From 23624ea6f78ec8acc167a2491c00998907fc76b1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 16 Aug 2005 12:27:38 +0000 Subject: Relevant BUGIDs: none Purpose of commit: new feature Commit summary: --------------- Big "automake/autoconf/libtool" commit --- modules/Makefile | 58 --------- modules/Makefile.am | 16 +++ modules/pam_access/Makefile | 24 ---- modules/pam_access/Makefile.am | 21 ++++ modules/pam_access/pam_access.c | 23 ++-- modules/pam_cracklib/Makefile | 32 ----- modules/pam_cracklib/Makefile.am | 22 ++++ modules/pam_cracklib/pam_cracklib.c | 16 +-- modules/pam_debug/Makefile | 15 --- modules/pam_debug/Makefile.am | 18 +++ modules/pam_deny/Makefile | 15 --- modules/pam_deny/Makefile.am | 18 +++ modules/pam_env/Makefile | 22 ---- modules/pam_env/Makefile.am | 21 ++++ modules/pam_env/pam_env.c | 46 ++++--- modules/pam_env/pam_env.conf | 76 +++++++++++ modules/pam_env/pam_env.conf-example | 76 ----------- modules/pam_filter/Makefile | 126 ------------------- modules/pam_filter/Makefile.am | 22 ++++ modules/pam_filter/include/pam_filter.h | 32 ----- modules/pam_filter/pam_filter.c | 8 +- modules/pam_filter/pam_filter.h | 32 +++++ modules/pam_filter/upperLOWER/Makefile | 42 ------- modules/pam_filter/upperLOWER/Makefile.am | 14 +++ modules/pam_filter/upperLOWER/upperLOWER.c | 7 +- modules/pam_ftp/Makefile | 15 --- modules/pam_ftp/Makefile.am | 18 +++ modules/pam_ftp/pam_ftp.c | 12 +- modules/pam_group/Makefile | 21 ---- modules/pam_group/Makefile.am | 21 ++++ modules/pam_group/pam_group.c | 25 ++-- modules/pam_issue/Makefile | 15 --- modules/pam_issue/Makefile.am | 16 +++ modules/pam_issue/pam_issue.c | 18 +-- modules/pam_lastlog/Makefile | 19 --- modules/pam_lastlog/Makefile.am | 16 +++ modules/pam_lastlog/pam_lastlog.c | 6 +- modules/pam_limits/Makefile | 37 ------ modules/pam_limits/Makefile.am | 21 ++++ modules/pam_limits/pam_limits.c | 28 ++--- modules/pam_listfile/Makefile | 15 --- modules/pam_listfile/Makefile.am | 18 +++ modules/pam_listfile/pam_listfile.c | 23 ++-- modules/pam_localuser/Makefile | 14 --- modules/pam_localuser/Makefile.am | 20 +++ modules/pam_localuser/pam_localuser.c | 16 +-- modules/pam_mail/Makefile | 15 --- modules/pam_mail/Makefile.am | 18 +++ modules/pam_mail/pam_mail.c | 19 +-- modules/pam_mkhomedir/Makefile | 15 --- modules/pam_mkhomedir/Makefile.am | 18 +++ modules/pam_mkhomedir/pam_mkhomedir.c | 4 +- modules/pam_motd/Makefile | 15 --- modules/pam_motd/Makefile.am | 16 +++ modules/pam_motd/pam_motd.c | 6 +- modules/pam_nologin/Makefile | 15 --- modules/pam_nologin/Makefile.am | 20 +++ modules/pam_nologin/pam_nologin.8 | 86 +++++++++++++ modules/pam_permit/Makefile | 15 --- modules/pam_permit/Makefile.am | 18 +++ modules/pam_pwdb/Makefile | 131 ------------------- modules/pam_pwdb/Makefile.am | 29 +++++ modules/pam_pwdb/md5_crypt.c | 88 +++++++------ modules/pam_radius/Makefile | 95 -------------- modules/pam_radius/Makefile.am | 22 ++++ modules/pam_radius/pam_radius.h | 2 +- modules/pam_rhosts/Makefile | 15 --- modules/pam_rhosts/Makefile.am | 18 +++ modules/pam_rootok/Makefile | 21 ---- modules/pam_rootok/Makefile.am | 21 ++++ modules/pam_securetty/Makefile | 15 --- modules/pam_securetty/Makefile.am | 20 +++ modules/pam_securetty/pam_securetty.8 | 98 +++++++++++++++ modules/pam_selinux/Makefile | 26 ---- modules/pam_selinux/Makefile.am | 26 ++++ modules/pam_shells/Makefile | 15 --- modules/pam_shells/Makefile.am | 18 +++ modules/pam_stress/Makefile | 15 --- modules/pam_stress/Makefile.am | 18 +++ modules/pam_succeed_if/Makefile | 16 --- modules/pam_succeed_if/Makefile.am | 20 +++ modules/pam_tally/Makefile | 109 ---------------- modules/pam_tally/Makefile.am | 24 ++++ modules/pam_time/Makefile | 21 ---- modules/pam_time/Makefile.am | 20 +++ modules/pam_time/pam_time.c | 5 - modules/pam_umask/Makefile | 16 --- modules/pam_umask/Makefile.am | 18 +++ modules/pam_unix/Makefile | 195 ----------------------------- modules/pam_unix/Makefile.am | 45 +++++++ modules/pam_unix/md5_broken.c | 4 + modules/pam_unix/md5_good.c | 5 + modules/pam_unix/pam_unix_acct.c | 4 +- modules/pam_unix/pam_unix_auth.c | 8 +- modules/pam_unix/pam_unix_passwd.c | 10 +- modules/pam_unix/unix_chkpwd.8 | 80 ++++++++++++ modules/pam_userdb/Makefile | 41 ------ modules/pam_userdb/Makefile.am | 23 ++++ modules/pam_warn/Makefile | 15 --- modules/pam_warn/Makefile.am | 18 +++ modules/pam_wheel/Makefile | 15 --- modules/pam_wheel/Makefile.am | 18 +++ modules/pam_xauth/Makefile | 12 -- modules/pam_xauth/Makefile.am | 20 +++ modules/pammodutil/Makefile | 55 -------- modules/pammodutil/Makefile.am | 16 +++ modules/pammodutil/modutil_cleanup.c | 5 +- modules/pammodutil/modutil_ingroup.c | 7 +- 108 files changed, 1346 insertions(+), 1668 deletions(-) delete mode 100644 modules/Makefile create mode 100644 modules/Makefile.am delete mode 100644 modules/pam_access/Makefile create mode 100644 modules/pam_access/Makefile.am delete mode 100644 modules/pam_cracklib/Makefile create mode 100644 modules/pam_cracklib/Makefile.am delete mode 100644 modules/pam_debug/Makefile create mode 100644 modules/pam_debug/Makefile.am delete mode 100644 modules/pam_deny/Makefile create mode 100644 modules/pam_deny/Makefile.am delete mode 100644 modules/pam_env/Makefile create mode 100644 modules/pam_env/Makefile.am create mode 100644 modules/pam_env/pam_env.conf delete mode 100644 modules/pam_env/pam_env.conf-example delete mode 100644 modules/pam_filter/Makefile create mode 100644 modules/pam_filter/Makefile.am delete mode 100644 modules/pam_filter/include/pam_filter.h create mode 100644 modules/pam_filter/pam_filter.h delete mode 100644 modules/pam_filter/upperLOWER/Makefile create mode 100644 modules/pam_filter/upperLOWER/Makefile.am delete mode 100644 modules/pam_ftp/Makefile create mode 100644 modules/pam_ftp/Makefile.am delete mode 100644 modules/pam_group/Makefile create mode 100644 modules/pam_group/Makefile.am delete mode 100644 modules/pam_issue/Makefile create mode 100644 modules/pam_issue/Makefile.am delete mode 100644 modules/pam_lastlog/Makefile create mode 100644 modules/pam_lastlog/Makefile.am delete mode 100644 modules/pam_limits/Makefile create mode 100644 modules/pam_limits/Makefile.am delete mode 100644 modules/pam_listfile/Makefile create mode 100644 modules/pam_listfile/Makefile.am delete mode 100644 modules/pam_localuser/Makefile create mode 100644 modules/pam_localuser/Makefile.am delete mode 100644 modules/pam_mail/Makefile create mode 100644 modules/pam_mail/Makefile.am delete mode 100644 modules/pam_mkhomedir/Makefile create mode 100644 modules/pam_mkhomedir/Makefile.am delete mode 100644 modules/pam_motd/Makefile create mode 100644 modules/pam_motd/Makefile.am delete mode 100644 modules/pam_nologin/Makefile create mode 100644 modules/pam_nologin/Makefile.am create mode 100644 modules/pam_nologin/pam_nologin.8 delete mode 100644 modules/pam_permit/Makefile create mode 100644 modules/pam_permit/Makefile.am delete mode 100644 modules/pam_pwdb/Makefile create mode 100644 modules/pam_pwdb/Makefile.am delete mode 100644 modules/pam_radius/Makefile create mode 100644 modules/pam_radius/Makefile.am delete mode 100644 modules/pam_rhosts/Makefile create mode 100644 modules/pam_rhosts/Makefile.am delete mode 100644 modules/pam_rootok/Makefile create mode 100644 modules/pam_rootok/Makefile.am delete mode 100644 modules/pam_securetty/Makefile create mode 100644 modules/pam_securetty/Makefile.am create mode 100644 modules/pam_securetty/pam_securetty.8 delete mode 100644 modules/pam_selinux/Makefile create mode 100644 modules/pam_selinux/Makefile.am delete mode 100644 modules/pam_shells/Makefile create mode 100644 modules/pam_shells/Makefile.am delete mode 100644 modules/pam_stress/Makefile create mode 100644 modules/pam_stress/Makefile.am delete mode 100644 modules/pam_succeed_if/Makefile create mode 100644 modules/pam_succeed_if/Makefile.am delete mode 100644 modules/pam_tally/Makefile create mode 100644 modules/pam_tally/Makefile.am delete mode 100644 modules/pam_time/Makefile create mode 100644 modules/pam_time/Makefile.am delete mode 100644 modules/pam_umask/Makefile create mode 100644 modules/pam_umask/Makefile.am delete mode 100644 modules/pam_unix/Makefile create mode 100644 modules/pam_unix/Makefile.am create mode 100644 modules/pam_unix/md5_broken.c create mode 100644 modules/pam_unix/md5_good.c create mode 100644 modules/pam_unix/unix_chkpwd.8 delete mode 100644 modules/pam_userdb/Makefile create mode 100644 modules/pam_userdb/Makefile.am delete mode 100644 modules/pam_warn/Makefile create mode 100644 modules/pam_warn/Makefile.am delete mode 100644 modules/pam_wheel/Makefile create mode 100644 modules/pam_wheel/Makefile.am delete mode 100644 modules/pam_xauth/Makefile create mode 100644 modules/pam_xauth/Makefile.am delete mode 100644 modules/pammodutil/Makefile create mode 100644 modules/pammodutil/Makefile.am (limited to 'modules') diff --git a/modules/Makefile b/modules/Makefile deleted file mode 100644 index d16dedcf..00000000 --- a/modules/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# $Id$ -# -# Makefile -# -# This makefile controls the build process of shared and static PAM modules. -# -# - -include ../Make.Rules - -MODDIRS=$(shell /bin/ls -d pam_*/Makefile | cut -f1 -d/) - -all: - @echo building the static modutil library - make -C pammodutil all - @echo modules sources available are: - @ls -d $(MODDIRS) 2>/dev/null ; echo :-------- - @echo -ifdef STATIC - rm -f ./_static_module_* -endif - @for i in $(MODDIRS) ; do \ - if [ -d $$i ]; then { \ - $(MAKE) -C $$i all ; \ - if [ $$? -ne 0 ]; then exit 1 ; fi ; \ - } elif [ -f ./.$$i ]; then { \ - cat ./.$$i ; \ - } fi ; \ - done - -download: - @./download-all - -install: - for i in $(MODDIRS) ; do \ - if [ -d $$i ]; then { \ - $(MAKE) -C $$i install ; \ - if [ $$? -ne 0 ]; then exit 1 ; fi ; \ - } fi ; \ - done - -remove: - for i in $(MODDIRS) ; do \ - if [ -d $$i ]; then { \ - $(MAKE) -C $$i remove ; \ - } fi ; \ - done - -lclean: - rm -f _static_module_* - -clean: lclean - for i in $(MODDIRS) ; do \ - if [ -d $$i ]; then { \ - $(MAKE) -C $$i clean ; \ - } fi ; \ - done - make -C pammodutil clean diff --git a/modules/Makefile.am b/modules/Makefile.am new file mode 100644 index 00000000..878acfca --- /dev/null +++ b/modules/Makefile.am @@ -0,0 +1,16 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +SUBDIRS = pammodutil pam_access pam_cracklib pam_debug pam_deny pam_env \ + pam_filter pam_ftp pam_group pam_issue pam_lastlog pam_limits \ + pam_listfile pam_localuser pam_mail pam_mkhomedir pam_motd \ + pam_nologin pam_permit pam_pwdb pam_radius pam_rhosts pam_rootok \ + pam_securetty pam_selinux pam_shells pam_stress pam_succeed_if \ + pam_tally pam_time pam_umask pam_unix pam_userdb pam_warn \ + pam_wheel pam_xauth + + +CLEANFILES = *~ + +EXTRA_DIST = register_static diff --git a/modules/pam_access/Makefile b/modules/pam_access/Makefile deleted file mode 100644 index 87b2b3e6..00000000 --- a/modules/pam_access/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_access -LOCAL_CONFILE=./access.conf -INSTALLED_CONFILE=$(SCONFIGD)/access.conf -ifeq ($(HAVE_LIBNSL),yes) -MODULE_SIMPLE_EXTRALIBS=-lnsl -endif - -DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" -CFLAGS += $(DEFS) - -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age - -include ../Simple.Rules diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am new file mode 100644 index 00000000..9d7327de --- /dev/null +++ b/modules/pam_access/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README access.conf + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam @LIBNSL@ + +securelib_LTLIBRARIES = pam_access.la + +secureconf_DATA = access.conf diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index d35cf043..793332fb 