From ea488580c42e8918445a945484de3c8a5addc761 Mon Sep 17 00:00:00 2001 From: "Andrew G. Morgan" Date: Tue, 20 Jun 2000 22:10:38 +0000 Subject: Initial revision --- conf/.cvsignore | 2 + conf/Makefile | 34 ++++++++ conf/install | 178 ++++++++++++++++++++++++++++++++++++++ conf/install_conf | 36 ++++++++ conf/md5itall | 51 +++++++++++ conf/mkdirp | 50 +++++++++++ conf/pam.conf | 126 +++++++++++++++++++++++++++ conf/pam_conv1/.cvsignore | 3 + conf/pam_conv1/Makefile | 41 +++++++++ conf/pam_conv1/README | 10 +++ conf/pam_conv1/pam_conv.lex | 42 +++++++++ conf/pam_conv1/pam_conv.y | 203 ++++++++++++++++++++++++++++++++++++++++++++ 12 files changed, 776 insertions(+) create mode 100644 conf/.cvsignore create mode 100644 conf/Makefile create mode 100755 conf/install create mode 100755 conf/install_conf create mode 100755 conf/md5itall create mode 100755 conf/mkdirp create mode 100644 conf/pam.conf create mode 100644 conf/pam_conv1/.cvsignore create mode 100644 conf/pam_conv1/Makefile create mode 100644 conf/pam_conv1/README create mode 100644 conf/pam_conv1/pam_conv.lex create mode 100644 conf/pam_conv1/pam_conv.y (limited to 'conf') diff --git a/conf/.cvsignore b/conf/.cvsignore new file mode 100644 index 00000000..93724758 --- /dev/null +++ b/conf/.cvsignore @@ -0,0 +1,2 @@ +.ignore_age +.md5sum diff --git a/conf/Makefile b/conf/Makefile new file mode 100644 index 00000000..d829a38c --- /dev/null +++ b/conf/Makefile @@ -0,0 +1,34 @@ +# +# $Id$ +# +# + +dummy: + @echo "*** This is not a top level Makefile!" + +########################################################## + +all: + $(MAKE) -C pam_conv1 all + +install: $(FAKEROOT)$(CONFIGED)/pam.conf + $(MAKE) -C pam_conv1 install + +$(FAKEROOT)$(CONFIGED)/pam.conf: ./pam.conf + bash -f ./install_conf + +remove: + rm -f $(FAKEROOT)$(CONFIGED)/pam.conf + $(MAKE) -C pam_conv1 remove + +check: + bash -f ./md5itall + +lclean: + rm -f core *~ .ignore_age + +clean: lclean + $(MAKE) -C pam_conv1 clean + +extraclean: lclean + $(MAKE) -C pam_conv1 extraclean diff --git a/conf/install b/conf/install new file mode 100755 index 00000000..2eae3671 --- /dev/null +++ b/conf/install @@ -0,0 +1,178 @@ +#!/bin/sh +# +# [This file was lifted from an X distribution. There was no explicit +# copyright in the file, but the following text was associated with it. +# should anyone from the X Consortium wish to alter the following +# text. Please email Thanks. ] +# +# -------------------------- +# The X Consortium maintains and distributes the X Window System and +# related software and documentation in coordinated releases. A release +# consists of two distinct parts: +# +# 1) Specifications and Sample implementations of X Consortium +# standards, and +# +# 2) software and documentation contributed by the general X Consortium +# community. +# +# The timing and contents of a release are determined by the Consortium +# staff based on the needs and desires of the Members and the advice of +# the Advisory Board, tempered by the resource constraints of the +# Consortium. +# +# Members have access to all X Consortium produced software and +# documentation prior to release to the public. Each Member can receive +# pre-releases and public releases at no charge. In addition, Members +# have access to software and documentation while it is under +# development, and can periodically request snapshots of the development +# system at no charge. +# +# The X Consortium also maintains an electronic mail system for +# reporting problems with X Consortium produced software and +# documentation. Members have access to all bug reports, as well as all +# software patches as they are incrementally developed by the Consortium +# staff between releases. +# +# In general, all materials included in X Consortium