules/pam_group/group.conf.58
-rw-r--r--modules/pam_group/group.conf.5.xml6
-rw-r--r--modules/pam_group/pam_group.86
-rw-r--r--modules/pam_group/pam_group.c20
-rw-r--r--modules/pam_issue/Makefile.am16
-rw-r--r--modules/pam_issue/Makefile.in112
-rw-r--r--modules/pam_issue/pam_issue.86
-rw-r--r--modules/pam_issue/pam_issue.c74
-rw-r--r--modules/pam_keyinit/Makefile.am29
-rw-r--r--modules/pam_keyinit/Makefile.in118
-rw-r--r--modules/pam_keyinit/README25
-rw-r--r--modules/pam_keyinit/pam_keyinit.830
-rw-r--r--modules/pam_keyinit/pam_keyinit.8.xml41
-rw-r--r--modules/pam_keyinit/pam_keyinit.c146
-rw-r--r--modules/pam_lastlog/Makefile.am20
-rw-r--r--modules/pam_lastlog/Makefile.in114
-rw-r--r--modules/pam_lastlog/README15
-rw-r--r--modules/pam_lastlog/pam_lastlog.830
-rw-r--r--modules/pam_lastlog/pam_lastlog.8.xml31
-rw-r--r--modules/pam_lastlog/pam_lastlog.c162
-rw-r--r--modules/pam_limits/Makefile.am23
-rw-r--r--modules/pam_limits/Makefile.in143
-rw-r--r--modules/pam_limits/README4
-rw-r--r--modules/pam_limits/limits.conf.511
-rw-r--r--modules/pam_limits/pam_limits.88
-rw-r--r--modules/pam_limits/pam_limits.8.xml4
-rw-r--r--modules/pam_limits/pam_limits.c24
-rw-r--r--modules/pam_listfile/Makefile.am16
-rw-r--r--modules/pam_listfile/Makefile.in112
-rw-r--r--modules/pam_listfile/pam_listfile.86
-rw-r--r--modules/pam_listfile/pam_listfile.c43
-rw-r--r--modules/pam_localuser/Makefile.am19
-rw-r--r--modules/pam_localuser/Makefile.in151
-rw-r--r--modules/pam_localuser/pam_localuser.823
-rw-r--r--modules/pam_localuser/pam_localuser.8.xml31
-rw-r--r--modules/pam_localuser/pam_localuser.c188
-rw-r--r--modules/pam_localuser/tst-pam_localuser-retval.c144
-rw-r--r--modules/pam_loginuid/Makefile.am20
-rw-r--r--modules/pam_loginuid/Makefile.in112
-rw-r--r--modules/pam_loginuid/pam_loginuid.86
-rw-r--r--modules/pam_loginuid/pam_loginuid.c12
-rw-r--r--modules/pam_mail/Makefile.am16
-rw-r--r--modules/pam_mail/Makefile.in112
-rw-r--r--modules/pam_mail/pam_mail.86
-rw-r--r--modules/pam_mail/pam_mail.c33
-rw-r--r--modules/pam_mkhomedir/Makefile.am19
-rw-r--r--modules/pam_mkhomedir/Makefile.in229
-rw-r--r--modules/pam_mkhomedir/mkhomedir_helper.86
-rw-r--r--modules/pam_mkhomedir/mkhomedir_helper.c2
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.819
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.8.xml25
-rw-r--r--modules/pam_mkhomedir/pam_mkhomedir.c30
-rw-r--r--modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c110
-rw-r--r--modules/pam_motd/Makefile.am16
-rw-r--r--modules/pam_motd/Makefile.in112
-rw-r--r--modules/pam_motd/README46
-rw-r--r--modules/pam_motd/pam_motd.889
-rw-r--r--modules/pam_motd/pam_motd.8.xml88
-rw-r--r--modules/pam_motd/pam_motd.c312
-rw-r--r--modules/pam_namespace/Makefile.am37
-rw-r--r--modules/pam_namespace/Makefile.in287
-rw-r--r--modules/pam_namespace/README5
-rw-r--r--modules/pam_namespace/md5.c6
-rw-r--r--modules/pam_namespace/md5.h4
-rw-r--r--modules/pam_namespace/namespace.conf5
-rw-r--r--modules/pam_namespace/namespace.conf.521
-rw-r--r--modules/pam_namespace/namespace.conf.5.xml11
-rw-r--r--modules/pam_namespace/pam_namespace.86
-rw-r--r--modules/pam_namespace/pam_namespace.c90
-rw-r--r--modules/pam_namespace/pam_namespace.h5
-rw-r--r--modules/pam_namespace/pam_namespace.service.in11
-rw-r--r--modules/pam_namespace/pam_namespace_helper.849
-rw-r--r--modules/pam_namespace/pam_namespace_helper.8.xml62
-rw-r--r--modules/pam_namespace/pam_namespace_helper.in15
-rw-r--r--modules/pam_nologin/Makefile.am19
-rw-r--r--modules/pam_nologin/Makefile.in151
-rw-r--r--modules/pam_nologin/pam_nologin.88
-rw-r--r--modules/pam_nologin/pam_nologin.8.xml2
-rw-r--r--modules/pam_nologin/pam_nologin.c26
-rw-r--r--modules/pam_nologin/tst-pam_nologin-retval.c226
-rw-r--r--modules/pam_permit/Makefile.am19
-rw-r--r--modules/pam_permit/Makefile.in150
-rw-r--r--modules/pam_permit/pam_permit.86
-rw-r--r--modules/pam_permit/pam_permit.c24
-rw-r--r--modules/pam_permit/tst-pam_permit-retval.c58
-rw-r--r--modules/pam_pwhistory/Makefile.am17
-rw-r--r--modules/pam_pwhistory/Makefile.in118
-rw-r--r--modules/pam_pwhistory/opasswd.c8
-rw-r--r--modules/pam_pwhistory/pam_pwhistory.89
-rw-r--r--modules/pam_pwhistory/pam_pwhistory.c26
-rw-r--r--modules/pam_rhosts/Makefile.am17
-rw-r--r--modules/pam_rhosts/Makefile.in112
-rw-r--r--modules/pam_rhosts/pam_rhosts.86
-rw-r--r--modules/pam_rhosts/pam_rhosts.c17
-rw-r--r--modules/pam_rootok/Makefile.am22
-rw-r--r--modules/pam_rootok/Makefile.in156
-rw-r--r--modules/pam_rootok/pam_rootok.811
-rw-r--r--modules/pam_rootok/pam_rootok.8.xml2
-rw-r--r--modules/pam_rootok/pam_rootok.c20
-rw-r--r--modules/pam_rootok/tst-pam_rootok-retval.c72
-rw-r--r--modules/pam_securetty/Makefile.am16
-rw-r--r--modules/pam_securetty/Makefile.in112
-rw-r--r--modules/pam_securetty/README13
-rw-r--r--modules/pam_securetty/pam_securetty.837
-rw-r--r--modules/pam_securetty/pam_securetty.8.xml37
-rw-r--r--modules/pam_securetty/pam_securetty.c71
-rw-r--r--modules/pam_selinux/Makefile.am27
-rw-r--r--modules/pam_selinux/Makefile.in144
-rw-r--r--modules/pam_selinux/pam_selinux.86
-rw-r--r--modules/pam_selinux/pam_selinux.c164
-rw-r--r--modules/pam_sepermit/Makefile.am22
-rw-r--r--modules/pam_sepermit/Makefile.in152
-rw-r--r--modules/pam_sepermit/pam_sepermit.89
-rw-r--r--modules/pam_sepermit/pam_sepermit.c17
-rw-r--r--modules/pam_sepermit/sepermit.conf.56
-rw-r--r--modules/pam_setquota/Makefile.am29
-rw-r--r--modules/pam_setquota/Makefile.in1142
-rw-r--r--modules/pam_setquota/README80
-rw-r--r--modules/pam_setquota/README.xml41
-rw-r--r--modules/pam_setquota/pam_setquota.8186
-rw-r--r--modules/pam_setquota/pam_setquota.8.xml301
-rw-r--r--modules/pam_setquota/pam_setquota.c389
-rwxr-xr-xmodules/pam_setquota/tst-pam_setquota2
-rw-r--r--modules/pam_shells/Makefile.am16
-rw-r--r--modules/pam_shells/Makefile.in112
-rw-r--r--modules/pam_shells/pam_shells.86
-rw-r--r--modules/pam_shells/pam_shells.c39
-rw-r--r--modules/pam_stress/Makefile.am8
-rw-r--r--modules/pam_stress/Makefile.in107
-rw-r--r--modules/pam_stress/README2
-rw-r--r--modules/pam_stress/pam_stress.c31
-rw-r--r--modules/pam_succeed_if/Makefile.am17
-rw-r--r--modules/pam_succeed_if/Makefile.in112
-rw-r--r--modules/pam_succeed_if/README13
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.818
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.8.xml12
-rw-r--r--modules/pam_succeed_if/pam_succeed_if.c123
-rw-r--r--modules/pam_tally/Makefile.am16
-rw-r--r--modules/pam_tally/Makefile.in189
-rw-r--r--modules/pam_tally/README4
-rw-r--r--modules/pam_tally/faillog.h4
-rw-r--r--modules/pam_tally/pam_tally.810
-rw-r--r--modules/pam_tally/pam_tally.8.xml2
-rw-r--r--modules/pam_tally/pam_tally.c84
-rw-r--r--modules/pam_tally2/Makefile.am16
-rw-r--r--modules/pam_tally2/Makefile.in189
-rw-r--r--modules/pam_tally2/README4
-rw-r--r--modules/pam_tally2/pam_tally2.810
-rw-r--r--modules/pam_tally2/pam_tally2.8.xml2
-rw-r--r--modules/pam_tally2/pam_tally2.c86
-rw-r--r--modules/pam_time/Makefile.am17
-rw-r--r--modules/pam_time/Makefile.in146
-rw-r--r--modules/pam_time/README2
-rw-r--r--modules/pam_time/pam_time.817
-rw-r--r--modules/pam_time/pam_time.8.xml15
-rw-r--r--modules/pam_time/pam_time.c80
-rw-r--r--modules/pam_time/time.conf.58
-rw-r--r--modules/pam_time/time.conf.5.xml6
-rw-r--r--modules/pam_timestamp/Makefile.am23
-rw-r--r--modules/pam_timestamp/Makefile.in224
-rw-r--r--modules/pam_timestamp/hmacfile.c10
-rw-r--r--modules/pam_timestamp/hmacsha1.c1
-rw-r--r--modules/pam_timestamp/pam_timestamp.86
-rw-r--r--modules/pam_timestamp/pam_timestamp.c36
-rw-r--r--modules/pam_timestamp/pam_timestamp_check.88
-rw-r--r--modules/pam_timestamp/pam_timestamp_check.8.xml2
-rw-r--r--modules/pam_timestamp/sha1.c46
-rw-r--r--modules/pam_timestamp/sha1.h8
-rw-r--r--modules/pam_tty_audit/Makefile.am21
-rw-r--r--modules/pam_tty_audit/Makefile.in123
-rw-r--r--modules/pam_tty_audit/README6
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.810
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.8.xml7
-rw-r--r--modules/pam_tty_audit/pam_tty_audit.c27
-rw-r--r--modules/pam_umask/Makefile.am17
-rw-r--r--modules/pam_umask/Makefile.in112
-rw-r--r--modules/pam_umask/README6
-rw-r--r--modules/pam_umask/pam_umask.828
-rw-r--r--modules/pam_umask/pam_umask.8.xml45
-rw-r--r--modules/pam_umask/pam_umask.c125
-rw-r--r--modules/pam_unix/CHANGELOG18
-rw-r--r--modules/pam_unix/Makefile.am20
-rw-r--r--modules/pam_unix/Makefile.in300
-rw-r--r--modules/pam_unix/README34
-rw-r--r--modules/pam_unix/bigcrypt.c2
-rw-r--r--modules/pam_unix/md5.c7
-rw-r--r--modules/pam_unix/md5.h4
-rw-r--r--modules/pam_unix/md5_crypt.c5
-rw-r--r--modules/pam_unix/pam_unix.845
-rw-r--r--modules/pam_unix/pam_unix.8.xml69
-rw-r--r--modules/pam_unix/pam_unix_acct.c57
-rw-r--r--modules/pam_unix/pam_unix_auth.c26
-rw-r--r--modules/pam_unix/pam_unix_passwd.c62
-rw-r--r--modules/pam_unix/pam_unix_sess.c43
-rw-r--r--modules/pam_unix/passverify.c133
-rw-r--r--modules/pam_unix/passverify.h8
-rw-r--r--modules/pam_unix/support.c200
-rw-r--r--modules/pam_unix/support.h113
-rw-r--r--modules/pam_unix/unix_chkpwd.86
-rw-r--r--modules/pam_unix/unix_chkpwd.c11
-rw-r--r--modules/pam_unix/unix_update.86
-rw-r--r--modules/pam_userdb/Makefile.am22
-rw-r--r--modules/pam_userdb/Makefile.in123
-rw-r--r--modules/pam_userdb/pam_userdb.86
-rw-r--r--modules/pam_userdb/pam_userdb.c39
-rw-r--r--modules/pam_usertype/Makefile.am34
-rw-r--r--modules/pam_usertype/Makefile.in1147
-rw-r--r--modules/pam_usertype/README48
-rw-r--r--modules/pam_usertype/README.xml41
-rw-r--r--modules/pam_usertype/pam_usertype.8135
-rw-r--r--modules/pam_usertype/pam_usertype.8.xml199
-rw-r--r--modules/pam_usertype/pam_usertype.c308
-rwxr-xr-xmodules/pam_usertype/tst-pam_usertype2
-rw-r--r--modules/pam_warn/Makefile.am19
-rw-r--r--modules/pam_warn/Makefile.in150
-rw-r--r--modules/pam_warn/pam_warn.86
-rw-r--r--modules/pam_warn/pam_warn.c14
-rw-r--r--modules/pam_warn/tst-pam_warn-retval.c88
-rw-r--r--modules/pam_wheel/Makefile.am16
-rw-r--r--modules/pam_wheel/Makefile.in112
-rw-r--r--modules/pam_wheel/README2
-rw-r--r--modules/pam_wheel/pam_wheel.88
-rw-r--r--modules/pam_wheel/pam_wheel.8.xml4
-rw-r--r--modules/pam_wheel/pam_wheel.c18
-rw-r--r--modules/pam_xauth/Makefile.am16
-rw-r--r--modules/pam_xauth/Makefile.in112
-rw-r--r--modules/pam_xauth/pam_xauth.86
-rw-r--r--modules/pam_xauth/pam_xauth.c53
306 files changed, 17065 insertions, 4788 deletions
diff --git a/modules/Makefile.am b/modules/Makefile.am
index 0c80cea9..c57ccc44 100644
--- a/modules/Makefile.am
+++ b/modules/Makefile.am
@@ -2,16 +2,103 @@
# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
#
-SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
- pam_env pam_exec pam_faildelay pam_filter pam_ftp \
- pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
- pam_listfile pam_localuser pam_loginuid pam_mail \
- pam_mkhomedir pam_motd pam_namespace pam_nologin \
- pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
- pam_selinux pam_sepermit pam_shells pam_stress \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
- pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+if COND_BUILD_PAM_CRACKLIB
+ MAYBE_PAM_CRACKLIB = pam_cracklib
+endif
+
+if COND_BUILD_PAM_KEYINIT
+ MAYBE_PAM_KEYINIT = pam_keyinit
+endif
+
+if COND_BUILD_PAM_LASTLOG
+ MAYBE_PAM_LASTLOG = pam_lastlog
+endif
+
+if COND_BUILD_PAM_NAMESPACE
+ MAYBE_PAM_NAMESPACE = pam_namespace
+endif
+
+if COND_BUILD_PAM_RHOSTS
+ MAYBE_PAM_RHOSTS = pam_rhosts
+endif
+
+if COND_BUILD_PAM_SELINUX
+ MAYBE_PAM_SELINUX = pam_selinux
+endif
+
+if COND_BUILD_PAM_SEPERMIT
+ MAYBE_PAM_SEPERMIT = pam_sepermit
+endif
+
+if COND_BUILD_PAM_SETQUOTA
+ MAYBE_PAM_SETQUOTA = pam_setquota
+endif
+
+if COND_BUILD_PAM_TALLY
+ MAYBE_PAM_TALLY = pam_tally
+endif
+
+if COND_BUILD_PAM_TALLY2
+ MAYBE_PAM_TALLY2 = pam_tally2
+endif
+
+if COND_BUILD_PAM_TTY_AUDIT
+ MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+endif
+
+if COND_BUILD_PAM_USERDB
+ MAYBE_PAM_USERDB = pam_userdb
+endif
+
+SUBDIRS := \
+ pam_access \
+ $(MAYBE_PAM_CRACKLIB) \
+ pam_debug \
+ pam_deny \
+ pam_echo \
+ pam_env \
+ pam_exec \
+ pam_faildelay \
+ pam_faillock \
+ pam_filter \
+ pam_ftp \
+ pam_group \
+ pam_issue \
+ $(MAYBE_PAM_KEYINIT) \
+ $(MAYBE_PAM_LASTLOG) \
+ pam_limits \
+ pam_listfile \
+ pam_localuser \
+ pam_loginuid \
+ pam_mail \
+ pam_mkhomedir \
+ pam_motd \
+ $(MAYBE_PAM_NAMESPACE) \
+ pam_nologin \
+ pam_permit \
+ pam_pwhistory \
+ $(MAYBE_PAM_RHOSTS) \
+ pam_rootok \
+ pam_securetty \
+ $(MAYBE_PAM_SELINUX) \
+ $(MAYBE_PAM_SEPERMIT) \
+ $(MAYBE_PAM_SETQUOTA) \
+ pam_shells \
+ pam_stress \
+ pam_succeed_if \
+ $(MAYBE_PAM_TALLY) \
+ $(MAYBE_PAM_TALLY2) \
+ pam_time \
+ pam_timestamp \
+ $(MAYBE_PAM_TTY_AUDIT) \
+ pam_umask \
+ pam_unix \
+ $(MAYBE_PAM_USERDB) \
+ pam_usertype \
+ pam_warn \
+ pam_wheel \
+ pam_xauth \
+ #
CLEANFILES = *~
diff --git a/modules/Makefile.in b/modules/Makefile.in
index 0464ca78..d3e319bd 100644
--- a/modules/Makefile.in
+++ b/modules/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -18,7 +18,17 @@
# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
#
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -82,7 +92,6 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = modules
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -98,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -136,7 +146,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- distdir
+ distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -156,7 +166,16 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = $(SUBDIRS)
+DIST_SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
+ pam_env pam_exec pam_faildelay pam_faillock pam_filter pam_ftp \
+ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
+ pam_listfile pam_localuser pam_loginuid pam_mail pam_mkhomedir \
+ pam_motd pam_namespace pam_nologin pam_permit pam_pwhistory \
+ pam_rhosts pam_rootok pam_securetty pam_selinux pam_sepermit \
+ pam_setquota pam_shells pam_stress pam_succeed_if pam_tally \
+ pam_tally2 pam_time pam_timestamp pam_tty_audit pam_umask \
+ pam_unix pam_userdb pam_usertype pam_warn pam_wheel pam_xauth
+am__DIST_COMMON = $(srcdir)/Makefile.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -210,6 +229,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -218,7 +239,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -254,6 +274,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -290,11 +311,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -361,16 +384,67 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \
- pam_env pam_exec pam_faildelay pam_filter pam_ftp \
- pam_group pam_issue pam_keyinit pam_lastlog pam_limits \
- pam_listfile pam_localuser pam_loginuid pam_mail \
- pam_mkhomedir pam_motd pam_namespace pam_nologin \
- pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \
- pam_selinux pam_sepermit pam_shells pam_stress \
- pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \
- pam_tty_audit pam_umask \
- pam_unix pam_userdb pam_warn pam_wheel pam_xauth
+@COND_BUILD_PAM_CRACKLIB_TRUE@MAYBE_PAM_CRACKLIB = pam_cracklib
+@COND_BUILD_PAM_KEYINIT_TRUE@MAYBE_PAM_KEYINIT = pam_keyinit
+@COND_BUILD_PAM_LASTLOG_TRUE@MAYBE_PAM_LASTLOG = pam_lastlog
+@COND_BUILD_PAM_NAMESPACE_TRUE@MAYBE_PAM_NAMESPACE = pam_namespace
+@COND_BUILD_PAM_RHOSTS_TRUE@MAYBE_PAM_RHOSTS = pam_rhosts
+@COND_BUILD_PAM_SELINUX_TRUE@MAYBE_PAM_SELINUX = pam_selinux
+@COND_BUILD_PAM_SEPERMIT_TRUE@MAYBE_PAM_SEPERMIT = pam_sepermit
+@COND_BUILD_PAM_SETQUOTA_TRUE@MAYBE_PAM_SETQUOTA = pam_setquota
+@COND_BUILD_PAM_TALLY_TRUE@MAYBE_PAM_TALLY = pam_tally
+@COND_BUILD_PAM_TALLY2_TRUE@MAYBE_PAM_TALLY2 = pam_tally2
+@COND_BUILD_PAM_TTY_AUDIT_TRUE@MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+@COND_BUILD_PAM_USERDB_TRUE@MAYBE_PAM_USERDB = pam_userdb
+SUBDIRS := \
+ pam_access \
+ $(MAYBE_PAM_CRACKLIB) \
+ pam_debug \
+ pam_deny \
+ pam_echo \
+ pam_env \
+ pam_exec \
+ pam_faildelay \
+ pam_faillock \
+ pam_filter \
+ pam_ftp \
+ pam_group \
+ pam_issue \
+ $(MAYBE_PAM_KEYINIT) \
+ $(MAYBE_PAM_LASTLOG) \
+ pam_limits \
+ pam_listfile \
+ pam_localuser \
+ pam_loginuid \
+ pam_mail \
+ pam_mkhomedir \
+ pam_motd \
+ $(MAYBE_PAM_NAMESPACE) \
+ pam_nologin \
+ pam_permit \
+ pam_pwhistory \
+ $(MAYBE_PAM_RHOSTS) \
+ pam_rootok \
+ pam_securetty \
+ $(MAYBE_PAM_SELINUX) \
+ $(MAYBE_PAM_SEPERMIT) \
+ $(MAYBE_PAM_SETQUOTA) \
+ pam_shells \
+ pam_stress \
+ pam_succeed_if \
+ $(MAYBE_PAM_TALLY) \
+ $(MAYBE_PAM_TALLY2) \
+ pam_time \
+ pam_timestamp \
+ $(MAYBE_PAM_TTY_AUDIT) \
+ pam_umask \
+ pam_unix \
+ $(MAYBE_PAM_USERDB) \
+ pam_usertype \
+ pam_warn \
+ pam_wheel \
+ pam_xauth \
+ #
CLEANFILES = *~
EXTRA_DIST = modules.map
@@ -389,14 +463,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -513,7 +586,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -685,6 +761,8 @@ uninstall-am:
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags tags-am uninstall uninstall-am
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am
index 924b7219..5723dd59 100644
--- a/modules/pam_access/Makefile.am
+++ b/modules/pam_access/Makefile.am
@@ -5,18 +5,21 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = access.conf.5 pam_access.8
+endif
XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+ -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,15 +28,9 @@ endif
securelib_LTLIBRARIES = pam_access.la
pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = access.conf
+dist_secureconf_DATA = access.conf
if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_access.8.xml access.conf.5.xml
-
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_access
diff --git a/modules/pam_access/Makefile.in b/modules/pam_access/Makefile.in
index 02a35cb0..dc7db3c3 100644
--- a/modules/pam_access/Makefile.in
+++ b/modules/pam_access/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_access
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_access.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,21 +586,22 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access
-man_MANS = access.conf.5 pam_access.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = access.conf.5 pam_access.8
XMLS = README.xml access.conf.5.xml pam_access.8.xml
+dist_check_SCRIPTS = tst-pam_access
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" \
- -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\"
+ -DACCESS_CONF_GLOB=\"$(SCONFIGDIR)/access.d/*.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_access.la
pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = access.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_access
+dist_secureconf_DATA = access.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -598,14 +618,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_access/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -661,21 +680,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -689,10 +714,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -727,15 +752,15 @@ uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -770,14 +795,14 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -791,9 +816,9 @@ install-secureconfDATA: $(secureconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
done
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
@@ -879,7 +904,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -969,7 +994,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -979,7 +1004,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1012,7 +1037,10 @@ tst-pam_access.log: tst-pam_access
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1043,6 +1071,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1091,7 +1120,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_access.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1108,7 +1137,7 @@ info: info-am
info-am:
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
install-securelibLTLIBRARIES
install-dvi: install-dvi-am
@@ -1138,7 +1167,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_access.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1155,33 +1184,32 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
uninstall-securelibLTLIBRARIES
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man5 \
- install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-secureconfDATA \
- install-securelibLTLIBRARIES install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES
-
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-securelibLTLIBRARIES \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+ uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+ uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_access.8.xml access.conf.5.xml
+.PRECIOUS: Makefile
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_access/README b/modules/pam_access/README
index 0e16c0d8..26aad33e 100644
--- a/modules/pam_access/README
+++ b/modules/pam_access/README
@@ -116,6 +116,10 @@ User john should get access from IPv6 net/mask.
+:john:2001:db8:0:101::/64
+Members of group wheel should be allowed to get access from all sources.
+
++:(wheel):ALL
+
Disallow console logins to all but the shutdown, sync and all other accounts,
which are a member of the wheel group.
diff --git a/modules/pam_access/access.conf.5 b/modules/pam_access/access.conf.5
index 8e7ea4cf..1c217b9f 100644
--- a/modules/pam_access/access.conf.5
+++ b/modules/pam_access/access.conf.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: access.conf
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "ACCESS\&.CONF" "5" "05/18/2018" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "ACCESS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -188,6 +188,12 @@ should get access from IPv6 net/mask\&.
.PP
+:john:2001:db8:0:101::/64
.PP
+Members of group
+\fIwheel\fR
+should be allowed to get access from all sources\&.
+.PP
++:(wheel):ALL
+.PP
Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&.
.PP
\-:ALL EXCEPT (wheel) shutdown sync:LOCAL
diff --git a/modules/pam_access/access.conf.5.xml b/modules/pam_access/access.conf.5.xml
index 386346b9..8fdbc31d 100644
--- a/modules/pam_access/access.conf.5.xml
+++ b/modules/pam_access/access.conf.5.xml
@@ -198,6 +198,12 @@
<para>+:john:2001:db8:0:101::/64</para>
<para>
+ Members of group <emphasis>wheel</emphasis> should be allowed to get access
+ from all sources.
+ </para>
+ <para>+:(wheel):ALL</para>
+
+ <para>
Disallow console logins to all but the shutdown, sync and all
other accounts, which are a member of the wheel group.
</para>
diff --git a/modules/pam_access/pam_access.8 b/modules/pam_access/pam_access.8
index 138c3c48..c091642d 100644
--- a/modules/pam_access/pam_access.8
+++ b/modules/pam_access/pam_access.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_access
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2018
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ACCESS" "8" "05/18/2018" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ACCESS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c
index 80d885dd..98848c54 100644
--- a/modules/pam_access/pam_access.c
+++ b/modules/pam_access/pam_access.c
@@ -1,6 +1,6 @@
-/* pam_access module */
-
/*
+ * pam_access module
+ *
* Written by Alexei Nogin <alexei@nogin.dnttm.ru> 1997/06/15
* (I took login_access from logdaemon-5.6 and converted it to PAM
* using parts of pam_time code.)
@@ -21,7 +21,7 @@
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
- * merchantibility and fitness for any particular purpose.
+ * merchantability and fitness for any particular purpose.
*************************************************************************
*/
@@ -49,22 +49,12 @@
#include <libaudit.h>
#endif
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
+#include "pam_cc_compat.h"
+#include "pam_inline.h"
/* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */
@@ -123,25 +113,27 @@ parse_args(pam_handle_t *pamh, struct login_info *loginfo,
loginfo->fs = ":";
loginfo->sep = ", \t";
for (i=0; i<argc; ++i) {
- if (!strncmp("fieldsep=", argv[i], 9)) {
+ const char *str;
+
+ if ((str = pam_str_skip_prefix(argv[i], "fieldsep=")) != NULL) {
/* the admin wants to override the default field separators */
- loginfo->fs = argv[i]+9;
+ loginfo->fs = str;
- } else if (!strncmp("listsep=", argv[i], 8)) {
+ } else if ((str = pam_str_skip_prefix(argv[i], "listsep=")) != NULL) {
/* the admin wants to override the default list separators */
- loginfo->sep = argv[i]+8;
+ loginfo->sep = str;
- } else if (!strncmp("accessfile=", argv[i], 11)) {
- FILE *fp = fopen(11 + argv[i], "r");
+ } else if ((str = pam_str_skip_prefix(argv[i], "accessfile=")) != NULL) {
+ FILE *fp = fopen(str, "r");
if (fp) {
- loginfo->config_file = 11 + argv[i];
+ loginfo->config_file = str;
fclose(fp);
} else {
pam_syslog(pamh, LOG_ERR,
- "failed to open accessfile=[%s]: %m", 11 + argv[i]);
+ "failed to open accessfile=[%s]: %m", str);
return 0;
}
@@ -216,7 +208,7 @@ isipaddr (const char *string, int *addr_type,
/* are_addresses_equal - translate IP address strings to real IP
* addresses and compare them to find out if they are equal.
- * If netmask was provided it will be used to focus comparation to
+ * If netmask was provided it will be used to focus comparison to
* relevant bits.
*/
static int
@@ -335,7 +327,9 @@ login_access (pam_handle_t *pamh, struct login_info *item)
char *users; /* becomes list of login names */
char *froms; /* becomes list of terminals or hosts */
int match = NO;
+#ifdef HAVE_LIBAUDIT
int nonall_match = NO;
+#endif
int end;
int lineno = 0; /* for diagnostics */
char *sptr;
@@ -371,7 +365,7 @@ login_access (pam_handle_t *pamh, struct login_info *item)
if (line[0] == 0) /* skip blank lines */
continue;
- /* Allow field seperator in last field of froms */
+ /* Allow field separator in last field of froms */
if (!(perm = strtok_r(line, item->fs, &sptr))
|| !(users = strtok_r(NULL, item->fs, &sptr))
|| !(froms = strtok_r(NULL, "\n", &sptr))) {
@@ -393,9 +387,11 @@ login_access (pam_handle_t *pamh, struct login_info *item)
match, item->user->pw_name);
if (match) {
match = list_match(pamh, froms, NULL, item, from_match);
+#ifdef HAVE_LIBAUDIT
if (!match && perm[0] == '+') {
nonall_match = YES;
}
+#endif
if (item->debug)
pam_syslog (pamh, LOG_DEBUG,
"from_match=%d, \"%s\"", match, item->from);
@@ -473,6 +469,8 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
{
int retval;
char *mydomain = NULL;
+
+#ifdef HAVE_GETDOMAINNAME
char domainname_res[256];
if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
@@ -482,6 +480,7 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup,
mydomain = domainname_res;
}
}
+#endif
#ifdef HAVE_INNETGR
retval = innetgr (netgroup, machine, user, mydomain);
@@ -576,7 +575,7 @@ group_match (pam_handle_t *pamh, const char *tok, const char* usr,
if (strlen(tok) < 3)
return NO;
- /* token is recieved under the format '(...)' */
+ /* token is received under the format '(...)' */
memset(grptok, 0, BUFSIZ);
strncpy(grptok, tok + 1, strlen(tok) - 2);
@@ -646,9 +645,11 @@ from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item)
if (runp->ai_family == AF_INET)
{
+ DIAG_PUSH_IGNORE_CAST_ALIGN;
inet_ntop (runp->ai_family,
&((struct sockaddr_in *) runp->ai_addr)->sin_addr,
buf, sizeof (buf));
+ DIAG_POP_IGNORE_CAST_ALIGN;
strcat (buf, ".");
@@ -737,7 +738,9 @@ network_netmask_match (pam_handle_t *pamh,
{ /* invalid netmask value */
return NO;
}
- if ((netmask < 0) || (netmask >= 128))
+ if ((netmask < 0)
+ || (addr_type == AF_INET && netmask > 32)
+ || (addr_type == AF_INET6 && netmask > 128))
{ /* netmask value out of range */
return NO;
}
@@ -775,11 +778,13 @@ network_netmask_match (pam_handle_t *pamh,
{
char buf[INET6_ADDRSTRLEN];
+ DIAG_PUSH_IGNORE_CAST_ALIGN;
inet_ntop (runp->ai_family,
runp->ai_family == AF_INET
? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr
: (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr,
buf, sizeof (buf));
+ DIAG_POP_IGNORE_CAST_ALIGN;
if (are_addresses_equal(buf, tok, netmask_ptr))
{
@@ -806,7 +811,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
const char *user=NULL;
const void *void_from=NULL;
const char *from;
- const char const *default_config = PAM_ACCESS_CONFIG;
+ const char *default_config = PAM_ACCESS_CONFIG;
struct passwd *user_pw;
char hostname[MAXHOSTNAMELEN + 1];
int rv;
@@ -814,9 +819,8 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
/* set username */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
- || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am
index 77b89d16..e11c42d7 100644
--- a/modules/pam_cracklib/Makefile.am
+++ b/modules/pam_cracklib/Makefile.am
@@ -5,31 +5,29 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib
+EXTRA_DIST = $(XMLS)
-if HAVE_LIBCRACK
- TESTS = tst-pam_cracklib
- man_MANS = pam_cracklib.8
+if HAVE_DOC
+dist_man_MANS = pam_cracklib.8
endif
-
XMLS = README.xml pam_cracklib.8.xml
+dist_check_SCRIPTS = tst-pam_cracklib
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
@LIBCRACK@ @LIBCRYPT@
-if HAVE_LIBCRACK
- securelib_LTLIBRARIES = pam_cracklib.la
-endif
+securelib_LTLIBRARIES = pam_cracklib.la
if ENABLE_REGENERATE_MAN
-noinst_DATA = README pam_cracklib.8
-README: pam_cracklib.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_cracklib/Makefile.in b/modules/pam_cracklib/Makefile.in
index 03d8547f..9cd1afc5 100644
--- a/modules/pam_cracklib/Makefile.in
+++ b/modules/pam_cracklib/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_cracklib
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,7 +152,6 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-@HAVE_LIBCRACK_TRUE@am_pam_cracklib_la_rpath = -rpath $(securelibdir)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -158,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_cracklib.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -187,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -385,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -413,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -421,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -457,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -493,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -566,19 +583,22 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib
-@HAVE_LIBCRACK_TRUE@TESTS = tst-pam_cracklib
-@HAVE_LIBCRACK_TRUE@man_MANS = pam_cracklib.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_cracklib.8
XMLS = README.xml pam_cracklib.8.xml
+dist_check_SCRIPTS = tst-pam_cracklib
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \
@LIBCRACK@ @LIBCRYPT@
-@HAVE_LIBCRACK_TRUE@securelib_LTLIBRARIES = pam_cracklib.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_cracklib.8
+securelib_LTLIBRARIES = pam_cracklib.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -595,14 +615,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_cracklib/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -650,7 +669,7 @@ clean-securelibLTLIBRARIES:
}
pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES) $(EXTRA_pam_cracklib_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) $(am_pam_cracklib_la_rpath) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -658,21 +677,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -686,10 +711,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -724,7 +749,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -812,7 +837,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -902,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -912,7 +937,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -945,7 +970,10 @@ tst-pam_cracklib.log: tst-pam_cracklib
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -976,6 +1004,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1024,7 +1053,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_cracklib.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1070,7 +1099,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_cracklib.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1093,15 +1122,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1109,7 +1139,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_cracklib.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_cracklib/README b/modules/pam_cracklib/README
index 6a59c1ca..d0745160 100644
--- a/modules/pam_cracklib/README
+++ b/modules/pam_cracklib/README
@@ -27,7 +27,7 @@ Palindrome
Case Change Only
- Is the new password the the old one with only a change of case?
