pam/0000755000000000000000000000000013261413076006524 5ustar pam/ABOUT-NLS0000644000000000000000000023523513261244762007771 0ustar 1 Notes on the Free Translation Project *************************************** Free software is going international! The Free Translation Project is a way to get maintainers of free software, translators, and users all together, so that free software will gradually become able to speak many languages. A few packages already provide translations for their messages. If you found this `ABOUT-NLS' file inside a distribution, you may assume that the distributed package does use GNU `gettext' internally, itself available at your nearest GNU archive site. But you do _not_ need to install GNU `gettext' prior to configuring, installing or using this package with messages translated. Installers will find here some useful hints. These notes also explain how users should proceed for getting the programs to use the available translations. They tell how people wanting to contribute and work on translations can contact the appropriate team. When reporting bugs in the `intl/' directory or bugs which may be related to internationalization, you should tell about the version of `gettext' which is used. The information can be found in the `intl/VERSION' file, in internationalized packages. 1.1 Quick configuration advice ============================== If you want to exploit the full power of internationalization, you should configure it using ./configure --with-included-gettext to force usage of internationalizing routines provided within this package, despite the existence of internationalizing capabilities in the operating system where this package is being installed. So far, only the `gettext' implementation in the GNU C library version 2 provides as many features (such as locale alias, message inheritance, automatic charset conversion or plural form handling) as the implementation here. It is also not possible to offer this additional functionality on top of a `catgets' implementation. Future versions of GNU `gettext' will very likely convey even more functionality. So it might be a good idea to change to GNU `gettext' as soon as possible. So you need _not_ provide this option if you are using GNU libc 2 or you have installed a recent copy of the GNU gettext package with the included `libintl'. 1.2 INSTALL Matters =================== Some packages are "localizable" when properly installed; the programs they contain can be made to speak your own native language. Most such packages use GNU `gettext'. Other packages have their own ways to internationalization, predating GNU `gettext'. By default, this package will be installed to allow translation of messages. It will automatically detect whether the system already provides the GNU `gettext' functions. If not, the included GNU `gettext' library will be used. This library is wholly contained within this package, usually in the `intl/' subdirectory, so prior installation of the GNU `gettext' package is _not_ required. Installers may use special options at configuration time for changing the default behaviour. The commands: ./configure --with-included-gettext ./configure --disable-nls will, respectively, bypass any pre-existing `gettext' to use the internationalizing routines provided within this package, or else, _totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will probably detect the previously built and installed `libintl.a' file and will decide to use this. This might not be desirable. You should use the more recent version of the GNU `gettext' library. I.e. if the file `intl/VERSION' shows that the library which comes with this package is more recent, you should use ./configure --with-included-gettext to prevent auto-detection. The configuration process will not test for the `catgets' function and therefore it will not be used. The reason is that even an emulation of `gettext' on top of `catgets' could not provide all the extensions of the GNU `gettext' library. Internationalized packages usually have many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless translations have been forbidden at `configure' time by using the `--disable-nls' switch, all available translations are installed together with the package. However, the environment variable `LINGUAS' may be set, prior to configuration, to limit the installed set. `LINGUAS' should then contain a space separated list of two-letter codes, stating which languages are allowed. 1.3 Using This Package ====================== As a user, if your language has been installed for this package, you only have to set the `LANG' environment variable to the appropriate `LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, and `CC' is an ISO 3166 two-letter country code. For example, let's suppose that you speak German and live in Germany. At the shell prompt, merely execute `setenv LANG de_DE' (in `csh'), `export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). This can be done from your `.login' or `.profile' file, once and for all. You might think that the country code specification is redundant. But in fact, some languages have dialects in different countries. For example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The country code serves to distinguish the dialects. The locale naming convention of `LL_CC', with `LL' denoting the language and `CC' denoting the country, is the one use on systems based on GNU libc. On other systems, some variations of this scheme are used, such as `LL' or `LL_CC.ENCODING'. You can get the list of locales supported by your system for your language by running the command `locale -a | grep '^LL''. Not all programs have translations for all languages. By default, an English message is shown in place of a nonexistent translation. If you understand other languages, you can set up a priority list of languages. This is done through a different environment variable, called `LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' for the purpose of message handling, but you still need to have `LANG' set to the primary language; this is required by other parts of the system libraries. For example, some Swedish users who would rather read translations in German than English for when Swedish is not available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. Special advice for Norwegian users: The language code for Norwegian bokma*l changed from `no' to `nb' recently (in 2003). During the transition period, while some message catalogs for this language are installed under `nb' and some older ones under `no', it's recommended for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and older translations are used. In the `LANGUAGE' environment variable, but not in the `LANG' environment variable, `LL_CC' combinations can be abbreviated as `LL' to denote the language's main dialect. For example, `de' is equivalent to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' (Portuguese as spoken in Portugal) in this context. 1.4 Translating Teams ===================== For the Free Translation Project to be a success, we need interested people who like their own language and write it well, and who are also able to synergize with other translators speaking the same language. Each translation team has its own mailing list. The up-to-date list of teams can be found at the Free Translation Project's homepage, `http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" area. If you'd like to volunteer to _work_ at translating messages, you should become a member of the translating team for your own language. The subscribing address is _not_ the same as the list itself, it has `-request' appended. For example, speakers of Swedish can send a message to `sv-request@li.org', having this message body: subscribe Keep in mind that team members are expected to participate _actively_ in translations, or at solving translational difficulties, rather than merely lurking around. If your team does not exist yet and you want to start one, or if you are unsure about what to do or how to get started, please write to `translation@iro.umontreal.ca' to reach the coordinator for all translator teams. The English team is special. It works at improving and uniformizing the terminology in use. Proven linguistic skill are praised more than programming skill, here. 1.5 Available Packages ====================== Languages are not equally supported in all packages. The following matrix shows the current state of internationalization, as of July 2006. The matrix shows, in regard of each package, for which languages PO files have been submitted to translation coordination, with a translation percentage of at least 50%. Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo +----------------------------------------------------+ GNUnet | [] | a2ps | [] [] [] [] [] | aegis | () | ant-phone | () | anubis | [] | ap-utils | | aspell | [] [] [] [] | bash | [] [] [] | batchelor | [] | bfd | | bibshelf | [] | binutils | [] | bison | [] [] | bison-runtime | [] | bluez-pin | [] [] [] [] [] | cflow | [] | clisp | [] [] | console-tools | [] [] | coreutils | [] [] [] [] | cpio | | cpplib | [] [] [] | cryptonit | [] | darkstat | [] () [] | dialog | [] [] [] [] [] [] | diffutils | [] [] [] [] [] [] | doodle | [] | e2fsprogs | [] [] | enscript | [] [] [] [] | error | [] [] [] [] | fetchmail | [] [] () [] | fileutils | [] [] | findutils | [] [] [] | flex | [] [] [] | fslint | [] | gas | | gawk | [] [] [] | gbiff | [] | gcal | [] | gcc | [] | gettext-examples | [] [] [] [] [] | gettext-runtime | [] [] [] [] [] | gettext-tools | [] [] | gimp-print | [] [] [] [] | gip | [] | gliv | [] | glunarclock | [] | gmult | [] [] | gnubiff | () | gnucash | () () [] | gnucash-glossary | [] () | gnuedu | | gnulib | [] [] [] [] [] [] | gnunet-gtk | | gnutls | | gpe-aerial | [] [] | gpe-beam | [] [] | gpe-calendar | [] [] | gpe-clock | [] [] | gpe-conf | [] [] | gpe-contacts | | gpe-edit | [] | gpe-filemanager | | gpe-go | [] | gpe-login | [] [] | gpe-ownerinfo | [] [] | gpe-package | | gpe-sketchbook | [] [] | gpe-su | [] [] | gpe-taskmanager | [] [] | gpe-timesheet | [] | gpe-today | [] [] | gpe-todo | | gphoto2 | [] [] [] [] | gprof | [] [] | gpsdrive | () () | gramadoir | [] [] | grep | [] [] [] [] [] [] | gretl | | gsasl | | gss | | gst-plugins | [] [] [] [] | gst-plugins-base | [] [] [] | gst-plugins-good | [] [] [] [] [] [] [] | gstreamer | [] [] [] [] [] [] [] | gtick | [] () | gtkam | [] [] [] | gtkorphan | [] [] | gtkspell | [] [] [] [] | gutenprint | [] | hello | [] [] [] [] [] | id-utils | [] [] | impost | | indent | [] [] [] | iso_3166 | [] [] | iso_3166_1 | [] [] [] [] [] | iso_3166_2 | | iso_3166_3 | [] | iso_4217 | [] | iso_639 | [] [] | jpilot | [] | jtag | | jwhois | | kbd | [] [] [] [] | keytouch | | keytouch-editor | | keytouch-keyboa... | | latrine | () | ld | [] | leafpad | [] [] [] [] [] | libc | [] [] [] [] [] | libexif | [] | libextractor | [] | libgpewidget | [] [] [] | libgpg-error | [] | libgphoto2 | [] [] | libgphoto2_port | [] [] | libgsasl | | libiconv | [] [] | libidn | [] [] | lifelines | [] () | lilypond | [] | lingoteach | | lynx | [] [] [] [] | m4 | [] [] [] [] | mailutils | [] | make | [] [] | man-db | [] () [] [] | minicom | [] [] [] | mysecretdiary | [] [] | nano | [] [] () [] | nano_1_0 | [] () [] [] | opcodes | [] | parted | | pilot-qof | [] | psmisc | [] | pwdutils | | python | | qof | | radius | [] | recode | [] [] [] [] [] [] | rpm | [] [] | screem | | scrollkeeper | [] [] [] [] [] [] [] [] | sed | [] [] [] | sh-utils | [] [] | shared-mime-info | [] [] [] | sharutils | [] [] [] [] [] [] | shishi | | silky | | skencil | [] () | sketch | [] () | solfege | | soundtracker | [] [] | sp | [] | stardict | [] | system-tools-ba... | [] [] [] [] [] [] [] [] [] | tar | [] | texinfo | [] [] [] | textutils | [] [] [] | tin | () () | tp-robot | [] | tuxpaint | [] [] [] [] [] | unicode-han-tra... | | unicode-transla... | | util-linux | [] [] [] [] | vorbis-tools | [] [] [] [] | wastesedge | () | wdiff | [] [] [] [] | wget | [] [] | xchat | [] [] [] [] [] | xkeyboard-config | | xpad | [] [] | +----------------------------------------------------+ af am ar az be bg bs ca cs cy da de el en en_GB eo 11 0 1 2 8 21 1 42 43 2 62 99 18 1 16 16 es et eu fa fi fr ga gl gu he hi hr hu id is it +--------------------------------------------------+ GNUnet | | a2ps | [] [] [] () | aegis | | ant-phone | [] | anubis | [] | ap-utils | [] [] | aspell | [] [] [] | bash | [] [] [] | batchelor | [] [] | bfd | [] | bibshelf | [] [] [] | binutils | [] [] [] | bison | [] [] [] [] [] [] | bison-runtime | [] [] [] [] [] | bluez-pin | [] [] [] [] [] | cflow | | clisp | [] [] | console-tools | | coreutils | [] [] [] [] [] [] | cpio | [] [] [] | cpplib | [] [] | cryptonit | [] | darkstat | [] () [] [] [] | dialog | [] [] [] [] [] [] [] [] | diffutils | [] [] [] [] [] [] [] [] [] | doodle | [] [] | e2fsprogs | [] [] [] | enscript | [] [] [] | error | [] [] [] [] [] | fetchmail | [] | fileutils | [] [] [] [] [] [] | findutils | [] [] [] [] | flex | [] [] [] | fslint | [] | gas | [] [] | gawk | [] [] [] [] | gbiff | [] | gcal | [] [] | gcc | [] | gettext-examples | [] [] [] [] [] | gettext-runtime | [] [] [] [] [] [] | gettext-tools | [] [] [] | gimp-print | [] [] | gip | [] [] [] | gliv | () | glunarclock | [] [] [] | gmult | [] [] [] | gnubiff | () () | gnucash | () () () | gnucash-glossary | [] [] | gnuedu | [] | gnulib | [] [] [] [] [] [] [] [] | gnunet-gtk | | gnutls | | gpe-aerial | [] [] | gpe-beam | [] [] | gpe-calendar | [] [] [] [] | gpe-clock | [] [] [] [] | gpe-conf | [] | gpe-contacts | [] [] | gpe-edit | [] [] [] [] | gpe-filemanager | [] | gpe-go | [] [] [] | gpe-login | [] [] [] | gpe-ownerinfo | [] [] [] [] [] | gpe-package | [] | gpe-sketchbook | [] [] | gpe-su | [] [] [] [] | gpe-taskmanager | [] [] [] | gpe-timesheet | [] [] [] [] | gpe-today | [] [] [] [] | gpe-todo | [] | gphoto2 | [] [] [] [] [] | gprof | [] [] [] [] | gpsdrive | () () [] () | gramadoir | [] [] | grep | [] [] [] [] [] [] [] [] [] [] [] [] | gretl | [] [] [] | gsasl | [] | gss | [] | gst-plugins | [] [] [] | gst-plugins-base | [] [] | gst-plugins-good | [] [] [] | gstreamer | [] [] [] | gtick | [] [] [] [] [] | gtkam | [] [] [] [] | gtkorphan | [] [] | gtkspell | [] [] [] [] [] [] | gutenprint | [] | hello | [] [] [] [] [] [] [] [] [] [] [] [] [] | id-utils | [] [] [] [] [] | impost | [] [] | indent | [] [] [] [] [] [] [] [] [] [] | iso_3166 | [] [] [] | iso_3166_1 | [] [] [] [] [] [] [] | iso_3166_2 | [] | iso_3166_3 | [] | iso_4217 | [] [] [] [] | iso_639 | [] [] [] [] [] | jpilot | [] [] | jtag | [] | jwhois | [] [] [] [] [] | kbd | [] [] | keytouch | [] | keytouch-editor | [] | keytouch-keyboa... | [] | latrine | [] [] [] | ld | [] [] | leafpad | [] [] [] [] [] [] | libc | [] [] [] [] [] | libexif | [] | libextractor | [] | libgpewidget | [] [] [] [] [] | libgpg-error | | libgphoto2 | [] [] [] | libgphoto2_port | [] [] | libgsasl | [] [] | libiconv | [] | libidn | [] [] | lifelines | () | lilypond | [] | lingoteach | [] [] [] | lynx | [] [] [] | m4 | [] [] [] [] | mailutils | [] [] | make | [] [] [] [] [] [] [] [] | man-db | () | minicom | [] [] [] [] | mysecretdiary | [] [] [] | nano | [] () [] [] [] [] | nano_1_0 | [] [] [] [] [] | opcodes | [] [] [] [] | parted | [] [] [] [] | pilot-qof | | psmisc | [] [] [] | pwdutils | | python | | qof | | radius | [] [] | recode | [] [] [] [] [] [] [] [] | rpm | [] [] | screem | | scrollkeeper | [] [] [] | sed | [] [] [] [] [] | sh-utils | [] [] [] [] [] [] [] | shared-mime-info | [] [] [] [] [] [] | sharutils | [] [] [] [] [] [] [] [] | shishi | | silky | [] | skencil | [] [] | sketch | [] [] | solfege | [] | soundtracker | [] [] [] | sp | [] | stardict | [] | system-tools-ba... | [] [] [] [] [] [] [] [] | tar | [] [] [] [] [] [] | texinfo | [] [] | textutils | [] [] [] [] [] | tin | [] () | tp-robot | [] [] [] [] | tuxpaint | [] [] | unicode-han-tra... | | unicode-transla... | [] [] | util-linux | [] [] [] [] [] [] [] | vorbis-tools | [] [] | wastesedge | () | wdiff | [] [] [] [] [] [] [] [] | wget | [] [] [] [] [] [] [] [] | xchat | [] [] [] [] [] [] [] [] | xkeyboard-config | [] [] [] [] | xpad | [] [] [] | +--------------------------------------------------+ es et eu fa fi fr ga gl gu he hi hr hu id is it 89 21 16 2 41 119 61 14 1 8 1 6 61 30 0 53 ja ko ku ky lg lt lv mk mn ms mt nb ne nl nn no +--------------------------------------------------+ GNUnet | | a2ps | () [] [] () | aegis | () | ant-phone | [] | anubis | [] [] [] | ap-utils | [] | aspell | [] [] | bash | [] | batchelor | [] [] | bfd | | bibshelf | [] | binutils | | bison | [] [] [] | bison-runtime | [] [] [] | bluez-pin | [] [] [] | cflow | | clisp | [] | console-tools | | coreutils | [] | cpio | | cpplib | [] | cryptonit | [] | darkstat | [] [] | dialog | [] [] | diffutils | [] [] [] | doodle | | e2fsprogs | [] | enscript | [] | error | [] | fetchmail | [] [] | fileutils | [] [] | findutils | [] | flex | [] [] | fslint | [] [] | gas | | gawk | [] [] | gbiff | [] | gcal | | gcc | | gettext-examples | [] [] | gettext-runtime | [] [] [] | gettext-tools | [] [] | gimp-print | [] [] | gip | [] [] | gliv | [] | glunarclock | [] [] | gmult | [] [] | gnubiff | | gnucash | () () | gnucash-glossary | [] | gnuedu | | gnulib | [] [] [] [] | gnunet-gtk | | gnutls | | gpe-aerial | [] | gpe-beam | [] | gpe-calendar | [] | gpe-clock | [] [] | gpe-conf | [] [] | gpe-contacts | [] | gpe-edit | [] [] | gpe-filemanager | [] | gpe-go | [] [] | gpe-login | [] [] | gpe-ownerinfo | [] | gpe-package | [] | gpe-sketchbook | [] [] | gpe-su | [] [] | gpe-taskmanager | [] [] [] | gpe-timesheet | [] | gpe-today | [] | gpe-todo | | gphoto2 | [] [] | gprof | | gpsdrive | () () () | gramadoir | () | grep | [] [] [] | gretl | | gsasl | [] | gss | | gst-plugins | [] | gst-plugins-base | | gst-plugins-good | [] | gstreamer | [] | gtick | [] | gtkam | [] | gtkorphan | [] | gtkspell | [] [] | gutenprint | | hello | [] [] [] [] [] [] [] [] | id-utils | [] | impost | | indent | [] [] | iso_3166 | [] | iso_3166_1 | [] [] | iso_3166_2 | [] | iso_3166_3 | [] | iso_4217 | [] [] [] | iso_639 | [] [] | jpilot | () () () | jtag | | jwhois | [] | kbd | [] | keytouch | [] | keytouch-editor | | keytouch-keyboa... | | latrine | [] | ld | | leafpad | [] [] | libc | [] [] [] [] [] | libexif | | libextractor | | libgpewidget | [] | libgpg-error | | libgphoto2 | [] | libgphoto2_port | [] | libgsasl | [] | libiconv | | libidn | [] [] | lifelines | [] | lilypond | | lingoteach | [] | lynx | [] [] | m4 | [] [] | mailutils | | make | [] [] [] | man-db | () | minicom | [] | mysecretdiary | [] | nano | [] [] [] | nano_1_0 | [] [] [] | opcodes | [] | parted | [] [] | pilot-qof | | psmisc | [] [] [] | pwdutils | | python | | qof | | radius | | recode | [] | rpm | [] [] | screem | [] | scrollkeeper | [] [] [] [] | sed | [] [] | sh-utils | [] [] | shared-mime-info | [] [] [] [] [] | sharutils | [] [] | shishi | | silky | [] | skencil | | sketch | | solfege | | soundtracker | | sp | () | stardict | [] [] | system-tools-ba... | [] [] [] [] | tar | [] [] [] | texinfo | [] [] [] | textutils | [] [] [] | tin | | tp-robot | [] | tuxpaint | [] | unicode-han-tra... | | unicode-transla... | | util-linux | [] [] | vorbis-tools | [] | wastesedge | [] | wdiff | [] [] | wget | [] [] | xchat | [] [] [] [] | xkeyboard-config | [] | xpad | [] [] [] | +--------------------------------------------------+ ja ko ku ky lg lt lv mk mn ms mt nb ne nl nn no 40 24 2 1 1 3 1 2 3 21 0 15 1 101 5 3 nso or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta +------------------------------------------------------+ GNUnet | | a2ps | () [] [] [] [] [] [] | aegis | () () | ant-phone | [] [] | anubis | [] [] [] | ap-utils | () | aspell | [] [] | bash | [] [] [] | batchelor | [] [] | bfd | | bibshelf | [] | binutils | [] [] | bison | [] [] [] [] [] | bison-runtime | [] [] [] [] | bluez-pin | [] [] [] [] [] [] [] [] [] | cflow | [] | clisp | [] | console-tools | [] | coreutils | [] [] [] [] | cpio | [] [] [] | cpplib | [] | cryptonit | [] [] | darkstat | [] [] [] [] [] [] | dialog | [] [] [] [] [] [] [] [] [] | diffutils | [] [] [] [] [] [] | doodle | [] [] | e2fsprogs | [] [] | enscript | [] [] [] [] [] | error | [] [] [] [] | fetchmail | [] [] [] | fileutils | [] [] [] [] [] | findutils | [] [] [] [] [] [] | flex | [] [] [] [] [] | fslint | [] [] [] [] | gas | | gawk | [] [] [] [] | gbiff | [] | gcal | [] | gcc | [] | gettext-examples | [] [] [] [] [] [] [] [] | gettext-runtime | [] [] [] [] [] [] [] [] | gettext-tools | [] [] [] [] [] [] [] | gimp-print | [] [] | gip | [] [] [] [] | gliv | [] [] [] [] | glunarclock | [] [] [] [] [] [] | gmult | [] [] [] [] | gnubiff | () | gnucash | () [] | gnucash-glossary | [] [] [] | gnuedu | | gnulib | [] [] [] [] [] | gnunet-gtk | [] | gnutls | [] [] | gpe-aerial | [] [] [] [] [] [] [] | gpe-beam | [] [] [] [] [] [] [] | gpe-calendar | [] [] [] [] [] [] [] [] | gpe-clock | [] [] [] [] [] [] [] [] | gpe-conf | [] [] [] [] [] [] [] | gpe-contacts | [] [] [] [] [] | gpe-edit | [] [] [] [] [] [] [] [] | gpe-filemanager | [] [] | gpe-go | [] [] [] [] [] [] | gpe-login | [] [] [] [] [] [] [] [] | gpe-ownerinfo | [] [] [] [] [] [] [] [] | gpe-package | [] [] | gpe-sketchbook | [] [] [] [] [] [] [] [] | gpe-su | [] [] [] [] [] [] [] [] | gpe-taskmanager | [] [] [] [] [] [] [] [] | gpe-timesheet | [] [] [] [] [] [] [] [] | gpe-today | [] [] [] [] [] [] [] [] | gpe-todo | [] [] [] [] | gphoto2 | [] [] [] [] [] | gprof | [] [] [] | gpsdrive | [] [] [] | gramadoir | [] [] | grep | [] [] [] [] [] [] [] [] | gretl | [] | gsasl | [] [] | gss | [] [] [] | gst-plugins | [] [] [] [] | gst-plugins-base | [] | gst-plugins-good | [] [] [] [] | gstreamer | [] [] [] | gtick | [] [] [] | gtkam | [] [] [] [] | gtkorphan | [] | gtkspell | [] [] [] [] [] [] [] [] | gutenprint | [] | hello | [] [] [] [] [] [] [] [] | id-utils | [] [] [] [] | impost | [] | indent | [] [] [] [] [] [] | iso_3166 | [] [] [] [] [] [] | iso_3166_1 | [] [] [] [] | iso_3166_2 | | iso_3166_3 | [] [] [] [] | iso_4217 | [] [] [] [] | iso_639 | [] [] [] [] | jpilot | | jtag | [] | jwhois | [] [] [] [] | kbd | [] [] [] | keytouch | [] | keytouch-editor | [] | keytouch-keyboa... | [] | latrine | [] [] | ld | [] | leafpad | [] [] [] [] [] [] | libc | [] [] [] [] [] | libexif | [] | libextractor | [] [] | libgpewidget | [] [] [] [] [] [] [] | libgpg-error | [] [] | libgphoto2 | [] | libgphoto2_port | [] [] [] | libgsasl | [] [] [] [] | libiconv | | libidn | [] [] () | lifelines | [] [] | lilypond | | lingoteach | [] | lynx | [] [] [] | m4 | [] [] [] [] [] | mailutils | [] [] [] [] | make | [] [] [] [] | man-db | [] [] | minicom | [] [] [] [] [] | mysecretdiary | [] [] [] [] | nano | [] [] | nano_1_0 | [] [] [] [] | opcodes | [] [] | parted | [] | pilot-qof | [] | psmisc | [] [] | pwdutils | [] [] | python | | qof | [] | radius | [] [] | recode | [] [] [] [] [] [] [] | rpm | [] [] [] [] | screem | | scrollkeeper | [] [] [] [] [] [] [] | sed | [] [] [] [] [] [] [] [] [] | sh-utils | [] [] [] | shared-mime-info | [] [] [] [] [] | sharutils | [] [] [] [] | shishi | [] | silky | [] | skencil | [] [] [] | sketch | [] [] [] | solfege | [] | soundtracker | [] [] | sp | | stardict | [] [] [] | system-tools-ba... | [] [] [] [] [] [] [] [] [] | tar | [] [] [] [] [] | texinfo | [] [] [] [] | textutils | [] [] [] | tin | () | tp-robot | [] | tuxpaint | [] [] [] [] [] | unicode-han-tra... | | unicode-transla... | | util-linux | [] [] [] [] | vorbis-tools | [] [] | wastesedge | | wdiff | [] [] [] [] [] [] | wget | [] [] [] [] | xchat | [] [] [] [] [] [] [] | xkeyboard-config | [] [] | xpad | [] [] [] | +------------------------------------------------------+ nso or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta 0 2 3 58 31 53 5 76 72 5 42 48 12 51 130 2 tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu +---------------------------------------------------+ GNUnet | [] | 2 a2ps | [] [] [] | 19 aegis | | 0 ant-phone | [] [] | 6 anubis | [] [] [] | 11 ap-utils | () [] | 4 aspell | [] [] [] | 14 bash | [] | 11 batchelor | [] [] | 9 bfd | | 1 bibshelf | [] | 7 binutils | [] [] [] | 9 bison | [] [] [] | 19 bison-runtime | [] [] [] | 16 bluez-pin | [] [] [] [] [] [] | 28 cflow | [] [] | 4 clisp | | 6 console-tools | [] [] | 5 coreutils | [] [] | 17 cpio | [] [] [] | 9 cpplib | [] [] [] [] | 11 cryptonit | | 5 darkstat | [] () () | 15 dialog | [] [] [] [] [] | 30 diffutils | [] [] [] [] | 28 doodle | [] | 6 e2fsprogs | [] [] | 10 enscript | [] [] [] | 16 error | [] [] [] [] | 18 fetchmail | [] [] | 12 fileutils | [] [] [] | 18 findutils | [] [] [] | 17 flex | [] [] | 15 fslint | [] | 9 gas | [] | 3 gawk | [] [] | 15 gbiff | [] | 5 gcal | [] | 5 gcc | [] [] [] | 6 gettext-examples | [] [] [] [] [] [] | 26 gettext-runtime | [] [] [] [] [] [] | 28 gettext-tools | [] [] [] [] [] | 19 gimp-print | [] [] | 12 gip | [] [] | 12 gliv | [] [] | 8 glunarclock | [] [] [] | 15 gmult | [] [] [] [] | 15 gnubiff | [] | 1 gnucash | () | 2 gnucash-glossary | [] [] | 9 gnuedu | [] | 2 gnulib | [] [] [] [] [] | 28 gnunet-gtk | | 1 gnutls | | 2 gpe-aerial | [] [] | 14 gpe-beam | [] [] | 14 gpe-calendar | [] [] [] [] | 19 gpe-clock | [] [] [] [] | 20 gpe-conf | [] [] | 14 gpe-contacts | [] [] | 10 gpe-edit | [] [] [] [] | 19 gpe-filemanager | [] | 5 gpe-go | [] [] | 14 gpe-login | [] [] [] [] [] | 20 gpe-ownerinfo | [] [] [] [] | 20 gpe-package | [] | 5 gpe-sketchbook | [] [] | 16 gpe-su | [] [] [] | 19 gpe-taskmanager | [] [] [] | 19 gpe-timesheet | [] [] [] [] | 18 gpe-today | [] [] [] [] [] | 20 gpe-todo | [] | 6 gphoto2 | [] [] [] [] | 20 gprof | [] [] | 11 gpsdrive | | 4 gramadoir | [] | 7 grep | [] [] [] [] | 33 gretl | | 4 gsasl | [] [] | 6 gss | [] | 5 gst-plugins | [] [] [] | 15 gst-plugins-base | [] [] [] | 9 gst-plugins-good | [] [] [] | 18 gstreamer | [] [] [] | 17 gtick | [] | 11 gtkam | [] | 13 gtkorphan | [] | 7 gtkspell | [] [] [] [] [] [] | 26 gutenprint | | 3 hello | [] [] [] [] [] | 39 id-utils | [] [] | 14 impost | [] | 4 indent | [] [] [] [] | 25 iso_3166 | [] [] [] | 15 iso_3166_1 | [] [] | 20 iso_3166_2 | | 2 iso_3166_3 | [] [] | 9 iso_4217 | [] [] | 14 iso_639 | [] | 14 jpilot | [] [] [] [] | 7 jtag | [] | 3 jwhois | [] [] [] | 13 kbd | [] [] | 12 keytouch | [] | 4 keytouch-editor | | 2 keytouch-keyboa... | | 2 latrine | [] [] | 8 ld | [] [] [] [] | 8 leafpad | [] [] [] [] | 23 libc | [] [] [] | 23 libexif | [] | 4 libextractor | [] | 5 libgpewidget | [] [] [] | 19 libgpg-error | [] | 4 libgphoto2 | [] | 8 