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -75,12 +75,6 @@ #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) #undef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 256 -#endif - -#ifdef DEFAULT_CONF_FILE -# define PAM_ACCESS_CONFIG DEFAULT_CONF_FILE -#else -# define PAM_ACCESS_CONFIG "/etc/security/access.conf" #endif /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -160,7 +154,7 @@ static int list_match (pam_handle_t *, char *, struct login_info *, match_func *); static int user_match (pam_handle_t *, char *, struct login_info *); static int from_match (pam_handle_t *, char *, struct login_info *); -static int string_match (pam_handle_t *, const char *, const char *); +static int string_match (const char *, const char *); /* login_access - match username/group and host/tty with access control file */ @@ -303,7 +297,7 @@ static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item) return (user_match (pamh, tok, item) && from_match (pamh, at + 1, &fake_item)); } else if (tok[0] == '@') /* netgroup */ return (netgroup_match(tok + 1, (char *) 0, string)); - else if (string_match (pamh, tok, string)) /* ALL or exact match */ + else if (string_match (tok, string)) /* ALL or exact match */ return YES; else if (_pammodutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) /* try group membership */ @@ -315,7 +309,7 @@ static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item) /* from_match - match a host or tty against a list of tokens */ static int -from_match (pam_handle_t *pamh, char *tok, struct login_info *item) +from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) { const char *string = item->from; int tok_len; @@ -332,7 +326,7 @@ from_match (pam_handle_t *pamh, char *tok, struct login_info *item) if (tok[0] == '@') { /* netgroup */ return (netgroup_match(tok + 1, string, (char *) 0)); - } else if (string_match (pamh, tok, string)) /* ALL or exact match */ + } else if (string_match (tok, string)) /* ALL or exact match */ return YES; else if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(string)) > (tok_len = strlen(tok)) @@ -367,7 +361,7 @@ from_match (pam_handle_t *pamh, char *tok, struct login_info *item) r = snprintf(hn, sizeof(hn), "%u.%u.%u.%u.", (unsigned char)h->h_addr[0], (unsigned char)h->h_addr[1], (unsigned char)h->h_addr[2], (unsigned char)h->h_addr[3]); - if (r < 0 || r >= sizeof(hn)) + if (r < 0 || r >= (int)sizeof(hn)) return (NO); if (!strncmp(tok, hn, tok_len)) return (YES); @@ -379,7 +373,7 @@ from_match (pam_handle_t *pamh, char *tok, struct login_info *item) /* string_match - match a string against one token */ static int -string_match (pam_handle_t *pamh, const char *tok, const char *string) +string_match (const char *tok, const char *string) { /* @@ -397,8 +391,9 @@ string_match (pam_handle_t *pamh, const char *tok, const char *string) /* --- public account management functions --- */ -PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { struct login_info loginfo; const char *user=NULL; diff --git a/modules/pam_cracklib/Makefile b/modules/pam_cracklib/Makefile deleted file mode 100644 index 5f6371ef..00000000 --- a/modules/pam_cracklib/Makefile +++ /dev/null @@ -1,32 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/10/08 -# - -include ../../Make.Rules - -TITLE=pam_cracklib - -ifeq ($(HAVE_LIBCRACK),yes) -BUILD_THIS_MODULE=yes -MODULE_SIMPLE_EXTRALIBS=-lcrack - -# These two should really be provided by ../../pam_aconf.h -CFLAGS+=-DCRACKLIB_DICTPATH=\"$(CRACKLIB_DICTPATH)\" - -ifeq ($(HAVE_LIBCRYPT),yes) - MODULE_SIMPLE_EXTRALIBS += -lcrypt -endif - -endif - -ifeq ($(BUILD_THIS_MODULE),yes) - include ../Simple.Rules -else - include ../dont_makefile -endif diff --git a/modules/pam_cracklib/Makefile.am b/modules/pam_cracklib/Makefile.am new file mode 100644 index 00000000..1ba84053 --- /dev/null +++ b/modules/pam_cracklib/Makefile.am @@ -0,0 +1,22 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +if HAVE_LIBCRACK +securelib_LTLIBRARIES = pam_cracklib.la +endif + +pam_cracklib_la_LIBADD = @LIBCRACK@ @LIBCRYPT@ diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index e260b0a8..5f9d54bf 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -238,7 +238,7 @@ static char *_pam_delete(register char *xx) /* * can't be a palindrome - like `R A D A R' or `M A D A M' */ -static int palindrome(const char *old, const char *new) +static int palindrome(const char *new) { int i, j; @@ -257,7 +257,8 @@ static int palindrome(const char *old, const char *new) * the other */ -static int distdifferent(const char *old, const char *new, int i, int j) +static int distdifferent(const char *old, const char *new, + size_t i, size_t j) { char c, d; @@ -275,7 +276,7 @@ static int distdifferent(const char *old, const char *new, int i, int j) } static int distcalculate(int **distances, const char *old, const char *new, - int i, int j) + size_t i, size_t j) { int tmp = 0; @@ -296,7 +297,7 @@ static int distcalculate(int **distances, const char *old, const char *new, static int distance(const char *old, const char *new) { int **distances = NULL; - int m, n, i, j, r; + size_t m, n, i, j, r; m = strlen(old); n = strlen(new); @@ -345,8 +346,7 @@ static int similar(struct cracklib_options *opt, /* * a nice mix of characters. */ -static int simple(struct cracklib_options *opt, - const char *old, const char *new) +static int simple(struct cracklib_options *opt, const char *new) { int digits = 0; int uppers = 0; @@ -439,7 +439,7 @@ static const char * password_check(struct cracklib_options *opt, const char *old strcpy (wrapped, oldmono); strcat (wrapped, oldmono); - if (palindrome(oldmono, newmono)) + if (palindrome(newmono)) msg = "is a palindrome"; if (!msg && strcmp(oldmono, newmono) == 0) @@ -448,7 +448,7 @@ static const char * password_check(struct cracklib_options *opt, const char *old if (!msg && similar(opt, oldmono, newmono)) msg = "is too similar to the old one"; - if (!msg && simple(opt, old, new)) + if (!msg && simple(opt, new)) msg = "is too simple"; if (!msg && strstr(wrapped, newmono)) diff --git a/modules/pam_debug/Makefile b/modules/pam_debug/Makefile deleted file mode 100644 index ae22cade..00000000 --- a/modules/pam_debug/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_debug - -include ../Simple.Rules diff --git a/modules/pam_debug/Makefile.am b/modules/pam_debug/Makefile.am new file mode 100644 index 00000000..79d5f028 --- /dev/null +++ b/modules/pam_debug/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_debug.la diff --git a/modules/pam_deny/Makefile b/modules/pam_deny/Makefile deleted file mode 100644 index 7dd7b4fd..00000000 --- a/modules/pam_deny/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_deny - -include ../Simple.Rules diff --git a/modules/pam_deny/Makefile.am b/modules/pam_deny/Makefile.am new file mode 100644 index 00000000..fd1d8624 --- /dev/null +++ b/modules/pam_deny/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_deny.la diff --git a/modules/pam_env/Makefile b/modules/pam_env/Makefile deleted file mode 100644 index fa711ce3..00000000 --- a/modules/pam_env/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_env -LOCAL_CONFILE=./pam_env.conf-example -INSTALLED_CONFILE=$(SCONFIGD)/pam_env.conf - -DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" -CFLAGS += $(DEFS) - -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age - -include ../Simple.Rules diff --git a/modules/pam_env/Makefile.am b/modules/pam_env/Makefile.am new file mode 100644 index 00000000..1e375885 --- /dev/null +++ b/modules/pam_env/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README pam_env.conf + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_env.la + +secureconf_DATA = pam_env.conf diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 5f43f07d..e51601aa 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -8,10 +8,6 @@ * template for this file (via pam_mail) */ -#ifndef DEFAULT_CONF_FILE -#define DEFAULT_CONF_FILE "/etc/security/pam_env.conf" -#endif - #define DEFAULT_ETC_ENVFILE "/etc/environment" #define DEFAULT_READ_ENVFILE 0 @@ -95,7 +91,7 @@ static void _log_err(int err, const char *format, ...) #define PAM_ENV_SILENT 0x04 #define PAM_NEW_ENV_FILE 0x10 -static int _pam_parse(int flags, int argc, const char **argv, char **conffile, +static int _pam_parse(int argc, const char **argv, char **conffile, char **envfile, int *readenv) { int ctrl=0; @@ -743,16 +739,16 @@ static void _clean_var(VAR *var) /* --- authentication management functions (only) --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; char *conf_file=NULL, *env_file=NULL; @@ -762,7 +758,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, */ D(("Called.")); - ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv); + ctrl = _pam_parse(argc, argv, &conf_file, &env_file, &readenv); retval = _parse_config_file(pamh, ctrl, &conf_file); @@ -775,17 +771,17 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, return retval; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { _log_err(LOG_NOTICE, "pam_sm_acct_mgmt called inappropriatly"); return PAM_SERVICE_ERR; } -PAM_EXTERN -int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; char *conf_file=NULL, *env_file=NULL; @@ -795,7 +791,7 @@ int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc */ D(("Called.")); - ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv); + ctrl = _pam_parse(argc, argv, &conf_file, &env_file, &readenv); retval = _parse_config_file(pamh, ctrl, &conf_file); @@ -808,17 +804,17 @@ int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc return retval; } -PAM_EXTERN -int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc, - const char **argv) +PAM_EXTERN int +pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { D(("Called and Exit")); return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { _log_err(LOG_NOTICE, "pam_sm_chauthtok called inappropriatly"); return PAM_SERVICE_ERR; diff --git a/modules/pam_env/pam_env.conf b/modules/pam_env/pam_env.conf new file mode 100644 index 00000000..02116639 --- /dev/null +++ b/modules/pam_env/pam_env.conf @@ -0,0 +1,76 @@ +# $Date$ +# $Author$ +# $Id$ +# +# This is the configuration file for pam_env, a PAM module to load in +# a configurable list of environment variables for a +# +# The original idea for this came from Andrew G. Morgan ... +# +# Mmm. Perhaps you might like to write a pam_env module that reads a +# default environment from a file? I can see that as REALLY +# useful... Note it would be an "auth" module that returns PAM_IGNORE +# for the auth part and sets the environment returning PAM_SUCCESS in +# the setcred function... +# +# +# What I wanted was the REMOTEHOST variable set, purely for selfish +# reasons, and AGM didn't want it added to the SimpleApps login +# program (which is where I added the patch). So, my first concern is +# that variable, from there there are numerous others that might/would +# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER ..... +# +# Of course, these are a different kind of variable than REMOTEHOST in +# that they are things that are likely to be configured by +# administrators rather than set by logging in, how to treat them both +# in the same config file? +# +# Here is my idea: +# +# Each line starts with the variable name, there are then two possible +# options for each variable DEFAULT and OVERRIDE. +# DEFAULT allows and administrator to set the value of the +# variable to some default value, if none is supplied then the empty +# string is assumed. The OVERRIDE option tells pam_env that it should +# enter in its value (overriding the default value) if there is one +# to use. OVERRIDE is not used, "" is assumed and no override will be +# done. +# +# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] +# +# (Possibly