+ Is the new password the old one with only a change of case?
Similar
@@ -181,9 +181,10 @@ reject_username
gecoscheck
- Check whether the words from the GECOS field (usualy full name of the user)
- longer than 3 characters in straight or reversed form are contained in the
- new password. If any such word is found the new password is rejected.
+ Check whether the words from the GECOS field (usually full name of the
+ user) longer than 3 characters in straight or reversed form are contained
+ in the new password. If any such word is found the new password is
+ rejected.
enforce_for_root
diff --git a/modules/pam_cracklib/pam_cracklib.8 b/modules/pam_cracklib/pam_cracklib.8
index 3ed37e8e..b7a60536 100644
--- a/modules/pam_cracklib/pam_cracklib.8
+++ b/modules/pam_cracklib/pam_cracklib.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_cracklib
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_CRACKLIB" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_CRACKLIB" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -53,7 +53,7 @@ Is the new password a palindrome?
.PP
Case Change Only
.RS 4
-Is the new password the the old one with only a change of case?
+Is the new password the old one with only a change of case?
.RE
.PP
Similar
@@ -234,7 +234,7 @@ Check whether the name of the user in straight or reversed form is contained in
.PP
\fBgecoscheck\fR
.RS 4
-Check whether the words from the GECOS field (usualy full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
+Check whether the words from the GECOS field (usually full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&.
.RE
.PP
\fBenforce_for_root\fR
diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 3f6e76f0..75e44e2d 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -67,7 +67,7 @@
<term>Case Change Only</term>
<listitem>
<para>
- Is the new password the the old one with only a change of case?
+ Is the new password the old one with only a change of case?
</para>
</listitem>
</varlistentry>
@@ -402,7 +402,7 @@
</term>
<listitem>
<para>
- Check whether the words from the GECOS field (usualy full name
+ Check whether the words from the GECOS field (usually full name
of the user) longer than 3 characters in straight or reversed
form are contained in the new password. If any such word is
found the new password is rejected.
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 45c02aba..01291305 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -1,8 +1,6 @@
/*
* pam_cracklib module
- */
-
-/*
+ *
* 0.9. switch to using a distance algorithm in similar()
* 0.86. added support for setting minimum numbers of digits, uppers,
* lowers, and others
@@ -13,11 +11,9 @@
* 0.5. supports retries - 'retry=N' argument
* 0.4. added argument 'type=XXX' for 'New XXX password' prompt
* 0.3. Added argument 'debug'
- * 0.2. new password is feeded to cracklib for verify after typed once
+ * 0.2. new password is fed to cracklib for verify after typed once
* 0.1. First release
- */
-
-/*
+ *
* Written by Cristian Gafton <gafton@redhat.com> 1996/09/10
* Long password support by Philip W. Dalrymple <pwd@mdtsoft.com> 1997/07/18
* See the end of the file for Copyright Information
@@ -69,18 +65,10 @@ extern char *FascistCheck(char *pw, const char *dictpath);
#endif
#define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b))
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_PASSWORD
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* argument parsing */
#define PAM_DEBUG_ARG 0x0001
@@ -121,78 +109,79 @@ _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt,
/* step through arguments */
for (ctrl=0; argc-- > 0; ++argv) {
+ const char *str;
char *ep = NULL;
/* generic options */
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
- else if (!strncmp(*argv,"type=",5))
- pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5);
- else if (!strncmp(*argv,"retry=",6)) {
- opt->retry_times = strtol(*argv+6,&ep,10);
+ else if ((str = pam_str_skip_prefix(*argv, "type=")) != NULL)
+ pam_set_item (pamh, PAM_AUTHTOK_TYPE, str);
+ else if ((str = pam_str_skip_prefix(*argv, "retry=")) != NULL) {
+ opt->retry_times = strtol(str, &ep, 10);
if (!ep || (opt->retry_times < 1))
opt->retry_times = CO_RETRY_TIMES;
- } else if (!strncmp(*argv,"difok=",6)) {
- opt->diff_ok = strtol(*argv+6,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "difok=")) != NULL) {
+ opt->diff_ok = strtol(str, &ep, 10);
if (!ep || (opt->diff_ok < 0))
opt->diff_ok = CO_DIFF_OK;
- } else if (!strncmp(*argv,"difignore=",10)) {
+ } else if (pam_str_skip_prefix(*argv, "difignore=") != NULL) {
/* just ignore */
- } else if (!strncmp(*argv,"minlen=",7)) {
- opt->min_length = strtol(*argv+7,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "minlen=")) != NULL) {
+ opt->min_length = strtol(str, &ep, 10);
if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE))
opt->min_length = CO_MIN_LENGTH_BASE;
- } else if (!strncmp(*argv,"dcredit=",8)) {
- opt->dig_credit = strtol(*argv+8,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "dcredit=")) != NULL) {
+ opt->dig_credit = strtol(str, &ep, 10);
if (!ep)
opt->dig_credit = 0;
- } else if (!strncmp(*argv,"ucredit=",8)) {
- opt->up_credit = strtol(*argv+8,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "ucredit=")) != NULL) {
+ opt->up_credit = strtol(str, &ep, 10);
if (!ep)
opt->up_credit = 0;
- } else if (!strncmp(*argv,"lcredit=",8)) {
- opt->low_credit = strtol(*argv+8,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "lcredit=")) != NULL) {
+ opt->low_credit = strtol(str, &ep, 10);
if (!ep)
opt->low_credit = 0;
- } else if (!strncmp(*argv,"ocredit=",8)) {
- opt->oth_credit = strtol(*argv+8,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "ocredit=")) != NULL) {
+ opt->oth_credit = strtol(str, &ep, 10);
if (!ep)
opt->oth_credit = 0;
- } else if (!strncmp(*argv,"minclass=",9)) {
- opt->min_class = strtol(*argv+9,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "minclass=")) != NULL) {
+ opt->min_class = strtol(str, &ep, 10);
if (!ep)
opt->min_class = 0;
if (opt->min_class > 4)
opt->min_class = 4;
- } else if (!strncmp(*argv,"maxrepeat=",10)) {
- opt->max_repeat = strtol(*argv+10,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "maxrepeat=")) != NULL) {
+ opt->max_repeat = strtol(str, &ep, 10);
if (!ep)
opt->max_repeat = 0;
- } else if (!strncmp(*argv,"maxsequence=",12)) {
- opt->max_sequence = strtol(*argv+12,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "maxsequence=")) != NULL) {
+ opt->max_sequence = strtol(str, &ep, 10);
if (!ep)
opt->max_sequence = 0;
- } else if (!strncmp(*argv,"maxclassrepeat=",15)) {
- opt->max_class_repeat = strtol(*argv+15,&ep,10);
+ } else if ((str = pam_str_skip_prefix(*argv, "maxclassrepeat=")) != NULL) {
+ opt->max_class_repeat = strtol(str, &ep, 10);
if (!ep)
opt->max_class_repeat = 0;
- } else if (!strncmp(*argv,"reject_username",15)) {
+ } else if (!strcmp(*argv, "reject_username")) {
opt->reject_user = 1;
- } else if (!strncmp(*argv,"gecoscheck",10)) {
+ } else if (!strcmp(*argv, "gecoscheck")) {
opt->gecos_check = 1;
- } else if (!strncmp(*argv,"enforce_for_root",16)) {
+ } else if (!strcmp(*argv, "enforce_for_root")) {
opt->enforce_for_root = 1;
- } else if (!strncmp(*argv,"authtok_type",12)) {
+ } else if (pam_str_skip_prefix(*argv, "authtok_type=") != NULL) {
/* for pam_get_authtok, ignore */;
- } else if (!strncmp(*argv,"use_authtok",11)) {
+ } else if (!strcmp(*argv, "use_authtok")) {
/* for pam_get_authtok, ignore */;
- } else if (!strncmp(*argv,"use_first_pass",14)) {
+ } else if (!strcmp(*argv, "use_first_pass")) {
/* for pam_get_authtok, ignore */;
- } else if (!strncmp(*argv,"try_first_pass",14)) {
+ } else if (!strcmp(*argv, "try_first_pass")) {
/* for pam_get_authtok, ignore */;
- } else if (!strncmp(*argv,"dictpath=",9)) {
- opt->cracklib_dictpath = *argv+9;
+ } else if ((str = pam_str_skip_prefix(*argv, "dictpath=")) != NULL) {
+ opt->cracklib_dictpath = str;
if (!*(opt->cracklib_dictpath)) {
opt->cracklib_dictpath = CRACKLIB_DICTS;
}
@@ -315,7 +304,7 @@ static int similar(struct cracklib_options *opt,
}
/*
- * enough classes of charecters
+ * enough classes of characters
*/
static int minclass (struct cracklib_options *opt,
@@ -692,14 +681,16 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
if (ctrl & PAM_DEBUG_ARG)
pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
pam_error(pamh, "%s", pass_new == NULL ?
- _("No password supplied"):_("Password unchanged"));
+ _("No password has been supplied.") :
+ _("The password has not been changed."));
return PAM_AUTHTOK_ERR;
}
retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS || user == NULL) {
+ if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG)
- pam_syslog(pamh,LOG_ERR,"Can not get username");
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_AUTHTOK_ERR;
}
/*
diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am
index 9e27ec5e..8aa63056 100644
--- a/modules/pam_debug/Makefile.am
+++ b/modules/pam_debug/Makefile.am
@@ -5,16 +5,21 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_debug.8
+if HAVE_DOC
+dist_man_MANS = pam_debug.8
+endif
XMLS = README.xml pam_debug.8.xml
+dist_check_SCRIPTS = tst-pam_debug
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
-AM_LDFLAGS = -no-undefined -avoid-version -module
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
@@ -22,10 +27,10 @@ endif
securelib_LTLIBRARIES = pam_debug.la
pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_debug
+check_PROGRAMS = tst-pam_debug-retval
+tst_pam_debug_retval_LDADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_debug.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_debug/Makefile.in b/modules/pam_debug/Makefile.in
index 9d763fbc..abc2a9d2 100644
--- a/modules/pam_debug/Makefile.in
+++ b/modules/pam_debug/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_debug-retval$(EXEEXT)
subdir = modules/pam_debug
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
+tst_pam_debug_retval_SOURCES = tst-pam_debug-retval.c
+tst_pam_debug_retval_OBJECTS = tst-pam_debug-retval.$(OBJEXT)
+tst_pam_debug_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_debug.Plo \
+ ./$(DEPDIR)/tst-pam_debug-retval.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = pam_debug.c
-DIST_SOURCES = pam_debug.c
+SOURCES = pam_debug.c tst-pam_debug-retval.c
+DIST_SOURCES = pam_debug.c tst-pam_debug-retval.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug
-man_MANS = pam_debug.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_debug.8
XMLS = README.xml pam_debug.8.xml
+dist_check_SCRIPTS = tst-pam_debug
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_debug.la
pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_debug
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_debug_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_debug/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_debug/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
pam_debug.la: $(pam_debug_la_OBJECTS) $(pam_debug_la_DEPENDENCIES) $(EXTRA_pam_debug_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_debug_la_OBJECTS) $(pam_debug_la_LIBADD) $(LIBS)
+tst-pam_debug-retval$(EXEEXT): $(tst_pam_debug_retval_OBJECTS) $(tst_pam_debug_retval_DEPENDENCIES) $(EXTRA_tst_pam_debug_retval_DEPENDENCIES)
+ @rm -f tst-pam_debug-retval$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_debug_retval_OBJECTS) $(tst_pam_debug_retval_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_debug-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_debug.log: tst-pam_debug
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_debug-retval.log: tst-pam_debug-retval$(EXEEXT)
+ @p='tst-pam_debug-retval$(EXEEXT)'; \
+ b='tst-pam_debug-retval'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_debug.log: tst-pam_debug
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+ $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_debug.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_debug-retval.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_debug.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_debug-retval.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_debug.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_debug/pam_debug.8 b/modules/pam_debug/pam_debug.8
index bba7f934..552da6b3 100644
--- a/modules/pam_debug/pam_debug.8
+++ b/modules/pam_debug/pam_debug.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_debug
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_DEBUG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DEBUG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c
index 9b68d382..414806b2 100644
--- a/modules/pam_debug/pam_debug.c
+++ b/modules/pam_debug/pam_debug.c
@@ -1,32 +1,14 @@
-/* pam_permit module */
-
/*
- * $Id$
+ * pam_debug module
*
* Written by Andrew Morgan <morgan@kernel.org> 2001/02/04
*
- */
-
-#define DEFAULT_USER "nobody"
-
-#include "config.h"
-
-#include <stdio.h>
-
-/*
* This module is intended as a debugging aide for determining how
* the PAM stack is operating.
- *
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
*/
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
+#include "config.h"
+#include <stdio.h>
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
@@ -35,6 +17,8 @@
#define _PAM_ACTION_UNDEF (-10)
#include "../../libpam/pam_tokens.h"
+#define DEFAULT_USER "nobody"
+
/* --- authentication management functions --- */
static int state(pam_handle_t *pamh, const char *text)
@@ -78,28 +62,7 @@ static int parse_args(int retval, const char *event,
int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
int argc, const char **argv)
{
- int retval;
- const char *user=NULL;
-
- /*
- * authentication requires we know who the user wants to be
- */
- retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS) {
- D(("get user returned error: %s", pam_strerror(pamh,retval)));
- return retval;
- }
- if (user == NULL || *user == '\0') {
- D(("username not known"));
- retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER);
- if (retval != PAM_SUCCESS)
- return retval;
- }
- user = NULL; /* clean up */
-
- retval = parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
-
- return retval;
+ return parse_args(PAM_SUCCESS, "auth", pamh, argc, argv);
}
int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED,
diff --git a/modules/pam_debug/tst-pam_debug-retval.c b/modules/pam_debug/tst-pam_debug-retval.c
new file mode 100644
index 00000000..6d3edf8f
--- /dev/null
+++ b/modules/pam_debug/tst-pam_debug-retval.c
@@ -0,0 +1,65 @@
+/*
+ * Check pam_debug return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_debug"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static const char args[] = " auth=perm_denied"
+ " cred=cred_unavail"
+ " acct=acct_expired"
+ " prechauthtok=success"
+ " chauthtok=service_err"
+ " open_session=buf_err"
+ " close_session=system_err";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+ pam_handle_t *pamh = NULL;
+ FILE *fp;
+ char cwd[PATH_MAX];
+
+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so %s\n"
+ "account required %s/.libs/%s.so %s\n"
+ "password required %s/.libs/%s.so %s\n"
+ "session required %s/.libs/%s.so %s\n",
+ cwd, MODULE_NAME, args,
+ cwd, MODULE_NAME, args,
+ cwd, MODULE_NAME, args,
+ cwd, MODULE_NAME, args));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_CRED_UNAVAIL, pam_setcred(pamh, 0));
+ ASSERT_EQ(PAM_ACCT_EXPIRED, pam_acct_mgmt(pamh, 0));
+ ASSERT_EQ(PAM_SERVICE_ERR, pam_chauthtok(pamh, 0));
+ ASSERT_EQ(PAM_BUF_ERR, pam_open_session(pamh, 0));
+ ASSERT_EQ(PAM_SYSTEM_ERR, pam_close_session(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(0, unlink(service_file));
+
+ return 0;
+}
diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am
index e2d2ea4c..fa9b9c8b 100644
--- a/modules/pam_deny/Makefile.am
+++ b/modules/pam_deny/Makefile.am
@@ -5,16 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
-
-man_MANS = pam_deny.8
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = pam_deny.8
+endif
XMLS = README.xml pam_deny.8.xml
+dist_check_SCRIPTS = tst-pam_deny
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,13 +27,10 @@ endif
securelib_LTLIBRARIES = pam_deny.la
pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la
-if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_deny.8.xml
+check_PROGRAMS = tst-pam_deny-retval
+tst_pam_deny_retval_LDADD = $(top_builddir)/libpam/libpam.la
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_deny
diff --git a/modules/pam_deny/Makefile.in b/modules/pam_deny/Makefile.in
index 76a91355..7622e003 100644
--- a/modules/pam_deny/Makefile.in
+++ b/modules/pam_deny/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_deny-retval$(EXEEXT)
subdir = modules/pam_deny
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
+tst_pam_deny_retval_SOURCES = tst-pam_deny-retval.c
+tst_pam_deny_retval_OBJECTS = tst-pam_deny-retval.$(OBJEXT)
+tst_pam_deny_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_deny.Plo \
+ ./$(DEPDIR)/tst-pam_deny-retval.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = pam_deny.c
-DIST_SOURCES = pam_deny.c
+SOURCES = pam_deny.c tst-pam_deny-retval.c
+DIST_SOURCES = pam_deny.c tst-pam_deny-retval.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny
-man_MANS = pam_deny.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_deny.8
XMLS = README.xml pam_deny.8.xml
+dist_check_SCRIPTS = tst-pam_deny
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_deny.la
pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_deny
+tst_pam_deny_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_deny/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_deny/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
pam_deny.la: $(pam_deny_la_OBJECTS) $(pam_deny_la_DEPENDENCIES) $(EXTRA_pam_deny_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_deny_la_OBJECTS) $(pam_deny_la_LIBADD) $(LIBS)
+tst-pam_deny-retval$(EXEEXT): $(tst_pam_deny_retval_OBJECTS) $(tst_pam_deny_retval_DEPENDENCIES) $(EXTRA_tst_pam_deny_retval_DEPENDENCIES)
+ @rm -f tst-pam_deny-retval$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_deny_retval_OBJECTS) $(tst_pam_deny_retval_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_deny-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_deny.log: tst-pam_deny
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_deny-retval.log: tst-pam_deny-retval$(EXEEXT)
+ @p='tst-pam_deny-retval$(EXEEXT)'; \
+ b='tst-pam_deny-retval'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_deny.log: tst-pam_deny
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+ $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_deny.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_deny-retval.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_deny.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_deny-retval.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,8 +1167,7 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_deny.8.xml
+.PRECIOUS: Makefile
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_deny/pam_deny.8 b/modules/pam_deny/pam_deny.8
index 662a3081..e4c4ec56 100644
--- a/modules/pam_deny/pam_deny.8
+++ b/modules/pam_deny/pam_deny.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_deny
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_DENY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_DENY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c
index 155a1f5d..a2fe0c23 100644
--- a/modules/pam_deny/pam_deny.c
+++ b/modules/pam_deny/pam_deny.c
@@ -1,26 +1,10 @@
-/* pam_deny module */
-
/*
- * $Id$
+ * pam_deny module
*
* Written by Andrew Morgan <morgan@parc.power.net> 1996/3/11
- *
- */
-
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
*/
#include "config.h"
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
#include <security/pam_modules.h>
/* --- authentication management functions --- */
diff --git a/modules/pam_deny/tst-pam_deny-retval.c b/modules/pam_deny/tst-pam_deny-retval.c
new file mode 100644
index 00000000..356ca1f1
--- /dev/null
+++ b/modules/pam_deny/tst-pam_deny-retval.c
@@ -0,0 +1,58 @@
+/*
+ * Check pam_deny return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_deny"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+ pam_handle_t *pamh = NULL;
+ FILE *fp;
+ char cwd[PATH_MAX];
+
+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so\n"
+ "account required %s/.libs/%s.so\n"
+ "password required %s/.libs/%s.so\n"
+ "session required %s/.libs/%s.so\n",
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_AUTH_ERR, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_CRED_ERR, pam_setcred(pamh, 0));
+ ASSERT_EQ(PAM_AUTH_ERR, pam_acct_mgmt(pamh, 0));
+ ASSERT_EQ(PAM_AUTHTOK_ERR, pam_chauthtok(pamh, 0));
+ ASSERT_EQ(PAM_SESSION_ERR, pam_open_session(pamh, 0));
+ ASSERT_EQ(PAM_SESSION_ERR, pam_close_session(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(0, unlink(service_file));
+
+ return 0;
+}
diff --git a/modules/pam_echo/Makefile.am b/modules/pam_echo/Makefile.am
index dc14b057..b855e622 100644
--- a/modules/pam_echo/Makefile.am
+++ b/modules/pam_echo/Makefile.am
@@ -5,16 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
-
-man_MANS = pam_echo.8
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = pam_echo.8
+endif
XMLS = README.xml pam_echo.8.xml
+dist_check_SCRIPTS = tst-pam_echo
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,10 +27,10 @@ endif
securelib_LTLIBRARIES = pam_echo.la
pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la
+check_PROGRAMS = tst-pam_echo-retval
+tst_pam_echo_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_echo.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_echo
diff --git a/modules/pam_echo/Makefile.in b/modules/pam_echo/Makefile.in
index f3ebf665..67e226d4 100644
--- a/modules/pam_echo/Makefile.in
+++ b/modules/pam_echo/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_echo-retval$(EXEEXT)
subdir = modules/pam_echo
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,6 +153,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
+tst_pam_echo_retval_SOURCES = tst-pam_echo-retval.c
+tst_pam_echo_retval_OBJECTS = tst-pam_echo-retval.$(OBJEXT)
+tst_pam_echo_retval_DEPENDENCIES = $(top_builddir)/libpam/libpam.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -157,7 +170,9 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_echo.Plo \
+ ./$(DEPDIR)/tst-pam_echo-retval.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +192,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = pam_echo.c
-DIST_SOURCES = pam_echo.c
+SOURCES = pam_echo.c tst-pam_echo-retval.c
+DIST_SOURCES = pam_echo.c tst-pam_echo-retval.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -186,8 +201,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +431,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +476,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +513,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +588,21 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo
-man_MANS = pam_echo.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_echo.8
XMLS = README.xml pam_echo.8.xml
+dist_check_SCRIPTS = tst-pam_echo
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_echo.la
pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_echo
+tst_pam_echo_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +619,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_echo/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_echo/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +637,15 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +684,38 @@ clean-securelibLTLIBRARIES:
pam_echo.la: $(pam_echo_la_OBJECTS) $(pam_echo_la_DEPENDENCIES) $(EXTRA_pam_echo_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_echo_la_OBJECTS) $(pam_echo_la_LIBADD) $(LIBS)
+tst-pam_echo-retval$(EXEEXT): $(tst_pam_echo_retval_OBJECTS) $(tst_pam_echo_retval_DEPENDENCIES) $(EXTRA_tst_pam_echo_retval_DEPENDENCIES)
+ @rm -f tst-pam_echo-retval$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_echo_retval_OBJECTS) $(tst_pam_echo_retval_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_echo-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +729,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +767,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +855,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +945,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +955,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +973,13 @@ tst-pam_echo.log: tst-pam_echo
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_echo-retval.log: tst-pam_echo-retval$(EXEEXT)
+ @p='tst-pam_echo-retval$(EXEEXT)'; \
+ b='tst-pam_echo-retval'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
@@ -942,7 +995,10 @@ tst-pam_echo.log: tst-pam_echo
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1029,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+ $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1075,12 @@ maintainer-clean-generic:
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_echo.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_echo-retval.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1126,8 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_echo.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_echo-retval.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1150,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1167,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_echo.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_echo/pam_echo.8 b/modules/pam_echo/pam_echo.8
index f291bff8..625eb848 100644
--- a/modules/pam_echo/pam_echo.8
+++ b/modules/pam_echo/pam_echo.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_echo
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ECHO" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ECHO" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c
index 38303880..181aeb4c 100644
--- a/modules/pam_echo/pam_echo.c
+++ b/modules/pam_echo/pam_echo.c
@@ -52,15 +52,11 @@
#define HOST_NAME_MAX 255
#endif
-#define PAM_SM_ACCOUNT
-#define PAM_SM_AUTH
-#define PAM_SM_PASSWORD
-#define PAM_SM_SESSION
-
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/_pam_macros.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
static int
replace_and_print (pam_handle_t *pamh, const char *mesg)
@@ -150,8 +146,9 @@ pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv)
for (; argc-- > 0; ++argv)
{
- if (!strncmp (*argv, "file=", 5))
- file = (5 + *argv);
+ const char *str = pam_str_skip_prefix(*argv, "file=");
+ if (str != NULL)
+ file = str;
}
/* No file= option, use argument for output. */
diff --git a/modules/pam_echo/tst-pam_echo-retval.c b/modules/pam_echo/tst-pam_echo-retval.c
new file mode 100644
index 00000000..2374b71a
--- /dev/null
+++ b/modules/pam_echo/tst-pam_echo-retval.c
@@ -0,0 +1,101 @@
+/*
+ * Check pam_echo return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_echo"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+ pam_handle_t *pamh = NULL;
+ FILE *fp;
+ char cwd[PATH_MAX];
+
+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+ /* PAM_SUCCESS -> PAM_SUCCESS, PAM_IGNORE -> PAM_PERM_DENIED */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so\n"
+ "account required %s/.libs/%s.so\n"
+ "password required %s/.libs/%s.so\n"
+ "session required %s/.libs/%s.so\n",
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, 0));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_chauthtok(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, 0));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ /* PAM_SILENT: PAM_IGNORE -> PAM_PERM_DENIED */
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_chauthtok(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_open_session(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_close_session(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ /* PAM_IGNORE -> PAM_SUCCESS */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so\n"
+ "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+ "account required %s/.libs/%s.so\n"
+ "account required %s/../pam_permit/.libs/pam_permit.so\n"
+ "password required %s/.libs/%s.so\n"
+ "password required %s/../pam_permit/.libs/pam_permit.so\n"
+ "session required %s/.libs/%s.so\n"
+ "session required %s/../pam_permit/.libs/pam_permit.so\n",
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_acct_mgmt(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_chauthtok(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_open_session(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_close_session(pamh, PAM_SILENT));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(0, unlink(service_file));
+
+ return 0;
+}
diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am
index d6f081ff..c66112d6 100644
--- a/modules/pam_env/Makefile.am
+++ b/modules/pam_env/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
-
-man_MANS = pam_env.conf.5 pam_env.8 environment.5
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5
+endif
XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+dist_check_SCRIPTS = tst-pam_env
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,14 +27,11 @@ endif
securelib_LTLIBRARIES = pam_env.la
pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = pam_env.conf
-sysconf_DATA = environment
+dist_secureconf_DATA = pam_env.conf
+dist_sysconf_DATA = environment
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_env.8.xml pam_env.conf.5.xml
+dist_noinst_DATA = README
environment.5: pam_env.conf.5.xml
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_env
diff --git a/modules/pam_env/Makefile.in b/modules/pam_env/Makefile.in
index 87ae8c04..b422c591 100644
--- a/modules/pam_env/Makefile.in
+++ b/modules/pam_env/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_env
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(dist_sysconf_DATA) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -159,7 +169,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_env.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -189,8 +200,10 @@ am__can_run_installinfo = \
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA) $(sysconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA) \
+ $(dist_sysconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -387,6 +400,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -415,6 +431,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -423,7 +441,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -459,6 +476,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -495,11 +513,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -568,21 +588,22 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment
-man_MANS = pam_env.conf.5 pam_env.8 environment.5
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_env.conf.5 pam_env.8 environment.5
XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml
+dist_check_SCRIPTS = tst-pam_env
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\"
+ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_env.la
pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = pam_env.conf
-sysconf_DATA = environment
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_env
+dist_secureconf_DATA = pam_env.conf
+dist_sysconf_DATA = environment
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -599,14 +620,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_env/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_env/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -662,21 +682,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -690,10 +716,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -728,15 +754,15 @@ uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -771,14 +797,14 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -792,14 +818,14 @@ install-secureconfDATA: $(secureconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
done
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
-install-sysconfDATA: $(sysconf_DATA)
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+ @list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sysconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sysconfdir)" || exit 1; \
@@ -813,9 +839,9 @@ install-sysconfDATA: $(sysconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
done
-uninstall-sysconfDATA:
+uninstall-dist_sysconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+ @list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(sysconfdir)'; $(am__uninstall_files_from_dir)
@@ -901,7 +927,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -991,7 +1017,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1001,7 +1027,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1034,7 +1060,10 @@ tst-pam_env.log: tst-pam_env
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1065,6 +1094,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1113,7 +1143,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_env.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1130,14 +1160,14 @@ info: info-am
info-am:
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
install-securelibLTLIBRARIES
install-dvi: install-dvi-am
install-dvi-am:
-install-exec-am: install-sysconfDATA
+install-exec-am: install-dist_sysconfDATA
install-html: install-html-am
@@ -1160,7 +1190,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_env.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1177,32 +1207,35 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-man uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES uninstall-sysconfDATA
+uninstall-am: uninstall-dist_secureconfDATA uninstall-dist_sysconfDATA \
+ uninstall-man uninstall-securelibLTLIBRARIES
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA \
+ install-dist_sysconfDATA install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-man5 \
install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-secureconfDATA \
- install-securelibLTLIBRARIES install-strip install-sysconfDATA \
+ install-ps-am install-securelibLTLIBRARIES install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES uninstall-sysconfDATA
+ recheck tags tags-am uninstall uninstall-am \
+ uninstall-dist_secureconfDATA uninstall-dist_sysconfDATA \
+ uninstall-man uninstall-man5 uninstall-man8 \
+ uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_env.8.xml pam_env.conf.5.xml
@ENABLE_REGENERATE_MAN_TRUE@environment.5: pam_env.conf.5.xml
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_env/README b/modules/pam_env/README
index 65a35ce6..1542f6d7 100644
--- a/modules/pam_env/README
+++ b/modules/pam_env/README
@@ -14,11 +14,11 @@ option.
Second a file (/etc/environment by default) with simple KEY=VAL pairs on
separate lines will be read. With the envfile option an alternate file can be
-specified. And with the readenv option this can be completly disabled.
+specified. And with the readenv option this can be completely disabled.
Third it will read a user configuration file ($HOME/.pam_environment by
-default). The default file file can be changed with the user_envfile option and
-it can be turned on and off with the user_readenv option.
+default). The default file can be changed with the user_envfile option and it
+can be turned on and off with the user_readenv option.
Since setting of PAM environment variables can have side effects to other
modules, this module should be the last one on the stack.
@@ -50,14 +50,14 @@ readenv=0|1
user_envfile=filename
Indicate an alternative .pam_environment file to override the default.The
- syntax is the same as for /etc/environment. The filename is relative to the
- user home directory. This can be useful when different services need
- different environments.
+ syntax is the same as for /etc/security/pam_env.conf. The filename is
+ relative to the user home directory. This can be useful when different
+ services need different environments.
user_readenv=0|1
Turns on or off the reading of the user specific environment file. 0 is
- off, 1 is on. By default this option is on.
+ off, 1 is on. By default this option is off.