libgphoto2_port | [] [] [] | 11 libgsasl | [] | 8 libiconv | [] | 4 libidn | [] [] | 10 lifelines | | 4 lilypond | | 2 lingoteach | [] | 6 lynx | [] [] [] | 15 m4 | [] [] [] | 18 mailutils | [] | 8 make | [] [] [] | 20 man-db | [] | 6 minicom | [] | 14 mysecretdiary | [] [] | 12 nano | [] [] | 15 nano_1_0 | [] [] [] | 18 opcodes | [] [] | 10 parted | [] [] [] | 10 pilot-qof | [] | 3 psmisc | [] | 10 pwdutils | [] | 3 python | | 0 qof | [] | 2 radius | [] | 6 recode | [] [] [] | 25 rpm | [] [] [] [] | 14 screem | [] | 2 scrollkeeper | [] [] [] [] | 26 sed | [] [] [] | 22 sh-utils | [] | 15 shared-mime-info | [] [] [] [] | 23 sharutils | [] [] [] | 23 shishi | | 1 silky | [] | 4 skencil | [] | 7 sketch | | 6 solfege | | 2 soundtracker | [] [] | 9 sp | [] | 3 stardict | [] [] [] [] | 11 system-tools-ba... | [] [] [] [] [] [] [] | 37 tar | [] [] [] [] | 19 texinfo | [] [] [] | 15 textutils | [] [] [] | 17 tin | | 1 tp-robot | [] [] [] | 10 tuxpaint | [] [] [] | 16 unicode-han-tra... | | 0 unicode-transla... | | 2 util-linux | [] [] [] | 20 vorbis-tools | [] [] | 11 wastesedge | | 1 wdiff | [] [] | 22 wget | [] [] [] | 19 xchat | [] [] [] [] | 28 xkeyboard-config | [] [] [] [] | 11 xpad | [] [] [] | 14 +---------------------------------------------------+ 77 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu 172 domains 0 1 1 78 39 0 135 13 1 50 3 54 0 2054 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are used for implementing regional variants of languages, or language dialects. For a PO file in the matrix above to be effective, the package to which it applies should also have been internationalized and distributed as such by its maintainer. There might be an observable lag between the mere existence a PO file and its wide availability in a distribution. If July 2006 seems to be old, you may fetch a more recent copy of this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date matrix with full percentage details can be found at `http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. 1.6 Using `gettext' in new packages =================================== If you are writing a freely available program and want to internationalize it you are welcome to use GNU `gettext' in your package. Of course you have to respect the GNU Library General Public License which covers the use of the GNU `gettext' library. This means in particular that even non-free programs can use `libintl' as a shared library, whereas only free software can use `libintl' as a static library or use modified versions of `libintl'. Once the sources are changed appropriately and the setup can handle the use of `gettext' the only thing missing are the translations. The Free Translation Project is also available for packages which are not developed inside the GNU project. Therefore the information given above applies also for every other Free Software Project. Contact `translation@iro.umontreal.ca' to make the `.pot' files available to the translation teams. pam/AUTHORS0000644000000000000000000000034613261244762007603 0ustar Original authors and current maintainers of Linux-PAM: Andrew G. Morgan Dmitry V. Levin Thorsten Kukuk Sebastien Tricaud Tomas Mraz pam/CHANGELOG0000644000000000000000000023664213261244762007757 0ustar ======================================================================= ======================================================================= This file is no longer used for tracking changes for Linux-PAM. For user visible changes, please look at the NEWS file. A more verbose list of changes can be found in ChangeLog. ======================================================================= ======================================================================= ----------------------------- TODO: - sanitize use of md5 throughout distribution.. Make a static library for helping to develop modules that contains it and other stuff. Also add sha-1 and ripemd-160 digest algorithms. - once above is done. remove hacks from the secret@here module etc.. - document PAM_INCOMPLETE changes - verify that the PAM_INCOMPLETE interface is sensible. Can we catch errors? should we permit item changing etc., between pam_authenticate re-invocations? - verify that the PAM_INCOMPLETE interface works (auth seems ok..) - add PAM_INCOMPLETE support to modules (partially added to pam_pwdb) - work on RFC. - auth and acct support in pam_cracklib, "yes, I know the password you just typed was valid, I just don't think it was very strong..." ==================================================================== If you have found a bug in Linux-PAM (including a documentation bug, or a new feature request and/or patch), please consider filing such a bug report - outstanding bugs are listed here: http://sourceforge.net/tracker/?atid=106663&group_id=6663&func=browse (to file another bug see the 'submit bug' button on that page). ==================================================================== 0.81: please submit patches for this section with actual code/doc patches! * pam_umask: New module for setting umask from GECOS field, /etc/login.defs or /etc/default/login (kukuk) * configure/pam_strerror: Remove old ugly-hack option for pam_strerror interface change (kukuk) * configure.in: Fix AC_DEFINE usage for autoheader (kukuk) * configure.in/_pam_aconf.h.in: Remove feature.h inclusion (kukuk) * defs: Remove obsolete directory/content (kukuk) * Rename _pam_aconf.h.in to config.h (kukuk) * pam_unix: Don't ignore pam_get_item return value (kukuk) * pam_userdb: Fix regression - crash when crypt param not specified (t8m) * libpam: Remove pam_authenticate_secondary stub (kukuk) * Use autoconf/automake/libtool (kukuk) * pam_securetty: Be fail-close on user lookups, always log failures, not just with "debug" (Solar Designer) * Add gettext support * Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR, pt, zh_CN and zh_TW * pam_limits: Apply ALT Linux/Owl patch * pam_motd: Apply ALT Linux/Owl patch * libpam: Cache pam_get_user() failures * libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info and pam_vinfo functions for use by modules as extension (kukuk). * pam_cracklib: Make path to cracklib dicts an option (kukuk). * libpam: Add pam_syslog function for unified syslog messages from PAM modules (kukuk). * pam_tally, pam_time, pam_userdb: use pam_syslog and pam_prompt (ldv) * pam_issue: major cleanup (ldv) * pam_echo: New PAM module for message output (kukuk) * pam_limits: Fix regression from RLIMIT_NICE support (wrong limit values for other limits are applied) patch by Anton Guda * pam_unix: Always honor nis flag on password change (by Aaron Hope) * libpam: Moved functions from pammodutil to libpam (t8m) * pam_lastlog: Cleanup, fix broken logic in pam_parse, modify wtmp by default, nowtmp option switches that off (ldv) 0.80: Wed Jul 13 13:23:20 CEST 2005 * pam_tally: test for NULL data before dereferencing them (t8m) * pam_unix: fix regression introduced in 0.78 - both NIS and local password should be changed if possible (t8m) * misc_conv: flush input first then print the prompt - fixes problem with expect scripts (t8m) * pam_unix: nis option shouldn't clear the shadow option (t8m) * cleanups and minor bugfixes by Steve Grubb (t8m) * pam_private.h: set PAM_DEFAULT_PROMPT to "login: " (kukuk) * pam_mkhomedir: Create parent directories if they do not already exist (Bug 600351 - kukuk) * pam_mkhomedir: Set owner/permissions of home directory after we created all files (Bug 1032922 - kukuk) * pam_rhosts: Get rid of static buffer for path (kukuk) * pam_selinux/pam_unix/pam_rootok: Add SELinux support based on patch from Red Hat (kukuk) * pam_limits: Correct support of unlimited limits, use correct type for rlimit value (Bug 945449 - kukuk, t8m) * pam_xauth: Unset the XAUTHORITY variable when requesting user is root and target user is not (t8m) * pam_access: Add listsep option to set list element separator by Richard Shaffer (t8m) * pam_limits: Don't reset process priority if none is specified in the config file (Novell #81690 - kukuk) * Fix all occurrence of dereferencing type-punned pointer will break strict-aliasing rules warnings (kukuk) * pam_limits: Support new limits in linux 2.6.12 (t8m) * pam_mkhomedir: change mode datatype (toady) * pam_limits: Don't lowercase login names (kukuk) 0.79: Thu Mar 31 16:48:45 CEST 2005 * pam_tally: added audit option (toady) * pam_unix: don't log user unknown failure when he can be properly authenticated by another module (t8m) * configure: don't abort if no cracklib dictinaries were found, but warn user that pam_cracklib will not be built (kukuk) * modules/pam_unix/support.c: Fix return value if user aborts while changes the password (Bug 872945 - kukuk) * modules/pam_unix/support.c: Fix return value for an unknown user (Bug 872943 - kukuk) * pam_limits: support for new Linux kernel 2.6 limits (from toby