non-existent) environment variables may be used in values +# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may +# be used in values using the @{string} syntax. Both the $ and @ +# characters can be backslash escaped to be used as literal values +# values can be delimited with "", escaped " not supported. +# Note that many environment variables that you would like to use +# may not be set by the time the module is called. +# For example, HOME is used below several times, but +# many PAM applications don't make it available by the time you need it. +# +# +# First, some special variables +# +# Set the REMOTEHOST variable for any hosts that are remote, default +# to "localhost" rather than not being set at all +#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} +# +# Set the DISPLAY variable if it seems reasonable +#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} +# +# +# Now some simple variables +# +#PAGER DEFAULT=less +#MANPAGER DEFAULT=less +#LESS DEFAULT="M q e h15 z23 b80" +#NNTPSERVER DEFAULT=localhost +#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ +#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11 +# +# silly examples of escaped variables, just to show how they work. +# +#DOLLAR DEFAULT=\$ +#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} +#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} +#ATSIGN DEFAULT="" OVERRIDE=\@ diff --git a/modules/pam_env/pam_env.conf-example b/modules/pam_env/pam_env.conf-example deleted file mode 100644 index 02116639..00000000 --- a/modules/pam_env/pam_env.conf-example +++ /dev/null @@ -1,76 +0,0 @@ -# $Date$ -# $Author$ -# $Id$ -# -# This is the configuration file for pam_env, a PAM module to load in -# a configurable list of environment variables for a -# -# The original idea for this came from Andrew G. Morgan ... -# -# Mmm. Perhaps you might like to write a pam_env module that reads a -# default environment from a file? I can see that as REALLY -# useful... Note it would be an "auth" module that returns PAM_IGNORE -# for the auth part and sets the environment returning PAM_SUCCESS in -# the setcred function... -# -# -# What I wanted was the REMOTEHOST variable set, purely for selfish -# reasons, and AGM didn't want it added to the SimpleApps login -# program (which is where I added the patch). So, my first concern is -# that variable, from there there are numerous others that might/would -# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER ..... -# -# Of course, these are a different kind of variable than REMOTEHOST in -# that they are things that are likely to be configured by -# administrators rather than set by logging in, how to treat them both -# in the same config file? -# -# Here is my idea: -# -# Each line starts with the variable name, there are then two possible -# options for each variable DEFAULT and OVERRIDE. -# DEFAULT allows and administrator to set the value of the -# variable to some default value, if none is supplied then the empty -# string is assumed. The OVERRIDE option tells pam_env that it should -# enter in its value (overriding the default value) if there is one -# to use. OVERRIDE is not used, "" is assumed and no override will be -# done. -# -# VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] -# -# (Possibly non-existent) environment variables may be used in values -# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may -# be used in values using the @{string} syntax. Both the $ and @ -# characters can be backslash escaped to be used as literal values -# values can be delimited with "", escaped " not supported. -# Note that many environment variables that you would like to use -# may not be set by the time the module is called. -# For example, HOME is used below several times, but -# many PAM applications don't make it available by the time you need it. -# -# -# First, some special variables -# -# Set the REMOTEHOST variable for any hosts that are remote, default -# to "localhost" rather than not being set at all -#REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} -# -# Set the DISPLAY variable if it seems reasonable -#DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} -# -# -# Now some simple variables -# -#PAGER DEFAULT=less -#MANPAGER DEFAULT=less -#LESS DEFAULT="M q e h15 z23 b80" -#NNTPSERVER DEFAULT=localhost -#PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ -#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11 -# -# silly examples of escaped variables, just to show how they work. -# -#DOLLAR DEFAULT=\$ -#DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} -#DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} -#ATSIGN DEFAULT="" OVERRIDE=\@ diff --git a/modules/pam_filter/Makefile b/modules/pam_filter/Makefile deleted file mode 100644 index 48411497..00000000 --- a/modules/pam_filter/Makefile +++ /dev/null @@ -1,126 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 1996/3/11 -# - -ifeq ($(OS),solaris) - -include ../dont_makefile - -else - -include ../../Make.Rules - -TITLE=pam_filter -FILTERS=upperLOWER -FILTERSDIR=$(SECUREDIR)/pam_filter -export FILTERSDIR - -CFLAGS += -Iinclude - -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -LIBOBJS = $(addprefix static/,$(LIBOBJ)) - -dynamic/%.o : %.c - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -static/%.o : %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -ifdef DYNAMIC -LIBSHARED = $(TITLE).so -endif - -ifdef STATIC -LIBSTATIC = lib$(TITLE).o -endif - -####################### don't edit below ####################### - -# -# this is where we compile this module -# - -all: dirs $(LIBSHARED) $(LIBSTATIC) register filters - -dirs: - if [ ! -r include/security ]; then ln -sf . include/security ; fi -ifdef DYNAMIC - $(MKDIR) ./dynamic -endif -ifdef STATIC - $(MKDIR) ./static -endif - -register: -ifdef STATIC - ( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) ) -endif - -filters: - @for i in $(FILTERS) ; do \ - if [ -d $$i ]; then \ - $(MAKE) -C $$i all ; \ - fi ; \ - done - - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) -endif - -ifdef DYNAMIC -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) -endif - -ifdef STATIC -$(LIBOBJS): $(LIBSRC) -endif - -ifdef STATIC -$(LIBSTATIC): $(LIBOBJS) - $(LD) -r -o $@ $(LIBOBJS) -endif - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so - rm -f $(FAKEROOT)$(INCLUDED)/pam_filter.h - @for i in $(FILTERS) ; do \ - if [ -d $$i ]; then \ - $(MAKE) -C $$i remove ; \ - fi ; \ - done - -install: all - @for i in $(FILTERS) ; do \ - if [ -d $$i ]; then \ - $(MAKE) -C $$i install ; \ - fi ; \ - done - $(MKDIR) $(FAKEROOT)$(SECUREDIR) -ifdef DYNAMIC - $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) -endif - $(MKDIR) $(FAKEROOT)$(INCLUDED) - $(INSTALL) -m 644 include/pam_filter.h $(FAKEROOT)$(INCLUDED) - -clean: - @for i in $(FILTERS) ; do \ - if [ -d $$i ]; then \ - $(MAKE) -C $$i clean ; \ - fi ; \ - done - rm -f $(LIBSHARED) $(LIBOBJD) $(LIBOBJS) core *~ - rm -f include/security - rm -fr dynamic static - rm -f *.a *.o *.so *.bak - -endif diff --git a/modules/pam_filter/Makefile.am b/modules/pam_filter/Makefile.am new file mode 100644 index 00000000..9d2585a5 --- /dev/null +++ b/modules/pam_filter/Makefile.am @@ -0,0 +1,22 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +SUBDIRS = upperLOWER + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +include_HEADERS=pam_filter.h + +securelib_LTLIBRARIES = pam_filter.la diff --git a/modules/pam_filter/include/pam_filter.h b/modules/pam_filter/include/pam_filter.h deleted file mode 100644 index 630198ee..00000000 --- a/modules/pam_filter/include/pam_filter.h +++ /dev/null @@ -1,32 +0,0 @@ -/* - * $Id$ - * - * this file is associated with the Linux-PAM filter module. - * it was written by Andrew G. Morgan - * - */ - -#ifndef PAM_FILTER_H -#define PAM_FILTER_H - -#include - -/* - * this will fail if there is some problem with these file descriptors - * being allocated by the pam_filter Linux-PAM module. The numbers - * here are thought safe, but the filter developer should use the - * macros, as these numbers are subject to change. - * - * The APPXXX_FILENO file descriptors are the STDIN/OUT/ERR_FILENO of the - * application. The filter uses the STDIN/OUT/ERR_FILENO's to converse - * with the user, passes (modified) user input to the application via - * APPIN_FILENO, and receives application output from APPOUT_FILENO/ERR. - */ - -#define APPIN_FILENO 3 /* write here to give application input */ -#define APPOUT_FILENO 4 /* read here to get application output */ -#define APPERR_FILENO 5 /* read here to get application errors */ - -#define APPTOP_FILE 6 /* used by select */ - -#endif diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index c03126ca..b34c8419 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -31,7 +31,7 @@ #define PAM_SM_PASSWORD #include -#include +#include "pam_filter.h" /* ------ some tokens used for convenience throughout this file ------- */ @@ -282,8 +282,9 @@ static void free_evp(char *evp[]) free(evp); } -static int set_filter(pam_handle_t *pamh, int flags, int ctrl - , const char **evp, const char *filtername) +static int +set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, + const char **evp, const char *filtername) { int status=-1; char terminal[TERMINAL_LEN]; @@ -591,6 +592,7 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl /* quit the parent process, returning the child's exit status */ exit(status); + return status; /* never reached, to make gcc happy */ } static int set_the_terminal(pam_handle_t *pamh) diff --git a/modules/pam_filter/pam_filter.h b/modules/pam_filter/pam_filter.h new file mode 100644 index 00000000..630198ee --- /dev/null +++ b/modules/pam_filter/pam_filter.h @@ -0,0 +1,32 @@ +/* + * $Id$ + * + * this file is associated with the Linux-PAM filter module. + * it was written by Andrew G. Morgan + * + */ + +#ifndef PAM_FILTER_H +#define PAM_FILTER_H + +#include + +/* + * this will fail if there is some problem with these file descriptors + * being allocated by the pam_filter Linux-PAM module. The numbers + * here are thought safe, but the filter developer should use the + * macros, as these numbers are subject to change. + * + * The APPXXX_FILENO file descriptors are the STDIN/OUT/ERR_FILENO of the + * application. The filter uses the STDIN/OUT/ERR_FILENO's to converse + * with the user, passes (modified) user input to the application via + * APPIN_FILENO, and receives application output from APPOUT_FILENO/ERR. + */ + +#define APPIN_FILENO 3 /* write here to give application input */ +#define APPOUT_FILENO 4 /* read here to get application output */ +#define APPERR_FILENO 5 /* read here to get application errors */ + +#define APPTOP_FILE 6 /* used by select */ + +#endif diff --git a/modules/pam_filter/upperLOWER/Makefile b/modules/pam_filter/upperLOWER/Makefile deleted file mode 100644 index 60c6d08c..00000000 --- a/modules/pam_filter/upperLOWER/Makefile +++ /dev/null @@ -1,42 +0,0 @@ -# -# $Id$ -# -# This directory contains a pam_filter filter executable -# -# Created by Andrew Morgan 1996/3/11 -# - -include ../../../Make.Rules - -TITLE=upperLOWER - -# - -CFLAGS += -I../include -I../../pammodutil/include - -OBJS = $(TITLE).o - -LIBS += $(GLIB_LIBS) -L../../pammodutil -lpammodutil -LDFLAGS = $(LIBS) - -####################### don't edit below ####################### - -all: $(TITLE) - -$(TITLE): $(OBJS) - $(CC) $(CFLAGS) -o $(TITLE) $(OBJS) $(LDFLAGS) - $(STRIP) $(TITLE) - -install: - $(MKDIR) $(FAKEROOT)$(FILTERSDIR) - $(INSTALL) -m 511 $(TITLE) $(FAKEROOT)$(FILTERSDIR) - -remove: - cd $(FAKEROOT)$(FILTERSDIR) && rm -f $(TITLE) - -clean: - rm -f $(TITLE) $(OBJS) core *~ - -.c.o: - $(CC) $(CFLAGS) -c $< - diff --git a/modules/pam_filter/upperLOWER/Makefile.am