EXAMPLES
diff --git a/modules/pam_env/environment.5 b/modules/pam_env/environment.5
index 415dfc1c..aa670e2e 100644
--- a/modules/pam_env/environment.5
+++ b/modules/pam_env/environment.5
@@ -1 +1 @@
-.so pam_env.conf.5
+.so man5/pam_env.conf.5
diff --git a/modules/pam_env/pam_env.8 b/modules/pam_env/pam_env.8
index 2a3ea165..f674024c 100644
--- a/modules/pam_env/pam_env.8
+++ b/modules/pam_env/pam_env.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_env
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ENV" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_ENV" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -50,10 +50,10 @@ pairs on separate lines will be read\&. With the
\fIenvfile\fR
option an alternate file can be specified\&. And with the
\fIreadenv\fR
-option this can be completly disabled\&.
+option this can be completely disabled\&.
.PP
Third it will read a user configuration file ($HOME/\&.pam_environment
-by default)\&. The default file file can be changed with the
+by default)\&. The default file can be changed with the
\fIuser_envfile\fR
option and it can be turned on and off with the
\fIuser_readenv\fR
@@ -96,12 +96,12 @@ Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)
Indicate an alternative
\&.pam_environment
file to override the default\&.The syntax is the same as for
-\fI/etc/environment\fR\&. The filename is relative to the user home directory\&. This can be useful when different services need different environments\&.
+\fI/etc/security/pam_env\&.conf\fR\&. The filename is relative to the user home directory\&. This can be useful when different services need different environments\&.
.RE
.PP
\fBuser_readenv=\fR\fB\fI0|1\fR\fR
.RS 4
-Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&.
+Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
diff --git a/modules/pam_env/pam_env.8.xml b/modules/pam_env/pam_env.8.xml
index d6e20a2e..b765e527 100644
--- a/modules/pam_env/pam_env.8.xml
+++ b/modules/pam_env/pam_env.8.xml
@@ -62,12 +62,12 @@
Second a file (<filename>/etc/environment</filename> by default) with simple
<emphasis>KEY=VAL</emphasis> pairs on separate lines will be read.
With the <emphasis>envfile</emphasis> option an alternate file can be specified.
- And with the <emphasis>readenv</emphasis> option this can be completly disabled.
+ And with the <emphasis>readenv</emphasis> option this can be completely disabled.
</para>
<para>
Third it will read a user configuration file
(<filename>$HOME/.pam_environment</filename> by default).
- The default file file can be changed with the
+ The default file can be changed with the
<emphasis>user_envfile</emphasis> option
and it can be turned on and off with the <emphasis>user_readenv</emphasis> option.
</para>
@@ -143,7 +143,7 @@
<para>
Indicate an alternative <filename>.pam_environment</filename>
file to override the default.The syntax is the same as
- for <emphasis>/etc/environment</emphasis>.
+ for <emphasis>/etc/security/pam_env.conf</emphasis>.
The filename is relative to the user home directory.
This can be useful when different services need different
environments.
@@ -158,7 +158,7 @@
<listitem>
<para>
Turns on or off the reading of the user specific environment
- file. 0 is off, 1 is on. By default this option is on.
+ file. 0 is off, 1 is on. By default this option is off.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c
index 3846e359..79d43722 100644
--- a/modules/pam_env/pam_env.c
+++ b/modules/pam_env/pam_env.c
@@ -1,6 +1,6 @@
-/* pam_env module */
-
/*
+ * pam_env module
+ *
* Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
* Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the
* template for this file (via pam_mail)
@@ -10,7 +10,7 @@
#define DEFAULT_READ_ENVFILE 1
#define DEFAULT_USER_ENVFILE ".pam_environment"
-#define DEFAULT_USER_READ_ENVFILE 1
+#define DEFAULT_USER_READ_ENVFILE 0
#include "config.h"
@@ -26,22 +26,11 @@
#include <sys/types.h>
#include <unistd.h>
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH /* This is primarily a AUTH_SETCRED module */
-#define PAM_SM_SESSION /* But I like to be friendly */
-#define PAM_SM_PASSWORD /* "" */
-#define PAM_SM_ACCOUNT /* "" */
-
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/_pam_macros.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* This little structure makes it easier to keep variables together */
@@ -52,7 +41,7 @@ typedef struct var {
char *override;
} VAR;
-#define BUF_SIZE 1024
+#define BUF_SIZE 8192
#define MAX_ENV 8192
#define GOOD_LINE 0
@@ -63,7 +52,7 @@ typedef struct var {
#define ILLEGAL_VAR 103
static int _assemble_line(FILE *, char *, int);
-static int _parse_line(const pam_handle_t *, char *, VAR *);
+static int _parse_line(const pam_handle_t *, const char *, VAR *);
static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */
static void _clean_var(VAR *);
static int _expand_arg(pam_handle_t *, char **);
@@ -71,8 +60,8 @@ static const char * _pam_get_item_byname(pam_handle_t *, const char *);
static int _define_var(pam_handle_t *, int, VAR *);
static int _undefine_var(pam_handle_t *, int, VAR *);
-/* This is a flag used to designate an empty string */
-static char quote='Z';
+/* This is a special value used to designate an empty string */
+static char quote='\0';
/* argument parsing */
@@ -93,40 +82,41 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
/* step through arguments */
for (; argc-- > 0; ++argv) {
+ const char *str;
/* generic options */
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
- else if (!strncmp(*argv,"conffile=",9)) {
- if ((*argv)[9] == '\0') {
+ else if ((str = pam_str_skip_prefix(*argv, "conffile=")) != NULL) {
+ if (str[0] == '\0') {
pam_syslog(pamh, LOG_ERR,
"conffile= specification missing argument - ignored");
} else {
- *conffile = 9+*argv;
+ *conffile = str;
D(("new Configuration File: %s", *conffile));
}
- } else if (!strncmp(*argv,"envfile=",8)) {
- if ((*argv)[8] == '\0') {
+ } else if ((str = pam_str_skip_prefix(*argv, "envfile=")) != NULL) {
+ if (str[0] == '\0') {
pam_syslog (pamh, LOG_ERR,
"envfile= specification missing argument - ignored");
} else {
- *envfile = 8+*argv;
+ *envfile = str;
D(("new Env File: %s", *envfile));
}
- } else if (!strncmp(*argv,"user_envfile=",13)) {
- if ((*argv)[13] == '\0') {
+ } else if ((str = pam_str_skip_prefix(*argv, "user_envfile=")) != NULL) {
+ if (str[0] == '\0') {
pam_syslog (pamh, LOG_ERR,
"user_envfile= specification missing argument - ignored");
} else {
- *user_envfile = 13+*argv;
+ *user_envfile = str;
D(("new User Env File: %s", *user_envfile));
}
- } else if (!strncmp(*argv,"readenv=",8))
- *readenv = atoi(8+*argv);
- else if (!strncmp(*argv,"user_readenv=",13))
- *user_readenv = atoi(13+*argv);
- else
+ } else if ((str = pam_str_skip_prefix(*argv, "readenv=")) != NULL) {
+ *readenv = atoi(str);
+ } else if ((str = pam_str_skip_prefix(*argv, "user_readenv=")) != NULL) {
+ *user_readenv = atoi(str);
+ } else
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
@@ -228,9 +218,16 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file)
mark[0] = '\0';
/*
- * sanity check, the key must be alpha-numeric
+ * sanity check, the key must be alphanumeric
*/
+ if (key[0] == '=') {
+ pam_syslog(pamh, LOG_ERR,
+ "missing key name '%s' in %s', ignoring",
+ key, file);
+ continue;
+ }
+
for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ )
if (!isalnum(key[i]) && key[i] != '_') {
pam_syslog(pamh, LOG_ERR,
@@ -282,7 +279,7 @@ _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file)
/*
* This is where we read a line of the PAM config file. The line may be
- * preceeded by lines of comments and also extended with "\\\n"
+ * preceded by lines of comments and also extended with "\\\n"
*/
static int _assemble_line(FILE *f, char *buffer, int buf_len)
@@ -310,6 +307,14 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
return 0;
}
}
+ if (p[0] == '\0') {
+ D(("_assemble_line: corrupted or binary file"));
+ return -1;
+ }
+ if (p[strlen(p)-1] != '\n') {
+ D(("_assemble_line: line too long"));
+ return -1;
+ }
/* skip leading spaces --- line may be blank */
@@ -366,7 +371,7 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len)
}
static int
-_parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
+_parse_line (const pam_handle_t *pamh, const char *buffer, VAR *var)
{
/*
* parse buffer into var, legal syntax is
@@ -377,7 +382,8 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
*/
int length, quoteflg=0;
- char *ptr, **valptr, *tmpptr;
+ const char *ptr, *tmpptr;
+ char **valptr;
D(("Called buffer = <%s>", buffer));
@@ -405,12 +411,12 @@ _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var)
while ((length = strspn(ptr, " \t")) > 0) {
ptr += length; /* remove leading whitespace */
D((ptr));
- if (strncmp(ptr,"DEFAULT=",8) == 0) {
- ptr+=8;
+ if ((tmpptr = pam_str_skip_prefix(ptr, "DEFAULT=")) != NULL) {
+ ptr = tmpptr;
D(("Default arg found: <%s>", ptr));
valptr=&(var->defval);
- } else if (strncmp(ptr, "OVERRIDE=", 9) == 0) {
- ptr+=9;
+ } else if ((tmpptr = pam_str_skip_prefix(ptr, "OVERRIDE=")) != NULL) {
+ ptr = tmpptr;
D(("Override arg found: <%s>", ptr));
valptr=&(var->override);
} else {
@@ -500,7 +506,7 @@ static int _check_var(pam_handle_t *pamh, VAR *var)
/* Now its easy */
- if (var->override && *(var->override) && &quote != var->override) {
+ if (var->override && *(var->override)) {
/* if there is a non-empty string in var->override, we use it */
D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override));
var->value = var->override;
@@ -513,7 +519,6 @@ static int _check_var(pam_handle_t *pamh, VAR *var)
* This means that the empty string was given for defval value
* which indicates that a variable should be defined with no value
*/
- *var->defval = '\0';
D(("An empty variable: <%s>", var->name));
retval = DEFINE_VAR;
} else if (var->defval) {
@@ -543,9 +548,11 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
/* I know this shouldn't be hard-coded but it's so much easier this way */
char tmp[MAX_ENV];
+ size_t idx;
D(("Remember to initialize tmp!"));
memset(tmp, 0, MAX_ENV);
+ idx = 0;
/*
* (possibly non-existent) environment variables can be used as values
@@ -563,8 +570,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
pam_syslog(pamh, LOG_ERR,
"Unrecognized escaped character: <%c> - ignoring",
*orig);
- } else if ((strlen(tmp) + 1) < MAX_ENV) {
- tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ } else if (idx + 1 < MAX_ENV) {
+ tmp[idx++] = *orig++; /* Note the increment */
} else {
/* is it really a good idea to try to log this? */
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -580,8 +587,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
" <%s> - ignoring", orig));
pam_syslog(pamh, LOG_ERR, "Expandable variables must be wrapped in {}"
" <%s> - ignoring", orig);
- if ((strlen(tmp) + 1) < MAX_ENV) {
- tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ if (idx + 1 < MAX_ENV) {
+ tmp[idx++] = *orig++; /* Note the increment */
}
continue;
} else {
@@ -625,8 +632,10 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
} /* switch */
if (tmpptr) {
- if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) {
- strcat(tmp, tmpptr);
+ size_t len = strlen(tmpptr);
+ if (idx + len < MAX_ENV) {
+ strcpy(tmp + idx, tmpptr);
+ idx += len;
} else {
/* is it really a good idea to try to log this? */
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -637,8 +646,8 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
}
} /* if ('{' != *orig++) */
} else { /* if ( '$' == *orig || '@' == *orig) */
- if ((strlen(tmp) + 1) < MAX_ENV) {
- tmp[strlen(tmp)] = *orig++; /* Note the increment */
+ if (idx + 1 < MAX_ENV) {
+ tmp[idx++] = *orig++; /* Note the increment */
} else {
/* is it really a good idea to try to log this? */
D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr));
@@ -649,17 +658,17 @@ static int _expand_arg(pam_handle_t *pamh, char **value)
}
} /* for (;*orig;) */
- if (strlen(tmp) > strlen(*value)) {
+ if (idx > strlen(*value)) {
free(*value);
- if ((*value = malloc(strlen(tmp) +1)) == NULL) {
- D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1));
+ if ((*value = malloc(idx + 1)) == NULL) {
+ D(("Couldn't malloc %d bytes for expanded var", idx + 1));
pam_syslog (pamh, LOG_CRIT, "Couldn't malloc %lu bytes for expanded var",
- (unsigned long)strlen(tmp)+1);
+ (unsigned long)idx+1);
return PAM_BUF_ERR;
}
}
strcpy(*value, tmp);
- memset(tmp,'\0',sizeof(tmp));
+ memset(tmp, '\0', sizeof(tmp));
D(("Exit."));
return PAM_SUCCESS;
@@ -699,7 +708,7 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name)
if (itemval && (strcmp(name, "HOME") == 0 || strcmp(name, "SHELL") == 0)) {
struct passwd *user_entry;
- user_entry = pam_modutil_getpwnam (pamh, (char *) itemval);
+ user_entry = pam_modutil_getpwnam (pamh, itemval);
if (!user_entry) {
pam_syslog(pamh, LOG_ERR, "No such user!?");
return NULL;
diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf
index 30e9d008..2549e430 100644
--- a/modules/pam_env/pam_env.conf
+++ b/modules/pam_env/pam_env.conf
@@ -26,7 +26,7 @@
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE.
-# DEFAULT allows and administrator to set the value of the
+# DEFAULT allows an administrator to set the value of the
# variable to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
diff --git a/modules/pam_env/pam_env.conf.5 b/modules/pam_env/pam_env.conf.5
index ffa35a13..3a7155b0 100644
--- a/modules/pam_env/pam_env.conf.5
+++ b/modules/pam_env/pam_env.conf.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_env.conf
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ENV\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ENV\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_exec/Makefile.am b/modules/pam_exec/Makefile.am
index 293c00ae..713de6af 100644
--- a/modules/pam_exec/Makefile.am
+++ b/modules/pam_exec/Makefile.am
@@ -5,16 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
-
-man_MANS = pam_exec.8
+EXTRA_DIST = $(XMLS)
+if HAVE_DOC
+dist_man_MANS = pam_exec.8
+endif
XMLS = README.xml pam_exec.8.xml
+dist_check_SCRIPTS = tst-pam_exec
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,12 +28,6 @@ securelib_LTLIBRARIES = pam_exec.la
pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
-
-noinst_DATA = README
-
-README: pam_exec.8.xml
-
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-TESTS = tst-pam_exec
diff --git a/modules/pam_exec/Makefile.in b/modules/pam_exec/Makefile.in
index 98809774..84bc31ab 100644
--- a/modules/pam_exec/Makefile.in
+++ b/modules/pam_exec/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_exec
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_exec.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec
-man_MANS = pam_exec.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_exec.8
XMLS = README.xml pam_exec.8.xml
+dist_check_SCRIPTS = tst-pam_exec
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_exec.la
pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
-TESTS = tst-pam_exec
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_exec/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_exec/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_exec.log: tst-pam_exec
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_exec.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_exec.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,8 +1137,7 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_exec.8.xml
+.PRECIOUS: Makefile
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
diff --git a/modules/pam_exec/README b/modules/pam_exec/README
index efdd32dd..57147c80 100644
--- a/modules/pam_exec/README
+++ b/modules/pam_exec/README
@@ -12,7 +12,7 @@ environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and
PAM_TYPE, which contains one of the module types: account, auth, password,
open_session and close_session.
-Commands called by pam_exec need to be aware of that the user can have controll
+Commands called by pam_exec need to be aware of that the user can have control
over the environment.
OPTIONS
diff --git a/modules/pam_exec/pam_exec.8 b/modules/pam_exec/pam_exec.8
index f4cff034..8e9093e0 100644
--- a/modules/pam_exec/pam_exec.8
+++ b/modules/pam_exec/pam_exec.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_exec
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_EXEC" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_EXEC" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -53,7 +53,7 @@ and
and
\fBclose_session\fR\&.
.PP
-Commands called by pam_exec need to be aware of that the user can have controll over the environment\&.
+Commands called by pam_exec need to be aware of that the user can have control over the environment\&.
.SH "OPTIONS"
.PP
.PP
@@ -113,6 +113,21 @@ PAM_SUCCESS
The external command was run successfully\&.
.RE
.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
PAM_SERVICE_ERR
.RS 4
No argument or a wrong number of arguments were given\&.
diff --git a/modules/pam_exec/pam_exec.8.xml b/modules/pam_exec/pam_exec.8.xml
index d1b00a21..1f217339 100644
--- a/modules/pam_exec/pam_exec.8.xml
+++ b/modules/pam_exec/pam_exec.8.xml
@@ -75,7 +75,7 @@
<para>
Commands called by pam_exec need to be aware of that the user
- can have controll over the environment.
+ can have control over the environment.
</para>
</refsect1>
@@ -201,6 +201,35 @@
</varlistentry>
<varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_CONV_ERR</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ failed to obtain the username.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_INCOMPLETE</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ returned PAM_CONV_AGAIN.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c
index 52dc6818..5ca85ab3 100644
--- a/modules/pam_exec/pam_exec.c
+++ b/modules/pam_exec/pam_exec.c
@@ -49,16 +49,11 @@
#include <sys/stat.h>
#include <sys/types.h>
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
#include <security/_pam_macros.h>
+#include "pam_inline.h"
#define ENV_ITEM(n) { (n), #n }
static struct {
@@ -102,11 +97,13 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
int use_stdout = 0;
int optargc;
const char *logfile = NULL;
- const char *authtok = NULL;
+ char authtok[PAM_MAX_RESP_SIZE] = {};
pid_t pid;
int fds[2];
int stdout_fds[2];
FILE *stdout_file = NULL;
+ int retval;
+ const char *name;
if (argc < 1) {
pam_syslog (pamh, LOG_ERR,
@@ -116,6 +113,8 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
for (optargc = 0; optargc < argc; optargc++)
{
+ const char *str;
+
if (argv[optargc][0] == '/') /* paths starts with / */
break;
@@ -123,11 +122,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
debug = 1;
else if (strcasecmp (argv[optargc], "stdout") == 0)
use_stdout = 1;
- else if (strncasecmp (argv[optargc], "log=", 4) == 0)
- logfile = &argv[optargc][4];
- else if (strncasecmp (argv[optargc], "type=", 5) == 0)
+ else if ((str = pam_str_skip_icase_prefix (argv[optargc], "log=")) != NULL)
+ logfile = str;
+ else if ((str = pam_str_skip_icase_prefix (argv[optargc], "type=")) != NULL)
{
- if (strcmp (pam_type, &argv[optargc][5]) != 0)
+ if (strcmp (pam_type, str) != 0)
return PAM_IGNORE;
}
else if (strcasecmp (argv[optargc], "seteuid") == 0)
@@ -140,6 +139,16 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
break; /* Unknown option, assume program to execute. */
}
+ /* Request user name to be available. */
+
+ retval = pam_get_user(pamh, &name, NULL);
+ if (retval != PAM_SUCCESS)
+ {
+ if (retval == PAM_CONV_AGAIN)
+ retval = PAM_INCOMPLETE;
+ return retval;
+ }
+
if (expose_authtok == 1)
{
if (strcmp (pam_type, "auth") != 0)
@@ -151,7 +160,6 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
else
{
const void *void_pass;
- int retval;
retval = pam_get_item (pamh, PAM_AUTHTOK, &void_pass);
if (retval != PAM_SUCCESS)
@@ -180,12 +188,12 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
if (resp)
{
pam_set_item (pamh, PAM_AUTHTOK, resp);
- authtok = strndupa (resp, PAM_MAX_RESP_SIZE);
+ strncpy (authtok, resp, sizeof(authtok) - 1);
_pam_drop (resp);
}
}
else
- authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE);
+ strncpy (authtok, void_pass, sizeof(authtok) - 1);
if (pipe(fds) != 0)
{
@@ -221,27 +229,18 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
if (pid > 0) /* parent */
{
int status = 0;
- pid_t retval;
+ pid_t rc;
if (expose_authtok) /* send the password to the child */
{
- if (authtok != NULL)
- { /* send the password to the child */
- if (debug)
- pam_syslog (pamh, LOG_DEBUG, "send password to child");
- if (write(fds[1], authtok, strlen(authtok)+1) == -1)
- pam_syslog (pamh, LOG_ERR,
- "sending password to child failed: %m");
- authtok = NULL;
- }
- else
- {
- if (write(fds[1], "", 1) == -1) /* blank password */
- pam_syslog (pamh, LOG_ERR,
- "sending password to child failed: %m");
- }
- close(fds[0]); /* close here to avoid possible SIGPIPE above */
- close(fds[1]);
+ if (debug)
+ pam_syslog (pamh, LOG_DEBUG, "send password to child");
+ if (write(fds[1], authtok, strlen(authtok)) == -1)
+ pam_syslog (pamh, LOG_ERR,
+ "sending password to child failed: %m");
+
+ close(fds[0]); /* close here to avoid possible SIGPIPE above */
+ close(fds[1]);
}
if (use_stdout)
@@ -259,9 +258,9 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
fclose(stdout_file);
}
- while ((retval = waitpid (pid, &status, 0)) == -1 &&
+ while ((rc = waitpid (pid, &status, 0)) == -1 &&
errno == EINTR);
- if (retval == (pid_t)-1)
+ if (rc == (pid_t)-1)
{
pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m");
return PAM_SYSTEM_ERR;
@@ -423,7 +422,7 @@ call_exec (const char *pam_type, pam_handle_t *pamh,
envlist = pam_getenvlist(pamh);
for (envlen = 0; envlist[envlen] != NULL; ++envlen)
/* nothing */ ;
- nitems = sizeof(env_items) / sizeof(*env_items);
+ nitems = PAM_ARRAY_SIZE(env_items);
/* + 2 because of PAM_TYPE and NULL entry */
tmp = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist));
if (tmp == NULL)
diff --git a/modules/pam_faildelay/Makefile.am b/modules/pam_faildelay/Makefile.am
index 9166d582..3a49a117 100644
--- a/modules/pam_faildelay/Makefile.am
+++ b/modules/pam_faildelay/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_faildelay.8
+if HAVE_DOC
+dist_man_MANS = pam_faildelay.8
+endif
XMLS = README.xml pam_faildelay.8.xml
-
-TESTS = tst-pam_faildelay
+dist_check_SCRIPTS = tst-pam_faildelay
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
securelib_LTLIBRARIES = pam_faildelay.la
pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la
+check_PROGRAMS = tst-pam_faildelay-retval
+tst_pam_faildelay_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_faildelay.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_faildelay/Makefile.in b/modules/pam_faildelay/Makefile.in
index 72ef61ed..6eddb0c0 100644
--- a/modules/pam_faildelay/Makefile.in
+++ b/modules/pam_faildelay/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,10 +94,8 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+check_PROGRAMS = tst-pam_faildelay-retval$(EXEEXT)
subdir = modules/pam_faildelay
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +111,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,6 +153,10 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
+tst_pam_faildelay_retval_SOURCES = tst-pam_faildelay-retval.c
+tst_pam_faildelay_retval_OBJECTS = tst-pam_faildelay-retval.$(OBJEXT)
+tst_pam_faildelay_retval_DEPENDENCIES = \
+ $(top_builddir)/libpam/libpam.la
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -157,7 +171,9 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_faildelay.Plo \
+ ./$(DEPDIR)/tst-pam_faildelay-retval.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -177,8 +193,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = pam_faildelay.c
-DIST_SOURCES = pam_faildelay.c
+SOURCES = pam_faildelay.c tst-pam_faildelay-retval.c
+DIST_SOURCES = pam_faildelay.c tst-pam_faildelay-retval.c
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -186,8 +202,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +401,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +432,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +442,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +477,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +514,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +589,21 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay
-man_MANS = pam_faildelay.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_faildelay.8
XMLS = README.xml pam_faildelay.8.xml
-TESTS = tst-pam_faildelay
+dist_check_SCRIPTS = tst-pam_faildelay
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_faildelay.la
pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+tst_pam_faildelay_retval_LDADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +620,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_faildelay/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -611,6 +638,15 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
+clean-checkPROGRAMS:
+ @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
@$(NORMAL_INSTALL)
@list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
@@ -649,27 +685,38 @@ clean-securelibLTLIBRARIES:
pam_faildelay.la: $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_DEPENDENCIES) $(EXTRA_pam_faildelay_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_LIBADD) $(LIBS)
+tst-pam_faildelay-retval$(EXEEXT): $(tst_pam_faildelay_retval_OBJECTS) $(tst_pam_faildelay_retval_DEPENDENCIES) $(EXTRA_tst_pam_faildelay_retval_DEPENDENCIES)
+ @rm -f tst-pam_faildelay-retval$(EXEEXT)
+ $(AM_V_CCLD)$(LINK) $(tst_pam_faildelay_retval_OBJECTS) $(tst_pam_faildelay_retval_LDADD) $(LIBS)
+
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tst-pam_faildelay-retval.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +730,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +768,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +856,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +946,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(check_PROGRAMS) $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +956,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(check_PROGRAMS) $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -927,6 +974,13 @@ tst-pam_faildelay.log: tst-pam_faildelay
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
+tst-pam_faildelay-retval.log: tst-pam_faildelay-retval$(EXEEXT)
+ @p='tst-pam_faildelay-retval$(EXEEXT)'; \
+ b='tst-pam_faildelay-retval'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
.test.log:
@p='$<'; \
$(am__set_b); \
@@ -942,7 +996,10 @@ tst-pam_faildelay.log: tst-pam_faildelay
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1030,8 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) \
+ $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1017,11 +1076,12 @@ maintainer-clean-generic:
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
-clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
- mostlyclean-am
+clean-am: clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_faildelay.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_faildelay-retval.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1127,8 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_faildelay.Plo
+ -rm -f ./$(DEPDIR)/tst-pam_faildelay-retval.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1151,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-checkPROGRAMS clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1168,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_faildelay.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_faildelay/pam_faildelay.8 b/modules/pam_faildelay/pam_faildelay.8
index 60818dda..4cefeed0 100644
--- a/modules/pam_faildelay/pam_faildelay.8
+++ b/modules/pam_faildelay/pam_faildelay.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_faildelay
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_FAILDELAY" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FAILDELAY" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c
index 7ea8f837..02c5fafd 100644
--- a/modules/pam_faildelay/pam_faildelay.c
+++ b/modules/pam_faildelay/pam_faildelay.c
@@ -1,6 +1,6 @@
-/* pam_faildelay module */
-
/*
+ * pam_faildelay module
+ *
* Allows an admin to set the delay on failure per-application.
* Provides "auth" interface only.
*
@@ -70,86 +70,12 @@
#include <string.h>
#include <stdlib.h>
-
-#define PAM_SM_AUTH
-
#include <security/pam_modules.h>
#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
-
-#define BUF_SIZE 8192
#define LOGIN_DEFS "/etc/login.defs"
-static char *
-search_key (const char *filename)
-{
- FILE *fp;
- char *buf = NULL;
- size_t buflen = 0;
- char *retval = NULL;
-
- fp = fopen (filename, "r");
- if (NULL == fp)
- return NULL;
-
- while (!feof (fp))
- {
- char *tmp, *cp;
-#if defined(HAVE_GETLINE)
- ssize_t n = getline (&buf, &buflen, fp);
-#elif defined (HAVE_GETDELIM)
- ssize_t n = getdelim (&buf, &buflen, '\n', fp);
-#else
- ssize_t n;
-
- if (buf == NULL)
- {
- buflen = BUF_SIZE;
- buf = malloc (buflen);
- }
- buf[0] = '\0';
- if (fgets (buf, buflen - 1, fp) == NULL)
- break;
- else if (buf != NULL)
- n = strlen (buf);
- else
- n = 0;
-#endif /* HAVE_GETLINE / HAVE_GETDELIM */
- cp = buf;
-
- if (n < 1)
- break;
-
- tmp = strchr (cp, '#'); /* remove comments */
- if (tmp)
- *tmp = '\0';
- while (isspace ((int)*cp)) /* remove spaces and tabs */
- ++cp;
- if (*cp == '\0') /* ignore empty lines */
- continue;
-
- if (cp[strlen (cp) - 1] == '\n')
- cp[strlen (cp) - 1] = '\0';
-
- tmp = strsep (&cp, " \t=");
- if (cp != NULL)
- while (isspace ((int)*cp) || *cp == '=')
- ++cp;
-
- if (strcasecmp (tmp, "FAIL_DELAY") == 0)
- {
- retval = strdup (cp);
- break;
- }
- }
- fclose (fp);
-
- free (buf);
-
- return retval;
-}
-
-
/* --- authentication management functions (only) --- */
int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
@@ -171,7 +97,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED,
if (delay == -1)
{
char *endptr;
- char *val = search_key (LOGIN_DEFS);
+ char *val = pam_modutil_search_key (pamh, LOGIN_DEFS, "FAIL_DELAY");
const char *val_orig = val;
if (val == NULL)
diff --git a/modules/pam_faildelay/tst-pam_faildelay-retval.c b/modules/pam_faildelay/tst-pam_faildelay-retval.c
new file mode 100644
index 00000000..cbd8f2a8
--- /dev/null
+++ b/modules/pam_faildelay/tst-pam_faildelay-retval.c
@@ -0,0 +1,88 @@
+/*
+ * Check pam_faildelay return values.
+ *
+ * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org>
+ */
+
+#include "test_assert.h"
+
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <security/pam_appl.h>
+
+#define MODULE_NAME "pam_faildelay"
+#define TEST_NAME "tst-" MODULE_NAME "-retval"
+
+static const char service_file[] = TEST_NAME ".service";
+static const char user_name[] = "";
+static struct pam_conv conv;
+
+int
+main(void)
+{
+ pam_handle_t *pamh = NULL;
+ FILE *fp;
+ char cwd[PATH_MAX];
+
+ ASSERT_NE(NULL, getcwd(cwd, sizeof(cwd)));
+
+ /* PAM_IGNORE -> PAM_PERM_DENIED */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so delay=1\n"
+ "account required %s/.libs/%s.so delay=1\n"
+ "password required %s/.libs/%s.so delay=1\n"
+ "session required %s/.libs/%s.so delay=1\n",
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME,
+ cwd, MODULE_NAME));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ /* PAM_IGNORE -> PAM_SUCCESS */
+ ASSERT_NE(NULL, fp = fopen(service_file, "w"));
+ ASSERT_LT(0, fprintf(fp, "#%%PAM-1.0\n"
+ "auth required %s/.libs/%s.so delay=1\n"
+ "auth required %s/../pam_permit/.libs/pam_permit.so\n"
+ "account required %s/.libs/%s.so delay=1\n"
+ "account required %s/../pam_permit/.libs/pam_permit.so\n"
+ "password required %s/.libs/%s.so delay=1\n"
+ "password required %s/../pam_permit/.libs/pam_permit.so\n"
+ "session required %s/.libs/%s.so delay=1\n"
+ "session required %s/../pam_permit/.libs/pam_permit.so\n",
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd,
+ cwd, MODULE_NAME, cwd));
+ ASSERT_EQ(0, fclose(fp));
+
+ ASSERT_EQ(PAM_SUCCESS,
+ pam_start_confdir(service_file, user_name, &conv, ".", &pamh));
+ ASSERT_NE(NULL, pamh);
+ ASSERT_EQ(PAM_SUCCESS, pam_authenticate(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_setcred(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_acct_mgmt(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
+ ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
+ ASSERT_EQ(PAM_SUCCESS, pam_end(pamh, 0));
+ pamh = NULL;
+
+ ASSERT_EQ(0, unlink(service_file));
+
+ return 0;
+}
diff --git a/modules/pam_faillock/Makefile.am b/modules/pam_faillock/Makefile.am
new file mode 100644
index 00000000..b1f2b3e5
--- /dev/null
+++ b/modules/pam_faillock/Makefile.am
@@ -0,0 +1,50 @@
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+
+EXTRA_DIST = $(XMLS)
+
+if HAVE_DOC
+dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+endif
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+
+noinst_HEADERS = faillock.h
+
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+if HAVE_VERSIONING
+ pam_faillock_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
+endif
+
+faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+
+dist_secureconf_DATA = faillock.conf
+
+securelib_LTLIBRARIES = pam_faillock.la
+sbin_PROGRAMS = faillock
+
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_faillock/Makefile.in b/modules/pam_faillock/Makefile.in
new file mode 100644
index 00000000..b2a80262
--- /dev/null
+++ b/modules/pam_faillock/Makefile.in
@@ -0,0 +1,1340 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk <kukuk@thkukuk.de>
+# Copyright (c) 2008, 2018, 2020 Red Hat, Inc.
+# Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+#
+
+
+
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
+sbin_PROGRAMS = faillock$(EXEEXT)
+subdir = modules/pam_faillock
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+ $(top_srcdir)/m4/japhar_grep_cflags.m4 \
+ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \
+ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \
+ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(noinst_HEADERS) $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" \
+ "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" \
+ "$(DESTDIR)$(secureconfdir)"
+PROGRAMS = $(sbin_PROGRAMS)
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+LTLIBRARIES = $(securelib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+pam_faillock_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(am__DEPENDENCIES_1)
+am_pam_faillock_la_OBJECTS = pam_faillock.lo faillock.lo
+pam_faillock_la_OBJECTS = $(am_pam_faillock_la_OBJECTS)
+AM_V_lt = $(am__v_lt_@AM_V@)
+am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
+am__v_lt_0 = --silent
+am__v_lt_1 =
+pam_faillock_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(pam_faillock_la_LDFLAGS) $(LDFLAGS) \
+ -o $@
+am_faillock_OBJECTS = faillock-main.$(OBJEXT) \
+ faillock-faillock.$(OBJEXT)
+faillock_OBJECTS = $(am_faillock_OBJECTS)
+faillock_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \
+ $(am__DEPENDENCIES_1)
+faillock_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(faillock_CFLAGS) \
+ $(CFLAGS) $(faillock_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/faillock-faillock.Po \
+ ./$(DEPDIR)/faillock-main.Po ./$(DEPDIR)/faillock.Plo \
+ ./$(DEPDIR)/pam_faillock.Plo
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_@AM_V@)
+am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
+am__v_CC_0 = @echo " CC " $@;
+am__v_CC_1 =
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_@AM_V@)
+am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
+am__v_CCLD_0 = @echo " CCLD " $@;
+am__v_CCLD_1 =
+SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+DIST_SOURCES = $(pam_faillock_la_SOURCES) $(faillock_SOURCES)
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
+HEADERS = $(noinst_HEADERS)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+am__tty_colors_dummy = \
+ mgn= red= grn= lgn= blu= brg= std=; \
+ am__color_tests=no
+am__tty_colors = { \
+ $(am__tty_colors_dummy); \
+ if test "X$(AM_COLOR_TESTS)" = Xno; then \
+ am__color_tests=no; \
+ elif test "X$(AM_COLOR_TESTS)" = Xalways; then \
+ am__color_tests=yes; \
+ elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \
+ am__color_tests=yes; \
+ fi; \
+ if test $$am__color_tests = yes; then \
+ red=''; \
+ grn=''; \
+ lgn=''; \
+ blu=''; \
+ mgn=''; \
+ brg=''; \
+ std=''; \
+ fi; \
+}
+am__recheck_rx = ^[ ]*:recheck:[ ]*
+am__global_test_result_rx = ^[ ]*:global-test-result:[ ]*
+am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]*
+# A command that, given a newline-separated list of test names on the
+# standard input, print the name of the tests that are to be re-run
+# upon "make recheck".
+am__list_recheck_tests = $(AWK) '{ \
+ recheck = 1; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ { \
+ if ((getline line2 < ($$0 ".log")) < 0) \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \
+ { \
+ recheck = 0; \
+ break; \
+ } \
+ else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \
+ { \
+ break; \
+ } \
+ }; \
+ if (recheck) \
+ print $$0; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# A command that, given a newline-separated list of test names on the
+# standard input, create the global log from their .trs and .log files.
+am__create_global_log = $(AWK) ' \
+function fatal(msg) \
+{ \
+ print "fatal: making $@: " msg | "cat >&2"; \
+ exit 1; \
+} \
+function rst_section(header) \
+{ \
+ print header; \
+ len = length(header); \
+ for (i = 1; i <= len; i = i + 1) \
+ printf "="; \
+ printf "\n\n"; \
+} \
+{ \
+ copy_in_global_log = 1; \
+ global_test_result = "RUN"; \
+ while ((rc = (getline line < ($$0 ".trs"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".trs"); \
+ if (line ~ /$(am__global_test_result_rx)/) \
+ { \
+ sub("$(am__global_test_result_rx)", "", line); \
+ sub("[ ]*$$", "", line); \
+ global_test_result = line; \
+ } \
+ else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \
+ copy_in_global_log = 0; \
+ }; \
+ if (copy_in_global_log) \
+ { \
+ rst_section(global_test_result ": " $$0); \
+ while ((rc = (getline line < ($$0 ".log"))) != 0) \
+ { \
+ if (rc < 0) \
+ fatal("failed to read from " $$0 ".log"); \
+ print line; \
+ }; \
+ printf "\n"; \
+ }; \
+ close ($$0 ".trs"); \
+ close ($$0 ".log"); \
+}'
+# Restructured Text title.
+am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; }
+# Solaris 10 'make', and several other traditional 'make' implementations,
+# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it
+# by disabling -e (using the XSI extension "set +e") if it's set.
+am__sh_e_setup = case $$- in *e*) set +e;; esac
+# Default flags passed to test drivers.
+am__common_driver_flags = \
+ --color-tests "$$am__color_tests" \
+ --enable-hard-errors "$$am__enable_hard_errors" \
+ --expect-failure "$$am__expect_failure"
+# To be inserted before the command running the test. Creates the
+# directory for the log if needed. Stores in $dir the directory
+# containing $f, in $tst the test, in $log the log. Executes the
+# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and
+# passes TESTS_ENVIRONMENT. Set up options for the wrapper that
+# will run the test scripts (or their associated LOG_COMPILER, if
+# thy have one).
+am__check_pre = \
+$(am__sh_e_setup); \
+$(am__vpath_adj_setup) $(am__vpath_adj) \
+$(am__tty_colors); \
+srcdir=$(srcdir); export srcdir; \
+case "$@" in \
+ */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \
+ *) am__odir=.;; \
+esac; \
+test "x$$am__odir" = x"." || test -d "$$am__odir" \
+ || $(MKDIR_P) "$$am__odir" || exit $$?; \
+if test -f "./$$f"; then dir=./; \
+elif test -f "$$f"; then dir=; \
+else dir="$(srcdir)/"; fi; \
+tst=$$dir$$f; log='$@'; \
+if test -n '$(DISABLE_HARD_ERRORS)'; then \
+ am__enable_hard_errors=no; \
+else \
+ am__enable_hard_errors=yes; \
+fi; \
+case " $(XFAIL_TESTS) " in \
+ *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \
+ am__expect_failure=yes;; \
+ *) \
+ am__expect_failure=no;; \
+esac; \
+$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT)
+# A shell command to get the names of the tests scripts with any registered
+# extension removed (i.e., equivalently, the names of the test logs, with
+# the '.log' extension removed). The result is saved in the shell variable
+# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly,
+# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)",
+# since that might cause problem with VPATH rewrites for suffix-less tests.
+# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'.
+am__set_TESTS_bases = \
+ bases='$(TEST_LOGS)'; \
+ bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \
+ bases=`echo $$bases`
+RECHECK_LOGS = $(TEST_LOGS)
+AM_RECURSIVE_TARGETS = check recheck
+TEST_SUITE_LOG = test-suite.log
+TEST_EXTENSIONS = @EXEEXT@ .test
+LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS)
+am__set_b = \
+ case '$@' in \
+ */*) \
+ case '$*' in \
+ */*) b='$*';; \
+ *) b=`echo '$@' | sed 's/\.log$$//'`; \
+ esac;; \
+ *) \
+ b='$*';; \
+ esac
+am__test_logs1 = $(TESTS:=.log)
+am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log)
+TEST_LOGS = $(am__test_logs2:.test.log=.log)
+TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
+TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
+ $(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BROWSER = @BROWSER@
+BUILD_CFLAGS = @BUILD_CFLAGS@
+BUILD_CPPFLAGS = @BUILD_CPPFLAGS@
+BUILD_LDFLAGS = @BUILD_LDFLAGS@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CC_FOR_BUILD = @CC_FOR_BUILD@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+FO2PDF = @FO2PDF@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBDB = @LIBDB@
+LIBDL = @LIBDL@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@
+LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@
+LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@
+LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@
+LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@
+LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@
+LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NIS_CFLAGS = @NIS_CFLAGS@
+NIS_LIBS = @NIS_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSL_CFLAGS = @NSL_CFLAGS@
+NSL_LIBS = @NSL_LIBS@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PIE_CFLAGS = @PIE_CFLAGS@
+PIE_LDFLAGS = @PIE_LDFLAGS@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
+STRIP = @STRIP@
+TIRPC_CFLAGS = @TIRPC_CFLAGS@
+TIRPC_LIBS = @TIRPC_LIBS@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XMLLINT = @XMLLINT@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libc_cv_fpie = @libc_cv_fpie@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pam_cv_ld_O1 = @pam_cv_ld_O1@
+pam_cv_ld_as_needed = @pam_cv_ld_as_needed@
+pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@
+pam_xauth_path = @pam_xauth_path@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+CLEANFILES = *~
+MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_faillock.8 faillock.8 faillock.conf.5
+XMLS = README.xml pam_faillock.8.xml faillock.8.xml faillock.conf.5.xml
+dist_check_SCRIPTS = tst-pam_faillock
+TESTS = $(dist_check_SCRIPTS)
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
+noinst_HEADERS = faillock.h
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
+faillock_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@
+pam_faillock_la_LDFLAGS = -no-undefined -avoid-version -module \
+ $(am__append_1)
+pam_faillock_la_LIBADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+faillock_LDFLAGS = @PIE_LDFLAGS@
+faillock_LDADD = $(top_builddir)/libpam/libpam.la $(LIBAUDIT)
+dist_secureconf_DATA = faillock.conf
+securelib_LTLIBRARIES = pam_faillock.la
+pam_faillock_la_SOURCES = pam_faillock.c faillock.c
+faillock_SOURCES = main.c faillock.c
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faillock/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu modules/pam_faillock/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-sbinPROGRAMS: $(sbin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
+ fi; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p \
+ || test -f $$p1 \
+ ; then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' \
+ -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-sbinPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' \
+ `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(sbindir)" && rm -f $$files
+
+clean-sbinPROGRAMS:
+ @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+
+install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(MKDIR_P) '$(DESTDIR)$(securelibdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(securelibdir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \
+ }
+
+uninstall-securelibLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \
+ done
+
+clean-securelibLTLIBRARIES:
+ -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES)
+ @list='$(securelib_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+pam_faillock.la: $(pam_faillock_la_OBJECTS) $(pam_faillock_la_DEPENDENCIES) $(EXTRA_pam_faillock_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(pam_faillock_la_LINK) -rpath $(securelibdir) $(pam_faillock_la_OBJECTS) $(pam_faillock_la_LIBADD) $(LIBS)
+
+faillock$(EXEEXT): $(faillock_OBJECTS) $(faillock_DEPENDENCIES) $(EXTRA_faillock_DEPENDENCIES)
+ @rm -f faillock$(EXEEXT)
+ $(AM_V_CCLD)$(faillock_LINK) $(faillock_OBJECTS) $(faillock_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-faillock.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock-main.Po@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/faillock.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faillock.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
+
+faillock-main.o: main.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.o -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
+
+faillock-main.obj: main.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-main.obj -MD -MP -MF $(DEPDIR)/faillock-main.Tpo -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-main.Tpo $(DEPDIR)/faillock-main.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='faillock-main.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
+
+faillock-faillock.o: faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.o -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.o `test -f 'faillock.c' || echo '$(srcdir)/'`faillock.c
+
+faillock-faillock.obj: faillock.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -MT faillock-faillock.obj -MD -MP -MF $(DEPDIR)/faillock-faillock.Tpo -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/faillock-faillock.Tpo $(DEPDIR)/faillock-faillock.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='faillock.c' object='faillock-faillock.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(faillock_CFLAGS) $(CFLAGS) -c -o faillock-faillock.obj `if test -f 'faillock.c'; then $(CYGPATH_W) 'faillock.c'; else $(CYGPATH_W) '$(srcdir)/faillock.c'; fi`
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man5: $(dist_man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man5dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.5[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(dist_man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(dist_man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
+ @$(NORMAL_INSTALL)
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ if test -n "$$list"; then \
+ echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
+ fi; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
+ done
+
+uninstall-dist_secureconfDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-am
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-am
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-am
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+# Recover from deleted '.trs' file; this should ensure that
+# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create
+# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells
+# to avoid problems with "make -n".
+.log.trs:
+ rm -f $< $@
+ $(MAKE) $(AM_MAKEFLAGS) $<
+
+# Leading 'am--fnord' is there to ensure the list of targets does not
+# expand to empty, as could happen e.g. with make check TESTS=''.
+am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck)
+am--force-recheck:
+ @:
+
+$(TEST_SUITE_LOG): $(TEST_LOGS)
+ @$(am__set_TESTS_bases); \
+ am__f_ok () { test -f "$$1" && test -r "$$1"; }; \
+ redo_bases=`for i in $$bases; do \
+ am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \
+ done`; \
+ if test -n "$$redo_bases"; then \
+ redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \
+ redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \
+ if $(am__make_dryrun); then :; else \
+ rm -f $$redo_logs && rm -f $$redo_results || exit 1; \
+ fi; \
+ fi; \
+ if test -n "$$am__remaking_logs"; then \
+ echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
+ "recursion detected" >&2; \
+ elif test -n "$$redo_logs"; then \
+ am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
+ fi; \
+ if $(am__make_dryrun); then :; else \
+ st=0; \
+ errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \
+ for i in $$redo_bases; do \
+ test -f $$i.trs && test -r $$i.trs \
+ || { echo "$$errmsg $$i.trs" >&2; st=1; }; \
+ test -f $$i.log && test -r $$i.log \
+ || { echo "$$errmsg $$i.log" >&2; st=1; }; \
+ done; \
+ test $$st -eq 0 || exit 1; \
+ fi
+ @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \
+ ws='[ ]'; \
+ results=`for b in $$bases; do echo $$b.trs; done`; \
+ test -n "$$results" || results=/dev/null; \
+ all=` grep "^$$ws*:test-result:" $$results | wc -l`; \
+ pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \
+ fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \
+ skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \
+ xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \
+ xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \
+ error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \
+ if test `expr $$fail + $$xpass + $$error` -eq 0; then \
+ success=true; \
+ else \
+ success=false; \
+ fi; \
+ br='==================='; br=$$br$$br$$br$$br; \
+ result_count () \
+ { \
+ if test x"$$1" = x"--maybe-color"; then \
+ maybe_colorize=yes; \
+ elif test x"$$1" = x"--no-color"; then \
+ maybe_colorize=no; \
+ else \
+ echo "$@: invalid 'result_count' usage" >&2; exit 4; \
+ fi; \
+ shift; \
+ desc=$$1 count=$$2; \
+ if test $$maybe_colorize = yes && test $$count -gt 0; then \
+ color_start=$$3 color_end=$$std; \
+ else \
+ color_start= color_end=; \
+ fi; \
+ echo "$${color_start}# $$desc $$count$${color_end}"; \
+ }; \
+ create_testsuite_report () \
+ { \
+ result_count $$1 "TOTAL:" $$all "$$brg"; \
+ result_count $$1 "PASS: " $$pass "$$grn"; \
+ result_count $$1 "SKIP: " $$skip "$$blu"; \
+ result_count $$1 "XFAIL:" $$xfail "$$lgn"; \
+ result_count $$1 "FAIL: " $$fail "$$red"; \
+ result_count $$1 "XPASS:" $$xpass "$$red"; \
+ result_count $$1 "ERROR:" $$error "$$mgn"; \
+ }; \
+ { \
+ echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \
+ $(am__rst_title); \
+ create_testsuite_report --no-color; \
+ echo; \
+ echo ".. contents:: :depth: 2"; \
+ echo; \
+ for b in $$bases; do echo $$b; done \
+ | $(am__create_global_log); \
+ } >$(TEST_SUITE_LOG).tmp || exit 1; \
+ mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \
+ if $$success; then \
+ col="$$grn"; \
+ else \
+ col="$$red"; \
+ test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \
+ fi; \
+ echo "$${col}$$br$${std}"; \
+ echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \
+ echo "$${col}$$br$${std}"; \
+ create_testsuite_report --maybe-color; \
+ echo "$$col$$br$$std"; \
+ if $$success; then :; else \
+ echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \
+ if test -n "$(PACKAGE_BUGREPORT)"; then \
+ echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \
+ fi; \
+ echo "$$col$$br$$std"; \
+ fi; \
+ $$success || exit 1
+
+check-TESTS: $(dist_check_SCRIPTS)
+ @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
+ @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ trs_list=`for i in $$bases; do echo $$i.trs; done`; \
+ log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
+ exit $$?;
+recheck: all $(dist_check_SCRIPTS)
+ @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+ @set +e; $(am__set_TESTS_bases); \
+ bases=`for i in $$bases; do echo $$i; done \
+ | $(am__list_recheck_tests)` || exit 1; \
+ log_list=`for i in $$bases; do echo $$i.log; done`; \
+ log_list=`echo $$log_list`; \
+ $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \
+ am__force_recheck=am--force-recheck \
+ TEST_LOGS="$$log_list"; \
+ exit $$?
+tst-pam_faillock.log: tst-pam_faillock
+ @p='tst-pam_faillock'; \
+ b='tst-pam_faillock'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+.test.log:
+ @p='$<'; \
+ $(am__set_b); \
+ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+@am__EXEEXT_TRUE@.test$(EXEEXT).log:
+@am__EXEEXT_TRUE@ @p='$<'; \
+@am__EXEEXT_TRUE@ $(am__set_b); \
+@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \
+@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \
+@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
+@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
+ $(MAKE) $(AM_MAKEFLAGS) check-TESTS
+check: check-am
+all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+ -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS)
+ -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs)
+ -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \
+ clean-securelibLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -f ./$(DEPDIR)/faillock-faillock.Po
+ -rm -f ./$(DEPDIR)/faillock-main.Po
+ -rm -f ./$(DEPDIR)/faillock.Plo
+ -rm -f ./$(DEPDIR)/pam_faillock.Plo
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-dist_secureconfDATA install-man \
+ install-securelibLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-sbinPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man5 install-man8
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f ./$(DEPDIR)/faillock-faillock.Po
+ -rm -f ./$(DEPDIR)/faillock-main.Po
+ -rm -f ./$(DEPDIR)/faillock.Plo
+ -rm -f ./$(DEPDIR)/pam_faillock.Plo
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
+ uninstall-sbinPROGRAMS uninstall-securelibLTLIBRARIES
+
+uninstall-man: uninstall-man5 uninstall-man8
+
+.MAKE: check-am install-am install-strip
+
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool clean-sbinPROGRAMS \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-sbinPROGRAMS \
+ install-securelibLTLIBRARIES install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ recheck tags tags-am uninstall uninstall-am \
+ uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+ uninstall-man8 uninstall-sbinPROGRAMS \
+ uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
+
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/modules/pam_faillock/README b/modules/pam_faillock/README
new file mode 100644
index 00000000..c88705ad
--- /dev/null
+++ b/modules/pam_faillock/README
@@ -0,0 +1,140 @@
+pam_faillock — Module counting authentication failures during a specified
+interval
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+This module maintains a list of failed authentication attempts per user during
+a specified interval and locks the account in case there were more than deny
+consecutive failed authentications.
+
+Normally, failed attempts to authenticate root will not cause the root account
+to become blocked, to prevent denial-of-service: if your users aren't given
+shell accounts and root may only login via su or at the machine console (not
+telnet/rsh, etc), this is safe.
+
+OPTIONS
+
+{preauth|authfail|authsucc}
+
+ This argument must be set accordingly to the position of this module
+ instance in the PAM stack.
+
+ The preauth argument must be used when the module is called before the
+ modules which ask for the user credentials such as the password. The module
+ just examines whether the user should be blocked from accessing the service
+ in case there were anomalous number of failed consecutive authentication
+ attempts recently. This call is optional if authsucc is used.
+
+ The authfail argument must be used when the module is called after the
+ modules which determine the authentication outcome, failed. Unless the user
+ is already blocked due to previous authentication failures, the module will
+ record the failure into the appropriate user tally file.
+
+ The authsucc argument must be used when the module is called after the
+ modules which determine the authentication outcome, succeeded. Unless the
+ user is already blocked due to previous authentication failures, the module
+ will then clear the record of the failures in the respective user tally
+ file. Otherwise it will return authentication error. If this call is not
+ done, the pam_faillock will not distinguish between consecutive and
+ non-consecutive failed authentication attempts. The preauth call must be
+ used in such case. Due to complications in the way the PAM stack can be
+ configured it is also possible to call pam_faillock as an account module.
+ In such configuration the module must be also called in the preauth stage.
+
+conf=/path/to/config-file
+
+ Use another configuration file instead of the default /etc/security/
+ faillock.conf.
+
+The options for configuring the module behavior are described in the
+faillock.conf(5) manual page. The options specified on the module command line
+override the values from the configuration file.
+
+NOTES
+
+Configuring options on the module command line is not recommend. The /etc/
+security/faillock.conf should be used instead.
+
+The setup of pam_faillock in the PAM stack is different from the pam_tally2
+module setup.
+
+Individual files with the failure records are created as owned by the user.
+This allows pam_faillock.so module to work correctly when it is called from a
+screensaver.
+
+Note that using the module in preauth without the silent option specified in /
+etc/security/faillock.conf or with requisite control field leaks an information
+about existence or non-existence of an user account in the system because the
+failures are not recorded for the unknown users. The message about the user
+account being locked is never displayed for non-existing user accounts allowing
+the adversary to infer that a particular account is not existing on a system.
+
+EXAMPLES
+
+Here are two possible configuration examples for /etc/pam.d/login. They make
+pam_faillock to lock the account after 4 consecutive failed logins during the
+default interval of 15 minutes. Root account will be locked as well. The
+accounts will be automatically unlocked after 20 minutes.
+
+In the first example the module is called only in the auth phase and the module
+does not print any information about the account being blocked by pam_faillock.
+The preauth call can be added to tell users that their logins are blocked by
+the module and also to abort the authentication without even asking for
+password in such case.
+
+/etc/security/faillock.conf file example:
+
+deny=4
+unlock_time=1200
+silent
+
+
+/etc/pam.d/config file example:
+
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth sufficient pam_faillock.so authsucc
+auth required pam_deny.so
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+
+
+In the second example the module is called both in the auth and account phases
+and the module informs the authenticating user when the account is locked if
+silent option is not specified in the faillock.conf.
+
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+auth required pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth required pam_deny.so
+account required pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+
+
+AUTHOR
+
+pam_faillock was written by Tomas Mraz.
+
diff --git a/modules/pam_faillock/README.xml b/modules/pam_faillock/README.xml
new file mode 100644
index 00000000..f0654dbe
--- /dev/null
+++ b/modules/pam_faillock/README.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_faillock.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faillock-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-notes"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_faillock.8.xml" xpointer='xpointer(//refsect1[@id = "pam_faillock-author"]/*)'/>
+ </section>
+
+</article>
diff --git a/modules/pam_faillock/faillock.8 b/modules/pam_faillock/faillock.8
new file mode 100644
index 00000000..3ba58aa0
--- /dev/null
+++ b/modules/pam_faillock/faillock.8
@@ -0,0 +1,78 @@
+'\" t
+.\" Title: faillock
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock \- Tool for displaying and modifying the authentication failure record files
+.SH "SYNOPSIS"
+.HP \w'\fBfaillock\fR\ 'u
+\fBfaillock\fR [\-\-dir\ \fI/path/to/tally\-directory\fR] [\-\-user\ \fIusername\fR] [\-\-reset]
+.SH "DESCRIPTION"
+.PP
+The
+\fIpam_faillock\&.so\fR
+module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&. It stores the failure records into per\-user files in the tally directory\&.
+.PP
+The
+\fBfaillock\fR
+command is an application which can be used to examine and modify the contents of the tally files\&. It can display the recent failed authentication attempts of the
+\fIusername\fR
+or clear the tally files of all or individual
+\fIusernames\fR\&.
+.SH "OPTIONS"
+.PP
+\fB\-\-dir \fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fB\-\-user \fR\fB\fIusername\fR\fR
+.RS 4
+The user whose failure records should be displayed or cleared\&.
+.RE
+.PP
+\fB\-\-reset\fR
+.RS 4
+Instead of displaying the user\*(Aqs failure records, clear them\&.
+.RE
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.SH "SEE ALSO"
+.PP
+\fBpam_faillock\fR(8),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+faillock was written by Tomas Mraz\&.
diff --git a/modules/pam_faillock/faillock.8.xml b/modules/pam_faillock/faillock.8.xml
new file mode 100644
index 00000000..6c20593c
--- /dev/null
+++ b/modules/pam_faillock/faillock.8.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock">
+
+ <refmeta>
+ <refentrytitle>faillock</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_faillock-name">
+ <refname>faillock</refname>
+ <refpurpose>Tool for displaying and modifying the authentication failure record files</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="faillock-cmdsynopsis">
+ <command>faillock</command>
+ <arg choice="opt">
+ --dir <replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ --user <replaceable>username</replaceable>
+ </arg>
+ <arg choice="opt">
+ --reset
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="faillock-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ The <emphasis>pam_faillock.so</emphasis> module maintains a list of
+ failed authentication attempts per user during a specified interval
+ and locks the account in case there were more than
+ <replaceable>deny</replaceable> consecutive failed authentications.
+ It stores the failure records into per-user files in the tally
+ directory.
+ </para>
+ <para>
+ The <command>faillock</command> command is an application which
+ can be used to examine and modify the contents of the
+ tally files. It can display the recent failed authentication
+ attempts of the <replaceable>username</replaceable> or clear the tally
+ files of all or individual <replaceable>usernames</replaceable>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="faillock-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>--dir <replaceable>/path/to/tally-directory</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The directory where the user files with the failure records are kept. The
+ default is <filename>/var/run/faillock</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>--user <replaceable>username</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The user whose failure records should be displayed or cleared.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>--reset</option>
+ </term>
+ <listitem>
+ <para>
+ Instead of displaying the user's failure records, clear them.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="faillock-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/run/faillock/*</filename></term>
+ <listitem>
+ <para>the files logging the authentication failures for users</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='faillock-author'>
+ <title>AUTHOR</title>
+ <para>
+ faillock was written by Tomas Mraz.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/faillock.c b/modules/pam_faillock/faillock.c
new file mode 100644
index 00000000..e492f5f9
--- /dev/null
+++ b/modules/pam_faillock/faillock.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2016, 2017 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <security/pam_modutil.h>
+
+#include "faillock.h"
+
+#define ignore_return(x) if (1==((int)x)) {;}
+
+int
+open_tally (const char *dir, const char *user, uid_t uid, int create)
+{
+ char *path;
+ int flags = O_RDWR;
+ int fd;
+
+ if (dir == NULL || strstr(user, "../") != NULL)
+ /* just a defensive programming as the user must be a
+ * valid user on the system anyway
+ */
+ return -1;
+ path = malloc(strlen(dir) + strlen(user) + 2);
+ if (path == NULL)
+ return -1;
+
+ strcpy(path, dir);
+ if (*dir && dir[strlen(dir) - 1] != '/') {
+ strcat(path, "/");
+ }
+ strcat(path, user);
+
+ if (create) {
+ flags |= O_CREAT;
+ }
+
+ fd = open(path, flags, 0600);
+
+ free(path);
+
+ if (fd != -1) {
+ struct stat st;
+
+ while (flock(fd, LOCK_EX) == -1 && errno == EINTR);
+ if (fstat(fd, &st) == 0) {
+ if (st.st_uid != uid) {
+ ignore_return(fchown(fd, uid, -1));
+ }
+ }
+ }
+
+ return fd;
+}
+
+#define CHUNK_SIZE (64 * sizeof(struct tally))
+#define MAX_RECORDS 1024
+
+int
+read_tally(int fd, struct tally_data *tallies)
+{
+ void *data = NULL, *newdata;
+ unsigned int count = 0;
+ ssize_t chunk = 0;
+
+ do {
+ newdata = realloc(data, count * sizeof(struct tally) + CHUNK_SIZE);
+ if (newdata == NULL) {
+ free(data);
+ return -1;
+ }
+
+ data = newdata;
+
+ chunk = pam_modutil_read(fd, (char *)data + count * sizeof(struct tally), CHUNK_SIZE);
+ if (chunk < 0) {
+ free(data);
+ return -1;
+ }
+
+ count += chunk/sizeof(struct tally);
+
+ if (count >= MAX_RECORDS)
+ break;
+ }
+ while (chunk == CHUNK_SIZE);
+
+ tallies->records = data;
+ tallies->count = count;
+
+ return 0;
+}
+
+int
+update_tally(int fd, struct tally_data *tallies)
+{
+ void *data = tallies->records;
+ unsigned int count = tallies->count;
+ ssize_t chunk;
+
+ if (tallies->count > MAX_RECORDS) {
+ data = tallies->records + (count - MAX_RECORDS);
+ count = MAX_RECORDS;
+ }
+
+ if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
+ return -1;
+ }
+
+ chunk = pam_modutil_write(fd, data, count * sizeof(struct tally));
+
+ if (chunk != (ssize_t)(count * sizeof(struct tally))) {
+ return -1;
+ }
+
+ if (ftruncate(fd, count * sizeof(struct tally)) == -1)
+ return -1;
+
+ return 0;
+}
diff --git a/modules/pam_faillock/faillock.conf b/modules/pam_faillock/faillock.conf
new file mode 100644
index 00000000..16d93df7
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf
@@ -0,0 +1,62 @@
+# Configuration for locking the user after multiple failed
+# authentication attempts.
+#
+# The directory where the user files with the failure records are kept.
+# The default is /var/run/faillock.
+# dir = /var/run/faillock
+#
+# Will log the user name into the system log if the user is not found.
+# Enabled if option is present.
+# audit
+#
+# Don't print informative messages.
+# Enabled if option is present.
+# silent
+#
+# Don't log informative messages via syslog.
+# Enabled if option is present.
+# no_log_info
+#
+# Only track failed user authentications attempts for local users
+# in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+# The `faillock` command will also no longer track user failed
+# authentication attempts. Enabling this option will prevent a
+# double-lockout scenario where a user is locked out locally and
+# in the centralized mechanism.
+# Enabled if option is present.
+# local_users_only
+#
+# Deny access if the number of consecutive authentication failures
+# for this user during the recent interval exceeds n tries.
+# The default is 3.
+# deny = 3
+#
+# The length of the interval during which the consecutive
+# authentication failures must happen for the user account
+# lock out is <replaceable>n</replaceable> seconds.
+# The default is 900 (15 minutes).
+# fail_interval = 900
+#
+# The access will be re-enabled after n seconds after the lock out.
+# The value 0 has the same meaning as value `never` - the access
+# will not be re-enabled without resetting the faillock
+# entries by the `faillock` command.
+# The default is 600 (10 minutes).
+# unlock_time = 600
+#
+# Root account can become locked as well as regular accounts.
+# Enabled if option is present.
+# even_deny_root
+#
+# This option implies the `even_deny_root` option.
+# Allow access after n seconds to root account after the
+# account is locked. In case the option is not specified
+# the value is the same as of the `unlock_time` option.
+# root_unlock_time = 900
+#
+# If a group name is specified with this option, members
+# of the group will be handled by this module the same as
+# the root account (the options `even_deny_root>` and
+# `root_unlock_time` will apply to them.
+# By default, the option is not set.
+# admin_group = <admin_group_name>
diff --git a/modules/pam_faillock/faillock.conf.5 b/modules/pam_faillock/faillock.conf.5
new file mode 100644
index 00000000..7870153d
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf.5
@@ -0,0 +1,166 @@
+'\" t
+.\" Title: faillock.conf
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "FAILLOCK\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+faillock.conf \- pam_faillock configuration file
+.SH "DESCRIPTION"
+.PP
+\fBfaillock\&.conf\fR
+provides a way to configure the default settings for locking the user after multiple failed authentication attempts\&. This file is read by the
+\fIpam_faillock\fR
+module and is the preferred method over configuring
+\fIpam_faillock\fR
+directly\&.
+.PP
+The file has a very simple
+\fIname = value\fR
+format with possible comments starting with
+\fI#\fR
+character\&. The whitespace at the beginning of line, end of line, and around the
+\fI=\fR
+sign is ignored\&.
+.SH "OPTIONS"
+.PP
+\fBdir=\fR\fB\fI/path/to/tally\-directory\fR\fR
+.RS 4
+The directory where the user files with the failure records are kept\&. The default is
+/var/run/faillock\&.
+.RE
+.PP
+\fBaudit\fR
+.RS 4
+Will log the user name into the system log if the user is not found\&.
+.RE
+.PP
+\fBsilent\fR
+.RS 4
+Don\*(Aqt print informative messages to the user\&. Please note that when this option is not used there will be difference in the authentication behavior for users which exist on the system and non\-existing users\&.
+.RE
+.PP
+\fBno_log_info\fR
+.RS 4
+Don\*(Aqt log informative messages via
+\fBsyslog\fR(3)\&.
+.RE
+.PP
+\fBlocal_users_only\fR
+.RS 4
+Only track failed user authentications attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc\&.) users\&. The
+\fBfaillock\fR(8)
+command will also no longer track user failed authentication attempts\&. Enabling this option will prevent a double\-lockout scenario where a user is locked out locally and in the centralized mechanism\&.
+.RE
+.PP
+\fBdeny=\fR\fB\fIn\fR\fR
+.RS 4
+Deny access if the number of consecutive authentication failures for this user during the recent interval exceeds
+\fIn\fR\&. The default is 3\&.
+.RE
+.PP
+\fBfail_interval=\fR\fB\fIn\fR\fR
+.RS 4
+The length of the interval during which the consecutive authentication failures must happen for the user account lock out is
+\fIn\fR
+seconds\&. The default is 900 (15 minutes)\&.
+.RE
+.PP
+\fBunlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+The access will be re\-enabled after
+\fIn\fR
+seconds after the lock out\&. The value 0 has the same meaning as value
+\fInever\fR
+\- the access will not be re\-enabled without resetting the faillock entries by the
+\fBfaillock\fR(8)
+command\&. The default is 600 (10 minutes)\&.
+.sp
+Note that the default directory that
+\fIpam_faillock\fR
+uses is usually cleared on system boot so the access will be also re\-enabled after system reboot\&. If that is undesirable a different tally directory must be set with the
+\fBdir\fR
+option\&.