cabot - t8m) * pam_tally: major rewrite of the module (t8m) * libpam: don't return PAM_IGNORE for OK or JUMP actions if using cached chain (Bug 629251 - t8m) * pam_nologin: don't overwrite return value with return from pam_get_item (t8m) * libpam: Add more checks for broken PAM configuration files to avoid seg.faults (kukuk) * pam_shells: correct README * libpam: Fix debug code (kukuk) * pam_limits: Fix order of LIMITS_DEF_* priorities (kukuk) * pam_xauth: preserve DISPLAY variable (Novell #66885 - kukuk) * libpam: Add prelude ids (http://www.prelude-ids.org) support, as experimental. (toady) * configure: Add the directory where new versions of cracklib is installed (from Jim Gifford - toady) * libpamc: Use standard u_intX_t types instead of __uX (kukuk) 0.78: Do Nov 18 14:48:36 CET 2004 * pam_unix: change the order of trying password changes - local first, NIS second (t8m) * pam_wheel: add option only_root to make it affect authentication to root account only * pam_unix: test return values on renaming files and report error to syslog and to user * pam_unix: forced password change shouldn't trump account expiration * pam_unix: remove the use of openlog (from debian - toady) * pam_unix: NIS cleanup (patch from Philippe Troin) * pam_access: you can now authenticate an explicit user on an explicit tty (from debian - toady) * pam_limits, pam_rhosts, pam_unix: fixed hurd portability issues (patch from Igor Khavkine) * pam_env: added comments in the configuration file to avoid errors (from debian - toady) * pam_mail: check PAM_NO_ENV to know if we can delete the environment variable (from debian - toady) * pam_filter: s/termio/termios/g (from debian - toady) * pam_mkhomedir: no maxpathlen required (from debian - toady) * pam_limits: applied patch to allow explicit limits for root and remove limits on su. (from debian - toady) * pam_unix: severe denial of service possible with this module since it locked too aggressively. Bug report and testing help from Sascha Loetz. (Bug 664290 - agmorgan) * getlogin was spoofable: "/tmp/" and "/dev/" have the same number of characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname' attacks could potentially spoof pam_wheel with the 'trust' module argument into granting access to a luser. Also, pam_unix gave odd error messages in such a situation (logname != uid). This problem was found by David Endler of iDefense.com (Bug 667584 - agmorgan). * added my new DSA public key to the pgp.keys.asc file. Also included a signed copy of my new public key (1024D/D41A6DF2) made with my old key (1024/2A398175). * added "include" directive to config file syntax. The whole idea is to create few "systemwide" pam configs and include parts of them in application pam configs. (patch by "Dmitry V. Levin" ) (Bug 812567 - baggins). * doc/modules/pam_mkhomedir.sgml: Remove wrong debug options (Bug 591605 - kukuk) * pam_unix: Call password checking helper whenever the password field contains only one character (Bug 1027903 - kukuk) * libpam/pam_start.c: All service names should be files below /etc/pam.d and nothing else. Forbid paths. (Bug 1027912 - kukuk) * pam_cracklib: Fix error in distance algorithm in the 0.9 pam_cracklib module (Bug 1010142 - toady) * pam_userdb: applied patch from Paul Walmsley it now indicates whether encrypted or plaintext passwords are stored in the database needed for pam_userdb (BerliOS - toady) * pam_group: The module should also ignore PAM_REINITIALIZE_CRED to avoid spurious errors (from Linux distributors - kukuk) * pam_cracklib: Clear the entire options structure (from Linux distributors - kukuk) * pam_issue: We write a NUL to prompt_tmp[tot_size] later, so make sure that the destination is part of the allocated block, make do_prompt static (from Linux distributors - kukuk) * ldconfig: Only run full ldconfig, if we don't install into a FAKEROOT environment, else let ldconfig only create the symlinks correct (from Linux distributors - kukuk) * pam_unix/pam_pwdb: Use SIG_DFL instead of SIG_IGN for SIGCHLD (from Linux distributors - kukuk) * Add most of Steve Grubb's resource leak and other fixes (from Linux distributors - kukuk) * doc/Makefile: Don't include .cvsignore files in tar ball (kukuk) * libpam_misc/misc_conv.c: Differentiate between Ctrl-D and (Bug 1032604 - kukuk) * Make.Rules.in: Add targets for installing man pages for modules (from Linux distributors - kukuk) * Add pam_xauth module (Bug 436440 - kukuk) * Add pam_localuser module (Bug 436444 - kukuk) * Add pam_succeed_if module (from Linux distributors - kukuk) * configure.in: Fix check for libcrypt (Bug 417704 - kukuk) * Add the "broken_shadow" argument to pam_unix, for ignoring errors reading shadow information (from Linux distributors - kukuk) * Add patches to make PAM modules reentrant (Bug 440107 - kukuk) * Merge patches from Red Hat (Bug 477000 and other - kukuk) * Fix pam_rhosts option parsing (Bug 922648 - kukuk) * Add $ISA support in config files (from Red Hat - kukuk) 0.77: Mon Sep 23 10:25:42 PDT 2002 * documentation support for pdf files was not quite right - installation was messed up. * pam_wheel was too aggressive to grant access (in the case of the 'deny' option you want to pay attention to 'trust'). Fix from Nalin (Bugs 476951, 476953 - agmorgan) * account management support for: pam_shells, pam_listfile, pam_wheel and pam_securetty (+ static module fix for pam_nologin). Patch from redhat through Harald Welte (Bug 436435 - agmorgan). * pam_wheel feature from Nalin - can use the module to provide wheel access to non-root accounts. Also from Nalin, a bugfix related to the primary group of the applicant is the 'wheel' group. (Bugs 476980, 476941 - agmorgan) * pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while running the helper binary (patch from Nalin) added the "noreap" module argument to both of these modules to turn off this new default. Bugfix found by Silvan Minghetti for former module and 521314 checkin. (Bugs 476963, 521314 - agmorgan). * updated CHANGELOG and configure.in for 0.77 work. 0.76: Mon Jul 8 21:44:59 PDT 2002 * pam_unix: fix for legacy crypt() support when the password entered was long. (Bug 521314 - agmorgan). * pam_access no longer include gethostname() prototype complaint from David Lee (Bug 415423 - agmorgan). * make pam_nologin more secure by default, added two new module arguments etc. - acting on suggestion from Nico (Bug 419307 - agmorgan) * link in libpam to libpam_misc - since the latter uses functions in the former it makes some sort of sense to do this (although, in the static library case, I remain to be convinced). (Bug 565470 - agmorgan). * absorbed some of the proposed darwin (OS X) changes from Luke Howard (of PADL software) - hopefully will get the rest (see Rob Braun's 534205) by 0.77 (Bug 491466 - agmorgan). * README fix for pam_unix from Nalin (Bug 476971 - agmorgan). * add support for building pdf files from the documentation - request from 'lolive' (Bug 471377 - agmorgan). * documented the equivalent '[..]' expressions for "required" etc. Request from Ross Patterson (Bug 529078 - agmorgan). * '[...]' parsing: document it and also fix it to support '\]' escape sequence. Feature request from Russell Kliese (Bug 517064 - agmorgan). * pam_rootok: compilation warning noted by Tony den Haan wrt no prototype for strcmp() (Bug 557322 - agmorgan). * documentation: (a few of mine in passing) and app documentation suggestions regarding PAM environment variables and module documentation changes regarding the conversation function from Jenn Vesperman (Bug 527821, 527965 - agmorgan) * documentation: pam_time.sgml typo fixed, pam_motd exists now, correct Red Hat comment about config files (Bugs 554274, 554261, 554182 - agmorgan) * pam_limits: added '%' domain for maxlogins limiting, now '*' and @group have the old meaning (every) and '%' the new one (all) (Bug 533664 - baggins) * pam_limits: put not so interesting log messages under debug arg (Bug 533668 - baggins) * pam_access: added the 'fieldsep=' argument (Bug 547051 - agmorgan), made a PAM_RHOST of "" equivalent to NULL (Bug 547521 - agmorgan). * pam_limits: keep well know behaviour of maxlogins default ('*') limit (Bug 533664 - baggins) * pam_unix: more from Nalin log password changes (Bug 517743 - agmorgan) * pam_limits: make it use the priority value specified in config (bug 530428 - baggins) * pam_unix: removed broken code in password update code. Report from Len Lattanzi (Bug 507379 - agmorgan) * pam_mkhomedir: recurse directories. Patch from Nalin (Bug 476981 - agmorgan) * pam_limits can handle negative priority limits now (which can apply to the superuser too) - based on patch from Nalin. Also cleanup the error handling that was very sloppy before. Also, courtesy of Berend De Schouwe get the math right on login counting (Bug 476990, 476987, 493294 - agmorgan) * documentation: random typo fixes from Nalin and more stuff from me (Bug 476949, Tasks 43507, 17426 - agmorgan) * A Tru64 fix (given other stuff has already resolved this, it actually just a comment actually) from 'Eddie'. (Bug 418450 - agmorgan) * pam_handlers: BSD fix from Dag-Erling Smørgrav and Anton Berezin (Bug 486063 - agmorgan) * added the dynamic/* directory to the distribution. If you go in there after building the rest of the tree, you'll make a pam.so object that can be used by something like a java runtime with dlopen. Its not very well tested - caveat emptor. (Bug 232194 - agmorgan) * somehow pam_unix has started forcing the user prompt to be "login: ". This is entirely inapropriate as it overrides PAM_USER_PROMPT. (Bug 486361 - agmorgan). * added a static module helper library object includes a few changes to examples/xsh.c for testing purposes (added a simple shell wrapper for running xsh with the sandbox libraries), and also modified the pam_rhosts_auth module to use this new library. (Bug 490938, 409852 - agmorgan). * pam_unix: fix 'likeauth' to kill off the memory leak once and for all. (Bug 483959 - vorlon) * pam_unix: restore handling of 'likeauth' argument to a known working state; prettify AUTH_RETURN macro; remove redundant argv checks in pam_sm_setcred() (Bugs 483959, 113596 - vorlon) * pam_cracklib: another try at implementing similar() from Harald Welte and Nalin (Bugs 436053, 476957 - agmorgan) * pam_access: default access.conf file contained a type (console instead of LOCAL) fix from Nalin (Bug 476934 - agmorgan) * pam_unix: fixed bizarre memory leak pointed out by Fernando Trias (Bug 483959 - agmorgan) * misc string comparison length checking changes from Nalin. Modules touched, pam_cracklib, pam_listfile, pam_unix, pam_wheel (Bug 476947 - agmorgan) * pam_userdb: require that all of typed password matches that in database report and fix from Vladimir Pastukhov. (Bug 484252 - agmorgan) * pam_malloc: revived malloc debugging code, now tied to --enable-memory-debug and added strdup() support (Bug 485454 - agmorgan) * pam_tally: Nalin's fix for lastlog corruption (Bug 476985 - agmorgan) * pam_rhosts: Nalin adds support for '+hostname', and zdd fix compilation warning. (Bug 476986 - agmorgan) * pam_motd: Nalin fixed compiler warning. (Bug 476938 - agmorgan) * pam_pwdb: Solar Designer pointed out that there was a problem with the compatibility support for md5 password hashing. (Bug 460717, 476961 - agmorgan) * pam_issue: Nalin found segfaulting problems if the PAM_USER_PROMPT is unset, found some similar problems with assumptions about realloc. (Bug 476983 - agmorgan) * pam_env: 'weichangyang of hotmail' pointed out a wild string with no valid '\0' was leading to problems with sshd and suggested fix (Bug 473034 - agmorgan) * MANDIR cleanup. It defaults to /usr/share/man, but can be overridden using the --enable-mandir ./configure option, similarly for DOCDIR from Nalin (Bug 476940 - agmorgan) * pam_filter cleanup (including moving the filter directory) Nalin and Harald Welte (Bugs 436057, 476970 - agmorgan) * db3 is now recognized as a libdb candidate (Bug 435764 - agmorgan) * more changes (extracted from redhat version) courtesy of Harald Welte (Bugs pam_limits=436061, pam_lastlog=436060, pam_mkhomedir/pam_env=435991 - agmorgan) * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called - bug report from Seongwan Park. (Bug 468724 - agmorgan) * some BSD updates and fixes from Mark Murray - including a slightly more robust conversation function and some minimization of gcc warnings. (Bugs 449203,463984 - agmorgan) * verified that the setcred stack didn't suffer from the bug I was nervous about, add a new module pam_debug to help me test this. fixed a libpam/pam_dispatch.c instrumentation line that I tripped over when testing. Also restructured pam_warn to help here (Bug 424315 - agmorgan). * pam_unix/support.c: sample use of reentrant NSS function. Not yet active, because modules do not include _pam_aconf_h! (Bug 440107 - vorlon) * doc/Makefile changes - use $(mandir) [courtesy Harald Welte] (Bug 435760) and add some rules to make/delete the draft rfc I've been working on (Task 17426 - agmorgan) * pam_modules.sgml: sourceforge has changed its CVS viewing software (Bug 460491 - agmorgan) * pam_unix_passwd: got rid of an annoying warning (Bug 461089 - agmorgan) * configure.in, _pam_aconf.h.in: set the stage for fully reentrant PAM modules, with some infrastructure to detect getxxbyxx_r() functions (Bug 440107 - vorlon) * pam_unix: removed superfluous use of static variables in md5 and bigcrypt routines, bringing us a step closer to thread-safeness. Eliminated some variable indirection along the way. (Bug 440107 - vorlon) * pam_tally: remove #include of stdlib.h, which isn't needed by anything found in this module. Can be readded if we find a real need for it at a later date. (Bug 436432 - vorlon) * pam_tally: added an #include (was it really needed?) and made the pam_tally app install (with more pretty printing and a corrected Makefile dependency) motivated by a (red hat diff) courtesy of Harald Welte (Bug 436432 - agmorgan) * configure.in changes to help support non-Linux environments courtesy of Scott T. Emery (Bug 422563 - agmorgan) * made a pam_cracklib enhancement to interpret -ve limits in a sensible fashion contributed by Werner Puschitz (Bug 413162 - agmorgan) * another fix for the latest number of rlimits available to pam_limits (Bug 424060 - agmorgan) * removed stale link from pam_pwdb documentation (Bug 433460 - agmorgan) * pam_appl.sgml change - more discussion of choosing a service name (Bug 417512 - agmorgan) * more specific linking requirements for -lndbm for pam_userdb - from David Lee (Bug 417339 - agmorgan) * a large number of small changes to make AIX support better (Bug 416229 - agmorgan) * $(MAKE) instead of 'make' - from Scott T. Emery (Bug 422144 - agmorgan) * c++ header fixes for pam_misc.h and pam_client.h - from Alexandre Sagala (Bug 420270 - agmorgan) * pam_access fixes - looks out for trailing '.' - from Carlo Marcelo Arenas Belon (Bug 419631 - agmorgan) * don't zero out password strings during pam_unix's password changing function (Bug 419803 - vorlon) * propagate some definitions to the _pam_aconf.h file - from David Lee (Bug 415419 - agmorgan) * solaris GCC OS_CFLAGS change from David Lee (Bug 415412 - agmorgan) * added a comment to this CHANGELOG to explain why most of the bugids used below appear not to be known to sourceforge [try adding 100000 to the bugid number.] (Bug 414943 - agmorgan) * bumped version numbers and also added support for SONAME defines that appear not to have survived the great autoconf experiment (Bug 414669 - agmorgan). 0.75: Sat Apr 7 23:10:50 PDT 2001 ** WARNING ** This release contains backwardly incompatible changes to libpam. Prior versions were buggy - see bugfix for Bug 129775. ** WARNING ** * made 0.75 release (Bug 414665 - agmorgan) * pam_pwdb has been removed from the suggested pam.conf template. I've replaced it with pam_unix. (Bug 227565 - agmorgan) * pam_limits - Richard M. Yumul reported that " -" didn't work, first fix suggested by Werner Puschitz (Bug 404953 - agmorgan) * Nicolay Pelov suggested a simple fix for freebsd support (Bug 407282 - agmorgan) * Michel D'HOOGE submitted documentation fixes (Bug 408961 - agmorgan) * fix for module linking directions (Bug 133545 - agmorgan) * fix for glibc-2.2.2 compilation of pam_issue (Bug 133542 - agmorgan) * fix pam_userdb to make and link both .o files it needs - converse() wasn't being linked! (Bug 132880 - agmorgan) * added some sys-admin documentation for the pam_tally module (Bug 126210 - agmorgan). * added a link to module examples from the module writers doc (Bug 131192 - agmorgan). * fixed a small security hole (more of a user confusion issue) with the unix and pwdb password helper binaries. The beef is described in the bug report, but no uid change was possible so no-one should think they need to issue a security bulletin over this one! (Bug 112540 - agmorgan) * pam_lastlog needs to be linked with -lutil, also removed ambiguity from sysadmin guide regarding this module being a 'session' module (Bug 131549 - agmorgan). * pam_cracklib needs to be linked with -lcrypt (old password checking) (Bug 131601 - agmorgan). * fixes for static library builds and also the examples when linked with the debugging build of the libraries. (Bug 131783 - agmorgan) * fixed URL for original RFC to a cached kernel.org file. (Bug 131503 - agmorgan) * quoted the $CRACKLIB_DICTPATH test in configure.in (Bug 130130 - agmorgan). * improved handling of the setcred/close_session and update chauthtok stack. *Warning* This is a backwardly incompatable change, but 'more sane' than before. (Bug 129775 - agmorgan) * bumped the version number, and added some code to assist in making documentation releases (Bug 129644 - agmorgan). 