b/modules/pam_filter/upperLOWER/Makefile.am new file mode 100644 index 00000000..88f7c2e2 --- /dev/null +++ b/modules/pam_filter/upperLOWER/Makefile.am @@ -0,0 +1,14 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +securelibfilterdir = $(SECUREDIR)/pam_filter + + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ -I.. +AM_LDFLAGS = -L$(top_builddir)/modules/pammodutil -lpammodutil + +securelibfilter_PROGRAMS = upperLOWER diff --git a/modules/pam_filter/upperLOWER/upperLOWER.c b/modules/pam_filter/upperLOWER/upperLOWER.c index 5aa0e2c0..3ff4b547 100644 --- a/modules/pam_filter/upperLOWER/upperLOWER.c +++ b/modules/pam_filter/upperLOWER/upperLOWER.c @@ -20,7 +20,7 @@ #include #include -#include +#include "pam_filter.h" #include #include #include @@ -59,7 +59,7 @@ static void do_transpose(char *buffer,int len) extern char **environ; -int main(int argc, char **argv) +int main(int argc, char **argv UNUSED) { char buffer[BUFSIZ]; fd_set readers; @@ -162,6 +162,3 @@ int main(int argc, char **argv) exit(0); } - - - diff --git a/modules/pam_ftp/Makefile b/modules/pam_ftp/Makefile deleted file mode 100644 index fb61ac16..00000000 --- a/modules/pam_ftp/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_ftp - -include ../Simple.Rules diff --git a/modules/pam_ftp/Makefile.am b/modules/pam_ftp/Makefile.am new file mode 100644 index 00000000..0e65b9fa --- /dev/null +++ b/modules/pam_ftp/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_ftp.la diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index 870266cc..fe581c8f 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -158,9 +158,9 @@ static int lookup(const char *name, char *list, const char **_user) /* --- authentication management functions (only) --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval, anon=0, ctrl; const char *user; @@ -274,9 +274,9 @@ int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc } } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } diff --git a/modules/pam_group/Makefile b/modules/pam_group/Makefile deleted file mode 100644 index 44464089..00000000 --- a/modules/pam_group/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_group -LOCAL_CONFILE=./group.conf -INSTALLED_CONFILE=$(SCONFIGD)/group.conf - -DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" -CFLAGS += $(DEFS) - -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age - -include ../Simple.Rules diff --git a/modules/pam_group/Makefile.am b/modules/pam_group/Makefile.am new file mode 100644 index 00000000..7846d6b1 --- /dev/null +++ b/modules/pam_group/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = group.conf + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_group.la + +secureconf_DATA = group.conf diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 896f1e84..81fa64de 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -30,11 +30,6 @@ static const char rcsid[] = #include #include -#ifdef DEFAULT_CONF_FILE -# define PAM_GROUP_CONF DEFAULT_CONF_FILE /* from external define */ -#else -# define PAM_GROUP_CONF "/etc/security/group.conf" -#endif #define PAM_GROUP_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ @@ -163,8 +158,9 @@ static int read_field(int fd, char **buf, int *from, int *to) } } switch ((*buf)[i]) { - int j,c; + int j, c; case '#': + c = 0; for (j=i; j < *to && (c = (*buf)[j]) != '\n'; ++j); if (j >= *to) { (*buf)[*to = ++i] = '\0'; @@ -329,7 +325,8 @@ static boolean logic_field(const void *me, const char *x, int rule, return left; } -static boolean is_same(const void *A, const char *b, int len, int rule) +static boolean +is_same (const void *A, const char *b, int len, int rule UNUSED) { int i; const char *a; @@ -351,10 +348,10 @@ typedef struct { int minute; /* integer, hour*100+minute for now */ } TIME; -struct day { +static struct day { const char *d; int bit; -} static const days[11] = { +} const days[11] = { { "su", 01 }, { "mo", 02 }, { "tu", 04 }, @@ -769,14 +766,16 @@ static int check_account(pam_handle_t *pamh, const char *service, /* --- public authentication management functions --- */ -PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags - , int argc, const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags - , int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh, int flags, + int argc UNUSED, const char **argv UNUSED) { const void *service=NULL, *void_tty=NULL; const char *user=NULL; diff --git a/modules/pam_issue/Makefile b/modules/pam_issue/Makefile deleted file mode 100644 index d73710e1..00000000 --- a/modules/pam_issue/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_issue - -include ../Simple.Rules diff --git a/modules/pam_issue/Makefile.am b/modules/pam_issue/Makefile.am new file mode 100644 index 00000000..c987b4d7 --- /dev/null +++ b/modules/pam_issue/Makefile.am @@ -0,0 +1,16 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_issue.la diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 9c52c106..27c10e60 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -44,9 +44,9 @@ static char *do_prompt (FILE *); /* --- authentication management functions (only) --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval = PAM_SUCCESS; FILE *fd; @@ -173,16 +173,18 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, return retval; } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } -static char *do_prompt(FILE *fd) +static char * +do_prompt (FILE *fd) { - int c, size = 1024; + int c; + size_t size = 1024; char *issue; char buf[1024]; struct utsname uts; diff --git a/modules/pam_lastlog/Makefile b/modules/pam_lastlog/Makefile deleted file mode 100644 index 333ecd93..00000000 --- a/modules/pam_lastlog/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -ifeq ($(HAVE_LIBUTIL),yes) - MODULE_SIMPLE_EXTRALIBS += -lutil -endif - -TITLE=pam_lastlog - -include ../Simple.Rules diff --git a/modules/pam_lastlog/Makefile.am b/modules/pam_lastlog/Makefile.am new file mode 100644 index 00000000..ddb8a21d --- /dev/null +++ b/modules/pam_lastlog/Makefile.am @@ -0,0 +1,16 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_lastlog.la diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index 78a85e78..d3690edd 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -448,9 +448,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc return retval; } -PAM_EXTERN -int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc - ,const char **argv) +PAM_EXTERN int +pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } diff --git a/modules/pam_limits/Makefile b/modules/pam_limits/Makefile deleted file mode 100644 index 5aeb73ce..00000000 --- a/modules/pam_limits/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_limits - -ifeq ($(OS),linux) - -LOCAL_CONFILE=./limits.skel -INSTALLED_CONFILE=$(SCONFIGD)/limits.conf - -DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" -CFLAGS += $(DEFS) - -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age -ifeq ($(HAVE_LIBCAP),yes) -MODULE_SIMPLE_EXTRALIBS=-lcap -endif - -include ../Simple.Rules - -#else -#include ../dont_makefile -#endif -else - -include ../dont_makefile - -endif diff --git a/modules/pam_limits/Makefile.am b/modules/pam_limits/Makefile.am new file mode 100644 index 00000000..20bc2dfa --- /dev/null +++ b/modules/pam_limits/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README limits.conf + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_limits.la + +secureconf_DATA = limits.conf diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 0c245539..d21ad16a 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -139,13 +139,6 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) } -/* limits stuff */ -#ifdef DEFAULT_CONF_FILE -# define LIMITS_FILE DEFAULT_CONF_FILE -#else -# define LIMITS_FILE "/etc/security/limits.conf" -#endif - #define LIMITED_OK 0 /* limit setting appeared to work */ #define LIMIT_ERR 1 /* error setting a limit */ #define LOGIN_ERR 2 /* too many logins err */ @@ -156,7 +149,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, struct pam_limit_s *pl) { struct utmp *ut; - unsigned int count; + int count; if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_DEBUG, "checking logins for '%s' (maximum of %d)\n", @@ -265,7 +258,7 @@ static void process_limit(int source, const char *lim_type, int limit_item; int limit_type = 0; int int_value = 0; - unsigned long rlimit_value = 0; + rlim_t rlimit_value = 0; char *endptr; const char *value_orig = lim_value; @@ -361,7 +354,11 @@ static void process_limit(int source, const char *lim_type, return; } } else { +#ifdef __USE_FILE_OFFSET64 + rlimit_value = strtoull (lim_value, &endptr, 10); +#else rlimit_value = strtoul (lim_value, &endptr, 10); +#endif if (rlimit_value == 0 && value_orig == endptr) { _pam_log(LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); @@ -462,7 +459,8 @@ static int parse_config_file(pam_handle_t *pamh, const char *uname, int ctrl, char ltype[LINE_LENGTH]; char item[LINE_LENGTH]; char value[LINE_LENGTH]; - int i,j; + int i; + size_t j; char *tptr; tptr = buf; @@ -604,8 +602,9 @@ static int setup_limits(pam_handle_t *pamh, } /* now the session stuff */ -PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) +PAM_EXTERN int +pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval; char *user_name; @@ -659,8 +658,9 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, return PAM_SUCCESS; } -PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) +PAM_EXTERN int +pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { /* nothing to do */ return PAM_SUCCESS; diff --git a/modules/pam_listfile/Makefile b/modules/pam_listfile/Makefile deleted file mode 100644 index 18315256..00000000 --- a/modules/pam_listfile/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_listfile - -include ../Simple.Rules diff --git a/modules/pam_listfile/Makefile.am b/modules/pam_listfile/Makefile.am new file mode 100644 index 00000000..cdc30c75 --- /dev/null +++ b/modules/pam_listfile/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_listfile.la diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index a2965b77..80be5a9a 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -79,8 +79,9 @@ static int is_on_list(char * const *list, const char *member) #define LESSER(a, b) ((a) < (b) ? (a) : (b)) -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; const void *void_citemp; @@ -108,12 +109,13 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar memset(mybuf,'\0',sizeof(mybuf)); memset(myval,'\0',sizeof(mybuf)); junk = strchr(argv[i], '='); - if((junk == NULL) || (junk - argv[i]) >= sizeof(mybuf)) { + if((junk == NULL) || (junk - argv[i]) >= (int) sizeof(mybuf)) { _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "Bad option: \"%s\"", argv[i]); continue; } - strncpy(mybuf, argv[i], LESSER(junk - argv[i], sizeof(mybuf) - 1)); + strncpy(mybuf, argv[i], + LESSER(junk - argv[i], (int)sizeof(mybuf) - 1)); strncpy(myval, junk + 1, sizeof(myval) - 1); } if(!strcmp(mybuf,"onerr")) @@ -285,7 +287,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar } itemlist[0] = x_strdup(grpinfo->gr_name); setgrent(); - for (i=1; (i < sizeof(itemlist)/sizeof(itemlist[0])-1) && + for (i=1; (i < (int)(sizeof(itemlist)/sizeof(itemlist[0])-1)) && (grpinfo = getgrent()); ) { if (is_on_list(grpinfo->gr_mem,citemp)) { itemlist[i++] = x_strdup(grpinfo->gr_name); @@ -412,15 +414,16 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar } } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { return pam_sm_authenticate(pamh, 0, argc, argv); } diff --git a/modules/pam_localuser/Makefile b/modules/pam_localuser/Makefile deleted file mode 100644 index 13946eb4..00000000 --- a/modules/pam_localuser/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# - -include ../../Make.Rules - -TITLE=pam_localuser -MAN8=pam_localuser.8 - -include ../Simple.Rules diff --git a/modules/pam_localuser/Makefile.am b/modules/pam_localuser/Makefile.am new file mode 100644 index 00000000..ef173508 --- /dev/null +++ b/modules/pam_localuser/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README ${MANS} + +man_MANS = pam_localuser.