+.sp
+Also note that it is usually undesirable to permanently lock out users as they can become easily a target of denial of service attack unless the usernames are random and kept secret to potential attackers\&.
+.RE
+.PP
+\fBeven_deny_root\fR
+.RS 4
+Root account can become locked as well as regular accounts\&.
+.RE
+.PP
+\fBroot_unlock_time=\fR\fB\fIn\fR\fR
+.RS 4
+This option implies
+\fBeven_deny_root\fR
+option\&. Allow access after
+\fIn\fR
+seconds to root account after the account is locked\&. In case the option is not specified the value is the same as of the
+\fBunlock_time\fR
+option\&.
+.RE
+.PP
+\fBadmin_group=\fR\fB\fIname\fR\fR
+.RS 4
+If a group name is specified with this option, members of the group will be handled by this module the same as the root account (the options
+\fBeven_deny_root\fR
+and
+\fBroot_unlock_time\fR
+will apply to them\&. By default the option is not set\&.
+.RE
+.SH "EXAMPLES"
+.PP
+/etc/security/faillock\&.conf file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for custom options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBpam_faillock\fR(8),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&. The support for faillock\&.conf was written by Brian Ward\&.
diff --git a/modules/pam_faillock/faillock.conf.5.xml b/modules/pam_faillock/faillock.conf.5.xml
new file mode 100644
index 00000000..aa8500b9
--- /dev/null
+++ b/modules/pam_faillock/faillock.conf.5.xml
@@ -0,0 +1,243 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="faillock.conf">
+
+ <refmeta>
+ <refentrytitle>faillock.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="faillock.conf-name">
+ <refname>faillock.conf</refname>
+ <refpurpose>pam_faillock configuration file</refpurpose>
+ </refnamediv>
+
+ <refsect1 id="faillock.conf-description">
+
+ <title>DESCRIPTION</title>
+ <para>
+ <emphasis remap='B'>faillock.conf</emphasis> provides a way to configure the
+ default settings for locking the user after multiple failed authentication attempts.
+ This file is read by the <emphasis>pam_faillock</emphasis> module and is the
+ preferred method over configuring <emphasis>pam_faillock</emphasis> directly.
+ </para>
+ <para>
+ The file has a very simple <emphasis>name = value</emphasis> format with possible comments
+ starting with <emphasis>#</emphasis> character. The whitespace at the beginning of line, end
+ of line, and around the <emphasis>=</emphasis> sign is ignored.
+ </para>
+ </refsect1>
+
+ <refsect1 id="faillock.conf-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>dir=<replaceable>/path/to/tally-directory</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The directory where the user files with the failure records are kept. The
+ default is <filename>/var/run/faillock</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>audit</option>
+ </term>
+ <listitem>
+ <para>
+ Will log the user name into the system log if the user is not found.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>silent</option>
+ </term>
+ <listitem>
+ <para>
+ Don't print informative messages to the user. Please note that when
+ this option is not used there will be difference in the authentication
+ behavior for users which exist on the system and non-existing users.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>no_log_info</option>
+ </term>
+ <listitem>
+ <para>
+ Don't log informative messages via <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>local_users_only</option>
+ </term>
+ <listitem>
+ <para>
+ Only track failed user authentications attempts for local users
+ in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users.
+ The <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ command will also no longer track user failed
+ authentication attempts. Enabling this option will prevent a
+ double-lockout scenario where a user is locked out locally and
+ in the centralized mechanism.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>deny=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Deny access if the number of consecutive authentication failures
+ for this user during the recent interval exceeds
+ <replaceable>n</replaceable>. The default is 3.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>fail_interval=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The length of the interval during which the consecutive
+ authentication failures must happen for the user account
+ lock out is <replaceable>n</replaceable> seconds.
+ The default is 900 (15 minutes).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>unlock_time=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ The access will be re-enabled after
+ <replaceable>n</replaceable> seconds after the lock out.
+ The value 0 has the same meaning as value
+ <emphasis>never</emphasis> - the access
+ will not be re-enabled without resetting the faillock
+ entries by the <citerefentry><refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum></citerefentry> command.
+ The default is 600 (10 minutes).
+ </para>
+ <para>
+ Note that the default directory that <emphasis>pam_faillock</emphasis>
+ uses is usually cleared on system boot so the access will be also re-enabled
+ after system reboot. If that is undesirable a different tally directory
+ must be set with the <option>dir</option> option.
+ </para>
+ <para>
+ Also note that it is usually undesirable to permanently lock
+ out users as they can become easily a target of denial of service
+ attack unless the usernames are random and kept secret to potential
+ attackers.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>even_deny_root</option>
+ </term>
+ <listitem>
+ <para>
+ Root account can become locked as well as regular accounts.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>root_unlock_time=<replaceable>n</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ This option implies <option>even_deny_root</option> option.
+ Allow access after <replaceable>n</replaceable> seconds
+ to root account after the account is locked. In case the
+ option is not specified the value is the same as of the
+ <option>unlock_time</option> option.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>admin_group=<replaceable>name</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ If a group name is specified with this option, members
+ of the group will be handled by this module the same as
+ the root account (the options <option>even_deny_root</option>
+ and <option>root_unlock_time</option> will apply to them.
+ By default the option is not set.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ /etc/security/faillock.conf file example:
+ </para>
+ <programlisting>
+deny=4
+unlock_time=1200
+silent
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="faillock.conf-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/etc/security/faillock.conf</filename></term>
+ <listitem>
+ <para>the config file for custom options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam_faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='faillock.conf-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_faillock was written by Tomas Mraz. The support for faillock.conf was written by Brian Ward.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/faillock.h b/modules/pam_faillock/faillock.h
new file mode 100644
index 00000000..b22a9dfb
--- /dev/null
+++ b/modules/pam_faillock/faillock.h
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * faillock.h - authentication failure data file record structure
+ *
+ * Each record in the file represents an instance of login failure of
+ * the user at the recorded time.
+ */
+
+
+#ifndef _FAILLOCK_H
+#define _FAILLOCK_H
+
+#include <stdint.h>
+#include <sys/types.h>
+
+#define TALLY_STATUS_VALID 0x1 /* the tally file entry is valid */
+#define TALLY_STATUS_RHOST 0x2 /* the source is rhost */
+#define TALLY_STATUS_TTY 0x4 /* the source is tty */
+/* If neither TALLY_FLAG_RHOST nor TALLY_FLAG_TTY are set the source is service. */
+
+struct tally {
+ char source[52]; /* rhost or tty of the login failure */
+ /* (not necessarily NULL terminated) */
+ uint16_t reserved; /* reserved for future use */
+ uint16_t status; /* record status */
+ uint64_t time; /* time of the login failure */
+};
+/* 64 bytes per entry */
+
+struct tally_data {
+ struct tally *records; /* array of tallies */
+ unsigned int count; /* number of records */
+};
+
+#define FAILLOCK_DEFAULT_TALLYDIR "/var/run/faillock"
+#define FAILLOCK_DEFAULT_CONF "/etc/security/faillock.conf"
+
+int open_tally(const char *dir, const char *user, uid_t uid, int create);
+int read_tally(int fd, struct tally_data *tallies);
+int update_tally(int fd, struct tally_data *tallies);
+#endif
diff --git a/modules/pam_faillock/main.c b/modules/pam_faillock/main.c
new file mode 100644
index 00000000..c5780166
--- /dev/null
+++ b/modules/pam_faillock/main.c
@@ -0,0 +1,232 @@
+/*
+ * Copyright (c) 2010 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dirent.h>
+#include <errno.h>
+#include <pwd.h>
+#include <time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+
+#define AUDIT_NO_ID ((unsigned int) -1)
+#endif
+
+#include "faillock.h"
+
+struct options {
+ unsigned int reset;
+ const char *dir;
+ const char *user;
+ const char *progname;
+};
+
+static int
+args_parse(int argc, char **argv, struct options *opts)
+{
+ int i;
+ memset(opts, 0, sizeof(*opts));
+
+ opts->dir = FAILLOCK_DEFAULT_TALLYDIR;
+ opts->progname = argv[0];
+
+ for (i = 1; i < argc; ++i) {
+
+ if (strcmp(argv[i], "--dir") == 0) {
+ ++i;
+ if (i >= argc || strlen(argv[i]) == 0) {
+ fprintf(stderr, "%s: No directory supplied.\n", argv[0]);
+ return -1;
+ }
+ opts->dir = argv[i];
+ }
+ else if (strcmp(argv[i], "--user") == 0) {
+ ++i;
+ if (i >= argc || strlen(argv[i]) == 0) {
+ fprintf(stderr, "%s: No user name supplied.\n", argv[0]);
+ return -1;
+ }
+ opts->user = argv[i];
+ }
+ else if (strcmp(argv[i], "--reset") == 0) {
+ opts->reset = 1;
+ }
+ else {
+ fprintf(stderr, "%s: Unknown option: %s\n", argv[0], argv[i]);
+ return -1;
+ }
+ }
+ return 0;
+}
+
+static void
+usage(const char *progname)
+{
+ fprintf(stderr, _("Usage: %s [--dir /path/to/tally-directory] [--user username] [--reset]\n"),
+ progname);
+}
+
+static int
+do_user(struct options *opts, const char *user)
+{
+ int fd;
+ int rv;
+ struct tally_data tallies;
+ struct passwd *pwd;
+
+ pwd = getpwnam(user);
+
+ fd = open_tally(opts->dir, user, pwd != NULL ? pwd->pw_uid : 0, 0);
+
+ if (fd == -1) {
+ if (errno == ENOENT) {
+ return 0;
+ }
+ else {
+ fprintf(stderr, "%s: Error opening the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+ return 3;
+ }
+ }
+ if (opts->reset) {
+#ifdef HAVE_LIBAUDIT
+ int audit_fd;
+#endif
+
+ while ((rv=ftruncate(fd, 0)) == -1 && errno == EINTR);
+ if (rv == -1) {
+ fprintf(stderr, "%s: Error clearing the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+#ifdef HAVE_LIBAUDIT
+ }
+ if ((audit_fd=audit_open()) >= 0) {
+ audit_log_acct_message(audit_fd, AUDIT_USER_MGMT, NULL,
+ "faillock-reset", user,
+ pwd != NULL ? pwd->pw_uid : AUDIT_NO_ID,
+ NULL, NULL, NULL, rv == 0);
+ close(audit_fd);
+ }
+ if (rv == -1) {
+#endif
+ close(fd);
+ return 4;
+ }
+ }
+ else {
+ unsigned int i;
+
+ memset(&tallies, 0, sizeof(tallies));
+ if ((rv=read_tally(fd, &tallies)) == -1) {
+ fprintf(stderr, "%s: Error reading the tally file for %s:",
+ opts->progname, user);
+ perror(NULL);
+ close(fd);
+ return 5;
+ }
+
+ printf("%s:\n", user);
+ printf("%-19s %-5s %-48s %-5s\n", "When", "Type", "Source", "Valid");
+
+ for (i = 0; i < tallies.count; i++) {
+ struct tm *tm;
+ char timebuf[80];
+ uint16_t status = tallies.records[i].status;
+ time_t when = tallies.records[i].time;
+
+ tm = localtime(&when);
+ strftime(timebuf, sizeof(timebuf), "%Y-%m-%d %H:%M:%S", tm);
+ printf("%-19s %-5s %-52.52s %s\n", timebuf,
+ status & TALLY_STATUS_RHOST ? "RHOST" : (status & TALLY_STATUS_TTY ? "TTY" : "SVC"),
+ tallies.records[i].source, status & TALLY_STATUS_VALID ? "V":"I");
+ }
+ free(tallies.records);
+ }
+ close(fd);
+ return 0;
+}
+
+static int
+do_allusers(struct options *opts)
+{
+ struct dirent **userlist;
+ int rv, i;
+
+ rv = scandir(opts->dir, &userlist, NULL, alphasort);
+ if (rv < 0) {
+ fprintf(stderr, "%s: Error reading tally directory: %m\n", opts->progname);
+ return 2;
+ }
+
+ for (i = 0; i < rv; i++) {
+ if (userlist[i]->d_name[0] == '.') {
+ if ((userlist[i]->d_name[1] == '.' && userlist[i]->d_name[2] == '\0') ||
+ userlist[i]->d_name[1] == '\0')
+ continue;
+ }
+ do_user(opts, userlist[i]->d_name);
+ free(userlist[i]);
+ }
+ free(userlist);
+
+ return 0;
+}
+
+
+/*-----------------------------------------------------------------------*/
+int
+main (int argc, char *argv[])
+{
+ struct options opts;
+
+ if (args_parse(argc, argv, &opts)) {
+ usage(argv[0]);
+ return 1;
+ }
+
+ if (opts.user == NULL) {
+ return do_allusers(&opts);
+ }
+
+ return do_user(&opts, opts.user);
+}
diff --git a/modules/pam_faillock/pam_faillock.8 b/modules/pam_faillock/pam_faillock.8
new file mode 100644
index 00000000..593b1fec
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.8
@@ -0,0 +1,262 @@
+'\" t
+.\" Title: pam_faillock
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_FAILLOCK" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_faillock \- Module counting authentication failures during a specified interval
+.SH "SYNOPSIS"
+.HP \w'\fBauth\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBauth \&.\&.\&. pam_faillock\&.so\fR {preauth|authfail|authsucc} [conf=\fI/path/to/config\-file\fR] [dir=\fI/path/to/tally\-directory\fR] [even_deny_root] [deny=\fIn\fR] [fail_interval=\fIn\fR] [unlock_time=\fIn\fR] [root_unlock_time=\fIn\fR] [admin_group=\fIname\fR] [audit] [silent] [no_log_info]
+.HP \w'\fBaccount\ \&.\&.\&.\ pam_faillock\&.so\fR\ 'u
+\fBaccount \&.\&.\&. pam_faillock\&.so\fR [dir=\fI/path/to/tally\-directory\fR] [no_log_info]
+.SH "DESCRIPTION"
+.PP
+This module maintains a list of failed authentication attempts per user during a specified interval and locks the account in case there were more than
+\fIdeny\fR
+consecutive failed authentications\&.
+.PP
+Normally, failed attempts to authenticate
+\fIroot\fR
+will
+\fBnot\fR
+cause the root account to become blocked, to prevent denial\-of\-service: if your users aren\*(Aqt given shell accounts and root may only login via
+\fBsu\fR
+or at the machine console (not telnet/rsh, etc), this is safe\&.
+.SH "OPTIONS"
+.PP
+\fB{preauth|authfail|authsucc}\fR
+.RS 4
+This argument must be set accordingly to the position of this module instance in the PAM stack\&.
+.sp
+The
+\fIpreauth\fR
+argument must be used when the module is called before the modules which ask for the user credentials such as the password\&. The module just examines whether the user should be blocked from accessing the service in case there were anomalous number of failed consecutive authentication attempts recently\&. This call is optional if
+\fIauthsucc\fR
+is used\&.
+.sp
+The
+\fIauthfail\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, failed\&. Unless the user is already blocked due to previous authentication failures, the module will record the failure into the appropriate user tally file\&.
+.sp
+The
+\fIauthsucc\fR
+argument must be used when the module is called after the modules which determine the authentication outcome, succeeded\&. Unless the user is already blocked due to previous authentication failures, the module will then clear the record of the failures in the respective user tally file\&. Otherwise it will return authentication error\&. If this call is not done, the pam_faillock will not distinguish between consecutive and non\-consecutive failed authentication attempts\&. The
+\fIpreauth\fR
+call must be used in such case\&. Due to complications in the way the PAM stack can be configured it is also possible to call
+\fIpam_faillock\fR
+as an account module\&. In such configuration the module must be also called in the
+\fIpreauth\fR
+stage\&.
+.RE
+.PP
+\fBconf=/path/to/config\-file\fR
+.RS 4
+Use another configuration file instead of the default
+/etc/security/faillock\&.conf\&.
+.RE
+.PP
+The options for configuring the module behavior are described in the
+\fBfaillock.conf\fR(5)
+manual page\&. The options specified on the module command line override the values from the configuration file\&.
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBaccount\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+An invalid option was given, the module was not able to retrieve the user name, no valid counter file was found, or too many failed logins\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+The conversation method supplied by the application failed to obtain the username\&.
+.RE
+.PP
+PAM_INCOMPLETE
+.RS 4
+The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Everything was successful\&.
+.RE
+.PP
+PAM_IGNORE
+.RS 4
+User not present in passwd database\&.
+.RE
+.SH "NOTES"
+.PP
+Configuring options on the module command line is not recommend\&. The
+/etc/security/faillock\&.conf
+should be used instead\&.
+.PP
+The setup of
+\fIpam_faillock\fR
+in the PAM stack is different from the
+\fIpam_tally2\fR
+module setup\&.
+.PP
+Individual files with the failure records are created as owned by the user\&. This allows
+\fBpam_faillock\&.so\fR
+module to work correctly when it is called from a screensaver\&.
+.PP
+Note that using the module in
+\fBpreauth\fR
+without the
+\fBsilent\fR
+option specified in
+/etc/security/faillock\&.conf
+or with
+\fIrequisite\fR
+control field leaks an information about existence or non\-existence of an user account in the system because the failures are not recorded for the unknown users\&. The message about the user account being locked is never displayed for non\-existing user accounts allowing the adversary to infer that a particular account is not existing on a system\&.
+.SH "EXAMPLES"
+.PP
+Here are two possible configuration examples for
+/etc/pam\&.d/login\&. They make
+\fIpam_faillock\fR
+to lock the account after 4 consecutive failed logins during the default interval of 15 minutes\&. Root account will be locked as well\&. The accounts will be automatically unlocked after 20 minutes\&.
+.PP
+In the first example the module is called only in the
+\fIauth\fR
+phase and the module does not print any information about the account being blocked by
+\fIpam_faillock\fR\&. The
+\fIpreauth\fR
+call can be added to tell users that their logins are blocked by the module and also to abort the authentication without even asking for password in such case\&.
+.PP
+/etc/security/faillock\&.conf
+file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+deny=4
+unlock_time=1200
+silent
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+/etc/pam\&.d/config file example:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth required pam_securetty\&.so
+auth required pam_env\&.so
+auth required pam_nologin\&.so
+# optionally call: auth requisite pam_faillock\&.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix\&.so
+auth [default=die] pam_faillock\&.so authfail
+auth sufficient pam_faillock\&.so authsucc
+auth required pam_deny\&.so
+account required pam_unix\&.so
+password required pam_unix\&.so shadow
+session required pam_selinux\&.so close
+session required pam_loginuid\&.so
+session required pam_unix\&.so
+session required pam_selinux\&.so open
+
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+In the second example the module is called both in the
+\fIauth\fR
+and
+\fIaccount\fR
+phases and the module informs the authenticating user when the account is locked if
+\fBsilent\fR
+option is not specified in the
+faillock\&.conf\&.
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth required pam_securetty\&.so
+auth required pam_env\&.so
+auth required pam_nologin\&.so
+auth required pam_faillock\&.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix\&.so
+auth [default=die] pam_faillock\&.so authfail
+auth required pam_deny\&.so
+account required pam_faillock\&.so
+# if you drop the above call to pam_faillock\&.so the lock will be done also
+# on non\-consecutive authentication failures
+account required pam_unix\&.so
+password required pam_unix\&.so shadow
+session required pam_selinux\&.so close
+session required pam_loginuid\&.so
+session required pam_unix\&.so
+session required pam_selinux\&.so open
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "FILES"
+.PP
+/var/run/faillock/*
+.RS 4
+the files logging the authentication failures for users
+.RE
+.PP
+/etc/security/faillock\&.conf
+.RS 4
+the config file for pam_faillock options
+.RE
+.SH "SEE ALSO"
+.PP
+\fBfaillock\fR(8),
+\fBfaillock.conf\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_faillock was written by Tomas Mraz\&.
diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml
new file mode 100644
index 00000000..f43b4015
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.8.xml
@@ -0,0 +1,362 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_faillock">
+
+ <refmeta>
+ <refentrytitle>pam_faillock</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_faillock-name">
+ <refname>pam_faillock</refname>
+ <refpurpose>Module counting authentication failures during a specified interval</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_faillock-cmdsynopsisauth">
+ <command>auth ... pam_faillock.so</command>
+ <arg choice="req">
+ preauth|authfail|authsucc
+ </arg>
+ <arg choice="opt">
+ conf=<replaceable>/path/to/config-file</replaceable>
+ </arg>
+ <arg choice="opt">
+ dir=<replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ even_deny_root
+ </arg>
+ <arg choice="opt">
+ deny=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ fail_interval=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ unlock_time=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ root_unlock_time=<replaceable>n</replaceable>
+ </arg>
+ <arg choice="opt">
+ admin_group=<replaceable>name</replaceable>
+ </arg>
+ <arg choice="opt">
+ audit
+ </arg>
+ <arg choice="opt">
+ silent
+ </arg>
+ <arg choice="opt">
+ no_log_info
+ </arg>
+ </cmdsynopsis>
+ <cmdsynopsis id="pam_faillock-cmdsynopsisacct">
+ <command>account ... pam_faillock.so</command>
+ <arg choice="opt">
+ dir=<replaceable>/path/to/tally-directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ no_log_info
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_faillock-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ This module maintains a list of failed authentication attempts per
+ user during a specified interval and locks the account in case
+ there were more than <replaceable>deny</replaceable> consecutive
+ failed authentications.
+ </para>
+ <para>
+ Normally, failed attempts to authenticate <emphasis>root</emphasis> will
+ <emphasis remap='B'>not</emphasis> cause the root account to become
+ blocked, to prevent denial-of-service: if your users aren't given
+ shell accounts and root may only login via <command>su</command> or
+ at the machine console (not telnet/rsh, etc), this is safe.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>{preauth|authfail|authsucc}</option>
+ </term>
+ <listitem>
+ <para>
+ This argument must be set accordingly to the position of this module
+ instance in the PAM stack.
+ </para>
+ <para>
+ The <emphasis>preauth</emphasis> argument must be used when the module
+ is called before the modules which ask for the user credentials such
+ as the password. The module just examines whether the user should
+ be blocked from accessing the service in case there were anomalous
+ number of failed consecutive authentication attempts recently. This
+ call is optional if <emphasis>authsucc</emphasis> is used.
+ </para>
+ <para>
+ The <emphasis>authfail</emphasis> argument must be used when the module
+ is called after the modules which determine the authentication outcome,
+ failed. Unless the user is already blocked due to previous authentication
+ failures, the module will record the failure into the appropriate user
+ tally file.
+ </para>
+ <para>
+ The <emphasis>authsucc</emphasis> argument must be used when the module
+ is called after the modules which determine the authentication outcome,
+ succeeded. Unless the user is already blocked due to previous authentication
+ failures, the module will then clear the record of the failures in the
+ respective user tally file. Otherwise it will return authentication error.
+ If this call is not done, the pam_faillock will not distinguish between
+ consecutive and non-consecutive failed authentication attempts. The
+ <emphasis>preauth</emphasis> call must be used in such case. Due to
+ complications in the way the PAM stack can be configured it is also
+ possible to call <emphasis>pam_faillock</emphasis> as an account module.
+ In such configuration the module must be also called in the
+ <emphasis>preauth</emphasis> stage.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>conf=/path/to/config-file</option>
+ </term>
+ <listitem>
+ <para>
+ Use another configuration file instead of the default
+ <filename>/etc/security/faillock.conf</filename>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ <para>
+ The options for configuring the module behavior are described in the
+ <citerefentry><refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry> manual page. The options specified on the module command
+ line override the values from the configuration file.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-types">
+ <title>MODULE TYPES PROVIDED</title>
+ <para>
+ The <option>auth</option> and <option>account</option> module types are
+ provided.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ An invalid option was given, the module was not able
+ to retrieve the user name, no valid counter file
+ was found, or too many failed logins.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CONV_ERR</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ failed to obtain the username.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_INCOMPLETE</term>
+ <listitem>
+ <para>
+ The conversation method supplied by the application
+ returned PAM_CONV_AGAIN.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Everything was successful.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_IGNORE</term>
+ <listitem>
+ <para>
+ User not present in passwd database.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-notes'>
+ <title>NOTES</title>
+ <para>
+ Configuring options on the module command line is not recommend. The
+ <filename>/etc/security/faillock.conf</filename> should be used instead.
+ </para>
+ <para>
+ The setup of <emphasis>pam_faillock</emphasis> in the PAM stack is different
+ from the <emphasis>pam_tally2</emphasis> module setup.
+ </para>
+ <para>
+ Individual files with the failure records are created as owned by
+ the user. This allows <emphasis remap='B'>pam_faillock.so</emphasis> module
+ to work correctly when it is called from a screensaver.
+ </para>
+ <para>
+ Note that using the module in <option>preauth</option> without the
+ <option>silent</option> option specified in <filename>/etc/security/faillock.conf</filename>
+ or with <emphasis>requisite</emphasis> control field leaks an information about
+ existence or non-existence of an user account in the system because
+ the failures are not recorded for the unknown users. The message
+ about the user account being locked is never displayed for non-existing
+ user accounts allowing the adversary to infer that a particular account
+ is not existing on a system.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-examples'>
+ <title>EXAMPLES</title>
+ <para>
+ Here are two possible configuration examples for <filename>/etc/pam.d/login</filename>.
+ They make <emphasis>pam_faillock</emphasis> to lock the account after 4 consecutive
+ failed logins during the default interval of 15 minutes. Root account will be locked
+ as well. The accounts will be automatically unlocked after 20 minutes.
+ </para>
+ <para>
+ In the first example the module is called only in the <emphasis>auth</emphasis>
+ phase and the module does not print any information about the account being blocked
+ by <emphasis>pam_faillock</emphasis>. The <emphasis>preauth</emphasis> call can
+ be added to tell users that their logins are blocked by the module and also to abort
+ the authentication without even asking for password in such case.
+ </para>
+ <para>
+ <filename>/etc/security/faillock.conf</filename> file example:
+ </para>
+ <programlisting>
+deny=4
+unlock_time=1200
+silent
+ </programlisting>
+ <para>
+ /etc/pam.d/config file example:
+ </para>
+ <programlisting>
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+# optionally call: auth requisite pam_faillock.so preauth
+# to display the message about account being locked
+auth [success=1 default=bad] pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth sufficient pam_faillock.so authsucc
+auth required pam_deny.so
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+ </programlisting>
+ <para>
+ In the second example the module is called both in the <emphasis>auth</emphasis>
+ and <emphasis>account</emphasis> phases and the module informs the authenticating
+ user when the account is locked if <option>silent</option> option is not
+ specified in the <filename>faillock.conf</filename>.
+ </para>
+ <programlisting>
+auth required pam_securetty.so
+auth required pam_env.so
+auth required pam_nologin.so
+auth required pam_faillock.so preauth
+# optionally use requisite above if you do not want to prompt for the password
+# on locked accounts
+auth sufficient pam_unix.so
+auth [default=die] pam_faillock.so authfail
+auth required pam_deny.so
+account required pam_faillock.so
+# if you drop the above call to pam_faillock.so the lock will be done also
+# on non-consecutive authentication failures
+account required pam_unix.so
+password required pam_unix.so shadow
+session required pam_selinux.so close
+session required pam_loginuid.so
+session required pam_unix.so
+session required pam_selinux.so open
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pam_faillock-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/run/faillock/*</filename></term>
+ <listitem>
+ <para>the files logging the authentication failures for users</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><filename>/etc/security/faillock.conf</filename></term>
+ <listitem>
+ <para>the config file for pam_faillock options</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>faillock</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>faillock.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_faillock-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_faillock was written by Tomas Mraz.