0.74: Sun Jan 21 22:36:08 PST 2001 * made 0.74 release (Bug 129642 - agmorgan) * libpam - cleaned up a few non-static functions to be static and added support for libpam to enforce things like pam_[gs]et_data() and AUTHTOK rules for using the API. Also documented pam_[gs]et_item() a little better including return codes (Bugs 129027, 128576 - agmorgan). * pam_access - fixed the non-default config file option (Bug 127561 - agmorgan) * pam.8 manual page clarified with respect to the default location for finding modules, also added some text describing the [...] control syntax. (Bug 127625 - agmorgan) * md5.h ia64 fixes for pam_unix and pam_pwdb (Bug 127700 - agmorgan) * removed requirement for c++ from the configure{.in,} files (Bug 128298 - agmorgan) * removed subdirectories from man page redirections (124396 - baggins) * per David Lee, fixed non-POSIX shell command in modules/pam_filter/Makefile (Bug 126440 - vorlon) * modify format of pam_unix log messages to include service name (Bug 126423 - vorlon) * prevent pam_unix from logging unknown usernames (Bug 126431 - vorlon) * changed format of pam_unix 'authentication failure' log messages to make them clearer and more consistent (Bug 126036 - vorlon) * improved portability of pam_unix by eliminating Linux-specific utmp defines in PAM_getlogin() (Bug 125704 - vorlon) * removed static variables from pam_tally (Bug 117434 - agmorgan) * added copyright message to pam_access module from original logdaemon sources (Bug 125022 - agmorgan) * configure.in - removed the GCC -Wtraditional flag (Bug 124923 - agmorgan) * pam_mail - use PAM_PATH_MAILDIR as the location of mail spool (Bug 124397 - baggins) * _pam_aconf.h.in, configure.in - added PAM_PATH_MAILDIR set via --with-mailspool=dir option (default is _PAM_MAILDIR if defined in paths.h otherwise /var/spool/mail (Bug 124397 - baggins) * removed unnecessary CVS Log tags from all over the source (Bug 124391 - baggins) * pam_tally - check for PAM_TTY if PAM_RHOST is not set when writing to faillog (Bug 124394 - baggins) * use O_NOFOLLOW if available when opening debug log (Bug 124385 - baggins) * pam_cracklib - removed comments about pam_unix not working with pam_cracklib, added information about use_authtok parameter (Bug 124388 - baggins) * pam_userdb - fixed wrong definition of struct pam_module (was pam_wheel) (Bug 124386 - baggins) * fixed example/Makefile include path (Bug 124187, 127563(?) - agmorgan) * pam_userdb compiles on RH5x. Also removed circular dependency on configure.in. Also bumped revision number to 0.74. (Bug 124136 - agmorgan) 0.73: Sat Dec 2 00:04:04 PST 2000 * updated documentaion revisions and added 'make release' support to the top level Makefile (Bug 124132 - agmorgan). * documented Qmail support in pam_mail (Bug 109219 - baggins) * add change_uid option to pam_limits, and set real uid only if this option is present (Bug 124062 - baggins) * pam_limits - set real uid to the user for who we set limits. (Bug 123972 - baggins) * removed static variables from pam_limits (thread safe now). (Bug 117450 - agmorgan). * removed static variable from pam_wheel (module should be thread safe now). (Bug 112906 - agmorgan) * added support for '/' symbols in pam_time and pam_group config files (support for modern terminal devices). Fixed infinite loop problem with '\\[^\n]' in these files. (Bug 116076 - agmorgan) * avoid potential SIGPIPE when writing to helper binaries with (Bug 123399 - agmorgan) * replaced bogus logic in the pam_cracklib module for determining if the replacement is too similar to the old password (Bug 115055 - agmorgan) * added accessconf= feature to pam_access - request from Aldrin Martoq and Meelis Roos (Bugs 111927,117240 - agmorgan) * fix for pam_limit module not dealing with all limits Adam J. Richter (Bug 119554 - agmorgan) * comment fix describing fail_delay callback in _pam_types.h (Bug 112646 - agmorgan) * "likeauth" fix for pam_unix and pam_pwdb which (Bug 113596 - agmorgan) * fix for pam_unix (support.c) to avoid segfault with NULL password (Bug 113238 - vorlon) * fix to pam_unix_passwd: try repeatedly to get a lock on the password file, instead of failing immediately (Bug 108845 - fix vorlon) * fix to pam_shells: logged information was not formatted correctly (extra comma) (Bug 111491 - fix vorlon) * fix for C++ application support (Bug 111645 - fix agmorgan) * fix for typo in pam_client.h (Bug 111648 - fix agmorgan) * removal of -lpam from pam_mkhomedir Makefile (Bug 116380 - fix agmorgan) * autoconf support [Task ID 15788, Bug ID 108297 - agmorgan with help!] - bugfix for libpamc.h include file [Bug ID 117476 - agmorgan] - bugfix for pam_filter.h inclusion [Bug ID 117474 - agmorgan] 0.72: Mon Dec 13 22:41:11 PST 1999 * patches from Debian (Ben Collins): pam_ftp supports event driven conversations now; pwdb_chkpwd cleanup; pam_warn static compile fix; user_db compiler warnings removed; debian defs file; pam_mail can now be used as a session module * ndbm compilation option for user_db module (fix explained by Richard Khoo) * pam_cracklib bug fix * packaging fixes & build from scratch stuff (Konst Bulatnikov & Frodo Looijaard) * -ldl appended to the libpam.so compilation make rule. (Charles Seeger) * Red Hat security patch for pam_pwdb forwarded by Debian! (Ben Collins. Fix provided by Andrey as it caught the problem earlier in the code.) * heuristic to prevent leaking filedescriptors to an agent. [This needs to be better supported perhaps by an additional libpamc API function?] * pam_userdb segfault fix from (Ben Collins) * PAM draft spec extras added at request of 'sen_ml' 0.71: Sun Nov 7 20:21:19 PST 1999 * added -lc to linker pass for pam_nologin module (glibc is weird). * various header changes to lower the number of warnings on glibc systems (Dan Yefimov) * merged a bunch of Debian fixes/patches/documentation (Ben Collins) things touched: libpam (minor); doc/modules/pam_unix.sgml; pam_env (plus docs); pam_mkhomedir (new module for new home directories on the fly...); pam_motd (new module); pam_limits (adjust to match docs); pam_issue (new module + doc) [Some of these were also submitted by Thorsten Kukuk] * small hack to lower the number of warnings that pam_client.h was generating. * debian and SuSE apparently can use the pam_ftp module, so removed the obsolete comment about this from the docs. (Thorsten Kukuk) 0.70: Fri Oct 8 22:05:30 PDT 1999 * bug fix for parsing of value=action tokens in libpam/pam_misc.c was segfaulting (Jan Rekorajski and independently Matthew Melvin) * numerous fixes from Thorsten Kukuk (icluding much needed fixes for bitrot in modules and some documentation) that got included in SuSE 6.2. * reentrancy issues in pam_unix and pam_cracklib resolved (Jan Rekorajski) * added hosts_equiv_rootok module option to pam_rhosts module (Tim Berger) * added comment about 'expose_account' module argument to admin and module writers' docs (request from Michael K Johnson). * myriad of bug fixes for libpamc - library now built by default and works with the biomouse fingerprint scanner agent/module (distributed separately). 0.69: Sun Aug 1 20:25:37 PDT 1999 * c++ header #ifdef'ing for pam_appl.h (Tuomo Pyhala) * added pam_userdb module (Cristian Gafton) * minor documentation changes * added in revised pam_client library (libpamc). Not installed by default yet, since the example agent/module combo is not very secure. * glibc fixes (Thorsten Kukuk, Adam J. Richter) 0.68: Sun Jul 4 23:04:13 PDT 1999 * completely new pam_unix module from Jan Rekorajski and Stephen Langasek * Jan Rekorajski pam_mail - support for Maildir format mailboxes * Jan Rekorajski pam_cracklib - support for old password comparison * Jan Rekorajski bug fix for pam_pwdb setcred reusing auth retval * Andrey's pam_tally patch (lstat -> fstat) * Robert Milkowski's additional pam_tally patches to **change format of /var/log/faillog** to one from shadow-utils, add new option "per_user" for pam_tally module, failure time logging, support for fail_line field, and support for fail_locktime field with new option no_lock_time. * pam_tally: clean up the tally application too. * Marcin Korzonek added process priority settings to pam_limits (bonus points for adding to documentation!) * Andrey's pam_pwdb patch (cleanup + md5 endian fubar fix) * more binary prompt preparations (make misc conv more compatible with spec) * modified callback hook for fail delay to be more useful with event driven applications (changed function prototype - suspect no one will notice). Documented this in app developer guide. * documentation for pam_access from Tim Berger * syntax fixes for the documentation - a long time since I've built it :*( added some more names to the CREDITS file. 0.67: Sat Jun 19 14:01:24 PDT 1999 * [dropped libpam_client - libpamc will be in the next release and conforms to the developing spec in doc/specs/draft-morgan-pam.raw. Sorry if you are keeping a PAM tree in CVS. CVS is a pain for directories, but this directory was actually not referenced by anything so the disruption should be light.] * updates to pam_tally from Tim * multiple updates from Stephen Langasek to pam_unix * pam_filter had some trouble compiling (bug report from Sridhar) * pam_wheel now attempts to identify the wheel group for the local system instead of blindly assuming it is gid=0. In the case that there is no "wheel" group, we default to assuming gid=0 is what was meant - former behavior. (courtesy of Sridhar) * NIS+ changes to pam_unix module from Dmitry O Panov * hopefully, a fix for redefinition of LOG_AUTHPRIV (bug report Luke Kenneth Casson Leighton) * fix for minor typo in pam_wheel documentation (Jacek Kopecky) * slightly more explanation of the [x=y] pam.conf syntax in the sys admin guide. 