releases are +# copyrighted and contain permission notices granting unrestricted use, +# sales and redistribution rights provided that the copyrights and the +# permission notices are left intact. All materials are provided "as +# is," without express or implied warranty. +# -------------------------- +# +# This accepts bsd-style install arguments and makes the appropriate calls +# to the System V install. +# + +flags="" +dst="" +src="" +dostrip="" +owner="" +mode="" + +while [ x$1 != x ]; do + case $1 in + -c) shift + continue;; + + -m) flags="$flags $1 $2 " + mode="$2" + shift + shift + continue;; + + -o) flags="$flags -u $2 " + owner="$2" + shift + shift + continue;; + + -g) flags="$flags $1 $2 " + shift + shift + continue;; + + -s) dostrip="strip" + shift + continue;; + + *) if [ x$src = x ] + then + src=$1 + else + dst=$1 + fi + shift + continue;; + esac +done + +case "$mode" in +"") + ;; +*) + case "$owner" in + "") + flags="$flags -u root" + ;; + esac + ;; +esac + +if [ x$src = x ] +then + echo "$0: no input file specified" + exit 1 +fi + +if [ x$dst = x ] +then + echo "$0: no destination specified" + exit 1 +fi + + +# set up some variable to be used later + +rmcmd="" +srcdir="." + +# if the destination isn't a directory we'll need to copy it first + +if [ ! -d $dst ] +then + dstbase=`basename $dst` + cp $src /tmp/$dstbase + rmcmd="rm -f /tmp/$dstbase" + src=$dstbase + srcdir=/tmp + dst="`echo $dst | sed 's,^\(.*\)/.*$,\1,'`" + if [ x$dst = x ] + then + dst="." + fi +fi + + +# If the src file has a directory, copy it to /tmp to make install happy + +srcbase=`basename $src` + +if [ "$src" != "$srcbase" -a "$src" != "./$srcbase" ] +then + cp $src /tmp/$srcbase + src=$srcbase + srcdir=/tmp + rmcmd="rm -f /tmp/$srcbase" +fi + +# do the actual install + +if [ -f /usr/sbin/install ] +then + installcmd=/usr/sbin/install +elif [ -f /etc/install ] +then + installcmd=/etc/install +else + installcmd=install +fi + +# This rm is commented out because some people want to be able to +# install through symbolic links. Uncomment it if it offends you. +rm -f $dst/$srcbase +(cd $srcdir ; $installcmd -f $dst $flags $src) + +if [ x$dostrip = xstrip ] +then + strip $dst/$srcbase +fi + +# and clean up + +$rmcmd + +exit + diff --git a/conf/install_conf b/conf/install_conf new file mode 100755 index 00000000..db650a05 --- /dev/null +++ b/conf/install_conf @@ -0,0 +1,36 @@ +#!/bin/bash + +CONFILE="$FAKEROOT"$CONFIGED/pam.conf +IGNORE_AGE=./.ignore_age +CONF=./pam.conf + +echo + +if [ -f "$IGNORE_AGE" ]; then + echo "you don't want to be bothered with the age of your $CONFILE file" + yes="n" +elif [ ! -f "$CONFILE" ] || [ "$CONF" -nt "$CONFILE" ]; then + if [ -f "$CONFILE" ]; then + echo "\ +An older Linux-PAM configuration file already exists ($CONFILE)" + WRITE=overwrite + fi + echo -n "\ +Do you wish to copy the $CONF file in this distribution +to $CONFILE ? (y/n) [n] " + read yes +else + yes=n +fi + +if [ "$yes" = "y" ]; then + echo " copying $CONF to $CONFILE" + cp $CONF $CONFILE +else + touch "$IGNORE_AGE" + echo " Skipping $CONF installation" +fi + +echo + +exit 0 diff --git a/conf/md5itall b/conf/md5itall new file mode 100755 index 00000000..14cd7c01 --- /dev/null +++ b/conf/md5itall @@ -0,0 +1,51 @@ +#!