+ </para>
+ </refsect1>
+
+</refentry>
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
new file mode 100644
index 00000000..f592d0a2
--- /dev/null
+++ b/modules/pam_faillock/pam_faillock.c
@@ -0,0 +1,775 @@
+/*
+ * Copyright (c) 2010, 2017, 2019 Tomas Mraz <tmraz@redhat.com>
+ * Copyright (c) 2010, 2017, 2019 Red Hat, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <time.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <ctype.h>
+
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif
+
+#include <security/pam_modules.h>
+#include <security/pam_modutil.h>
+#include <security/pam_ext.h>
+
+#include "pam_inline.h"
+#include "faillock.h"
+
+#define FAILLOCK_ACTION_PREAUTH 0
+#define FAILLOCK_ACTION_AUTHSUCC 1
+#define FAILLOCK_ACTION_AUTHFAIL 2
+
+#define FAILLOCK_FLAG_DENY_ROOT 0x1
+#define FAILLOCK_FLAG_AUDIT 0x2
+#define FAILLOCK_FLAG_SILENT 0x4
+#define FAILLOCK_FLAG_NO_LOG_INFO 0x8
+#define FAILLOCK_FLAG_UNLOCKED 0x10
+#define FAILLOCK_FLAG_LOCAL_ONLY 0x20
+
+#define MAX_TIME_INTERVAL 604800 /* 7 days */
+#define FAILLOCK_CONF_MAX_LINELEN 1023
+
+#define PATH_PASSWD "/etc/passwd"
+
+static const char default_faillock_conf[] = FAILLOCK_DEFAULT_CONF;
+
+struct options {
+ unsigned int action;
+ unsigned int flags;
+ unsigned short deny;
+ unsigned int fail_interval;
+ unsigned int unlock_time;
+ unsigned int root_unlock_time;
+ char *dir;
+ const char *user;
+ char *admin_group;
+ int failures;
+ uint64_t latest_time;
+ uid_t uid;
+ int is_admin;
+ uint64_t now;
+ int fatal_error;
+};
+
+static int read_config_file(
+ pam_handle_t *pamh,
+ struct options *opts,
+ const char *cfgfile
+);
+
+static void set_conf_opt(
+ pam_handle_t *pamh,
+ struct options *opts,
+ const char *name,
+ const char *value
+);
+
+static int
+args_parse(pam_handle_t *pamh, int argc, const char **argv,
+ int flags, struct options *opts)
+{
+ int i;
+ int rv;
+ const char *conf = default_faillock_conf;
+
+ memset(opts, 0, sizeof(*opts));
+
+ opts->dir = strdup(FAILLOCK_DEFAULT_TALLYDIR);
+ opts->deny = 3;
+ opts->fail_interval = 900;
+ opts->unlock_time = 600;
+ opts->root_unlock_time = MAX_TIME_INTERVAL+1;
+
+ for (i = 0; i < argc; ++i) {
+ const char *str;
+
+ if ((str = pam_str_skip_prefix(argv[i], "conf=")) != NULL)
+ conf = str;
+ }
+
+ if ((rv = read_config_file(pamh, opts, conf)) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_ERR,
+ "Configuration file missing or broken");
+ return rv;
+ }
+
+ for (i = 0; i < argc; ++i) {
+ if (strcmp(argv[i], "preauth") == 0) {
+ opts->action = FAILLOCK_ACTION_PREAUTH;
+ }
+ else if (strcmp(argv[i], "authfail") == 0) {
+ opts->action = FAILLOCK_ACTION_AUTHFAIL;
+ }
+ else if (strcmp(argv[i], "authsucc") == 0) {
+ opts->action = FAILLOCK_ACTION_AUTHSUCC;
+ }
+ else {
+ char buf[FAILLOCK_CONF_MAX_LINELEN + 1];
+ char *val;
+
+ strncpy(buf, argv[i], sizeof(buf) - 1);
+ buf[sizeof(buf) - 1] = '\0';
+
+ val = strchr(buf, '=');
+ if (val != NULL) {
+ *val = '\0';
+ ++val;
+ }
+ else {
+ val = buf + sizeof(buf) - 1;
+ }
+ set_conf_opt(pamh, opts, buf, val);
+ }
+ }
+
+ if (opts->root_unlock_time == MAX_TIME_INTERVAL+1)
+ opts->root_unlock_time = opts->unlock_time;
+ if (flags & PAM_SILENT)
+ opts->flags |= FAILLOCK_FLAG_SILENT;
+
+ if (opts->dir == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+ opts->fatal_error = 1;
+ }
+
+ if (opts->fatal_error)
+ return PAM_BUF_ERR;
+ return PAM_SUCCESS;
+}
+
+/* parse a single configuration file */
+static int
+read_config_file(pam_handle_t *pamh, struct options *opts, const char *cfgfile)
+{
+ FILE *f;
+ char linebuf[FAILLOCK_CONF_MAX_LINELEN+1];
+
+ f = fopen(cfgfile, "r");
+ if (f == NULL) {
+ /* ignore non-existent default config file */
+ if (errno == ENOENT && cfgfile == default_faillock_conf)
+ return PAM_SUCCESS;
+ return PAM_SERVICE_ERR;
+ }
+
+ while (fgets(linebuf, sizeof(linebuf), f) != NULL) {
+ size_t len;
+ char *ptr;
+ char *name;
+ int eq;
+
+ len = strlen(linebuf);
+ /* len cannot be 0 unless there is a bug in fgets */
+ if (len && linebuf[len - 1] != '\n' && !feof(f)) {
+ (void) fclose(f);
+ return PAM_SERVICE_ERR;
+ }
+
+ if ((ptr=strchr(linebuf, '#')) != NULL) {
+ *ptr = '\0';
+ } else {
+ ptr = linebuf + len;
+ }
+
+ /* drop terminating whitespace including the \n */
+ while (ptr > linebuf) {
+ if (!isspace(*(ptr-1))) {
+ *ptr = '\0';
+ break;
+ }
+ --ptr;
+ }
+
+ /* skip initial whitespace */
+ for (ptr = linebuf; isspace(*ptr); ptr++);
+ if (*ptr == '\0')
+ continue;
+
+ /* grab the key name */
+ eq = 0;
+ name = ptr;
+ while (*ptr != '\0') {
+ if (isspace(*ptr) || *ptr == '=') {
+ eq = *ptr == '=';
+ *ptr = '\0';
+ ++ptr;
+ break;
+ }
+ ++ptr;
+ }
+
+ /* grab the key value */
+ while (*ptr != '\0') {
+ if (*ptr != '=' || eq) {
+ if (!isspace(*ptr)) {
+ break;
+ }
+ } else {
+ eq = 1;
+ }
+ ++ptr;
+ }
+
+ /* set the key:value pair on opts */
+ set_conf_opt(pamh, opts, name, ptr);
+ }
+
+ (void)fclose(f);
+ return PAM_SUCCESS;
+}
+
+static void
+set_conf_opt(pam_handle_t *pamh, struct options *opts, const char *name, const char *value)
+{
+ if (strcmp(name, "dir") == 0) {
+ if (value[0] != '/') {
+ pam_syslog(pamh, LOG_ERR,
+ "Tally directory is not absolute path (%s); keeping default", value);
+ } else {
+ free(opts->dir);
+ opts->dir = strdup(value);
+ }
+ }
+ else if (strcmp(name, "deny") == 0) {
+ if (sscanf(value, "%hu", &opts->deny) != 1) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for deny argument");
+ }
+ }
+ else if (strcmp(name, "fail_interval") == 0) {
+ unsigned int temp;
+ if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for fail_interval argument");
+ } else {
+ opts->fail_interval = temp;
+ }
+ }
+ else if (strcmp(name, "unlock_time") == 0) {
+ unsigned int temp;
+
+ if (strcmp(value, "never") == 0) {
+ opts->unlock_time = 0;
+ }
+ else if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for unlock_time argument");
+ }
+ else {
+ opts->unlock_time = temp;
+ }
+ }
+ else if (strcmp(name, "root_unlock_time") == 0) {
+ unsigned int temp;
+
+ if (strcmp(value, "never") == 0) {
+ opts->root_unlock_time = 0;
+ }
+ else if (sscanf(value, "%u", &temp) != 1 ||
+ temp > MAX_TIME_INTERVAL) {
+ pam_syslog(pamh, LOG_ERR,
+ "Bad number supplied for root_unlock_time argument");
+ } else {
+ opts->root_unlock_time = temp;
+ }
+ }
+ else if (strcmp(name, "admin_group") == 0) {
+ free(opts->admin_group);
+ opts->admin_group = strdup(value);
+ if (opts->admin_group == NULL) {
+ opts->fatal_error = 1;
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory: %m");
+ }
+ }
+ else if (strcmp(name, "even_deny_root") == 0) {
+ opts->flags |= FAILLOCK_FLAG_DENY_ROOT;
+ }
+ else if (strcmp(name, "audit") == 0) {
+ opts->flags |= FAILLOCK_FLAG_AUDIT;
+ }
+ else if (strcmp(name, "silent") == 0) {
+ opts->flags |= FAILLOCK_FLAG_SILENT;
+ }
+ else if (strcmp(name, "no_log_info") == 0) {
+ opts->flags |= FAILLOCK_FLAG_NO_LOG_INFO;
+ }
+ else if (strcmp(name, "local_users_only") == 0) {
+ opts->flags |= FAILLOCK_FLAG_LOCAL_ONLY;
+ }
+ else {
+ pam_syslog(pamh, LOG_ERR, "Unknown option: %s", name);
+ }
+}
+
+static int
+check_local_user (pam_handle_t *pamh, const char *user)
+{
+ struct passwd pw, *pwp;
+ char buf[16384];
+ int found = 0;
+ FILE *fp;
+ int errn;
+
+ fp = fopen(PATH_PASSWD, "r");
+ if (fp == NULL) {
+ pam_syslog(pamh, LOG_ERR, "unable to open %s: %m",
+ PATH_PASSWD);
+ return -1;
+ }
+
+ for (;;) {
+ errn = fgetpwent_r(fp, &pw, buf, sizeof (buf), &pwp);
+ if (errn == ERANGE) {
+ pam_syslog(pamh, LOG_WARNING, "%s contains very long lines; corrupted?",
+ PATH_PASSWD);
+ break;
+ }
+ if (errn != 0)
+ break;
+ if (strcmp(pwp->pw_name, user) == 0) {
+ found = 1;
+ break;
+ }
+ }
+
+ fclose (fp);
+
+ if (errn != 0 && errn != ENOENT) {
+ pam_syslog(pamh, LOG_ERR, "unable to enumerate local accounts: %m");
+ return -1;
+ } else {
+ return found;
+ }
+}
+
+static int
+get_pam_user(pam_handle_t *pamh, struct options *opts)
+{
+ const char *user;
+ int rv;
+ struct passwd *pwd;
+
+ if ((rv=pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
+ return rv == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rv;
+ }
+
+ if (*user == '\0') {
+ return PAM_IGNORE;
+ }
+
+ if ((pwd=pam_modutil_getpwnam(pamh, user)) == NULL) {
+ if (opts->flags & FAILLOCK_FLAG_AUDIT) {
+ pam_syslog(pamh, LOG_NOTICE, "User unknown: %s", user);
+ }
+ else {
+ pam_syslog(pamh, LOG_NOTICE, "User unknown");
+ }
+ return PAM_IGNORE;
+ }
+ opts->user = user;
+ opts->uid = pwd->pw_uid;
+
+ if (pwd->pw_uid == 0) {
+ opts->is_admin = 1;
+ return PAM_SUCCESS;
+ }
+
+ if (opts->admin_group && *opts->admin_group) {
+ opts->is_admin = pam_modutil_user_in_group_uid_nam(pamh,
+ pwd->pw_uid, opts->admin_group);
+ }
+
+ return PAM_SUCCESS;
+}
+
+static int
+check_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+ int tfd;
+ unsigned int i;
+ uint64_t latest_time;
+ int failures;
+
+ opts->now = time(NULL);
+
+ tfd = open_tally(opts->dir, opts->user, opts->uid, 0);
+
+ *fd = tfd;
+
+ if (tfd == -1) {
+ if (errno == EACCES || errno == ENOENT) {
+ return PAM_SUCCESS;
+ }
+ pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ if (read_tally(tfd, tallies) != 0) {
+ pam_syslog(pamh, LOG_ERR, "Error reading the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ if (opts->is_admin && !(opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+ return PAM_SUCCESS;
+ }
+
+ latest_time = 0;
+ for (i = 0; i < tallies->count; i++) {
+ if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+ tallies->records[i].time > latest_time)
+ latest_time = tallies->records[i].time;
+ }
+
+ opts->latest_time = latest_time;
+
+ failures = 0;
+ for (i = 0; i < tallies->count; i++) {
+ if ((tallies->records[i].status & TALLY_STATUS_VALID) &&
+ latest_time - tallies->records[i].time < opts->fail_interval) {
+ ++failures;
+ }
+ }
+
+ opts->failures = failures;
+
+ if (opts->deny && failures >= opts->deny) {
+ if ((!opts->is_admin && opts->unlock_time && latest_time + opts->unlock_time < opts->now) ||
+ (opts->is_admin && opts->root_unlock_time && latest_time + opts->root_unlock_time < opts->now)) {
+#ifdef HAVE_LIBAUDIT
+ if (opts->action != FAILLOCK_ACTION_PREAUTH) { /* do not audit in preauth */
+ char buf[64];
+ int audit_fd;
+ const void *rhost = NULL, *tty = NULL;
+
+ audit_fd = audit_open();
+ /* If there is an error & audit support is in the kernel report error */
+ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT))
+ return PAM_SYSTEM_ERR;
+
+ (void)pam_get_item(pamh, PAM_TTY, &tty);
+ (void)pam_get_item(pamh, PAM_RHOST, &rhost);
+ snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_UNLOCK_TIMED, buf,
+ rhost, NULL, tty, 1);
+ }
+#endif
+ opts->flags |= FAILLOCK_FLAG_UNLOCKED;
+ return PAM_SUCCESS;
+ }
+ return PAM_AUTH_ERR;
+ }
+ return PAM_SUCCESS;
+}
+
+static void
+reset_tally(pam_handle_t *pamh, struct options *opts, int *fd)
+{
+ int rv;
+
+ if (*fd == -1) {
+ *fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+ }
+ else {
+ while ((rv=ftruncate(*fd, 0)) == -1 && errno == EINTR);
+ if (rv == -1) {
+ pam_syslog(pamh, LOG_ERR, "Error clearing the tally file for %s: %m", opts->user);
+ }
+ }
+}
+
+static int
+write_tally(pam_handle_t *pamh, struct options *opts, struct tally_data *tallies, int *fd)
+{
+ struct tally *records;
+ unsigned int i;
+ int failures;
+ unsigned int oldest;
+ uint64_t oldtime;
+ const void *source = NULL;
+
+ if (*fd == -1) {
+ *fd = open_tally(opts->dir, opts->user, opts->uid, 1);
+ }
+ if (*fd == -1) {
+ if (errno == EACCES) {
+ return PAM_SUCCESS;
+ }
+ pam_syslog(pamh, LOG_ERR, "Error opening the tally file for %s: %m", opts->user);
+ return PAM_SYSTEM_ERR;
+ }
+
+ oldtime = 0;
+ oldest = 0;
+ failures = 0;
+
+ for (i = 0; i < tallies->count; ++i) {
+ if (oldtime == 0 || tallies->records[i].time < oldtime) {
+ oldtime = tallies->records[i].time;
+ oldest = i;
+ }
+ if (opts->flags & FAILLOCK_FLAG_UNLOCKED ||
+ opts->now - tallies->records[i].time >= opts->fail_interval ) {
+ tallies->records[i].status &= ~TALLY_STATUS_VALID;
+ } else {
+ ++failures;
+ }
+ }
+
+ if (oldest >= tallies->count || (tallies->records[oldest].status & TALLY_STATUS_VALID)) {
+ oldest = tallies->count;
+
+ if ((records=realloc(tallies->records, (oldest+1) * sizeof (*tallies->records))) == NULL) {
+ pam_syslog(pamh, LOG_CRIT, "Error allocating memory for tally records: %m");
+ return PAM_BUF_ERR;
+ }
+
+ ++tallies->count;
+ tallies->records = records;
+ }
+
+ memset(&tallies->records[oldest], 0, sizeof (*tallies->records));
+
+ tallies->records[oldest].status = TALLY_STATUS_VALID;
+ if (pam_get_item(pamh, PAM_RHOST, &source) != PAM_SUCCESS || source == NULL) {
+ if (pam_get_item(pamh, PAM_TTY, &source) != PAM_SUCCESS || source == NULL) {
+ if (pam_get_item(pamh, PAM_SERVICE, &source) != PAM_SUCCESS || source == NULL) {
+ source = "";
+ }
+ }
+ else {
+ tallies->records[oldest].status |= TALLY_STATUS_TTY;
+ }
+ }
+ else {
+ tallies->records[oldest].status |= TALLY_STATUS_RHOST;
+ }
+
+ strncpy(tallies->records[oldest].source, source, sizeof(tallies->records[oldest].source));
+ /* source does not have to be null terminated */
+
+ tallies->records[oldest].time = opts->now;
+
+ ++failures;
+
+ if (opts->deny && failures == opts->deny) {
+#ifdef HAVE_LIBAUDIT
+ char buf[64];
+ int audit_fd;
+
+ audit_fd = audit_open();
+ /* If there is an error & audit support is in the kernel report error */
+ if ((audit_fd < 0) && !(errno == EINVAL || errno == EPROTONOSUPPORT ||
+ errno == EAFNOSUPPORT))
+ return PAM_SYSTEM_ERR;
+
+ snprintf(buf, sizeof(buf), "pam_faillock uid=%u ", opts->uid);
+ audit_log_user_message(audit_fd, AUDIT_ANOM_LOGIN_FAILURES, buf,
+ NULL, NULL, NULL, 1);
+
+ if (!opts->is_admin || (opts->flags & FAILLOCK_FLAG_DENY_ROOT)) {
+ audit_log_user_message(audit_fd, AUDIT_RESP_ACCT_LOCK, buf,
+ NULL, NULL, NULL, 1);
+ }
+ close(audit_fd);
+#endif
+ if (!(opts->flags & FAILLOCK_FLAG_NO_LOG_INFO)) {
+ pam_syslog(pamh, LOG_INFO, "Consecutive login failures for user %s account temporarily locked",
+ opts->user);
+ }
+ }
+
+ if (update_tally(*fd, tallies) == 0)
+ return PAM_SUCCESS;
+
+ return PAM_SYSTEM_ERR;
+}
+
+static void
+faillock_message(pam_handle_t *pamh, struct options *opts)
+{
+ int64_t left;
+
+ if (!(opts->flags & FAILLOCK_FLAG_SILENT)) {
+ if (opts->is_admin) {
+ left = opts->latest_time + opts->root_unlock_time - opts->now;
+ }
+ else {
+ left = opts->latest_time + opts->unlock_time - opts->now;
+ }
+
+ pam_info(pamh, _("The account is locked due to %u failed logins."),
+ (unsigned int)opts->failures);
+ if (left > 0) {
+ left = (left + 59)/60; /* minutes */
+
+ pam_info(pamh, _("(%d minutes left to unlock)"), (int)left);
+ }
+ }
+}
+
+static void
+tally_cleanup(struct tally_data *tallies, int fd)
+{
+ if (fd != -1) {
+ close(fd);
+ }
+
+ free(tallies->records);
+}
+
+static void
+opts_cleanup(struct options *opts)
+{
+ free(opts->dir);
+ free(opts->admin_group);
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_authenticate(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ struct options opts;
+ int rv, fd = -1;
+ struct tally_data tallies;
+
+ memset(&tallies, 0, sizeof(tallies));
+
+ rv = args_parse(pamh, argc, argv, flags, &opts);
+ if (rv != PAM_SUCCESS)
+ goto err;
+
+ pam_fail_delay(pamh, 2000000); /* 2 sec delay on failure */
+
+ if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+ goto err;
+ }
+
+ if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+ check_local_user (pamh, opts.user) != 0) {
+ switch (opts.action) {
+ case FAILLOCK_ACTION_PREAUTH:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_AUTH_ERR && !(opts.flags & FAILLOCK_FLAG_SILENT)) {
+ faillock_message(pamh, &opts);
+ }
+ break;
+
+ case FAILLOCK_ACTION_AUTHSUCC:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_SUCCESS) {
+ reset_tally(pamh, &opts, &fd);
+ }
+ break;
+
+ case FAILLOCK_ACTION_AUTHFAIL:
+ rv = check_tally(pamh, &opts, &tallies, &fd);
+ if (rv == PAM_SUCCESS) {
+ rv = PAM_IGNORE; /* this return value should be ignored */
+ write_tally(pamh, &opts, &tallies, &fd);
+ }
+ break;
+ }
+ }
+
+ tally_cleanup(&tallies, fd);
+
+err:
+ opts_cleanup(&opts);
+
+ return rv;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_SUCCESS;
+}
+
+/*---------------------------------------------------------------------*/
+
+int
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ struct options opts;
+ int rv, fd = -1;
+ struct tally_data tallies;
+
+ memset(&tallies, 0, sizeof(tallies));
+
+ rv = args_parse(pamh, argc, argv, flags, &opts);
+
+ if (rv != PAM_SUCCESS)
+ goto err;
+
+ opts.action = FAILLOCK_ACTION_AUTHSUCC;
+
+ if ((rv=get_pam_user(pamh, &opts)) != PAM_SUCCESS) {
+ goto err;
+ }
+
+ if (!(opts.flags & FAILLOCK_FLAG_LOCAL_ONLY) ||
+ check_local_user (pamh, opts.user) != 0) {
+ check_tally(pamh, &opts, &tallies, &fd); /* for auditing */
+ reset_tally(pamh, &opts, &fd);
+ }
+
+ tally_cleanup(&tallies, fd);
+
+err:
+ opts_cleanup(&opts);
+
+ return rv;
+}
+
+/*-----------------------------------------------------------------------*/
diff --git a/modules/pam_faillock/tst-pam_faillock b/modules/pam_faillock/tst-pam_faillock
new file mode 100755
index 00000000..ec454c28
--- /dev/null
+++ b/modules/pam_faillock/tst-pam_faillock
@@ -0,0 +1,2 @@
+#!/bin/sh
+../../tests/tst-dlopen .libs/pam_faillock.so
diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am
index 47e9b491..4d75e843 100644
--- a/modules/pam_filter/Makefile.am
+++ b/modules/pam_filter/Makefile.am
@@ -7,15 +7,20 @@ SUBDIRS = upperLOWER
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_filter.8
+if HAVE_DOC
+dist_man_MANS = pam_filter.8
+endif
XMLS = README.xml pam_filter.8.xml
+dist_check_SCRIPTS = tst-pam_filter
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,10 +30,8 @@ include_HEADERS=pam_filter.h
pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la
securelib_LTLIBRARIES = pam_filter.la
-TESTS = tst-pam_filter
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_filter.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_filter/Makefile.in b/modules/pam_filter/Makefile.in
index 0abf4a56..76fc4684 100644
--- a/modules/pam_filter/Makefile.in
+++ b/modules/pam_filter/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -21,7 +21,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -86,9 +96,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_filter
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp $(include_HEADERS) \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -104,6 +111,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(include_HEADERS) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -159,7 +169,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_filter.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -196,8 +207,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
HEADERS = $(include_HEADERS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
@@ -206,7 +218,7 @@ am__recursive_targets = \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
- check recheck distdir
+ check recheck distdir distdir-am
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -403,6 +415,9 @@ TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
DIST_SUBDIRS = $(SUBDIRS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -456,6 +471,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -464,7 +481,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -500,6 +516,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -536,11 +553,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -610,18 +629,21 @@ top_srcdir = @top_srcdir@
SUBDIRS = upperLOWER
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter
-man_MANS = pam_filter.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_filter.8
XMLS = README.xml pam_filter.8.xml
+dist_check_SCRIPTS = tst-pam_filter
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
include_HEADERS = pam_filter.h
pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la
securelib_LTLIBRARIES = pam_filter.la
-TESTS = tst-pam_filter
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-recursive
.SUFFIXES:
@@ -638,14 +660,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_filter/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -701,21 +722,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -729,10 +756,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -767,7 +794,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -923,7 +950,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -1013,7 +1040,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -1023,7 +1050,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1056,7 +1083,10 @@ tst-pam_filter.log: tst-pam_filter
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1112,6 +1142,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-recursive
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS)
@@ -1161,7 +1192,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_filter.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1208,7 +1239,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_filter.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1232,10 +1263,10 @@ uninstall-man: uninstall-man8
.MAKE: $(am__recursive_targets) check-am install-am install-strip
-.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
- check-TESTS check-am clean clean-generic clean-libtool \
- clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
+ am--depfiles check check-TESTS check-am clean clean-generic \
+ clean-libtool clean-securelibLTLIBRARIES cscopelist-am ctags \
+ ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
@@ -1250,7 +1281,8 @@ uninstall-man: uninstall-man8
uninstall-am uninstall-includeHEADERS uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_filter.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_filter/pam_filter.8 b/modules/pam_filter/pam_filter.8
index e4588f68..b4e4104a 100644
--- a/modules/pam_filter/pam_filter.8
+++ b/modules/pam_filter/pam_filter.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_filter
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_FILTER" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FILTER" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c
index 8ab7981a..2f0af4fb 100644
--- a/modules/pam_filter/pam_filter.c
+++ b/modules/pam_filter/pam_filter.c
@@ -1,5 +1,5 @@
/*
- * $Id$
+ * pam_filter module
*
* written by Andrew Morgan <morgan@transmeta.com> with much help from
* Richard Stevens' UNIX Network Programming book.
@@ -25,11 +25,6 @@
#include <signal.h>
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_SESSION
-#define PAM_SM_PASSWORD
-
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#include "pam_filter.h"
@@ -114,38 +109,37 @@ static int process_args(pam_handle_t *pamh
return -1;
}
- for (size=i=0; i<argc; ++i) {
- size += strlen(argv[i])+1;
- }
-
/* the "ARGS" variable */
-#define ARGS_OFFSET 5 /* strlen('ARGS='); */
#define ARGS_NAME "ARGS="
+#define ARGS_OFFSET (sizeof(ARGS_NAME) - 1)
+
+ size = sizeof(ARGS_NAME);
- size += ARGS_OFFSET;
+ for (i=0; i<argc; ++i) {
+ size += strlen(argv[i]) + (i != 0);
+ }
- levp[0] = (char *) malloc(size);
+ levp[0] = malloc(size);
if (levp[0] == NULL) {
pam_syslog(pamh, LOG_CRIT, "no memory for filter arguments");
- if (levp) {
- free(levp);
- }
+ free(levp);
return -1;
}
- strncpy(levp[0],ARGS_NAME,ARGS_OFFSET);
- for (i=0,size=ARGS_OFFSET; i<argc; ++i) {
+ strcpy(levp[0], ARGS_NAME);
+ size = ARGS_OFFSET;
+ for (i=0; i<argc; ++i) {
+ if (i)
+ levp[0][size++] = ' ';
strcpy(levp[0]+size, argv[i]);
size += strlen(argv[i]);
- levp[0][size++] = ' ';
}
- levp[0][--size] = '\0'; /* <NUL> terminate */
/* the "SERVICE" variable */
-#define SERVICE_OFFSET 8 /* strlen('SERVICE='); */
#define SERVICE_NAME "SERVICE="
+#define SERVICE_OFFSET (sizeof(SERVICE_NAME) - 1)
retval = pam_get_item(pamh, PAM_SERVICE, &tmp);
if (retval != PAM_SUCCESS || tmp == NULL) {
@@ -168,17 +162,16 @@ static int process_args(pam_handle_t *pamh
return -1;
}
- strncpy(levp[1],SERVICE_NAME,SERVICE_OFFSET);
+ strcpy(levp[1], SERVICE_NAME);
strcpy(levp[1]+SERVICE_OFFSET, tmp);
levp[1][size] = '\0'; /* <NUL> terminate */
/* the "USER" variable */
-#define USER_OFFSET 5 /* strlen('USER='); */
#define USER_NAME "USER="
+#define USER_OFFSET (sizeof(USER_NAME) - 1)
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS ||
- user == NULL) {
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
user = "<unknown>";
}
size = USER_OFFSET+strlen(user);
@@ -194,14 +187,14 @@ static int process_args(pam_handle_t *pamh
return -1;
}
- strncpy(levp[2],USER_NAME,USER_OFFSET);
+ strcpy(levp[2], USER_NAME);
strcpy(levp[2]+USER_OFFSET, user);
levp[2][size] = '\0'; /* <NUL> terminate */
/* the "USER" variable */
-#define TYPE_OFFSET 5 /* strlen('TYPE='); */
#define TYPE_NAME "TYPE="
+#define TYPE_OFFSET (sizeof(TYPE_NAME) - 1)
size = TYPE_OFFSET+strlen(type);
@@ -217,7 +210,7 @@ static int process_args(pam_handle_t *pamh
return -1;
}
- strncpy(levp[3],TYPE_NAME,TYPE_OFFSET);
+ strcpy(levp[3], TYPE_NAME);
strcpy(levp[3]+TYPE_OFFSET, type);
levp[3][size] = '\0'; /* <NUL> terminate */
@@ -253,7 +246,7 @@ static void free_evp(char *evp[])
static int
set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
- const char **evp, const char *filtername)
+ char * const evp[], const char *filtername)
{
int status=-1;
char* terminal = NULL;
@@ -296,7 +289,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
struct termios t_mode = stored_mode;
t_mode.c_iflag = 0; /* no input control */
- t_mode.c_oflag &= ~OPOST; /* no ouput post processing */
+ t_mode.c_oflag &= ~OPOST; /* no output post processing */
/* no signals, canonical input, echoing, upper/lower output */
#ifdef XCASE
@@ -376,7 +369,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
/* grant slave terminal */
if (grantpt (fd[0]) < 0) {
- pam_syslog(pamh, LOG_ERR, "Cannot grant acccess to slave terminal");
+ pam_syslog(pamh, LOG_ERR, "Cannot grant access to slave terminal");
return PAM_ABORT;
}
@@ -444,7 +437,7 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl,
close(fd[1]);
- /* the current process is now aparently working with filtered
+ /* the current process is now apparently working with filtered
stdio/stdout/stderr --- success! */
return PAM_SUCCESS;
@@ -632,8 +625,7 @@ static int need_a_filter(pam_handle_t *pamh
}
if (retval == PAM_SUCCESS && (ctrl & which_run)) {
- retval = set_filter(pamh, flags, ctrl
- , (const char **)evp, filterfile);
+ retval = set_filter(pamh, flags, ctrl, evp, filterfile);
}
if (retval == PAM_SUCCESS
diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am
index 41f0a349..34391e89 100644
--- a/modules/pam_filter/upperLOWER/Makefile.am
+++ b/modules/pam_filter/upperLOWER/Makefile.am
@@ -8,7 +8,7 @@ securelibfilterdir = $(SECUREDIR)/pam_filter
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -I$(srcdir)/.. @PIE_CFLAGS@
+ -I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
AM_LDFLAGS = @PIE_LDFLAGS@
LDADD = $(top_builddir)/libpam/libpam.la
diff --git a/modules/pam_filter/upperLOWER/Makefile.in b/modules/pam_filter/upperLOWER/Makefile.in
index 361ba7da..4b3d5b6c 100644
--- a/modules/pam_filter/upperLOWER/Makefile.in
+++ b/modules/pam_filter/upperLOWER/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -19,7 +19,17 @@
#
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -84,8 +94,6 @@ build_triplet = @build@
host_triplet = @host@
securelibfilter_PROGRAMS = upperLOWER$(EXEEXT)
subdir = modules/pam_filter/upperLOWER
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -101,6 +109,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -129,7 +138,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/upperLOWER.Po
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -175,6 +185,8 @@ am__define_uniq_tagged_files = \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
+am__DIST_COMMON = $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -203,6 +215,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -211,7 +225,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -247,6 +260,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -283,11 +297,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -357,7 +373,7 @@ top_srcdir = @top_srcdir@
CLEANFILES = *~
securelibfilterdir = $(SECUREDIR)/pam_filter
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -I$(srcdir)/.. @PIE_CFLAGS@
+ -I$(srcdir)/.. @PIE_CFLAGS@ $(WARN_CFLAGS)
AM_LDFLAGS = @PIE_LDFLAGS@
LDADD = $(top_builddir)/libpam/libpam.la
@@ -377,14 +393,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -455,21 +470,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -536,7 +557,10 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -610,7 +634,7 @@ clean-am: clean-generic clean-libtool clean-securelibfilterPROGRAMS \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/upperLOWER.Po
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -656,7 +680,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/upperLOWER.Po
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -677,21 +701,24 @@ uninstall-am: uninstall-securelibfilterPROGRAMS
.MAKE: install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-libtool clean-securelibfilterPROGRAMS cscopelist-am \
- ctags ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-securelibfilterPROGRAMS \
- install-strip installcheck installcheck-am installdirs \
- maintainer-clean maintainer-clean-generic mostlyclean \
- mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
- pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
+ clean-generic clean-libtool clean-securelibfilterPROGRAMS \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am \
+ install-securelibfilterPROGRAMS install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-am uninstall uninstall-am \
uninstall-securelibfilterPROGRAMS
+.PRECIOUS: Makefile
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am
index bbc0a739..abfa98a8 100644
--- a/modules/pam_ftp/Makefile.am
+++ b/modules/pam_ftp/Makefile.am
@@ -5,15 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_ftp.8
+if HAVE_DOC
+dist_man_MANS = pam_ftp.8
+endif
XMLS = README.xml pam_ftp.8.xml
+dist_check_SCRIPTS = tst-pam_ftp
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -22,10 +27,7 @@ endif
securelib_LTLIBRARIES = pam_ftp.la
pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_ftp
-
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_ftp.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_ftp/Makefile.in b/modules/pam_ftp/Makefile.in
index d2a5571c..b9d1b2bb 100644
--- a/modules/pam_ftp/Makefile.in
+++ b/modules/pam_ftp/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_ftp
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_ftp.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp
-man_MANS = pam_ftp.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_ftp.8
XMLS = README.xml pam_ftp.8.xml
+dist_check_SCRIPTS = tst-pam_ftp
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_ftp.la
pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la
-TESTS = tst-pam_ftp
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_ftp/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_ftp/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_ftp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_ftp.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_ftp.log: tst-pam_ftp
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_ftp.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_ftp.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_ftp.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_ftp/pam_ftp.8 b/modules/pam_ftp/pam_ftp.8
index 1d5c9b7b..a7b97ec8 100644
--- a/modules/pam_ftp/pam_ftp.8
+++ b/modules/pam_ftp/pam_ftp.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_ftp
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_FTP" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_FTP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c
index 1c2f1456..b2c32b74 100644
--- a/modules/pam_ftp/pam_ftp.c
+++ b/modules/pam_ftp/pam_ftp.c
@@ -1,10 +1,7 @@
-/* pam_ftp module */
-
/*
- * $Id$
+ * pam_ftp module
*
* Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
- *
*/
#define PLEASE_ENTER_PASSWORD "Password required for %s."
@@ -23,18 +20,10 @@
#include <stdarg.h>
#include <string.h>
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* argument parsing */
@@ -49,18 +38,18 @@ _pam_parse(pam_handle_t *pamh, int argc, const char **argv, const char **users)
/* step through arguments */
for (ctrl=0; argc-- > 0; ++argv) {
+ const char *str;
/* generic options */
if (!strcmp(*argv,"debug"))
ctrl |= PAM_DEBUG_ARG;
- else if (!strncmp(*argv,"users=",6)) {
- *users = 6 + *argv;
- } else if (!strcmp(*argv,"ignore")) {
+ else if (!strcmp(*argv,"ignore"))
ctrl |= PAM_IGNORE_EMAIL;
- } else {
+ else if ((str = pam_str_skip_prefix(*argv, "users=")) != NULL)
+ *users = str;
+ else
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
- }
}
return ctrl;
@@ -122,7 +111,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
const char *users = NULL;
/*
- * this module checks if the user name is ftp or annonymous. If
+ * this module checks if the user name is ftp or anonymous. If
* this is the case, it can set the PAM_RUSER to the entered email
* address and SUCCEEDS, otherwise it FAILS.
*/
@@ -130,8 +119,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
ctrl = _pam_parse(pamh, argc, argv, &users);
retval = pam_get_user(pamh, &user, NULL);
- if (retval != PAM_SUCCESS || user == NULL) {
- pam_syslog(pamh, LOG_ERR, "no user specified");
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name: %s",
+ pam_strerror(pamh, retval));
return PAM_USER_UNKNOWN;
}
@@ -185,7 +175,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
}
}
- /* we are happy to grant annonymous access to the user */
+ /* we are happy to grant anonymous access to the user */
retval = PAM_SUCCESS;
} else {
diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am
index 6c1c5213..a9a0a1ef 100644
--- a/modules/pam_group/Makefile.am
+++ b/modules/pam_group/Makefile.am
@@ -5,16 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group
+EXTRA_DIST = $(XMLS)
-man_MANS = group.conf.5 pam_group.8
+if HAVE_DOC
+dist_man_MANS = group.conf.5 pam_group.8
+endif
XMLS = README.xml group.conf.5.xml pam_group.8.xml
+dist_check_SCRIPTS = tst-pam_group
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\"
+ -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -23,12 +27,9 @@ endif
securelib_LTLIBRARIES = pam_group.la
pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = group.conf
-
-TESTS = tst-pam_group
+dist_secureconf_DATA = group.conf
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_group.8.xml group.conf.5.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_group/Makefile.in b/modules/pam_group/Makefile.in
index 412e59ff..1761ebfd 100644
--- a/modules/pam_group/Makefile.in
+++ b/modules/pam_group/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_group
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_group.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,20 +586,21 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group
-man_MANS = group.conf.5 pam_group.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = group.conf.5 pam_group.8
XMLS = README.xml group.conf.5.xml pam_group.8.xml
+dist_check_SCRIPTS = tst-pam_group
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
- -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\"
+ -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_group.la
pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = group.conf
-TESTS = tst-pam_group
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_secureconf_DATA = group.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -597,14 +617,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_group/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_group/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -660,21 +679,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_group.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_group.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -688,10 +713,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -726,15 +751,15 @@ uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -769,14 +794,14 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -790,9 +815,9 @@ install-secureconfDATA: $(secureconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
done
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
@@ -878,7 +903,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -968,7 +993,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -978,7 +1003,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1011,7 +1036,10 @@ tst-pam_group.log: tst-pam_group
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1042,6 +1070,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1090,7 +1119,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_group.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1107,7 +1136,7 @@ info: info-am
info-am:
-install-data-am: install-man install-secureconfDATA \
+install-data-am: install-dist_secureconfDATA install-man \
install-securelibLTLIBRARIES
install-dvi: install-dvi-am
@@ -1137,7 +1166,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_group.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1154,32 +1183,33 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
uninstall-securelibLTLIBRARIES
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man5 \
- install-man8 install-pdf install-pdf-am install-ps \
- install-ps-am install-secureconfDATA \
- install-securelibLTLIBRARIES install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dist_secureconfDATA install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-securelibLTLIBRARIES \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am recheck tags tags-am uninstall \
+ uninstall-am uninstall-dist_secureconfDATA uninstall-man \
+ uninstall-man5 uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_group.8.xml group.conf.5.xml
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_group/group.conf.5 b/modules/pam_group/group.conf.5
index 933a22ec..8e359a78 100644
--- a/modules/pam_group/group.conf.5
+++ b/modules/pam_group/group.conf.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: group.conf
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "GROUP\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "GROUP\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -53,6 +53,8 @@ The third field, the
\fIusers\fR
field, is a logic list of users, or a UNIX group, or a netgroup of users to whom this rule applies\&. Group names are preceded by a \*(Aq%\*(Aq symbol, while netgroup names are preceded by a \*(Aq@\*(Aq symbol\&.