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_localuser.la diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index 4c540376..e6fe7ec8 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -54,8 +54,9 @@ #define MODULE_NAME "pam_localuser" -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, + int argc, const char **argv) { int i, ret = PAM_SUCCESS; FILE *fp; @@ -125,19 +126,20 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar } } - /* okay, we're done */ + /* okay, we're done */ fclose(fp); return ret; } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +PAM_EXTERN int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } diff --git a/modules/pam_mail/Makefile b/modules/pam_mail/Makefile deleted file mode 100644 index 93ca429b..00000000 --- a/modules/pam_mail/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_mail - -include ../Simple.Rules diff --git a/modules/pam_mail/Makefile.am b/modules/pam_mail/Makefile.am new file mode 100644 index 00000000..1a0f1bc0 --- /dev/null +++ b/modules/pam_mail/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_mail.la diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 81dedcea..e0647465 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -75,7 +75,7 @@ static void _log_err(int err, const char *format, ...) #define PAM_QUIET_MAIL 0x1000 static int _pam_parse(int flags, int argc, const char **argv, char **maildir, - int *hashcount) + size_t *hashcount) { int ctrl=0; @@ -107,8 +107,8 @@ static int _pam_parse(int flags, int argc, const char **argv, char **maildir, } } else if (!strncmp(*argv,"hash=",5)) { char *ep = NULL; - *hashcount = strtol(*argv+5,&ep,10); - if (!ep || (*hashcount < 0)) { + *hashcount = strtoul(*argv+5,&ep,10); + if (!ep) { *hashcount = 0; } } else if (!strcmp(*argv,"close")) { @@ -171,7 +171,7 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs } static int get_folder(pam_handle_t *pamh, int ctrl, - char **path_mail, char **folder_p, int hashcount) + char **path_mail, char **folder_p, size_t hashcount) { int retval; const char *user, *path; @@ -228,7 +228,7 @@ static int get_folder(pam_handle_t *pamh, int ctrl, if (ctrl & PAM_HOME_MAIL) { sprintf(folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path); } else { - int i; + size_t i; char *hash = malloc(2*hashcount+1); if (hash) { @@ -372,9 +372,9 @@ static int _do_mail(pam_handle_t *, int, int, const char **, int); /* --- authentication functions --- */ -PAM_EXTERN -int pam_sm_authenticate(pam_handle_t *pamh,int flags,int argc, - const char **argv) +PAM_EXTERN int +pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } @@ -412,7 +412,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, static int _do_mail(pam_handle_t *pamh, int flags, int argc, const char **argv, int est) { - int retval, ctrl, hashcount; + int retval, ctrl; + size_t hashcount; char *path_mail=NULL, *folder; const char *type; diff --git a/modules/pam_mkhomedir/Makefile b/modules/pam_mkhomedir/Makefile deleted file mode 100644 index d518c26f..00000000 --- a/modules/pam_mkhomedir/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_mkhomedir - -include ../Simple.Rules diff --git a/modules/pam_mkhomedir/Makefile.am b/modules/pam_mkhomedir/Makefile.am new file mode 100644 index 00000000..11c238dd --- /dev/null +++ b/modules/pam_mkhomedir/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_mkhomedir.la diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 6f68b0aa..f842cd7f 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -560,8 +560,8 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc /* Ignore */ PAM_EXTERN -int pam_sm_close_session(pam_handle_t * pamh, int flags, int argc - ,const char **argv) +int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } diff --git a/modules/pam_motd/Makefile b/modules/pam_motd/Makefile deleted file mode 100644 index ae4acb8c..00000000 --- a/modules/pam_motd/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_motd - -include ../Simple.Rules diff --git a/modules/pam_motd/Makefile.am b/modules/pam_motd/Makefile.am new file mode 100644 index 00000000..9e2faa41 --- /dev/null +++ b/modules/pam_motd/Makefile.am @@ -0,0 +1,16 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_motd.la diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index a64d6a41..291d76d9 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -37,9 +37,9 @@ /* --- session management functions (only) --- */ -PAM_EXTERN -int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, - const char **argv) +PAM_EXTERN int +pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } diff --git a/modules/pam_nologin/Makefile b/modules/pam_nologin/Makefile deleted file mode 100644 index 130787e7..00000000 --- a/modules/pam_nologin/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_nologin - -include ../Simple.Rules diff --git a/modules/pam_nologin/Makefile.am b/modules/pam_nologin/Makefile.am new file mode 100644 index 00000000..a2549346 --- /dev/null +++ b/modules/pam_nologin/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README $(MANS) + +man_MANS = pam_nologin.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_nologin.la diff --git a/modules/pam_nologin/pam_nologin.8 b/modules/pam_nologin/pam_nologin.8 new file mode 100644 index 00000000..e68a6a15 --- /dev/null +++ b/modules/pam_nologin/pam_nologin.8 @@ -0,0 +1,86 @@ +.\" Copyright (C) 2003 International Business Machines Corp. +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "PAM_NOLOGIN" 8 "2003-03-21" "Linux 2.4" "System Administrator's Manual" +.SH NAME +pam_nologin \- Disables login for all except root when +\fI/etc/nologin\fR exists +.SH "SYNOPSIS" +.ad l +.hy 0 + +/lib/security/pam_nologin +.sp +.ad +.hy + +.SH "DESCRIPTION" + +.PP +\fBpam_nologin\fR is a PAM module that prevents users from logging +into the system when \fI/etc/nologin\fR exists. +The contents of the \fI/etc/nologin\fR file are displayed to the user. +The \fBpam_nologin\fR module has no effect on the root user's ability to log in. + +.SH "OPTIONS" + +.PP +\fBpam_login\fR has no options. + +.SH "MODULE SERVICES PROVIDED" + +.TP +auth +_authentication and _setcred (blank) + +.SH "RETURN CODES" +.PP +\fBpam_nologin\fR has the following return codes: +.TP +PAM_SUCCESS +Success: either the user is root or the \fI/etc/nologin\fR file does not exist. + +.TP +PAM_SERVICE_ERR +The module was unable to get the user name. + +.TP +PAM_USER_UNKNOWN +The module cannot get the UID associated with this user. + +.TP +PAM_AUTH_ERR +The user is not root and \fI/etc/nologin\fR exists, so the user is +not permitted to log in. + +.SH "HISTORY" + +.PP +\fBpam_nologin\fR was written by Michael K. Johnson. + +.SH "SEE ALSO" + +.PP +\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBnologin\fR(8). + +.SH AUTHOR +Emily Ratliff. diff --git a/modules/pam_permit/Makefile b/modules/pam_permit/Makefile deleted file mode 100644 index b4cc3b5b..00000000 --- a/modules/pam_permit/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_permit - -include ../Simple.Rules diff --git a/modules/pam_permit/Makefile.am b/modules/pam_permit/Makefile.am new file mode 100644 index 00000000..9d6868c6 --- /dev/null +++ b/modules/pam_permit/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_permit.la diff --git a/modules/pam_pwdb/Makefile b/modules/pam_pwdb/Makefile deleted file mode 100644 index f136a820..00000000 --- a/modules/pam_pwdb/Makefile +++ /dev/null @@ -1,131 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of the pam_unix module -# for Linux-PAM. You should not modify this Makefile. -# -# rewritten to compile new module Andrew Morgan -# 1996/11/6 -# - -include ../../Make.Rules - -ifeq ($(HAVE_LIBPWDB),yes) - -EXTRALS += -lpwdb -EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\" - -ifeq ($(HAVE_LIBSELINUX),yes) - EXTRALS += -lselinux -endif - -ifeq ($(HAVE_LIBCRYPT),yes) - EXTRALS += -lcrypt -endif -ifeq ($(HAVE_LIBNSL),yes) - EXTRALS += -lnsl -endif - -TITLE=pam_pwdb -CHKPWD=pwdb_chkpwd - -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -#LIBOBJS = $(addprefix static/,$(LIBOBJ)) -LIBDEPS = pam_unix_acct.-c pam_unix_auth.-c pam_unix_passwd.-c \ - pam_unix_sess.-c pam_unix_pwupd.-c support.-c bigcrypt.-c - -PLUS += md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o -CFLAGS += $(EXTRAS) - -ifdef DYNAMIC -LIBSHARED = $(TITLE).so -endif -#ifdef STATIC -#LIBSTATIC = lib$(TITLE).o -#endif - -all: info dirs $(PLUS) $(LIBSHARED) $(LIBSTATIC) register $(CHKPWD) - -dynamic/$(LIBOBJ) : $(LIBSRC) $(LIBDEPS) - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -#static/$(LIBOBJ) : $(LIBSRC) $(LIBDEPS) -# $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -info: - @echo - @echo "*** Building PAM_pwdb module..." - @echo - -$(CHKPWD): pwdb_chkpwd.o md5_good.o md5_broken.o \ - md5_crypt_good.o md5_crypt_broken.o - $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDFLAGS) -lpwdb $(EXTRALS) - -pwdb_chkpwd.o: pwdb_chkpwd.c pam_unix_md.-c bigcrypt.-c - -md5_good.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_broken.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_crypt_good.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_crypt_broken.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) -c $< -o $@ - -dirs: -ifdef DYNAMIC - @$(MKDIR) ./dynamic -endif -#ifdef STATIC -# @$(MKDIR) ./static -#endif - -register: -#ifdef STATIC -# ( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) ) -#endif - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) - -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) $(PLUS) $(EXTRALS) -endif - -#ifdef STATIC -#$(LIBOBJS): $(LIBSRC) -# -#$(LIBSTATIC): $(LIBOBJS) -# $(LD) -r -o $@ $(LIBOBJS) $(PLUS) $(EXTRALS) -#endif - -install: all - $(MKDIR) $(FAKEROOT)$(SECUREDIR) -ifdef DYNAMIC - $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) -endif - $(MKDIR) $(FAKEROOT)$(SUPLEMENTED) - $(INSTALL) -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so - rm -f $(FAKEROOT)$(SUPLEMENTED)/$(CHKPWD) - -clean: - rm -f $(CHKPWD) $(LIBOBJD) $(LIBOBJS) $(MOREDELS) core *~ *.o *.so - rm -f *.a *.o *.so *.bak - rm -fr dynamic static - -else - -include ../dont_makefile - -endif diff --git a/modules/pam_pwdb/Makefile.am b/modules/pam_pwdb/Makefile.am new file mode 100644 index 00000000..330ce3d2 --- /dev/null +++ b/modules/pam_pwdb/Makefile.am @@ -0,0 +1,29 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = TODO README md5.c md5_crypt.c bigcrypt.-c pam_unix_acct.-c \ + pam_unix_auth.-c pam_unix_md.-c pam_unix_passwd.-c \ + pam_unix_pwupd.-c pam_unix_sess.-c support.