/bin/bash +# +# $Id$ +# +# $Log$ +# Revision 1.1 2000/06/20 22:10:45 agmorgan +# Initial revision +# +# Revision 1.1.1.1 1998/07/12 05:17:14 morgan +# Linux PAM sources pre-0.66 +# +# +# Created by Andrew G. Morgan (morgan@parc.power.net) +# + +MD5SUM=md5sum +CHKFILE1=./.md5sum +CHKFILE2=./.md5sum-new + +which $MD5SUM > /dev/null +result=$? + +if [ -x "$MD5SUM" ] || [ $result -eq 0 ]; then + rm -f $CHKFILE2 + echo -n "computing md5 checksums." + for x in `cat ../.filelist` ; do + (cd ../.. ; $MD5SUM $x) >> $CHKFILE2 + echo -n "." + done + echo + if [ -f "$CHKFILE1" ]; then + echo "\ +---> Note, since the last \`make check', the following file(s) have changed: +===========================================================================" + diff $CHKFILE1 $CHKFILE2 + if [ $? -eq 0 ]; then + echo "\ +--------------------------- Nothing has changed ---------------------------" + fi + echo "\ +===========================================================================" + fi + rm -f "$CHKFILE1" + mv "$CHKFILE2" "$CHKFILE1" + chmod 400 "$CHKFILE1" +else + echo "\ +Please install \`$MD5SUM'. +[It is used to check the integrity of this distribution] +---> no check done." +fi diff --git a/conf/mkdirp b/conf/mkdirp new file mode 100755 index 00000000..b0e04b05 --- /dev/null +++ b/conf/mkdirp @@ -0,0 +1,50 @@ +#!/bin/sh +# +# this is a wrapper for difficult mkdir programs... +# + +for d in $* +do + if [ ! -d $d ]; then + mkdir -p $d + if [ $? -ne 0 ]; then exit $? ; fi + fi +done + +exit 0 + +########################################################################## +# if your mkdir does not support the -p option delete the above lines and +# use what follows: +-------------------- +#!/bin/sh + +#VERBOSE=yes +Cwd=`pwd` + +for d in $* +do + if [ "`echo $d|cut -c1`" != "/" ]; then + x=`pwd`/$d + else + x=$d + fi + x="`echo $x|sed -e 'yX/X X'`" + cd / + for s in $x + do + if [ -d $s ]; then + if [ -n "$VERBOSE" ]; then echo -n "[$s/]"; fi + cd $s + else + mkdir $s + if [ $? -ne 0 ]; then exit $? ; fi + if [ -n "$VERBOSE" ]; then echo -n "$s/"; fi + cd $s + fi + done + if [ -n "$VERBOSE" ]; then echo ; fi + cd $Cwd +done + +exit 0 diff --git a/conf/pam.conf b/conf/pam.conf new file mode 100644 index 00000000..3f10b106 --- /dev/null +++ b/conf/pam.conf @@ -0,0 +1,126 @@ +# ---------------------------------------------------------------------------# +# /etc/pam.conf # +# # +# Last modified by Andrew G. Morgan # +# ---------------------------------------------------------------------------# +# $Id$ +# ---------------------------------------------------------------------------# +# serv. module ctrl module [path] ...[args..] # +# name type flag # +# ---------------------------------------------------------------------------# +# +# The PAM configuration file for the `chfn' service +# +chfn auth required pam_pwdb.so +chfn account required pam_pwdb.so +chfn password required pam_cracklib.so retry=3 +chfn password required pam_pwdb.so shadow md5 use_authtok +# +# The PAM configuration file for the `chsh' service +# +chsh auth required pam_pwdb.so +chsh account required pam_pwdb.so +chsh password required pam_cracklib.so retry=3 +chsh password required pam_pwdb.so shadow md5 use_authtok +# +# The PAM configuration file for the `ftp' service +# +ftp auth requisite pam_listfile.so \ + item=user sense=deny file=/etc/ftpusers onerr=succeed +ftp auth requisite pam_shells.so +ftp auth required pam_pwdb.so +ftp account required pam_pwdb.so +# +# The PAM configuration file for the `imap' service +# +imap auth required pam_pwdb.so +imap account required pam_pwdb.so +# +# The PAM configuration file for the `login' service +# +login auth requisite pam_securetty.so +login auth required pam_pwdb.so +login auth optional pam_group.so +login account requisite pam_time.so +login account required pam_pwdb.so +login password required pam_cracklib.so retry=3 +login password required pam_pwdb.so shadow md5 use_authtok +login session required pam_pwdb.so +# +# The PAM configuration file for the `netatalk' service +# +netatalk auth required pam_pwdb.so +netatalk account required pam_pwdb.so +# +# The PAM configuration file for the `other' service +# +other auth required pam_deny.so +other auth required pam_warn.so +other account required pam_deny.so +other password