.PP
+A logic list namely means individual tokens that are optionally prefixed with \*(Aq!\*(Aq (logical not) and separated with \*(Aq&\*(Aq (logical and) and \*(Aq|\*(Aq (logical or)\&.
+.PP
For these items the simple wildcard \*(Aq*\*(Aq may be used only once\&. With UNIX groups or netgroups no wildcards or logic operators are allowed\&.
.PP
The
diff --git a/modules/pam_group/group.conf.5.xml b/modules/pam_group/group.conf.5.xml
index fc5370f5..2b7fb345 100644
--- a/modules/pam_group/group.conf.5.xml
+++ b/modules/pam_group/group.conf.5.xml
@@ -58,6 +58,12 @@
</para>
<para>
+ A logic list namely means individual tokens that are optionally prefixed
+ with '!' (logical not) and separated with '&amp;' (logical and) and '|'
+ (logical or).
+ </para>
+
+ <para>
For these items the simple wildcard '*' may be used only once.
With UNIX groups or netgroups no wildcards or logic operators
are allowed.
diff --git a/modules/pam_group/pam_group.8 b/modules/pam_group/pam_group.8
index 804c921a..94b4afb0 100644
--- a/modules/pam_group/pam_group.8
+++ b/modules/pam_group/pam_group.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_group
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_GROUP" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_GROUP" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c
index 8cd178c0..d9a35ea6 100644
--- a/modules/pam_group/pam_group.c
+++ b/modules/pam_group/pam_group.c
@@ -1,6 +1,6 @@
-/* pam_group module */
-
/*
+ * pam_group module
+ *
* Written by Andrew Morgan <morgan@linux.kernel.org> 1996/7/6
* Field parsing rewritten by Tomas Mraz <tm@t8m.info>
*/
@@ -35,15 +35,6 @@
typedef enum { AND, OR } operator;
-/*
- * here, we make definitions for the externally accessible functions
- * in this file (these definitions are required for static modules
- * but strongly encouraged generally) they are used to instruct the
- * modules include file to define their prototypes.
- */
-
-#define PAM_SM_AUTH
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
@@ -183,6 +174,7 @@ read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state)
++src; /* skip it */
break;
}
+ /* fallthrough */
default:
*to++ = c;
onspace = 0;
@@ -297,6 +289,7 @@ logic_field (const pam_handle_t *pamh, const void *me,
return FALSE;
}
next = VAL;
+ not = FALSE;
}
at += l;
}
@@ -778,9 +771,8 @@ pam_sm_setcred (pam_handle_t *pamh, int flags,
/* set username */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
- || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || *user == '\0') {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am
index 92917398..1b26c31e 100644
--- a/modules/pam_issue/Makefile.am
+++ b/modules/pam_issue/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_issue.8
+if HAVE_DOC
+dist_man_MANS = pam_issue.8
+endif
XMLS = README.xml pam_issue.8.xml
-
-TESTS = tst-pam_issue
+dist_check_SCRIPTS = tst-pam_issue
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_issue.la
pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_issue.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_issue/Makefile.in b/modules/pam_issue/Makefile.in
index c718cc28..ea74d07e 100644
--- a/modules/pam_issue/Makefile.in
+++ b/modules/pam_issue/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_issue
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_issue.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue
-man_MANS = pam_issue.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_issue.8
XMLS = README.xml pam_issue.8.xml
-TESTS = tst-pam_issue
+dist_check_SCRIPTS = tst-pam_issue
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_issue.la
pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_issue/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_issue/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_issue.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_issue.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_issue.log: tst-pam_issue
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_issue.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_issue.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_issue.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_issue/pam_issue.8 b/modules/pam_issue/pam_issue.8
index 5d61a643..abe2585f 100644
--- a/modules/pam_issue/pam_issue.8
+++ b/modules/pam_issue/pam_issue.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_issue
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_ISSUE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_ISSUE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c
index 5fa21c37..5b6a4669 100644
--- a/modules/pam_issue/pam_issue.c
+++ b/modules/pam_issue/pam_issue.c
@@ -1,4 +1,5 @@
-/* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT
+/*
+ * pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT
*
* Copyright 1999 by Ben Collins <bcollins@debian.org>
*
@@ -22,18 +23,16 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
-#include <string.h>
#include <unistd.h>
#include <sys/utsname.h>
#include <utmp.h>
#include <time.h>
#include <syslog.h>
-#define PAM_SM_AUTH
-
#include <security/_pam_macros.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
static int _user_prompt_set = 0;
@@ -58,13 +57,15 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
if(_user_prompt_set)
return PAM_IGNORE;
- /* We set this here so if we fail below, we wont get further
+ /* We set this here so if we fail below, we won't get further
than this next time around (only one real failure) */
_user_prompt_set = 1;
for ( ; argc-- > 0 ; ++argv ) {
- if (!strncmp(*argv,"issue=",6)) {
- issue_file = 6 + *argv;
+ const char *str;
+
+ if ((str = pam_str_skip_prefix(*argv, "issue=")) != NULL) {
+ issue_file = str;
D(("set issue_file to: %s", issue_file));
} else if (!strcmp(*argv,"noesc")) {
parse_esc = 0;
@@ -161,6 +162,7 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
{
int c;
size_t size = 1024;
+ size_t issue_len = 0;
char *issue;
struct utsname uts;
@@ -171,41 +173,42 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
return PAM_BUF_ERR;
}
- issue[0] = '\0';
(void) uname(&uts);
while ((c = getc(fp)) != EOF) {
- char buf[1024];
+ const char *src = NULL;
+ size_t len = 0;
+ char buf[1024] = "";
- buf[0] = '\0';
if (c == '\\') {
if ((c = getc(fp)) == EOF)
break;
switch (c) {
case 's':
- strncat(buf, uts.sysname, sizeof(buf) - 1);
+ src = uts.sysname;
+ len = strnlen(uts.sysname, sizeof(uts.sysname));
break;
case 'n':
- strncat(buf, uts.nodename, sizeof(buf) - 1);
+ src = uts.nodename;
+ len = strnlen(uts.nodename, sizeof(uts.nodename));
break;
case 'r':
- strncat(buf, uts.release, sizeof(buf) - 1);
+ src = uts.release;
+ len = strnlen(uts.release, sizeof(uts.release));
break;
case 'v':
- strncat(buf, uts.version, sizeof(buf) - 1);
+ src = uts.version;
+ len = strnlen(uts.version, sizeof(uts.version));
break;
case 'm':
- strncat(buf, uts.machine, sizeof(buf) - 1);
+ src = uts.machine;
+ len = strnlen(uts.machine, sizeof(uts.machine));
break;
case 'o':
- {
- char domainname[256];
-
- if (getdomainname(domainname, sizeof(domainname)) >= 0) {
- domainname[sizeof(domainname)-1] = '\0';
- strncat(buf, domainname, sizeof(buf) - 1);
- }
- }
+#ifdef HAVE_GETDOMAINNAME
+ if (getdomainname(buf, sizeof(buf)) >= 0)
+ buf[sizeof(buf) - 1] = '\0';
+#endif
break;
case 'd':
case 't':
@@ -234,11 +237,13 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
break;
case 'l':
{
- char *ttyn = ttyname(1);
+ const char *ttyn = ttyname(1);
if (ttyn) {
- if (!strncmp(ttyn, "/dev/", 5))
- ttyn += 5;
- strncat(buf, ttyn, sizeof(buf) - 1);
+ const char *str = pam_str_skip_prefix(ttyn, "/dev/");
+ if (str != NULL)
+ ttyn = str;
+ src = ttyn;
+ len = strlen(ttyn);
}
}
break;
@@ -267,20 +272,27 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt)
buf[0] = c; buf[1] = '\0';
}
- if ((strlen(issue) + strlen(buf)) + 1 > size) {
+ if (src == NULL) {
+ src = buf;
+ len = strlen(buf);
+ }
+ if (issue_len + len + 1 > size) {
char *new_issue;
- size += strlen(buf) + 1;
- new_issue = (char *) realloc (issue, size);
+ size += len + 1;
+ new_issue = realloc (issue, size);
if (new_issue == NULL) {
_pam_drop(issue);
return PAM_BUF_ERR;
}
issue = new_issue;
}
- strcat(issue, buf);
+ memcpy(issue + issue_len, src, len);
+ issue_len += len;
}
+ issue[issue_len] = '\0';
+
if (ferror(fp)) {
pam_syslog(pamh, LOG_ERR, "read error: %m");
_pam_drop(issue);
diff --git a/modules/pam_keyinit/Makefile.am b/modules/pam_keyinit/Makefile.am
index 5e8657c6..e1953312 100644
--- a/modules/pam_keyinit/Makefile.am
+++ b/modules/pam_keyinit/Makefile.am
@@ -5,30 +5,29 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit
-XMLS = README.xml pam_keyinit.8.xml
-
-if HAVE_KEY_MANAGEMENT
- man_MANS = pam_keyinit.8
- TESTS = tst-pam_keyinit
-endif
+EXTRA_DIST = $(XMLS)
-if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_keyinit.8.xml
--include $(top_srcdir)/Make.xml.rules
+if HAVE_DOC
+dist_man_MANS = pam_keyinit.8
endif
+XMLS = README.xml pam_keyinit.8.xml
+dist_check_SCRIPTS = tst-pam_keyinit
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
endif
-if HAVE_KEY_MANAGEMENT
- securelib_LTLIBRARIES = pam_keyinit.la
-endif
+securelib_LTLIBRARIES = pam_keyinit.la
pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+
+if ENABLE_REGENERATE_MAN
+dist_noinst_DATA = README
+-include $(top_srcdir)/Make.xml.rules
+endif
diff --git a/modules/pam_keyinit/Makefile.in b/modules/pam_keyinit/Makefile.in
index 194ed241..a1a11625 100644
--- a/modules/pam_keyinit/Makefile.in
+++ b/modules/pam_keyinit/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_keyinit
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -143,8 +152,6 @@ AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-@HAVE_KEY_MANAGEMENT_TRUE@am_pam_keyinit_la_rpath = -rpath \
-@HAVE_KEY_MANAGEMENT_TRUE@ $(securelibdir)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -159,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_keyinit.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -386,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -414,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -422,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -494,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_keyinit.8
XMLS = README.xml pam_keyinit.8.xml
-@HAVE_KEY_MANAGEMENT_TRUE@man_MANS = pam_keyinit.8
-@HAVE_KEY_MANAGEMENT_TRUE@TESTS = tst-pam_keyinit
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_check_SCRIPTS = tst-pam_keyinit
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
-@HAVE_KEY_MANAGEMENT_TRUE@securelib_LTLIBRARIES = pam_keyinit.la
+securelib_LTLIBRARIES = pam_keyinit.la
pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -594,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_keyinit/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_keyinit/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -649,7 +667,7 @@ clean-securelibLTLIBRARIES:
}
pam_keyinit.la: $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_DEPENDENCIES) $(EXTRA_pam_keyinit_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) $(am_pam_keyinit_la_rpath) $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_LIBADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) -rpath $(securelibdir) $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -657,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_keyinit.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_keyinit.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -685,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -723,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -811,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -901,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -911,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -944,7 +968,10 @@ tst-pam_keyinit.log: tst-pam_keyinit
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -975,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1023,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_keyinit.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1069,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_keyinit.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1092,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1108,7 +1137,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_keyinit.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_keyinit/README b/modules/pam_keyinit/README
index 38344d9a..fa503700 100644
--- a/modules/pam_keyinit/README
+++ b/modules/pam_keyinit/README
@@ -7,16 +7,18 @@ DESCRIPTION
The pam_keyinit PAM module ensures that the invoking process has a session
keyring other than the user default session keyring.
-The session component of the module checks to see if the process's session
-keyring is the user default, and, if it is, creates a new anonymous session
-keyring with which to replace it.
-
-If a new session keyring is created, it will install a link to the user common
-keyring in the session keyring so that keys common to the user will be
-automatically accessible through it.
-
-The session keyring of the invoking process will thenceforth be inherited by
-all its children unless they override it.
+The module checks to see if the process's session keyring is the
+user-session-keyring(7), and, if it is, creates a new session-keyring(7) with
+which to replace it. If a new session keyring is created, it will install a
+link to the user-keyring(7) in the session keyring so that keys common to the
+user will be automatically accessible through it. The session keyring of the
+invoking process will thenceforth be inherited by all its children unless they
+override it.
+
+In order to allow other PAM modules to attach tokens to the keyring, this
+module provides both an auth (limited to pam_setcred(3) and a session
+component. The session keyring is created in the module called. Moreover this
+module should be included as early as possible in a PAM configuration.
This module is intended primarily for use by login processes. Be aware that
after the session keyring has been replaced, the old session keyring and the
@@ -26,9 +28,6 @@ This module should not, generally, be invoked by programs like su, since it is
usually desirable for the key set to percolate through to the alternate
context. The keys have their own permissions system to manage this.
-This module should be included as early as possible in a PAM configuration, so
-that other PAM modules can attach tokens to the keyring.
-
The keyutils package is used to manipulate keys more directly. This can be
obtained from:
diff --git a/modules/pam_keyinit/pam_keyinit.8 b/modules/pam_keyinit/pam_keyinit.8
index 4dfbffbc..814008c3 100644
--- a/modules/pam_keyinit/pam_keyinit.8
+++ b/modules/pam_keyinit/pam_keyinit.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_keyinit
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_KEYINIT" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_KEYINIT" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -36,19 +36,26 @@ pam_keyinit \- Kernel session keyring initialiser module
.PP
The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&.
.PP
-The session component of the module checks to see if the process\*(Aqs session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&.
-.PP
-If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&.
-.PP
-The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&.
+The module checks to see if the process\*(Aqs session keyring is the
+\fBuser-session-keyring\fR(7), and, if it is, creates a new
+\fBsession-keyring\fR(7)
+with which to replace it\&. If a new session keyring is created, it will install a link to the
+\fBuser-keyring\fR(7)
+in the session keyring so that keys common to the user will be automatically accessible through it\&. The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&.
+.PP
+In order to allow other PAM modules to attach tokens to the keyring, this module provides both an
+\fIauth\fR
+(limited to
+\fBpam_setcred\fR(3)
+and a
+\fIsession\fR
+component\&. The session keyring is created in the module called\&. Moreover this module should be included as early as possible in a PAM configuration\&.
.PP
This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&.
.PP
This module should not, generally, be invoked by programs like
\fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&.
.PP
-This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&.
-.PP
The keyutils package is used to manipulate keys more directly\&. This can be obtained from:
.PP
\m[blue]\fBKeyutils\fR\m[]\&\s-2\u[1]\d\s+2
@@ -130,7 +137,8 @@ This will prevent keys from one session leaking into another session for the sam
.PP
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
-\fBpam\fR(8)\fBkeyctl\fR(1)
+\fBpam\fR(8),
+\fBkeyctl\fR(1)
.SH "AUTHOR"
.PP
pam_keyinit was written by David Howells, <dhowells@redhat\&.com>\&.
diff --git a/modules/pam_keyinit/pam_keyinit.8.xml b/modules/pam_keyinit/pam_keyinit.8.xml
index bcc50964..ff1e7d00 100644
--- a/modules/pam_keyinit/pam_keyinit.8.xml
+++ b/modules/pam_keyinit/pam_keyinit.8.xml
@@ -37,18 +37,32 @@
session keyring other than the user default session keyring.
</para>
<para>
- The session component of the module checks to see if the process's
- session keyring is the user default, and, if it is, creates a new
- anonymous session keyring with which to replace it.
- </para>
- <para>
- If a new session keyring is created, it will install a link to the user
- common keyring in the session keyring so that keys common to the user
- will be automatically accessible through it.
+ The module checks to see if the process's session keyring is the
+ <citerefentry>
+ <refentrytitle>user-session-keyring</refentrytitle><manvolnum>7</manvolnum>
+ </citerefentry>,
+ and, if it is, creates a new
+ <citerefentry>
+ <refentrytitle>session-keyring</refentrytitle><manvolnum>7</manvolnum>
+ </citerefentry>
+ with which to replace it. If a new session keyring is created, it will
+ install a link to the
+ <citerefentry>
+ <refentrytitle>user-keyring</refentrytitle><manvolnum>7</manvolnum>
+ </citerefentry>
+ in the session keyring so that keys common to the user will be
+ automatically accessible through it. The session keyring of the invoking
+ process will thenceforth be inherited by all its children unless they override it.
</para>
<para>
- The session keyring of the invoking process will thenceforth be inherited
- by all its children unless they override it.
+ In order to allow other PAM modules to attach tokens to the keyring, this module
+ provides both an <emphasis>auth</emphasis> (limited to
+ <citerefentry>
+ <refentrytitle>pam_setcred</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>
+ and a <emphasis>session</emphasis> component. The session keyring is created
+ in the module called. Moreover this module should be included as early as
+ possible in a PAM configuration.
</para>
<para>
This module is intended primarily for use by login processes. Be aware
@@ -62,11 +76,6 @@
their own permissions system to manage this.
</para>
<para>
- This module should be included as early as possible in a PAM
- configuration, so that other PAM modules can attach tokens to the
- keyring.
- </para>
- <para>
The keyutils package is used to manipulate keys more directly. This
can be obtained from:
</para>
@@ -224,7 +233,7 @@ session required pam_keyinit.so
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
+ </citerefentry>,
<citerefentry>
<refentrytitle>keyctl</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>
diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c
index b2fa5d95..92e4953b 100644
--- a/modules/pam_keyinit/pam_keyinit.c
+++ b/modules/pam_keyinit/pam_keyinit.c
@@ -1,4 +1,5 @@
-/* pam_keyinit.c: Initialise the session keyring on login through a PAM module
+/*
+ * pam_keyinit: Initialise the session keyring on login through a PAM module
*
* Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
@@ -30,11 +31,11 @@
#define KEYCTL_REVOKE 3 /* revoke a key */
#define KEYCTL_LINK 8 /* link a key into a keyring */
-static int my_session_keyring;
-static int session_counter;
-static int do_revoke;
-static int revoke_as_uid;
-static int revoke_as_gid;
+static int my_session_keyring = 0;
+static int session_counter = 0;
+static int do_revoke = 0;
+static uid_t revoke_as_uid;
+static gid_t revoke_as_gid;
static int xdebug = 0;
static void debug(pam_handle_t *pamh, const char *fmt, ...)
@@ -51,24 +52,22 @@ static void debug(pam_handle_t *pamh, const char *fmt, ...)
}
}
-static int error(pam_handle_t *pamh, const char *fmt, ...)
+static void error(pam_handle_t *pamh, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
-static int error(pam_handle_t *pamh, const char *fmt, ...)
+static void error(pam_handle_t *pamh, const char *fmt, ...)
{
va_list va;
va_start(va, fmt);
pam_vsyslog(pamh, LOG_ERR, fmt, va);
va_end(va);
-
- return PAM_SESSION_ERR;
}
/*
* initialise the session keyring for this process
*/
-static int init_keyrings(pam_handle_t *pamh, int force)
+static int init_keyrings(pam_handle_t *pamh, int force, int error_ret)
{
int session, usession, ret;
@@ -85,7 +84,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
* installed */
if (errno == ENOSYS)
return PAM_SUCCESS;
- return PAM_SESSION_ERR;
+ return error_ret;
}
usession = syscall(__NR_keyctl,
@@ -94,7 +93,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
0);
debug(pamh, "GET SESSION = %d", usession);
if (usession < 0)
- return PAM_SESSION_ERR;
+ return error_ret;
/* if the user session keyring is our keyring, then we don't
* need to do anything if we're not forcing */
@@ -108,7 +107,7 @@ static int init_keyrings(pam_handle_t *pamh, int force)
NULL);
debug(pamh, "JOIN = %d", ret);
if (ret < 0)
- return PAM_SESSION_ERR;
+ return error_ret;
my_session_keyring = ret;
@@ -118,15 +117,17 @@ static int init_keyrings(pam_handle_t *pamh, int force)
KEY_SPEC_USER_KEYRING,
KEY_SPEC_SESSION_KEYRING);
- return ret < 0 ? PAM_SESSION_ERR : PAM_SUCCESS;
+ return ret < 0 ? error_ret : PAM_SUCCESS;
}
/*
* revoke the session keyring for this process
*/
-static void kill_keyrings(pam_handle_t *pamh)
+static int kill_keyrings(pam_handle_t *pamh, int error_ret)
{
- int old_uid, old_gid;
+ uid_t old_uid;
+ gid_t old_gid;
+ int ret = PAM_SUCCESS;
/* revoke the session keyring we created earlier */
if (my_session_keyring > 0) {
@@ -139,38 +140,45 @@ static void kill_keyrings(pam_handle_t *pamh)
/* switch to the real UID and GID so that we have permission to
* revoke the key */
- if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0)
- error(pamh, "Unable to change GID to %d temporarily\n",
- revoke_as_gid);
+ if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) {
+ error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid);
+ return error_ret;
+ }
- if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0)
- error(pamh, "Unable to change UID to %d temporarily\n",
- revoke_as_uid);
+ if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0) {
+ error(pamh, "Unable to change UID to %d temporarily\n", revoke_as_uid);
+ if (getegid() != old_gid && setregid(-1, old_gid) < 0)
+ error(pamh, "Unable to change GID back to %d\n", old_gid);
+ return error_ret;
+ }
- syscall(__NR_keyctl,
- KEYCTL_REVOKE,
- my_session_keyring);
+ if (syscall(__NR_keyctl, KEYCTL_REVOKE, my_session_keyring) < 0) {
+ ret = error_ret;
+ }
- /* return to the orignal UID and GID (probably root) */
- if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0)
+ /* return to the original UID and GID (probably root) */
+ if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0) {
error(pamh, "Unable to change UID back to %d\n", old_uid);
+ ret = error_ret;
+ }
- if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0)
+ if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0) {
error(pamh, "Unable to change GID back to %d\n", old_gid);
+ ret = error_ret;
+ }
my_session_keyring = 0;
}
+ return ret;
}
-/*
- * open a PAM session by making sure there's a session keyring
- */
-int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
- int argc, const char **argv)
+static int do_keyinit(pam_handle_t *pamh, int argc, const char **argv, int error_ret)
{
struct passwd *pw;
const char *username;
- int ret, old_uid, uid, old_gid, gid, loop, force = 0;
+ int ret, loop, force = 0;
+ uid_t old_uid, uid;
+ gid_t old_gid, gid;
for (loop = 0; loop < argc; loop++) {
if (strcmp(argv[loop], "force") == 0)
@@ -184,10 +192,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
/* don't do anything if already created a keyring (will be called
* multiple times if mentioned more than once in a pam script)
*/
- session_counter++;
-
- debug(pamh, "OPEN %d", session_counter);
-
if (my_session_keyring > 0)
return PAM_SUCCESS;
@@ -198,7 +202,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
pw = pam_modutil_getpwnam(pamh, username);
if (!pw) {
- error(pamh, "Unable to look up user \"%s\"\n", username);
+ pam_syslog(pamh, LOG_NOTICE, "Unable to look up user \"%s\"\n",
+ username);
return PAM_USER_UNKNOWN;
}
@@ -212,29 +217,70 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
* the right user */
if (gid != old_gid && setregid(gid, -1) < 0) {
error(pamh, "Unable to change GID to %d temporarily\n", gid);
- return PAM_SESSION_ERR;
+ return error_ret;
}
if (uid != old_uid && setreuid(uid, -1) < 0) {
error(pamh, "Unable to change UID to %d temporarily\n", uid);
if (setregid(old_gid, -1) < 0)
error(pamh, "Unable to change GID back to %d\n", old_gid);
- return PAM_SESSION_ERR;
+ return error_ret;
}
- ret = init_keyrings(pamh, force);
+ ret = init_keyrings(pamh, force, error_ret);
- /* return to the orignal UID and GID (probably root) */
- if (uid != old_uid && setreuid(old_uid, -1) < 0)
- ret = error(pamh, "Unable to change UID back to %d\n", old_uid);
+ /* return to the original UID and GID (probably root) */
+ if (uid != old_uid && setreuid(old_uid, -1) < 0) {
+ error(pamh, "Unable to change UID back to %d\n", old_uid);
+ ret = error_ret;
+ }
- if (gid != old_gid && setregid(old_gid, -1) < 0)
- ret = error(pamh, "Unable to change GID back to %d\n", old_gid);
+ if (gid != old_gid && setregid(old_gid, -1) < 0) {
+ error(pamh, "Unable to change GID back to %d\n", old_gid);
+ ret = error_ret;
+ }
return ret;
}
/*
+ * Dummy
+ */
+int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED,
+ int argc UNUSED, const char **argv UNUSED)
+{
+ return PAM_IGNORE;
+}
+
+/*
+ * since setcred and open_session are called in different orders, a
+ * session ring is invoked by the first of these functions called.
+ */
+int pam_sm_setcred(pam_handle_t *pamh, int flags,
+ int argc, const char **argv)
+{
+ if (flags & PAM_ESTABLISH_CRED) {
+ debug(pamh, "ESTABLISH_CRED");
+ return do_keyinit(pamh, argc, argv, PAM_CRED_ERR);
+ }
+ if (flags & PAM_DELETE_CRED && my_session_keyring > 0 && do_revoke) {
+ debug(pamh, "DELETE_CRED");
+ return kill_keyrings(pamh, PAM_CRED_ERR);
+ }
+ return PAM_IGNORE;
+}
+
+int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
+ int argc, const char **argv)
+{
+ session_counter++;
+
+ debug(pamh, "OPEN %d", session_counter);
+
+ return do_keyinit(pamh, argc, argv, PAM_SESSION_ERR);
+}
+
+/*
* close a PAM session by revoking the session keyring if requested
*/
int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
@@ -245,8 +291,8 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED,
session_counter--;
- if (session_counter == 0 && my_session_keyring > 0 && do_revoke)
- kill_keyrings(pamh);
+ if (session_counter <= 0 && my_session_keyring > 0 && do_revoke)
+ kill_keyrings(pamh, PAM_SESSION_ERR);
return PAM_SUCCESS;
}
diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am
index 1c639327..dc0c7c4c 100644
--- a/modules/pam_lastlog/Makefile.am
+++ b/modules/pam_lastlog/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-securelibdir = $(SECUREDIR)
-secureconfdir = $(SCONFIGDIR)
-
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_lastlog.8
+if HAVE_DOC
+dist_man_MANS = pam_lastlog.8
+endif
XMLS = README.xml pam_lastlog.8.xml
+dist_check_SCRIPTS = tst-pam_lastlog
+TESTS = $(dist_check_SCRIPTS)
-TESTS = tst-pam_lastlog
+securelibdir = $(SECUREDIR)
+secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_lastlog.la
pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_lastlog.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_lastlog/Makefile.in b/modules/pam_lastlog/Makefile.in
index 5eafdf8d..85de1bb0 100644
--- a/modules/pam_lastlog/Makefile.in
+++ b/modules/pam_lastlog/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_lastlog
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_lastlog.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_lastlog.8
+XMLS = README.xml pam_lastlog.8.xml
+dist_check_SCRIPTS = tst-pam_lastlog
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog
-man_MANS = pam_lastlog.8
-XMLS = README.xml pam_lastlog.8.xml
-TESTS = tst-pam_lastlog
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_lastlog.la
pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_lastlog/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_lastlog/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_lastlog.log: tst-pam_lastlog
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_lastlog.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_lastlog.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_lastlog.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_lastlog/README b/modules/pam_lastlog/README
index 38a3065a..c0feca04 100644
--- a/modules/pam_lastlog/README
+++ b/modules/pam_lastlog/README
@@ -11,9 +11,14 @@ login of the user. In addition, the module maintains the /var/log/lastlog file.
Some applications may perform this function themselves. In such cases, this
module is not necessary.
+The module checks LASTLOG_UID_MAX option in /etc/login.defs and does not update
+or display last login records for users with UID higher than its value. If the
+option is not present or its value is invalid, no user ID limit is applied.
+
If the module is called in the auth or account phase, the accounts that were
not used recently enough will be disallowed to log in. The check is not
-performed for the root account so the root is never locked out.
+performed for the root account so the root is never locked out. It is also not
+performed for users with UID higher than the LASTLOG_UID_MAX value.
OPTIONS
@@ -24,7 +29,7 @@ debug
silent
Don't inform the user about any previous login, just update the /var/log/
- lastlog file.
+ lastlog file. This option does not affect display of bad login attempts.
never
@@ -63,6 +68,12 @@ inactive=<days>
number of days after the last login of the user when the user will be
locked out by the module. The default value is 90.
+unlimited
+
+ If the fsize limit is set, this option can be used to override it,
+ preventing failures on systems with large UID values that lead lastlog to
+ become a huge sparse file.
+
EXAMPLES
Add the following line to /etc/pam.d/login to display the last login time of an
diff --git a/modules/pam_lastlog/pam_lastlog.8 b/modules/pam_lastlog/pam_lastlog.8
index 738bd1eb..f21038e7 100644
--- a/modules/pam_lastlog/pam_lastlog.8
+++ b/modules/pam_lastlog/pam_lastlog.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_lastlog
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_LASTLOG" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LASTLOG" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -31,7 +31,7 @@
pam_lastlog \- PAM module to display date of last login and perform inactive account lock out
.SH "SYNOPSIS"
.HP \w'\fBpam_lastlog\&.so\fR\ 'u
-\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>]
+\fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=<days>] [unlimited]
.SH "DESCRIPTION"
.PP
pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the
@@ -40,7 +40,15 @@ file\&.
.PP
Some applications may perform this function themselves\&. In such cases, this module is not necessary\&.
.PP
-If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&.
+The module checks
+\fBLASTLOG_UID_MAX\fR
+option in
+/etc/login\&.defs
+and does not update or display last login records for users with UID higher than its value\&. If the option is not present or its value is invalid, no user ID limit is applied\&.
+.PP
+If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. It is also not performed for users with UID higher than the
+\fBLASTLOG_UID_MAX\fR
+value\&.
.SH "OPTIONS"
.PP
\fBdebug\fR
@@ -52,7 +60,7 @@ Print debug information\&.
.RS 4
Don\*(Aqt inform the user about any previous login, just update the
/var/log/lastlog
-file\&.
+file\&. This option does not affect display of bad login attempts\&.
.RE
.PP
\fBnever\fR
@@ -98,13 +106,20 @@ is specified\&.
.RS 4
This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&.
.RE
+.PP
+\fBunlimited\fR
+.RS 4
+If the
+\fIfsize\fR
+limit is set, this option can be used to override it, preventing failures on systems with large UID values that lead lastlog to become a huge sparse file\&.
+.RE
.SH "MODULE TYPES PROVIDED"
.PP
The
\fBauth\fR
and
\fBaccount\fR
-module type allows to lock out users which did not login recently enough\&. The
+module type allows one to lock out users who did not login recently enough\&. The
\fBsession\fR
module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files\&.
.SH "RETURN VALUES"
@@ -171,6 +186,7 @@ Lastlog logging file
.RE
.SH "SEE ALSO"
.PP
+\fBlimits.conf\fR(5),
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
\fBpam\fR(8)
diff --git a/modules/pam_lastlog/pam_lastlog.8.xml b/modules/pam_lastlog/pam_lastlog.8.xml
index 77da9dbc..a2f14fc2 100644
--- a/modules/pam_lastlog/pam_lastlog.8.xml
+++ b/modules/pam_lastlog/pam_lastlog.8.xml
@@ -48,6 +48,9 @@
<arg choice="opt">
inactive=&lt;days&gt;
</arg>
+ <arg choice="opt">
+ unlimited
+ </arg>
</cmdsynopsis>
</refsynopsisdiv>
@@ -65,10 +68,18 @@
cases, this module is not necessary.
</para>
<para>
+ The module checks <option>LASTLOG_UID_MAX</option> option in
+ <filename>/etc/login.defs</filename> and does not update or display
+ last login records for users with UID higher than its value.
+ If the option is not present or its value is invalid, no user ID
+ limit is applied.
+ </para>
+ <para>
If the module is called in the auth or account phase, the accounts that
were not used recently enough will be disallowed to log in. The
check is not performed for the root account so the root is never
- locked out.
+ locked out. It is also not performed for users with UID higher
+ than the <option>LASTLOG_UID_MAX</option> value.
</para>
</refsect1>
@@ -94,6 +105,7 @@
<para>
Don't inform the user about any previous login,
just update the <filename>/var/log/lastlog</filename> file.
+ This option does not affect display of bad login attempts.
</para>
</listitem>
</varlistentry>
@@ -187,6 +199,18 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>unlimited</option>
+ </term>
+ <listitem>
+ <para>
+ If the <emphasis>fsize</emphasis> limit is set, this option can be
+ used to override it, preventing failures on systems with large UID
+ values that lead lastlog to become a huge sparse file.