-c + +noinst_HEADERS = md5.h + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DCHKPWD_HELPER=\"$(sbindir)/$(CHKPWD)\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBPWDB@ + +if HAVE_LIBPWDB + securelib_LTLIBRARIES = pam_pwdb.la + sbin_BINARIES = pwdb_chkpwd +endif + +pam_pwdb_la_SOURCES = md5_good.c md5_broken.c pam_pwdb.c +pwdb_checkpwd = md5_good.c md5_broken.c pwdb_chkpwd.c diff --git a/modules/pam_pwdb/md5_crypt.c b/modules/pam_pwdb/md5_crypt.c index 4226dd1e..53972fcc 100644 --- a/modules/pam_pwdb/md5_crypt.c +++ b/modules/pam_pwdb/md5_crypt.c @@ -1,4 +1,5 @@ -/* $Id$ +/* + * $Id$ * * ---------------------------------------------------------------------------- * "THE BEER-WARE LICENSE" (Revision 42): @@ -12,16 +13,16 @@ */ #include +#include #include "md5.h" -static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ +"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; -static void -to64(char *s, unsigned long v, int n) +static void to64(char *s, unsigned long v, int n) { while (--n >= 0) { - *s++ = itoa64[v&0x3f]; + *s++ = itoa64[v & 0x3f]; v >>= 6; } } @@ -32,27 +33,31 @@ to64(char *s, unsigned long v, int n) * Use MD5 for what it is best at... */ -char * MD5Name(crypt_md5)(const char *pw, const char *salt) +char *MD5Name(crypt_md5)(const char *pw, const char *salt) { const char *magic = "$1$"; /* This string is magic for this algorithm. Having * it this way, we can get get better later on */ - static char passwd[120], *p; - static const char *sp,*ep; - unsigned char final[16]; - int sl,pl,i,j; - MD5_CTX ctx,ctx1; + char *passwd, *p; + const char *sp, *ep; + unsigned char final[16]; + int sl, pl, i, j; + MD5_CTX ctx, ctx1; unsigned long l; /* Refine the Salt first */ sp = salt; + /* TODO: now that we're using malloc'ed memory, get rid of the + strange constant buffer size. */ + passwd = malloc(120); + /* If it starts with the magic string, then skip that */ - if(!strncmp(sp,magic,strlen(magic))) + if (!strncmp(sp, magic, strlen(magic))) sp += strlen(magic); /* It stops at the first '$', max 8 chars */ - for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) + for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) continue; /* get the length of the true salt */ @@ -75,23 +80,23 @@ char * MD5Name(crypt_md5)(const char *pw, const char *salt) MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl); MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); MD5Name(MD5Final)(final,&ctx1); - for(pl = strlen(pw); pl > 0; pl -= 16) + for (pl = strlen(pw); pl > 0; pl -= 16) MD5Name(MD5Update)(&ctx,(unsigned const char *)final,pl>16 ? 16 : pl); /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); + memset(final, 0, sizeof final); /* Then something really weird... */ - for (j=0,i = strlen(pw); i ; i >>= 1) - if(i&1) - MD5Name(MD5Update)(&ctx, (unsigned const char *)final+j, 1); + for (j = 0, i = strlen(pw); i; i >>= 1) + if (i & 1) + MD5Name(MD5Update)(&ctx, (unsigned const char *)final+j, 1); else - MD5Name(MD5Update)(&ctx, (unsigned const char *)pw+j, 1); + MD5Name(MD5Update)(&ctx, (unsigned const char *)pw+j, 1); /* Now make the output string */ - strcpy(passwd,magic); - strncat(passwd,sp,sl); - strcat(passwd,"$"); + strcpy(passwd, magic); + strncat(passwd, sp, sl); + strcat(passwd, "$"); MD5Name(MD5Final)(final,&ctx); @@ -100,20 +105,20 @@ char * MD5Name(crypt_md5)(const char *pw, const char *salt) * On a 60 Mhz Pentium this takes 34 msec, so you would * need 30 seconds to build a 1000 entry dictionary... */ - for(i=0;i<1000;i++) { + for (i = 0; i < 1000; i++) { MD5Name(MD5Init)(&ctx1); - if(i & 1) + if (i & 1) MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); else MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16); - if(i % 3) + if (i % 3) MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl); - if(i % 7) + if (i % 7) MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); - if(i & 1) + if (i & 1) MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16); else MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); @@ -122,17 +127,28 @@ char * MD5Name(crypt_md5)(const char *pw, const char *salt) p = passwd + strlen(passwd); - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; - l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; - l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; - l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; - l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; - l = final[11] ; to64(p,l,2); p += 2; + l = (final[0] << 16) | (final[6] << 8) | final[12]; + to64(p, l, 4); + p += 4; + l = (final[1] << 16) | (final[7] << 8) | final[13]; + to64(p, l, 4); + p += 4; + l = (final[2] << 16) | (final[8] << 8) | final[14]; + to64(p, l, 4); + p += 4; + l = (final[3] << 16) | (final[9] << 8) | final[15]; + to64(p, l, 4); + p += 4; + l = (final[4] << 16) | (final[10] << 8) | final[5]; + to64(p, l, 4); + p += 4; + l = final[11]; + to64(p, l, 2); + p += 2; *p = '\0'; /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); + memset(final, 0, sizeof final); return passwd; } - diff --git a/modules/pam_radius/Makefile b/modules/pam_radius/Makefile deleted file mode 100644 index aa149d3e..00000000 --- a/modules/pam_radius/Makefile +++ /dev/null @@ -1,95 +0,0 @@ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Cristian Gafton 1996/09/10 -# -# STATIC modules are not supported -# - -include ../../Make.Rules - -TITLE=pam_radius -CONFD=$(CONFIGED)/security -export CONFD -CONFILE=$(CONFD)/radius.conf -export CONFILE - -ifeq ($(HAVE_LIBPWDB),yes) - -# - -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o - -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -#LIBOBJS = $(addprefix static/,$(LIBOBJ)) - -dynamic/%.o : %.c - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -#static/%.o : %.c -# $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - - -ifdef DYNAMIC -LIBSHARED = $(TITLE).so -endif - -#ifdef STATIC -#LIBSTATIC = lib$(TITLE).o -#endif - -####################### don't edit below ####################### - -all: dirs $(LIBSHARED) $(LIBSTATIC) register - -dirs: -ifdef DYNAMIC - $(MKDIR) ./dynamic -endif -#ifdef STATIC -# $(MKDIR) ./static -#endif - -register: -#ifdef STATIC -# ( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) ) -#endif - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) - -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) -lpwdb -endif - -#ifdef STATIC -#$(LIBOBJS): $(LIBSRC) -# -#$(LIBSTATIC): $(LIBOBJS) -# $(LD) -r -o $@ $(LIBOBJS) -lpwdb -#endif - -install: all -ifdef DYNAMIC - $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) -endif - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so - -clean: - rm -f $(LIBOBJD) $(LIBOBJS) core *~ - rm -f *.a *.o *.so *.bak dynamic/* static/* - rm -rf dynamic static - -.c.o: - $(CC) $(CFLAGS) -c $< - -else - -include ../dont_makefile - -endif diff --git a/modules/pam_radius/Makefile.am b/modules/pam_radius/Makefile.am new file mode 100644 index 00000000..c5886589 --- /dev/null +++ b/modules/pam_radius/Makefile.am @@ -0,0 +1,22 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +noinst_HEADERS = pam_radius.h + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +if HAVE_LIBPWDB + securelib_LTLIBRARIES = pam_radius.la +endif diff --git a/modules/pam_radius/pam_radius.h b/modules/pam_radius/pam_radius.h index 8cee7ff1..12ee5778 100644 --- a/modules/pam_radius/pam_radius.h +++ b/modules/pam_radius/pam_radius.h @@ -5,7 +5,7 @@ #ifndef PAM_RADIUS_H #define PAM_RADIUS_H -#include +#include "config.h" #include diff --git a/modules/pam_rhosts/Makefile b/modules/pam_rhosts/Makefile deleted file mode 100644 index 46d75d6a..00000000 --- a/modules/pam_rhosts/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_rhosts_auth - -include ../Simple.Rules diff --git a/modules/pam_rhosts/Makefile.am b/modules/pam_rhosts/Makefile.am new file mode 100644 index 00000000..63f170b7 --- /dev/null +++ b/modules/pam_rhosts/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_rhosts_auth.la diff --git a/modules/pam_rootok/Makefile b/modules/pam_rootok/Makefile deleted file mode 100644 index 0c868c91..00000000 --- a/modules/pam_rootok/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_rootok - -include ../Simple.Rules - -ifeq ($(HAVE_LIBSELINUX),yes) -CFLAGS += -DWITH_SELINUX -LINK_PAMMODUTILS += -lselinux -endif - diff --git a/modules/pam_rootok/Makefile.am b/modules/pam_rootok/Makefile.am new file mode 100644 index 00000000..39cd4f4a --- /dev/null +++ b/modules/pam_rootok/Makefile.am @@ -0,0 +1,21 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +if HAVE_LIBSELINUX +AM_CFLAGS += -DWITH_SELINUX +endif +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam @LIBSELINUX@ + +securelib_LTLIBRARIES = pam_rootok.la diff --git a/modules/pam_securetty/Makefile b/modules/pam_securetty/Makefile deleted file mode 100644 index 9b80d2e9..00000000 --- a/modules/pam_securetty/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_securetty - -include ../Simple.Rules diff --git a/modules/pam_securetty/Makefile.am b/modules/pam_securetty/Makefile.am new file mode 100644 index 00000000..cfa1611c --- /dev/null +++ b/modules/pam_securetty/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README $(MANS) + +man_MANS = pam_securetty.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_securetty.la diff --git a/modules/pam_securetty/pam_securetty.8 b/modules/pam_securetty/pam_securetty.8 new file mode 100644 index 00000000..2364a312 --- /dev/null +++ b/modules/pam_securetty/pam_securetty.8 @@ -0,0 +1,98 @@ +.\" Copyright (C) 2003 International Business Machines Corp. +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "PAM_SECURETTY" 8 "2003-02-21" "Linux 2.4" "System Administrator's Manual" +.SH NAME +pam_securetty \- Limits root to logging in on devices listed in /etc/securetty +.SH "SYNOPSIS" +.ad l +.hy 0 + +/usr/security/pam_securetty +.sp +.ad +.hy + +.SH "DESCRIPTION" + +.PP +\fBpam_securetty\fR is a PAM module that allows root logins only if the +user is logging in on a "secure" tty, as defined by the listing in +\fI/etc/securetty\fR. +\fBpam_securetty\fR also checks to make sure that \fI/etc/securetty\fR +is a plain file and not world writable. + +.PP +This module has no effect on non-root users. + +.SH "OPTIONS" +.PP +\fBpam_securetty\fR has no options. + +.SH "RETURN CODES" +.PP +\fBpam_securetty\fR has the following return codes: +.TP +PAM_SUCCESS +The user is allowed to continue authentication. +Either the user is not root, or the root user is trying to log in on +an acceptable device. + +.TP +PAM_AUTH_ERR +Authentication is rejected. +Either root is attempting to log in via an unacceptable device, +or the \fI/etc/securetty\fR file is world writable or not a normal file. + +.TP +PAM_INCOMPLETE +An application error occurred. \fBpam_securetty\fR was not able to get +information it required from the application that called it. + +.TP +PAM_SERVICE_ERR +An error occurred while the module was determining the user's name or tty, +or the module could not open \fI/etc/securetty\fR. + +.TP +PAM_IGNORE +The module could not find the user name in the +\fI/etc/passwd\fR file to verify whether the user had a UID of 0. +Therefore, the results of running this module are ignored. + +.SH "HISTORY" + +.PP +\fBpam_securetty\fR was written by Elliot Lee. + +.SH "FILES" + +.PP + \fI/etc/securetty\fR + +.SH "SEE ALSO" + +.PP +\fBpam.conf\fR(8), \fBpam.d\fR(8), \fBpam\fR(8), \fBsecuretty\fR(8). + +.SH AUTHOR +Emily Ratliff. diff --git a/modules/pam_selinux/Makefile b/modules/pam_selinux/Makefile deleted file mode 100644 index a11a7c57..00000000 --- a/modules/pam_selinux/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -# -# $Id$ -# - -include ../../Make.Rules - -ifeq ($(HAVE_LIBSELINUX),yes) - -TITLE=pam_selinux -APPLICATION=$(TITLE)_check -APPMODE=04511 -MAN8=$(TITLE).8 $(TITLE)_check.8 -MODULE_SIMPLE_EXTRALIBS=-lselinux - -#MODULE_SIMPLE_INSTALL=$(MAKE) $(APPLICATION); $(INSTALL) -m $(APPMODE) $(APPLICATION) $(FAKEROOT)$(SUPLEMENTED) - -include ../Simple.Rules - -$(APPLICATION): $(APPLICATION).c - $(CC) $(CFLAGS) $(INCLUDE_PAMMODUTILS) -o $@ $^ $(LINK_PAMMODUTILS) -lpam -lpam_misc - -else - -include ../dont_makefile - -endif \ No newline at end of file diff --git a/modules/pam_selinux/Makefile.am b/modules/pam_selinux/Makefile.am new file mode 100644 index 00000000..a94f533e --- /dev/null +++ b/modules/pam_selinux/Makefile.am @@ -0,0 +1,26 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README ${MANS} pam_selinux_check.8 + +man_MANS = pam_selinux.