required pam_deny.so +other password required pam_warn.so +other session required pam_deny.so +# +# The PAM configuration file for the `passwd' service +# +passwd password requisite pam_cracklib.so retry=3 +passwd password required pam_pwdb.so shadow md5 use_authtok +# +# The PAM configuration file for the `rexec' service +# +rexec auth requisite pam_securetty.so +rexec auth requisite pam_nologin.so +rexec auth sufficient pam_rhosts_auth.so +rexec auth required pam_pwdb.so +rexec account required pam_pwdb.so +rexec session required pam_pwdb.so +rexec session required pam_limits.so +# +# The PAM configuration file for the `rlogin' service +# this application passes control to `login' if it fails +# +rlogin auth requisite pam_securetty.so +rlogin auth requisite pam_nologin.so +rlogin auth required pam_rhosts_auth.so +rlogin account required pam_pwdb.so +rlogin password required pam_cracklib.so retry=3 +rlogin password required pam_pwdb.so shadow md5 use_authtok +rlogin session required pam_pwdb.so +rlogin session required pam_limits.so +# +# The PAM configuration file for the `rsh' service +# +rsh auth requisite pam_securetty.so +rsh auth requisite pam_nologin.so +rsh auth sufficient pam_rhosts_auth.so +rsh auth required pam_pwdb.so +rsh account required pam_pwdb.so +rsh session required pam_pwdb.so +rsh session required pam_limits.so +# +# The PAM configuration file for the `samba' service +# +samba auth required pam_pwdb.so +samba account required pam_pwdb.so +# +# The PAM configuration file for the `su' service +# +su auth required pam_wheel.so +su auth sufficient pam_rootok.so +su auth required pam_pwdb.so +su account required pam_pwdb.so +su session required pam_pwdb.so +# +# The PAM configuration file for the `vlock' service +# +vlock auth required pam_pwdb.so +# +# The PAM configuration file for the `xdm' service +# +xdm auth required pam_pwdb.so +xdm account required pam_pwdb.so +# +# The PAM configuration file for the `xlock' service +# +xlock auth required pam_pwdb.so + diff --git a/conf/pam_conv1/.cvsignore b/conf/pam_conv1/.cvsignore new file mode 100644 index 00000000..200a991e --- /dev/null +++ b/conf/pam_conv1/.cvsignore @@ -0,0 +1,3 @@ +lex.yy.c +pam_conv.tab.c +pam_conv1 diff --git a/conf/pam_conv1/Makefile b/conf/pam_conv1/Makefile new file mode 100644 index 00000000..7691dc31 --- /dev/null +++ b/conf/pam_conv1/Makefile @@ -0,0 +1,41 @@ +# +# +ifeq ($(OS),solaris) + +clean: + @echo not available in Solaris + +all: + @echo not available in Solaris + +install: + @echo not available in Solaris + +else + +all: pam_conv1 + +pam_conv1: pam_conv.tab.c lex.yy.c + $(CC) -o pam_conv1 pam_conv.tab.c -lfl + +pam_conv.tab.c: pam_conv.y lex.yy.c + bison pam_conv.y + +lex.yy.c: pam_conv.lex + flex pam_conv.lex + +lclean: + rm -f core pam_conv1 lex.yy.c pam_conv.tab.c *.o *~ + rm -rf ./pam.d pam_conv.output + +clean: lclean + +install: pam_conv1 + cp -f ./pam_conv1 ../../bin + +endif + +remove: + rm -f ../../bin/pam_conv1 + +extraclean: remove clean diff --git a/conf/pam_conv1/README b/conf/pam_conv1/README new file mode 100644 index 00000000..8d420ce4 --- /dev/null +++ b/conf/pam_conv1/README @@ -0,0 +1,10 @@ +$Id$ + +This directory contains a untility to convert pam.conf files to a pam.d/ +tree. The conversion program takes pam.conf from the standard input and +creates the pam.d/ directory in the current directory. + +The program will fail if ./pam.d/ already exists. + +Andrew Morgan, February 1997 + diff --git a/conf/pam_conv1/pam_conv.lex b/conf/pam_conv1/pam_conv.lex new file mode 100644 index 00000000..a7df2b06 --- /dev/null +++ b/conf/pam_conv1/pam_conv.lex @@ -0,0 +1,42 @@ + +%{ +/* + * $Id$ + * + * Copyright (c) Andrew G. Morgan 1997 + * + * This file is covered by the Linux-PAM License (which should be + * distributed with this file.) + */ + + const static char lexid[]= + "$Id$\n" + "Copyright (c) Andrew G. Morgan 1997 \n"; + + extern int current_line; +%} + +%% + +"#"[^\n]* ; /* skip comments (sorry) */ + +"\\\n" { + ++current_line; +} + +([^\n\t ]|[\\][^\n])+ { + return TOK; +} + +[ \t]+ ; /* Ignore */ + +<> { + return EOFILE; +} + +[\n] { + ++current_line; + return NL; +} + +%% diff --git a/conf/pam_conv1/pam_conv.y b/conf/pam_conv1/pam_conv.y new file mode 100644 index 00000000..18bedccf --- /dev/null +++ b/conf/pam_conv1/pam_conv.y @@ -0,0 +1,203 @@ +%{ + +/* + * $Id$ + * + * Copyright (c) Andrew G. Morgan 1997 + * + * This file is covered by the Linux-PAM License (which should be + * distributed with this file.) + */ + + const static char bisonid[]= + "$Id$\n" + "Copyright (c) Andrew G. Morgan 1997-8 \n"; + +#include +#include +#include +#include + + int current_line=1; + extern char *yytext; + +/* XXX - later we'll change this to be the specific conf file(s) */ +#define newpamf stderr + +#define PAM_D "./pam.d" +#define PAM_D_MODE 0755 +#define PAM_D_MAGIC_HEADER \ + "#%PAM-1.0\n" \ + "#[For version 1.0 syntax, the above header is optional]\n" + +#define PAM_D_FILE_FMT PAM_D "/%s" + + const char *old_to_new_ctrl_flag(const char *old); + void yyerror(const char *format, ...); +%} + +%union { + int def; + char *string; +} + +%token NL EOFILE TOK + +%type tok path tokenls + +%start complete + +%% + +complete +: +| complete NL +| complete line +| complete EOFILE { + return 0; +} +; + +line +: tok tok tok path tokenls NL { + char *filename; + FILE *conf; + int i; + + /* make sure we have lower case */ + for (i=0; $1[i]; ++i) { + $1[i] = tolower($1[i]); + } + + /* $1 = service-name */ + yyerror("Appending to " PAM_D "/%s", $1); + + filename = malloc(strlen($1) + sizeof(PAM_D) + 6); + sprintf(filename, PAM_D_FILE_FMT, $1); + conf = fopen(filename, "r"); + if (conf == NULL) { + /* new file */ + conf = fopen(filename, "w"); + if (conf != NULL) { + fprintf(conf, PAM_D_MAGIC_HEADER); + fprintf(conf, + "#\n" + "# The PAM configuration file for the `%s' service\n" + "#\n", $1); + } + } else { + fclose(conf); + conf = fopen(filename, "a"); + } + if (conf == NULL) { + yyerror("trouble opening %s - aborting", filename); + exit(1); + } + free(filename); + + /* $2 = module-type */ + fprintf(conf, "%-10s", $2); + free($2); + + /* $3 = required etc. */ + { + const char *trans; + + trans = old_to_new_ctrl_flag($3); + free($3); + fprintf(conf, " %-10s", trans); + } + + /* $4 = module-path */ + fprintf(conf, " %s", $4); + free($4); + + /* $5 = arguments */ + if ($5 != NULL) { + fprintf(conf, " \\\n\t\t%s", $5); + free($5); + } + + /* end line */ + fprintf(conf, "\n"); + + fclose(conf); +} +| error NL { + yyerror("malformed line"); +} +; + +tokenls +: { + $$=NULL; +} +| tokenls tok { + int len; + + if ($1) { + len = strlen($1) + strlen($2) + 2; + $$ = malloc(len); + sprintf($$,"%s %s",$1,$2); + free($1); + free($2); + } else { + $$ = $2; + } +} +; + +path +: TOK { + /* XXX - this could be used to check if file present */ + $$ = strdup(yytext); +} + +tok +: TOK { + $$ = strdup(yytext); +} + +%% + +#include "lex.yy.c" + +const char *old_to_new_ctrl_flag(const char *old) +{ + static const char *clist[] = { + "requisite", + "required", + "sufficient", + "optional", + NULL, + }; + int i; + + for (i=0; clist[i]; ++i) { + if (strcasecmp(clist[i], old) == 0) { + break; + } + } + + return clist[i]; +} + +void yyerror(const char *format, ...) +{ + va_list args; + + fprintf(stderr, "line %d: ", current_line); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); +} + +void main() +{ + if (mkdir(PAM_D, PAM_D_MODE) != 0) { + yyerror(PAM_D " already exists.. aborting"); + exit(1); + } + yyparse(); +} -- cgit v1.2.3