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
@@ -194,7 +218,7 @@
<title>MODULE TYPES PROVIDED</title>
<para>
The <option>auth</option> and <option>account</option> module type
- allows to lock out users which did not login recently enough.
+ allows one to lock out users who did not login recently enough.
The <option>session</option> module type is provided for displaying
the information about the last login and/or updating the lastlog and
wtmp files.
@@ -292,6 +316,9 @@
<title>SEE ALSO</title>
<para>
<citerefentry>
+ <refentrytitle>limits.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c
index 1a796b99..abd048df 100644
--- a/modules/pam_lastlog/pam_lastlog.c
+++ b/modules/pam_lastlog/pam_lastlog.c
@@ -1,6 +1,6 @@
-/* pam_lastlog module */
-
/*
+ * pam_lastlog module
+ *
* Written by Andrew Morgan <morgan@linux.kernel.org> 1996/3/11
*
* This module does the necessary work to display the last login
@@ -20,10 +20,13 @@
#endif
#include <pwd.h>
#include <stdlib.h>
+#include <ctype.h>
#include <stdarg.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <syslog.h>
#include <unistd.h>
@@ -50,6 +53,10 @@ struct lastlog {
# define _PATH_BTMP "/var/log/btmp"
#endif
+#ifndef PATH_LOGIN_DEFS
+# define PATH_LOGIN_DEFS "/etc/login.defs"
+#endif
+
/* XXX - time before ignoring lock. Is 1 sec enough? */
#define LASTLOG_IGNORE_LOCK_TIME 1
@@ -59,33 +66,24 @@ struct lastlog {
#define DEFAULT_INACTIVE_DAYS 90
#define MAX_INACTIVE_DAYS 100000
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_SESSION
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* argument parsing */
-#define LASTLOG_DATE 01 /* display the date of the last login */
-#define LASTLOG_HOST 02 /* display the last host used (if set) */
-#define LASTLOG_LINE 04 /* display the last terminal used */
-#define LASTLOG_NEVER 010 /* display a welcome message for first login */
-#define LASTLOG_DEBUG 020 /* send info to syslog(3) */
-#define LASTLOG_QUIET 040 /* keep quiet about things */
-#define LASTLOG_WTMP 0100 /* log to wtmp as well as lastlog */
-#define LASTLOG_BTMP 0200 /* display failed login info from btmp */
-#define LASTLOG_UPDATE 0400 /* update the lastlog and wtmp files (default) */
+#define LASTLOG_DATE 01 /* display the date of the last login */
+#define LASTLOG_HOST 02 /* display the last host used (if set) */
+#define LASTLOG_LINE 04 /* display the last terminal used */
+#define LASTLOG_NEVER 010 /* display a welcome message for first login */
+#define LASTLOG_DEBUG 020 /* send info to syslog(3) */
+#define LASTLOG_QUIET 040 /* keep quiet about things */
+#define LASTLOG_WTMP 0100 /* log to wtmp as well as lastlog */
+#define LASTLOG_BTMP 0200 /* display failed login info from btmp */
+#define LASTLOG_UPDATE 0400 /* update the lastlog and wtmp files (default) */
+#define LASTLOG_UNLIMITED 01000 /* unlimited file size (ignore 'fsize' limit) */
static int
_pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
@@ -95,13 +93,14 @@ _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
*inactive = DEFAULT_INACTIVE_DAYS;
- /* does the appliction require quiet? */
+ /* does the application require quiet? */
if (flags & PAM_SILENT) {
ctrl |= LASTLOG_QUIET;
}
/* step through arguments */
for (; argc-- > 0; ++argv) {
+ const char *str;
char *ep = NULL;
long l;
@@ -109,9 +108,9 @@ _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv,
ctrl |= LASTLOG_DEBUG;
} else if (!strcmp(*argv,"silent")) {
ctrl |= LASTLOG_QUIET;
- } else if (!strncmp(*argv,"inactive=", 9)) {
- l = strtol(*argv+9, &ep, 10);
- if (ep != *argv+9 && l > 0 && l < MAX_INACTIVE_DAYS)
+ } else if ((str = pam_str_skip_prefix(*argv, "inactive=")) != NULL) {
+ l = strtol(str, &ep, 10);
+ if (ep != str && l > 0 && l < MAX_INACTIVE_DAYS)
*inactive = l;
else {
pam_syslog(pamh, LOG_ERR, "bad option value: %s", *argv);
@@ -130,11 +129,6 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE);
- /* does the appliction require quiet? */
- if (flags & PAM_SILENT) {
- ctrl |= LASTLOG_QUIET;
- }
-
/* step through arguments */
for (; argc-- > 0; ++argv) {
@@ -158,11 +152,19 @@ _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv)
ctrl &= ~(LASTLOG_WTMP|LASTLOG_UPDATE);
} else if (!strcmp(*argv,"showfailed")) {
ctrl |= LASTLOG_BTMP;
+ } else if (!strcmp(*argv,"unlimited")) {
+ ctrl |= LASTLOG_UNLIMITED;
} else {
pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv);
}
}
+ /* does the application require quiet? */
+ if (flags & PAM_SILENT) {
+ ctrl |= LASTLOG_QUIET;
+ ctrl &= ~LASTLOG_BTMP;
+ }
+
D(("ctrl = %o", ctrl));
return ctrl;
}
@@ -172,6 +174,7 @@ get_tty(pam_handle_t *pamh)
{
const void *void_terminal_line = NULL;
const char *terminal_line;
+ const char *str;
if (pam_get_item(pamh, PAM_TTY, &void_terminal_line) != PAM_SUCCESS
|| void_terminal_line == NULL) {
@@ -179,14 +182,47 @@ get_tty(pam_handle_t *pamh)
} else {
terminal_line = void_terminal_line;
}
- if (!strncmp("/dev/", terminal_line, 5)) {
- /* strip leading "/dev/" from tty. */
- terminal_line += 5;
- }
+
+ /* strip leading "/dev/" from tty. */
+ str = pam_str_skip_prefix(terminal_line, "/dev/");
+ if (str != NULL)
+ terminal_line = str;
+
D(("terminal = %s", terminal_line));
return terminal_line;
}
+#define MAX_UID_VALUE 0xFFFFFFFFUL
+
+static uid_t
+get_lastlog_uid_max(pam_handle_t *pamh)
+{
+ uid_t uid_max = MAX_UID_VALUE;
+ unsigned long ul;
+ char *s, *ep;
+
+ s = pam_modutil_search_key(pamh, PATH_LOGIN_DEFS, "LASTLOG_UID_MAX");
+ if (s == NULL)
+ return uid_max;
+
+ ep = s + strlen(s);
+ while (ep > s && isspace(*(--ep))) {
+ *ep = '\0';
+ }
+ errno = 0;
+ ul = strtoul(s, &ep, 10);
+ if (!(ul >= MAX_UID_VALUE
+ || (uid_t)ul >= MAX_UID_VALUE
+ || (errno != 0 && ul == 0)
+ || s == ep
+ || *ep != '\0')) {
+ uid_max = (uid_t)ul;
+ }
+ free(s);
+
+ return uid_max;
+}
+
static int
last_login_open(pam_handle_t *pamh, int announce, uid_t uid)
{
@@ -336,6 +372,12 @@ static int
last_login_write(pam_handle_t *pamh, int announce, int last_fd,
uid_t uid, const char *user)
{
+ static struct rlimit no_limit = {
+ RLIM_INFINITY,
+ RLIM_INFINITY
+ };
+ struct rlimit old_limit;
+ int setrlimit_res;
struct flock last_lock;
struct lastlog last_login;
time_t ll_time;
@@ -390,6 +432,31 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
sleep(LASTLOG_IGNORE_LOCK_TIME);
}
+ /*
+ * Failing to set the 'fsize' limit is not a fatal error. We try to write
+ * lastlog anyway, under the risk of dying due to a SIGXFSZ.
+ */
+ D(("setting limit for 'fsize'"));
+
+ if ((announce & LASTLOG_UNLIMITED) == 0) { /* don't set to unlimited */
+ setrlimit_res = -1;
+ } else if (getrlimit(RLIMIT_FSIZE, &old_limit) == 0) {
+ if (old_limit.rlim_cur == RLIM_INFINITY) { /* already unlimited */
+ setrlimit_res = -1;
+ } else {
+ setrlimit_res = setrlimit(RLIMIT_FSIZE, &no_limit);
+ if (setrlimit_res != 0)
+ pam_syslog(pamh, LOG_WARNING, "Could not set limit for 'fsize': %m");
+ }
+ } else {
+ setrlimit_res = -1;
+ if (errno == EINVAL) {
+ pam_syslog(pamh, LOG_INFO, "Limit for 'fsize' not supported: %m");
+ } else {
+ pam_syslog(pamh, LOG_WARNING, "Could not get limit for 'fsize': %m");
+ }
+ }
+
D(("writing to the lastlog file"));
if (pam_modutil_write (last_fd, (char *) &last_login,
sizeof (last_login)) != sizeof(last_login)) {
@@ -397,6 +464,18 @@ last_login_write(pam_handle_t *pamh, int announce, int last_fd,
retval = PAM_SERVICE_ERR;
}
+ /*
+ * Failing to restore the 'fsize' limit is a fatal error.
+ */
+ D(("restoring limit for 'fsize'"));
+ if (setrlimit_res == 0) {
+ setrlimit_res = setrlimit(RLIMIT_FSIZE, &old_limit);
+ if (setrlimit_res != 0) {
+ pam_syslog(pamh, LOG_ERR, "Could not restore limit for 'fsize': %m");
+ retval = PAM_SERVICE_ERR;
+ }
+ }
+
last_lock.l_type = F_UNLCK;
(void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */
D(("unlocked"));
@@ -418,6 +497,10 @@ last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user, t
int retval;
int last_fd;
+ if (uid > get_lastlog_uid_max(pamh)) {
+ return PAM_SUCCESS;
+ }
+
/* obtain the last login date and all the relevant info */
last_fd = last_login_open(pamh, announce, uid);
if (last_fd < 0) {
@@ -586,9 +669,8 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* which user? */
- if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL
- || *user == '\0') {
- pam_syslog(pamh, LOG_ERR, "cannot determine the user's name");
+ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "cannot determine user name");
return PAM_USER_UNKNOWN;
}
@@ -596,13 +678,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
pwd = pam_modutil_getpwnam (pamh, user);
if (pwd == NULL) {
- pam_syslog(pamh, LOG_ERR, "user unknown");
+ pam_syslog(pamh, LOG_NOTICE, "user unknown");
return PAM_USER_UNKNOWN;
}
uid = pwd->pw_uid;
pwd = NULL; /* tidy up */
- if (uid == 0)
+ if (uid == 0 || uid > get_lastlog_uid_max(pamh))
return PAM_SUCCESS;
/* obtain the last login date and all the relevant info */
diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am
index 75a49088..911b07b3 100644
--- a/modules/pam_limits/Makefile.am
+++ b/modules/pam_limits/Makefile.am
@@ -5,12 +5,14 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits
+EXTRA_DIST = $(XMLS)
-man_MANS = limits.conf.5 pam_limits.8
+if HAVE_DOC
+dist_man_MANS = limits.conf.5 pam_limits.8
+endif
XMLS = README.xml limits.conf.5.xml pam_limits.8.xml
-
-TESTS = tst-pam_limits
+dist_check_SCRIPTS = tst-pam_limits
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
@@ -18,7 +20,7 @@ limits_conf_dir = $(SCONFIGDIR)/limits.d
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \
- -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
+ -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -27,13 +29,12 @@ endif
securelib_LTLIBRARIES = pam_limits.la
pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = limits.conf
+dist_secureconf_DATA = limits.conf
+
+install-data-local:
+ mkdir -p $(DESTDIR)$(limits_conf_dir)
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_limits.8.xml limits.conf.5.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
-
-install-data-local:
- mkdir -p $(DESTDIR)$(limits_conf_dir)
diff --git a/modules/pam_limits/Makefile.in b/modules/pam_limits/Makefile.in
index 5dd6c6e7..ac06d6c0 100644
--- a/modules/pam_limits/Makefile.in
+++ b/modules/pam_limits/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_limits
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(dist_secureconf_DATA) \
+ $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -158,7 +168,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_limits.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -188,8 +199,9 @@ am__can_run_installinfo = \
man5dir = $(mandir)/man5
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA) $(secureconf_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA) $(dist_secureconf_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -386,6 +398,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -414,6 +429,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -422,7 +439,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -458,6 +474,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -494,11 +511,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -567,22 +586,23 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits
-man_MANS = limits.conf.5 pam_limits.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = limits.conf.5 pam_limits.8
XMLS = README.xml limits.conf.5.xml pam_limits.8.xml
-TESTS = tst-pam_limits
+dist_check_SCRIPTS = tst-pam_limits
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
limits_conf_dir = $(SCONFIGDIR)/limits.d
AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
-DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \
- -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\"
+ -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_limits.la
pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la
-secureconf_DATA = limits.conf
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+dist_secureconf_DATA = limits.conf
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -599,14 +619,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_limits/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_limits/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -662,21 +681,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -690,10 +715,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man5: $(man_MANS)
+install-man5: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -728,15 +753,15 @@ uninstall-man5:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.5[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -771,14 +796,14 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
-install-secureconfDATA: $(secureconf_DATA)
+install-dist_secureconfDATA: $(dist_secureconf_DATA)
@$(NORMAL_INSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(secureconfdir)'"; \
$(MKDIR_P) "$(DESTDIR)$(secureconfdir)" || exit 1; \
@@ -792,9 +817,9 @@ install-secureconfDATA: $(secureconf_DATA)
$(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \
done
-uninstall-secureconfDATA:
+uninstall-dist_secureconfDATA:
@$(NORMAL_UNINSTALL)
- @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
+ @list='$(dist_secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \
files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
dir='$(DESTDIR)$(secureconfdir)'; $(am__uninstall_files_from_dir)
@@ -880,7 +905,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -970,7 +995,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -980,7 +1005,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -1013,7 +1038,10 @@ tst-pam_limits.log: tst-pam_limits
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -1044,6 +1072,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1092,7 +1121,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_limits.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1109,8 +1138,8 @@ info: info-am
info-am:
-install-data-am: install-data-local install-man install-secureconfDATA \
- install-securelibLTLIBRARIES
+install-data-am: install-data-local install-dist_secureconfDATA \
+ install-man install-securelibLTLIBRARIES
install-dvi: install-dvi-am
@@ -1139,7 +1168,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_limits.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1156,36 +1185,38 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-man uninstall-secureconfDATA \
+uninstall-am: uninstall-dist_secureconfDATA uninstall-man \
uninstall-securelibLTLIBRARIES
uninstall-man: uninstall-man5 uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-data-local install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-info install-info-am install-man \
- install-man5 install-man8 install-pdf install-pdf-am \
- install-ps install-ps-am install-secureconfDATA \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-local install-dist_secureconfDATA \
+ install-dvi install-dvi-am install-exec install-exec-am \
+ install-html install-html-am install-info install-info-am \
+ install-man install-man5 install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- recheck tags tags-am uninstall uninstall-am uninstall-man \
- uninstall-man5 uninstall-man8 uninstall-secureconfDATA \
- uninstall-securelibLTLIBRARIES
+ recheck tags tags-am uninstall uninstall-am \
+ uninstall-dist_secureconfDATA uninstall-man uninstall-man5 \
+ uninstall-man8 uninstall-securelibLTLIBRARIES
+
+.PRECIOUS: Makefile
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_limits.8.xml limits.conf.5.xml
-@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
install-data-local:
mkdir -p $(DESTDIR)$(limits_conf_dir)
+@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 6ff9203e..6aabd54f 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -34,7 +34,9 @@ debug
set_all
Set the limits for which no value is specified in the configuration file to
- the one from the process with the PID 1.
+ the one from the process with the PID 1. Please note that if the init
+ process is systemd these limits will not be the kernel default limits and
+ this option should not be used.
utmp_early
diff --git a/modules/pam_limits/limits.conf.5 b/modules/pam_limits/limits.conf.5
index 1404553c..f527fec8 100644
--- a/modules/pam_limits/limits.conf.5
+++ b/modules/pam_limits/limits.conf.5
@@ -1,13 +1,13 @@
'\" t
.\" Title: limits.conf
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "LIMITS\&.CONF" "5" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "LIMITS\&.CONF" "5" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -43,7 +43,10 @@ directory\&.
.PP
The syntax of the lines is as follows:
.PP
-\fI<domain>\fR\fI<type>\fR\fI<item>\fR\fI<value>\fR
+\fI<domain>\fR
+\fI<type>\fR
+\fI<item>\fR
+\fI<value>\fR
.PP
The fields listed above should be filled as follows:
.PP
diff --git a/modules/pam_limits/pam_limits.8 b/modules/pam_limits/pam_limits.8
index 64044fff..fbbacc66 100644
--- a/modules/pam_limits/pam_limits.8
+++ b/modules/pam_limits/pam_limits.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_limits
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_LIMITS" "8" "05/18/2017" "Linux-PAM Manual" "Linux-PAM Manual"
+.TH "PAM_LIMITS" "8" "06/08/2020" "Linux-PAM Manual" "Linux-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
@@ -61,7 +61,7 @@ Print debug information\&.
.PP
\fBset_all\fR
.RS 4
-Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&.
+Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&. Please note that if the init process is systemd these limits will not be the kernel default limits and this option should not be used\&.
.RE
.PP
\fButmp_early\fR
diff --git a/modules/pam_limits/pam_limits.8.xml b/modules/pam_limits/pam_limits.8.xml
index 663c0e7b..bc46cbf4 100644
--- a/modules/pam_limits/pam_limits.8.xml
+++ b/modules/pam_limits/pam_limits.8.xml
@@ -99,7 +99,9 @@
<para>
Set the limits for which no value is specified in the
configuration file to the one from the process with the
- PID 1.
+ PID 1. Please note that if the init process is systemd
+ these limits will not be the kernel default limits and
+ this option should not be used.
</para>
</listitem>
</varlistentry>
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 4bc4ae71..b791cdce 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -102,12 +102,11 @@ struct pam_limit_s {
#define LIMIT_SOFT 1
#define LIMIT_HARD 2
-#define PAM_SM_SESSION
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* argument parsing */
@@ -129,13 +128,14 @@ _pam_parse (const pam_handle_t *pamh, int argc, const char **argv,
/* step through arguments */
for (ctrl=0; argc-- > 0; ++argv) {
+ const char *str;
/* generic options */
if (!strcmp(*argv,"debug")) {
ctrl |= PAM_DEBUG_ARG;
- } else if (!strncmp(*argv,"conf=",5)) {
- pl->conf_file = *argv+5;
+ } else if ((str = pam_str_skip_prefix(*argv, "conf=")) != NULL) {
+ pl->conf_file = str;
} else if (!strcmp(*argv,"utmp_early")) {
ctrl |= PAM_UTMP_EARLY;
} else if (!strcmp(*argv,"noaudit")) {
@@ -384,7 +384,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
FILE *limitsfile;
const char *proclimits = "/proc/1/limits";
char line[256];
- char *units, *hard, *soft, *name;
+ char *hard, *soft, *name;
if (!(limitsfile = fopen(proclimits, "r"))) {
pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno));
@@ -401,8 +401,8 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
line[pos] = '\0';
}
- /* determine formatting boundry of limits report */
- if (!maxlen && strncmp(line, "Limit", 5) == 0) {
+ /* determine formatting boundary of limits report */
+ if (!maxlen && pam_str_skip_prefix(line, "Limit") != NULL) {
maxlen = pos;
continue;
}
@@ -410,10 +410,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
if (pos == maxlen) {
/* step backwards over "Units" name */
LIMITS_SKIP_WHITESPACE;
- LIMITS_MARK_ITEM(units);
- }
- else {
- units = "";
+ LIMITS_MARK_ITEM(hard); /* not a typo, units unused */
}
/* step backwards over "Hard Limit" value */
@@ -1049,7 +1046,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED,
return PAM_SUCCESS;
}
if (retval != PAM_SUCCESS || pl->conf_file != NULL)
- /* skip reading limits.d if config file explicitely specified */
+ /* skip reading limits.d if config file explicitly specified */
goto out;
/* Read subsequent *.conf files, if they exist. */
@@ -1088,7 +1085,8 @@ out:
retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, pl);
if (retval & LOGIN_ERR)
- pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name);
+ pam_error(pamh, _("There were too many logins for '%s'."),
+ pwd->pw_name);
if (retval != LIMITED_OK) {
return PAM_PERM_DENIED;
}
diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am
index 7b10af98..8b0fc281 100644
--- a/modules/pam_listfile/Makefile.am
+++ b/modules/pam_listfile/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile
+EXTRA_DIST = $(XMLS)
-man_MANS = pam_listfile.8
+if HAVE_DOC
+dist_man_MANS = pam_listfile.8
+endif
XMLS = README.xml pam_listfile.8.xml
-
-TESTS = tst-pam_listfile
+dist_check_SCRIPTS = tst-pam_listfile
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -25,7 +28,6 @@ securelib_LTLIBRARIES = pam_listfile.la
pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_listfile.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_listfile/Makefile.in b/modules/pam_listfile/Makefile.in
index 970087f8..5cf383d2 100644
--- a/modules/pam_listfile/Makefile.in
+++ b/modules/pam_listfile/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
# @configure_input@
-# Copyright (C) 1994-2013 Free Software Foundation, Inc.
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -20,7 +20,17 @@
VPATH = @srcdir@
-am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
@@ -85,9 +95,6 @@ build_triplet = @build@
host_triplet = @host@
@HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map
subdir = modules/pam_listfile
-DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \
- $(top_srcdir)/build-aux/depcomp \
- $(top_srcdir)/build-aux/test-driver README
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
@@ -103,6 +110,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_check_SCRIPTS) \
+ $(am__dist_noinst_DATA_DIST) $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
@@ -157,7 +166,8 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp
-am__depfiles_maybe = depfiles
+am__maybe_remake_depfiles = depfiles
+am__depfiles_remade = ./$(DEPDIR)/pam_listfile.Plo
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -186,8 +196,9 @@ am__can_run_installinfo = \
esac
man8dir = $(mandir)/man8
NROFF = nroff
-MANS = $(man_MANS)
-DATA = $(noinst_DATA)
+MANS = $(dist_man_MANS)
+am__dist_noinst_DATA_DIST = README
+DATA = $(dist_noinst_DATA)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
@@ -384,6 +395,9 @@ TEST_LOGS = $(am__test_logs2:.test.log=.log)
TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/build-aux/test-driver
TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
$(TEST_LOG_FLAGS)
+am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \
+ $(top_srcdir)/build-aux/depcomp \
+ $(top_srcdir)/build-aux/test-driver
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -412,6 +426,8 @@ DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
+ECONF_CFLAGS = @ECONF_CFLAGS@
+ECONF_LIBS = @ECONF_LIBS@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
@@ -420,7 +436,6 @@ GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
-HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
@@ -456,6 +471,7 @@ LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
@@ -492,11 +508,13 @@ SECUREDIR = @SECUREDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
+STRINGPARAM_VENDORDIR = @STRINGPARAM_VENDORDIR@
STRIP = @STRIP@
TIRPC_CFLAGS = @TIRPC_CFLAGS@
TIRPC_LIBS = @TIRPC_LIBS@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
@@ -565,17 +583,20 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile
-man_MANS = pam_listfile.8
+EXTRA_DIST = $(XMLS)
+@HAVE_DOC_TRUE@dist_man_MANS = pam_listfile.8
XMLS = README.xml pam_listfile.8.xml
-TESTS = tst-pam_listfile
+dist_check_SCRIPTS = tst-pam_listfile
+TESTS = $(dist_check_SCRIPTS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
+
AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1)
securelib_LTLIBRARIES = pam_listfile.la
pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la
-@ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README
+@ENABLE_REGENERATE_MAN_TRUE@dist_noinst_DATA = README
all: all-am
.SUFFIXES:
@@ -592,14 +613,13 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_listfile/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --gnu modules/pam_listfile/Makefile
-.PRECIOUS: Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
@@ -655,21 +675,27 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@ # am--include-marker
+
+$(am__depfiles_remade):
+ @$(MKDIR_P) $(@D)
+ @echo '# dummy' >$@-t && $(am__mv) $@-t $@
+
+am--depfiles: $(am__depfiles_remade)
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c $<
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c `$(CYGPATH_W) '$<'`
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -683,10 +709,10 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-install-man8: $(man_MANS)
+install-man8: $(dist_man_MANS)
@$(NORMAL_INSTALL)
@list1=''; \
- list2='$(man_MANS)'; \
+ list2='$(dist_man_MANS)'; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
@@ -721,7 +747,7 @@ uninstall-man8:
@$(NORMAL_UNINSTALL)
@list=''; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
- l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \
sed -n '/\.8[a-z]*$$/p'; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
@@ -809,7 +835,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
if test -n "$$am__remaking_logs"; then \
echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \
"recursion detected" >&2; \
- else \
+ elif test -n "$$redo_logs"; then \
am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \
fi; \
if $(am__make_dryrun); then :; else \
@@ -899,7 +925,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS)
fi; \
$$success || exit 1
-check-TESTS:
+check-TESTS: $(dist_check_SCRIPTS)
@list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list
@list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@@ -909,7 +935,7 @@ check-TESTS:
log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \
$(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \
exit $$?;
-recheck: all
+recheck: all $(dist_check_SCRIPTS)
@test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG)
@set +e; $(am__set_TESTS_bases); \
bases=`for i in $$bases; do echo $$i; done \
@@ -942,7 +968,10 @@ tst-pam_listfile.log: tst-pam_listfile
@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \
@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT)
-distdir: $(DISTFILES)
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -973,6 +1002,7 @@ distdir: $(DISTFILES)
fi; \
done
check-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) $(dist_check_SCRIPTS)
$(MAKE) $(AM_MAKEFLAGS) check-TESTS
check: check-am
all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA)
@@ -1021,7 +1051,7 @@ clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_listfile.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -1067,7 +1097,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
+ -rm -f ./$(DEPDIR)/pam_listfile.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -1090,15 +1120,16 @@ uninstall-man: uninstall-man8
.MAKE: check-am install-am install-strip
-.PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \
- clean-generic clean-libtool clean-securelibLTLIBRARIES \
- cscopelist-am ctags ctags-am distclean distclean-compile \
- distclean-generic distclean-libtool distclean-tags distdir dvi \
- dvi-am html html-am info info-am install install-am \
- install-data install-data-am install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-man install-man8 \
- install-pdf install-pdf-am install-ps install-ps-am \
+.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-TESTS \
+ check-am clean clean-generic clean-libtool \
+ clean-securelibLTLIBRARIES cscopelist-am ctags ctags-am \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man8 install-pdf \
+ install-pdf-am install-ps install-ps-am \
install-securelibLTLIBRARIES install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@@ -1106,7 +1137,8 @@ uninstall-man: uninstall-man8
recheck tags tags-am uninstall uninstall-am uninstall-man \
uninstall-man8 uninstall-securelibLTLIBRARIES
-@ENABLE_REGENERATE_MAN_TRUE@README: pam_listfile.8.xml
+.PRECIOUS: Makefile
+
@ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff --git a/modules/pam_listfile/pam_listfile.8 b/modules/pam_listfile/pam_listfile.8
index f3d54258..18cf0f83 100644
--- a/modules/pam_listfile/pam_listfile.8
+++ b/modules/pam_listfile/pam_listfile.8
@@ -1,13 +1,13 @@
'\" t
.\" Title: pam_listfile
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 05/18/2017
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
-.TH "PAM_LISTFILE" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual"
+.TH "PAM_LISTFILE" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c
index 5723598e..28fd58fc 100644
--- a/modules/pam_listfile/pam_listfile.c
+++ b/modules/pam_listfile/pam_listfile.c
@@ -1,4 +1,6 @@
/*
+ * pam_listfile module
+ *
* by Elliot Lee <sopwith@redhat.com>, Red Hat Software. July 25, 1996.
* log refused access error christopher mccrory <chrismcc@netus.com> 1998/7/11
*
@@ -22,22 +24,11 @@
#include <assert.h>
#endif
-/*
- * here, we make a definition for the externally accessible function
- * in this file (this definition is required for static a module
- * but strongly encouraged generally) it is used to instruct the
- * modules include file to define the function prototypes.
- */
-
-#define PAM_SM_AUTH
-#define PAM_SM_ACCOUNT
-#define PAM_SM_PASSWORD
-#define PAM_SM_SESSION
-
#include <security/pam_modules.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
#include <security/pam_ext.h>
+#include "pam_inline.h"
/* --- authentication management functions (only) --- */
@@ -65,14 +56,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
char mybuf[256],myval[256];
struct stat fileinfo;
FILE *inf;
- char apply_val[256];
+ const char *apply_val;
int apply_type;
/* Stuff for "extended" items */
struct passwd *userinfo;
apply_type=APPLY_TYPE_NULL;
- memset(apply_val,0,sizeof(apply_val));
+ apply_val="";
for(i=0; i < argc; i++) {
{
@@ -140,13 +131,12 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
citem = 0;
} else if(!strcmp(mybuf,"apply")) {
apply_type=APPLY_TYPE_NONE;
- memset(apply_val,'\0',sizeof(apply_val));
if (myval[0]=='@') {
apply_type=APPLY_TYPE_GROUP;
- strncpy(apply_val,myval+1,sizeof(apply_val)-1);
+ apply_val=myval+1;
} else {
apply_type=APPLY_TYPE_USER;
- strncpy(apply_val,myval,sizeof(apply_val)-1);
+ apply_val=myval;
}
} else {
free(ifname);
@@ -198,7 +188,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
int rval;
rval=pam_get_user(pamh,&user_name,NULL);
- if((rval==PAM_SUCCESS) && user_name && user_name[0]) {
+ if(rval==PAM_SUCCESS && user_name[0]) {
/* Got it ? Valid ? */
if(apply_type==APPLY_TYPE_USER) {
if(strcmp(user_name, apply_val)) {
@@ -235,16 +225,16 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
}
if((citem == PAM_USER) && !citemp) {
retval = pam_get_user(pamh,&citemp,NULL);
- if (retval != PAM_SUCCESS || !citemp) {
+ if (retval != PAM_SUCCESS) {
free(ifname);
return PAM_SERVICE_ERR;
}
}
if((citem == PAM_TTY) && citemp) {
/* Normalize the TTY name. */
- if(strncmp(citemp, "/dev/", 5) == 0) {
- citemp += 5;
- }
+ const char *str = pam_str_skip_prefix(citemp, "/dev/");
+ if (str != NULL)
+ citemp = str;
}
if(!citemp || (strlen(citemp) == 0)) {
@@ -264,7 +254,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
gets set to PAM_USER in the extitem switch */
userinfo = pam_modutil_getpwnam(pamh, citemp);
if (userinfo == NULL) {
- pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed",
+ pam_syslog(pamh, LOG_NOTICE, "getpwnam(%s) failed",
citemp);
free(ifname);
return onerr;
@@ -323,7 +313,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
#endif
while((fgets(aline,sizeof(aline),inf) != NULL)
&& retval) {
- char *a = aline;
+ const char *a = aline;
if(strlen(aline) == 0)
continue;
@@ -334,8 +324,9 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED,
if(aline[strlen(aline) - 1] == '\r')
aline[strlen(aline) - 1] = '\0';
if(citem == PAM_TTY) {
- if(strncmp(a, "/dev/", 5) == 0)
- a += 5;
+ const char *str = pam_str_skip_prefix(a, "/dev/");
+ if (str != NULL)
+ a = str;
}
if (extitem == EI_GROUP) {
retval = !pam_modutil_user_in_group_nam_nam(pamh,
diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am
index 64f2ef3f..46f87a89 100644
--- a/modules/pam_localuser/Makefile.am
+++ b/modules/pam_localuser/Makefile.am
@@ -5,17 +5,20 @@
CLEANFILES = *~
MAINTAINERCLEANFILES = $(MANS) README
-EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_localuser
+EXTRA_DIST = $(XMLS)
-TESTS = tst-pam_localuser
-
-man_MANS = pam_localuser.8
+if HAVE_DOC
+dist_man_MANS = pam_localuser.8
+endif
XMLS = README.xml pam_localuser.8.xml
+dist_check_SCRIPTS = tst-pam_localuser
+TESTS = $(dist_check_SCRIPTS) $(check_PROGRAMS)
securelibdir = $(SECUREDIR)
secureconfdir = $(SCONFIGDIR)
-AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include
+AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \
+ $(WARN_CFLAGS)
AM_LDFLAGS = -no-undefined -avoid-version -module
if HAVE_VERSIONING
AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map
@@ -24,8 +27,10 @@ endif
securelib_LTLIBRARIES = pam_localuser.la
pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la
+check_PROGRAMS = tst-pam_localuser-retval
+tst_pam_localuser_retval_LDADD = $(top_builddir)/libpam/libpam.la
+
if ENABLE_REGENERATE_MAN
-noinst_DATA = README
-README: pam_localuser.8.xml
+dist_noinst_DATA = README
-include $(top_srcdir)/Make.xml.rules
endif
diff --git a/modules/pam_localuser/Makefile.in b/modules/pam_localuser/Makefile.in
index 72d285c8..81aa2789 100644
--- a/modules/pam_localuser/Makefile.in
+++ b/modules/pam_localuser/Makefile.in
@@ -1,7 +1,7 @@
-# Makefile.in generated by automake 1.13.4 from Makefile.am.
+# Makefil