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/libpam_misc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam @LIBSELINUX@ + +pam_selinux_check_LDFLAGS = -L$(top_builddir)/libpam_misc -lpam_misc + +if HAVE_LIBSELINUX + securelib_LTLIBRARIES = pam_selinux.la + noinst_PROGRAMS = pam_selinux_check +endif diff --git a/modules/pam_shells/Makefile b/modules/pam_shells/Makefile deleted file mode 100644 index b057dc00..00000000 --- a/modules/pam_shells/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_shells - -include ../Simple.Rules diff --git a/modules/pam_shells/Makefile.am b/modules/pam_shells/Makefile.am new file mode 100644 index 00000000..2fdb8888 --- /dev/null +++ b/modules/pam_shells/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_shells.la diff --git a/modules/pam_stress/Makefile b/modules/pam_stress/Makefile deleted file mode 100644 index 598809a5..00000000 --- a/modules/pam_stress/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_stress - -include ../Simple.Rules diff --git a/modules/pam_stress/Makefile.am b/modules/pam_stress/Makefile.am new file mode 100644 index 00000000..ebc76a12 --- /dev/null +++ b/modules/pam_stress/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_stress.la diff --git a/modules/pam_succeed_if/Makefile b/modules/pam_succeed_if/Makefile deleted file mode 100644 index 51e18c81..00000000 --- a/modules/pam_succeed_if/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_succeed_if -MAN8=$(TITLE).8 - -include ../Simple.Rules diff --git a/modules/pam_succeed_if/Makefile.am b/modules/pam_succeed_if/Makefile.am new file mode 100644 index 00000000..1b07d473 --- /dev/null +++ b/modules/pam_succeed_if/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README ${MANS} + +man_MANS = pam_succeed_if.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_succeed_if.la diff --git a/modules/pam_tally/Makefile b/modules/pam_tally/Makefile deleted file mode 100644 index 718d3b30..00000000 --- a/modules/pam_tally/Makefile +++ /dev/null @@ -1,109 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module and -# application for Linux-PAM. You should not modify this Makefile -# (unless you know what you are doing!). -# -# - -include ../../Make.Rules - -TITLE=pam_tally - -# -## Additional rules for making (and moving) the application added. -## Assuming that all modules' applications are called $TITLE -# - -LIBSRC = $(TITLE).c -LIBOBJ = $(TITLE).o -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -LIBOBJS = $(addprefix static/,$(LIBOBJ)) - -APPSRC = $(TITLE)_app.c -APPOBJ = $(TITLE)_app.o -APPOBJD = $(addprefix dynamic/,$(APPOBJ)) -APPOBJS = $(addprefix static/,$(APPOBJ)) - -dynamic/%.o : %.c - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -static/%.o : %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - - -ifdef DYNAMIC -LIBSHARED = $(TITLE).so -endif - -ifdef STATIC -LIBSTATIC = lib$(TITLE).o -endif - -APPLICATION = $(TITLE) -APPMODE = 755 - -LINK_PAMMODUTILS = -L../pammodutil -lpammodutil -L../../libpam -lpam -INCLUDE_PAMMODUTILS = -I../pammodutil/include - -LDFLAGS += $(LINK_PAMMODUTILS) -CFLAGS += $(INCLUDE_PAMMODUTILS) - -####################### don't edit below ####################### - -all: dirs $(LIBSHARED) $(LIBSTATIC) register $(APPLICATION) - -dirs: -ifdef DYNAMIC - $(MKDIR) ./dynamic -endif -ifdef STATIC - $(MKDIR) ./static -endif - -register: -ifdef STATIC - ( cd .. ; ./register_static $(TITLE) $(TITLE)/$(LIBSTATIC) ) -endif - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) - -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) $(LDFLAGS) - -$(APPLICATION): $(APPOBJD) $(TITLE).c - $(CC) $(CFLAGS) -o $@ $(APPOBJD) $(LDFLAGS) $(LOADLIBES) - -endif - -ifdef STATIC -$(LIBOBJS): $(LIBSRC) - -$(LIBSTATIC): $(LIBOBJS) - $(LD) -r -o $@ $(LIBOBJS) - -$(APPLICATION): $(APPOBJS) $(TITLE).c - $(CC) $(CFLAGS) -o $@ $(APPOBJS) $(LOADLIBES) -endif - -install: all - $(MKDIR) $(FAKEROOT)$(SECUREDIR) -ifdef DYNAMIC - $(INSTALL) -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) -endif - $(MKDIR) $(FAKEROOT)$(SUPLEMENTED) - $(INSTALL) -m $(APPMODE) $(APPLICATION) $(FAKEROOT)$(SUPLEMENTED) - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(TITLE).so - rm -f $(FAKEROOT)$(SUPLEMENTED)/$(TITLE) - -clean: - rm -f $(LIBOBJD) $(LIBOBJS) $(APPOBJD) $(APPOBJS) core *~ - rm -f *.a *.o *.so *.bak dynamic/* static/* $(APPLICATION) - rm -rf dynamic static - -.c.o: - $(CC) $(CFLAGS) -c $< diff --git a/modules/pam_tally/Makefile.am b/modules/pam_tally/Makefile.am new file mode 100644 index 00000000..47f490b0 --- /dev/null +++ b/modules/pam_tally/Makefile.am @@ -0,0 +1,24 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +noinst_HEADERS = faillog.h + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +pam_tally_la_LDFLAGS = -avoid-version -module + +securelib_LTLIBRARIES = pam_tally.la +sbin_PROGRAMS = pam_tally + +pam_tally_SOURCES = pam_tally_app.c diff --git a/modules/pam_time/Makefile b/modules/pam_time/Makefile deleted file mode 100644 index 9c2d0eb3..00000000 --- a/modules/pam_time/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_time -LOCAL_CONFILE=./time.conf -INSTALLED_CONFILE=$(SCONFIGD)/time.conf - -DEFS=-DDEFAULT_CONF_FILE=\"$(INSTALLED_CONFILE)\" -CFLAGS += $(DEFS) - -MODULE_SIMPLE_INSTALL=bash -f ../install_conf "$(FAKEROOT)" "$(SCONFIGD)" "$(INSTALLED_CONFILE)" "$(TITLE)" "$(LOCAL_CONFILE)" -MODULE_SIMPLE_REMOVE=rm -f $(FAKEROOT)$(INSTALLED_CONFILE) -MODULE_SIMPLE_CLEAN=rm -f ./.ignore_age - -include ../Simple.Rules diff --git a/modules/pam_time/Makefile.am b/modules/pam_time/Makefile.am new file mode 100644 index 00000000..95245fde --- /dev/null +++ b/modules/pam_time/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README time.conf + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DPAM_TIME_CONF=\"$(SCONFIGDIR)/time.conf\" +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_time.la +secureconf_DATA = time.conf diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index a7e79364..30432298 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -28,11 +28,6 @@ static const char rcsid[] = #include #include -#ifdef DEFAULT_CONF_FILE -# define PAM_TIME_CONF DEFAULT_CONF_FILE /* from external define */ -#else -# define PAM_TIME_CONF "/etc/security/time.conf" -#endif #define PAM_TIME_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ diff --git a/modules/pam_umask/Makefile b/modules/pam_umask/Makefile deleted file mode 100644 index c99ca8e0..00000000 --- a/modules/pam_umask/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of pam_umask module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_umask - -DEFS=-DDEFAULT_CONF_FILE=\"/etc/login.defs\" -CFLAGS += $(DEFS) - -include ../Simple.Rules diff --git a/modules/pam_umask/Makefile.am b/modules/pam_umask/Makefile.am new file mode 100644 index 00000000..8884b5e2 --- /dev/null +++ b/modules/pam_umask/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_umask.la diff --git a/modules/pam_unix/Makefile b/modules/pam_unix/Makefile deleted file mode 100644 index 749982a1..00000000 --- a/modules/pam_unix/Makefile +++ /dev/null @@ -1,195 +0,0 @@ -# $Id$ -# -# This Makefile controls a build process of the pam_unix modules -# for Linux-PAM. You should not modify this Makefile. -# - -include ../../Make.Rules - -######################################################################## -# some options... uncomment to take effect -######################################################################## - -# Unless someone wants to work out how to make this work with the new -# autoconf stuff, you should use a separate module for this type of thing -# pam_cracklib perhaps..? -# do you want cracklib? -#ifeq ($(HAVE_CRACKLIB),yes) -#USE_CRACKLIB=-D"USE_CRACKLIB" -#endif - -ifeq ($(shell if [ -f /usr/lib/cracklib_dict.hwm ]; then echo yes ; fi),yes) - CRACKLIB_DICTPATH=/usr/lib/cracklib_dict -else - CRACKLIB_DICTPATH=/usr/share/dict/cracklib_dict -endif -EXTRAS += -DCRACKLIB_DICTS=\"$(CRACKLIB_DICTPATH)\" - -ifeq ($(HAVE_LIBCRYPT),yes) - EXTRALS += -lcrypt -endif -ifeq ($(HAVE_LIBNSL),yes) - EXTRALS += -lnsl -endif -# do you want to use lckpwdf? -ifeq ($(WITH_LCKPWDF),yes) -USE_LCKPWDF=-D"USE_LCKPWDF" -# do you need to include the locking functions in the source? -ifeq ($(HAVE_LCKPWDF),no) - NEED_LCKPWDF=-D"NEED_LCKPWDF" -endif -endif - -ifeq ($(HAVE_LIBSELINUX),yes) - USE_SELINUX=-D"WITH_SELINUX" - EXTRALS += -lselinux -endif - -ifeq ($(HAVE_LIBNSL),yes) - LIBNSL = -lnsl -endif - -ifeq ($(HAVE_LIBCRYPT),yes) - LIBCRYPT=-lcrypt -endif - -CHKPWD=unix_chkpwd - -BIGCRYPT=bigcrypt - -EXTRAS += -DCHKPWD_HELPER=\"$(SUPLEMENTED)/$(CHKPWD)\" - -LINK_PAMMODUTILS = -L../pammodutil -lpammodutil -INCLUDE_PAMMODUTILS = -I../pammodutil/include - -######################################################################## - -CFLAGS += $(USE_CRACKLIB) $(USE_LCKPWDF) $(NEED_LCKPWDF) $(EXTRAS) \ - $(INCLUDE_PAMMODUTILS) $(USE_SELINUX) - -LDLIBS = $(EXTRALS) $(LINK_PAMMODUTILS) - -ifdef USE_CRACKLIB -CRACKLIB = -lcrack -endif - - -LIBOBJ = pam_unix_auth.o pam_unix_acct.o pam_unix_sess.o pam_unix_passwd.o \ - support.o -LIBSRC = pam_unix_auth.c pam_unix_acct.c pam_unix_sess.c pam_unix_passwd.c \ - support.c -LIBOBJD = $(addprefix dynamic/,$(LIBOBJ)) -LIBOBJS = $(addprefix static/,$(LIBOBJ)) - -PLUS = md5_good.o md5_broken.o md5_crypt_good.o md5_crypt_broken.o \ - yppasswd_xdr.o bigcrypt.o - -ifdef DYNAMIC -LIBSHARED = pam_unix.so -endif -ifdef STATIC -LIBSTATIC = libpam_unix.o -endif - - -########################### don't edit below ####################### - -all: dirs info $(PLUS) $(LIBSHARED) $(LIBSTATIC) $(CHKPWD) $(BIGCRYPT) \ - register - -dynamic/%.o : %.c - $(CC) $(CFLAGS) $(DYNAMIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -static/%.o: %.c - $(CC) $(CFLAGS) $(STATIC) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -dummy: - @echo "**** This is not a top-level Makefile " - exit - -info: - @echo - @echo "*** Building pam-unix module of the framework..." - @echo - -dirs: -ifdef DYNAMIC - mkdir -p ./dynamic -endif -ifdef STATIC - mkdir -p ./static -endif - -register: -ifdef STATIC - ( cd .. ; ./register_static pam_unix_auth pam_unix/$(LIBSTATIC) ; \ - ./register_static pam_unix_acct "" ; \ - ./register_static pam_unix_session "" ; \ - ./register_static pam_unix_passwd "" ; \ - ) -endif - -ifdef DYNAMIC -$(LIBOBJD): $(LIBSRC) - -$(LIBSHARED): $(LIBOBJD) - $(LD_D) -o $@ $(LIBOBJD) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT) $(NEED_LINK_LIB_C) -L../../libpam -lpam -endif - -ifdef STATIC -$(LIBOBJS): $(LIBSRC) - -$(LIBSTATIC): $(LIBOBJS) - $(LD) -r -o $@ $(LIBOBJS) $(PLUS) $(CRACKLIB) $(LDLIBS) $(LIBNSL) $(LIBCRYPT) -endif - -$(CHKPWD): unix_chkpwd.o md5_good.o md5_broken.o \ - md5_crypt_good.o md5_crypt_broken.o \ - bigcrypt.o - $(CC) $(CFLAGS) -o $(CHKPWD) $^ $(LDLIBS) $(LIBCRYPT) - -$(BIGCRYPT): bigcrypt_main.o bigcrypt.o - $(CC) -o $(BIGCRYPT) $^ $(LDLIBS) $(LIBCRYPT) - -unix_chkpwd.o: unix_chkpwd.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -md5_good.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -DHIGHFIRST -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_broken.o: md5.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_crypt_good.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Good##x' \ - $(TARGET_ARCH) -c $< -o $@ - -md5_crypt_broken.o: md5_crypt.c - $(CC) $(CFLAGS) $(CPPFLAGS) -D'MD5Name(x)=Broken##x' \ - $(TARGET_ARCH) -c $< -o $@ - -install: all - mkdir -p $(FAKEROOT)$(SECUREDIR) -ifdef DYNAMIC - install -m $(SHLIBMODE) $(LIBSHARED) $(FAKEROOT)$(SECUREDIR) - for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session;\ - do ln -sf $(LIBSHARED) $(FAKEROOT)$(SECUREDIR)/$$x.so ; done -endif - $(MKDIR) $(FAKEROOT)$(SUPLEMENTED) - install -m 4555 $(CHKPWD) $(FAKEROOT)$(SUPLEMENTED) - -remove: - rm -f $(FAKEROOT)$(SECUREDIR)/$(LIBSHARED) - for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session;\ - do rm -f $(FAKEROOT)$(SECUREDIR)/$$x.so ; done - rm -f $(FAKEROOT)$(SUPLEMENTED)/$(CHKPWD) - -clean: - rm -f $(LIBOBJD) $(LIBOBJS) $(CHKPWD) $(BIGCRYPT) *.o *.so core - rm -f *~ *.a *.out *.bak - rm -rf dynamic static - -.c.o: - $(CC) -c $(CFLAGS) $< diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am new file mode 100644 index 00000000..d7d61b5a --- /dev/null +++ b/modules/pam_unix/Makefile.am @@ -0,0 +1,45 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README md5.c md5_crypt.c lckpwdf.-c $(MANS) + +man_MANS = unix_chkpwd.8 + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ \ + -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" + +AM_LDFLAGS = -L$(top_builddir)/libpam -lpam @LIBCRYPT@ @LIBSELINUX@ + +if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" +endif +if HAVE_LIBCRACK + AM_CFLAGS += -D"USE_CRACKLIB" +endif + +pam_unix_la_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + @LIBCRACK@ @LIBNSL@ + +securelib_LTLIBRARIES = pam_unix.la + +noinst_HEADERS = md5.h support.h yppasswd.h + +sbin_PROGRAMS = unix_chkpwd + +noinst_PROGRAMS = bigcrypt + +pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ + yppasswd_xdr.c md5_good.c md5_broken.c + +bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c + +unix_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c diff --git a/modules/pam_unix/md5_broken.c b/modules/pam_unix/md5_broken.c new file mode 100644 index 00000000..193daebb --- /dev/null +++ b/modules/pam_unix/md5_broken.c @@ -0,0 +1,4 @@ +#define MD5Name(x) Broken##x + +#include "md5.c" +#include "md5_crypt.c" diff --git a/modules/pam_unix/md5_good.c b/modules/pam_unix/md5_good.c new file mode 100644 index 00000000..131e4516 --- /dev/null +++ b/modules/pam_unix/md5_good.c @@ -0,0 +1,5 @@ +#define HIGHFIRST +#define MD5Name(x) Good##x + +#include "md5.c" +#include "md5_crypt.c" diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 9264fd47..d01a1fc0 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -100,7 +100,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons /* fork */ child = fork(); if (child == 0) { - int i=0; + size_t i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; @@ -114,7 +114,7 @@ struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, cons if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { for (i=2; i < rlim.rlim_max; i++) { - if (fds[1] != i) { + if ((unsigned int)fds[1] != i) { close(i); } } diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 38e78152..1a89a4b2 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -95,7 +95,8 @@ do { \ } while (0) -static void setcred_free (pam_handle_t * pamh, void *ptr, int err) +static void +setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) { if (ptr) free (ptr); @@ -194,8 +195,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags * warned you. -- AOY */ -PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags - ,int argc, const char **argv) +PAM_EXTERN int +pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) { int retval; const void *pretval = NULL; diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 480dc337..838eb0a7 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -99,7 +99,7 @@ extern int getrpcport(const char *host, unsigned long prognum, * password changing module. */ -#ifdef NEED_LCKPWDF +#if defined(USE_LCKPWDF) && !defined(HAVE_LCKPWDF) # include "./lckpwdf.-c" #endif @@ -127,7 +127,7 @@ extern char *bigcrypt(const char *key, const char *salt); #define PW_TMPFILE "/etc/npasswd" #define SH_TMPFILE "/etc/nshadow" #ifndef CRACKLIB_DICTS -#define CRACKLIB_DICTS "/usr/share/dict/cracklib_dict" +#define CRACKLIB_DICTS NULL #endif #define OPW_TMPFILE "/etc/security/nopasswd" #define OLD_PASSWORDS_FILE "/etc/security/opasswd" @@ -249,7 +249,7 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const /* fork */ child = fork(); if (child == 0) { - int i=0; + size_t i=0; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; @@ -263,7 +263,7 @@ static int _unix_run_shadow_binary(pam_handle_t *pamh, unsigned int ctrl, const if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { for (i=2; i < rlim.rlim_max; i++) { - if (fds[0] != i) + if ((unsigned int)fds[0] != i) close(i); } } @@ -976,7 +976,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh } if (off(UNIX__IAMROOT, ctrl)) { #ifdef USE_CRACKLIB - remark = FascistCheck(pass_new, CRACKLIB_DICTS); + remark = FascistCheck (pass_new, CRACKLIB_DICTS); D(("called cracklib [%s]", remark)); #else if (strlen(pass_new) < 6) diff --git a/modules/pam_unix/unix_chkpwd.8 b/modules/pam_unix/unix_chkpwd.8 new file mode 100644 index 00000000..02ccfe4a --- /dev/null +++ b/modules/pam_unix/unix_chkpwd.8 @@ -0,0 +1,80 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix_chkpwd [\fIusername\fR] +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix_chkpwd\fR is a helper program for the pam_unix module that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow. + +.SH "OPTIONS" +.PP +unix_pwdchk optionally takes the following argument: +.TP +\fIusername\fR +The username of the user whose password you want to check: this must match the current user id. + +.SH "INPUTS" +.PP +unix_pwdchk expects the following inputs via stdin: +.TP +\fIoption\fR +Either nullok or nonull, depending on whether the user can have an empty password. +.TP +\fIpassword\fR +The password to verify. + +.SH "RETURN CODES" +.PP +\fBunix_chkpwd\fR has the following return codes: +.TP +1 +unix_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. + diff --git a/modules/pam_userdb/Makefile b/modules/pam_userdb/Makefile deleted file mode 100644 index bbecaae1..00000000 --- a/modules/pam_userdb/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). - -# $Id$ -# Created by Cristian Gafton - -include ../../Make.Rules - -TITLE=pam_userdb - -ifeq ($(HAVE_NDBM_H),yes) - WHICH_DB=ndbm - ifeq ($(HAVE_LIBNDBM),yes) - MODULE_SIMPLE_EXTRALIBS = -lndbm - endif -else -ifeq ($(HAVE_LIBDB),yes) - WHICH_DB=db - MODULE_SIMPLE_EXTRALIBS = -ldb -else - WHICH_DB=none -endif -endif - -ifeq ($(HAVE_LIBCRYPT),yes) - MODULE_SIMPLE_EXTRALIBS += -lcrypt -endif - -ifeq ($(WHICH_DB),none) - -include ../dont_makefile - -else - -MODULE_SIMPLE_EXTRAFILES = conv - -include ../Simple.Rules - -endif diff --git a/modules/pam_userdb/Makefile.am b/modules/pam_userdb/Makefile.am new file mode 100644 index 00000000..0c7da8bf --- /dev/null +++ b/modules/pam_userdb/Makefile.am @@ -0,0 +1,23 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README create.pl + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam @LIBDB@ @LIBCRYPT@ + +if HAVE_LIBDB + securelib_LTLIBRARIES = pam_userdb.la +endif + +pam_userdb_la_SOURCES = pam_userdb.c conv.c +noinst_HEADERS = pam_userdb.h diff --git a/modules/pam_warn/Makefile b/modules/pam_warn/Makefile deleted file mode 100644 index 44c56f17..00000000 --- a/modules/pam_warn/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_warn - -include ../Simple.Rules diff --git a/modules/pam_warn/Makefile.am b/modules/pam_warn/Makefile.am new file mode 100644 index 00000000..cedc3ef8 --- /dev/null +++ b/modules/pam_warn/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_warn.la diff --git a/modules/pam_wheel/Makefile b/modules/pam_wheel/Makefile deleted file mode 100644 index 66945ff5..00000000 --- a/modules/pam_wheel/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# -# $Id$ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# -# Created by Andrew Morgan 2000/08/27 -# - -include ../../Make.Rules - -TITLE=pam_wheel - -include ../Simple.Rules diff --git a/modules/pam_wheel/Makefile.am b/modules/pam_wheel/Makefile.am new file mode 100644 index 00000000..cd1374ca --- /dev/null +++ b/modules/pam_wheel/Makefile.am @@ -0,0 +1,18 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +EXTRA_DIST = README + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_wheel.la diff --git a/modules/pam_xauth/Makefile b/modules/pam_xauth/Makefile deleted file mode 100644 index 385466a2..00000000 --- a/modules/pam_xauth/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -# -# This Makefile controls a build process of $(TITLE) module for -# Linux-PAM. You should not modify this Makefile (unless you know -# what you are doing!). -# - -include ../../Make.Rules - -TITLE=pam_xauth -MAN8=pam_xauth.8 - -include ../Simple.Rules diff --git a/modules/pam_xauth/Makefile.am b/modules/pam_xauth/Makefile.am new file mode 100644 index 00000000..e3bf78f9 --- /dev/null +++ b/modules/pam_xauth/Makefile.am @@ -0,0 +1,20 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +man_MANS = pam_xauth.8 + +EXTRA_DIST = README ${MANS} + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -I$(top_srcdir)/modules/pammodutil/include/ +AM_LDFLAGS = -avoid-version -module \ + -L$(top_builddir)/modules/pammodutil -lpammodutil \ + -L$(top_builddir)/libpam -lpam + +securelib_LTLIBRARIES = pam_xauth.la diff --git a/modules/pammodutil/Makefile b/modules/pammodutil/Makefile deleted file mode 100644 index c9cd0062..00000000 --- a/modules/pammodutil/Makefile +++ /dev/null @@ -1,55 +0,0 @@ -# -# $Id$ -# -# - -include ../../Make.Rules - -LIBNAME=libpammodutil - -# --------------------------------------------- - -dummy: all - -# --------------------------------------------- - -CFLAGS += $(PIC) $(STATIC) $(MOREFLAGS) \ - -DLIBPAM_VERSION_MAJOR=$(MAJOR_REL) \ - -DLIBPAM_VERSION_MINOR=$(MINOR_REL) - -# all the object files we care about -LIBOBJECTS = modutil_cleanup.o modutil_getpwnam.o modutil_getpwuid.o \ - modutil_getspnam.o modutil_getgrnam.o modutil_getgrgid.o \ - modutil_ingroup.o modutil_getlogin.o modutil_ioloop.o - -# static library name -LIBSTATIC = $(LIBNAME).a - -SLIBOBJECTS = $(addprefix static/,$(LIBOBJECTS) $(STATICOBJ)) - -# --------------------------------------------- -## rules - -all: dirs $(LIBSTATIC) ../../Make.Rules - -dirs: - $(MKDIR) static - -static/%.o : %.c - $(CC) $(CFLAGS) $(CPPFLAGS) $(TARGET_ARCH) -c $< -o $@ - -$(LIBSTATIC): $(SLIBOBJECTS) - ar cr $@ $(SLIBOBJECTS) - $(RANLIB) $@ - -install: - @echo "at this time, we're not installing $(LIBSTATIC)" - -remove: - @echo "at this time, there is nothing to remove" - -clean: - rm -f a.out core *~ static/*.o - rm -f *.a *.o - if [ -d dynamic ]; then rmdir dynamic ; fi - if [ -d static ]; then rmdir static ; fi diff --git a/modules/pammodutil/Makefile.am b/modules/pammodutil/Makefile.am new file mode 100644 index 00000000..d685f350 --- /dev/null +++ b/modules/pammodutil/Makefile.am @@ -0,0 +1,16 @@ +# +# Copyright (c) 2005 Thorsten Kukuk +# + +CLEANFILES = *~ + +AM_CFLAGS = -I$(srcdir)/include -I$(top_srcdir)/libpam/include + +noinst_HEADERS = pammodutil.h include/security/_pam_modutil.h + +noinst_LIBRARIES = libpammodutil.a + +libpammodutil_a_SOURCES = modutil_cleanup.c modutil_getgrgid.c \ + modutil_getgrnam.c modutil_getlogin.c modutil_getpwnam.c \ + modutil_getpwuid.c modutil_getspnam.c modutil_ingroup.c \ + modutil_ioloop.c diff --git a/modules/pammodutil/modutil_cleanup.c b/modules/pammodutil/modutil_cleanup.c index e95d6100..7460da14 100644 --- a/modules/pammodutil/modutil_cleanup.c +++ b/modules/pammodutil/modutil_cleanup.c @@ -6,11 +6,12 @@ #include "pammodutil.h" -void _pammodutil_cleanup(pam_handle_t *pamh, void *data, int error_status) +void +_pammodutil_cleanup (pam_handle_t *pamh UNUSED, void *data, + int error_status UNUSED) { if (data) { /* junk it */ (void) free(data); } } - diff --git a/modules/pammodutil/modutil_ingroup.c b/modules/pammodutil/modutil_ingroup.c index 5a3b5d8d..cb04d866 100644 --- a/modules/pammodutil/modutil_ingroup.c +++ b/modules/pammodutil/modutil_ingroup.c @@ -40,9 +40,10 @@ static int checkgrouplist(const char *user, gid_t primary, gid_t target) } #endif -static int _pammodutil_user_in_group_common(pam_handle_t *pamh, - struct passwd *pwd, - struct group *grp) +static int +_pammodutil_user_in_group_common(pam_handle_t *pamh UNUSED, + struct passwd *pwd, + struct group *grp) { int i; -- cgit v1.2.3