0.66: Mon Dec 28 20:22:23 PST 1998 * Started using cvs to keep track of changes to Linux-PAM. This will likely break some of the automated building stuff (RPMs etc..). * security bug fix to pam_unix and pam_tally from Andrey. * modules make file is now more automatic. It should be possible to unpack an external module in the modules directory and have it automatically added to the build process. Also added a modules/download-all script that will make such downloading easier. I'm happy to receive patches to this file, informing the distribution of places from which to enrich itself. * removed pam_system_log stuff. Thought about it long and hard: a bad idea. If libc cannot guarantee a thread safe syslog, it needs to be fixed and compatibility with other PAM libraries was unnecessarily strained. * SAG documentation changes: Seth Chaiklin * rhosts: problems with NIS lookup failures with the root-uid check. As a work-around, I've partially eliminated the need for the lookup by supplying two new arguments: no_uid_check, superuser=. As a general rule this is more pluggable, since this module might be used as an authentication scheme for a network service that does not need root privilege... * authenticate retval -> setcred for pam_pwdb (likeauth arg). * pam_pwdb event driven support * non openlog pam_listfile logging * BUGFIX: close filedescriptor in pam_group and pam_time (Emmanuel Galanos) * Chris Adams' mailhash change for pam_mail module * fixed malloc failure check in pam_handlers.c (follow up to comment by Brad M. Garcia). * update to _pam_compat.h (Brad M. Garcia) * support static modules in libpam again (Brad M. Garcia) * libpam/pam_misc.c for egcs to grok the code (Brad M. Garcia) * added a solaris-2.5.1 defs file (revived by Derrick J Brashear) * pam_listfile logs failed attempts * added a comment (Michael K Johnson pointed it out) about sgml2latex having a new syntax. I'll make it the change real when I upgrade... * a little more text to the RFC, spelling fix from William J Buffam. * minor changes to pam_securetty to accommodate event driven support. 0.65: Sun Apr 5 22:29:09 PDT 1998 * added event driven programming extensions to libpam - added PAM_INCOMPLETE handling to libpam/pam_dispatch.c - added PAM_CONV_AGAIN which is a new conversation response that should be mapped to PAM_INCOMPLETE by the module. - ensured that the pam_get_user() function can resume - changes to pam_strerror to accommodate above return codes - clean up _pam_former_state at pam_end() - ensured that former state is correctly initialized - added resumption tests to pam_authenticate(), pam_chauthtok() - added PAM_FAIL_DELAY item for pausing on failure * improved _pam_macros.h so that macros can be used as single commands (Andrey) * reimplemented logging to avoid bad interactions with libc. Added new functions, pam_[,v]system_log() to libpam's API. A programmer can check for this function's availablility by checking if HAVE_PAM_SYSTEM_LOG is #defined. * removed the reduce conflict from pam_conv1 creation -- I can sleep again now. :^] * made building of static and dynamic libpam separate. This is towards making it possible to build both under Solaris (for Derrick) * made USE_CRACKLIB a condition in unix module (Luke Kenneth Casson Leighton) * automated (quiet) config installation (Andrey) 0.64: Thu Feb 19 23:30:24 PST 1998 Andrew Morgan * miscellaneous patches for building under Solaris (Derrick J Brashear) * removed STATIC support from a number of module Makefiles. Notably, these modules are those that use libpwdb and caused difficulties satisfying the build process. (Please submit patches to fix this...;) * reomved the union for binary packet conversations from (_pam_types.h). This is now completely implemented in libpam_client. * Andrey's patch for working environment variable handling in sh_secret module. * made the libpam_misc conversation function a bit more flexible with respect to binary conversations. * added top level define (DEBUG_REL) for compiling in the form of a debugging release. I use this on a Red Hat 4.2 system with little chance of crashing the system as a whole. (Andrey has another implementation of this -- with a spec file to match..) 0.63: Wed Jan 28 22:55:30 PST 1998 Andrew Morgan * added libpam_client "convention" library. This makes explicit the use of PAM_BINARY_PROMPT. It is a first cut, so don't take it too seriously yet. Comments/suggestions for improvements are very welcome. Note, this library does not compile by default. It will be enabled when it is judged stable. The library comes with two module/agent pairs and can be used with ssh using a patch available from my pre-release directory [where you got this file.] * backward compatibility patch for libpam/pam_handlers.c (PAM_IGNORE was working with neither "requistie" nor "required") and a DEBUG'ing compile time bug with pam_dispatch.c (Savochkin Andrey Vladimirovich) * minor Makefile change from (Savochkin Andrey Vladimirovich) * added pam_afsauth, pam_afspass, pam_restrict, and pam_syslog hooks (Derrick J Brashear) * pam_access use of uname(2) problematic (security problem highlighted by Olaf Kirch). * pam_listfile went a bit crazy reading group membersips (problem highlighted by Olaf Kirch and patched independently by Cristian Gafton and Savochkin Andrey Vladimirovich) * compatibility hooks for solaris and hpux (Derrick J Brashear) * 64 bit Linux/alpha bug fixed in pam_rhosts (Andrew D. Isaacson) 0.62: Wed Jan 14 14:10:55 PST 1998 Andrew Morgan * Derrick J Brashear's patches: adds the HP stuff missed in the first patch; adds SunOS support; adds support for the Solaris native ld instead of requiring gnu ld. * last line of .rhosts file need not contain a newline. (Bug reported by Thompson Freeman.) 0.61: Thu Jan 8 22:57:44 PST 1998 Andrew Morgan * complete rewrite of the "control flag" logic. Formerly, we were limited to four flags: requisite, required, sufficient, optional. We can now use these keywords _and_ a great deal more besides. The extra logic was inspired by Vipin Samar, a preliminary patch was written by Andy Berkheimer, but I "had some ideas of my own" and that's what I've actually included. The basic idea is to allow the admin to custom build a control flag with a series of token=value pairs inside square brackets. Eg., '[default=die success=ok]' which is pretty close to a synonym for 'requisite'. I'll try to document it better in the sys-admin guide but I'm pretty sure it is a change for the better.... If what is in the sys-admin guide is not good enough for you, just take a look at the source for libpam ;^) 0.59: Thu Jan 8 22:27:22 PST 1998 Andrew Morgan * better handling of empty lines in .rhosts file. (Formerly, we asked the nameserver about them!) Fix from Hugh Daschbach. * _broke_some_binary_compatibility_ with previous versions to become compliant with X/Open's XSSO spec. Specifically, this has been by changing the prototype for pam_strerror(). * altered the convention for the conversation mechanism to agree with that of Sun. (number of responses 'now=' number of messages with help from Cristian for finding a bug.. Cristian also found a nasty speradic segfault bug -- Thanks!) * added NIS+ support to pam_unix_* * fixed a "regular file checking" problem with the ~/.rhosts sanity check. Added "privategroup" option to permit group write permission on the ~/.rhosts file in the case that the group owner has the same name as the authenticating user. :*) "promiscuous" and "suppress" were not usable! * added glibc compatibility to pam_rhosts_auth (protected __USE_MISC with #ifndef since my libc already defines it!). * Security fix from Savochkin Andrey Vladimirovich with suggested modification from Olaf Seibert. * preC contains mostly code clean-ups and a number of changes to _pam_macros. 0.58: whenever * pam_getenvlist() has a more robust definition (XSSO) than was previously thought. It would seem that we no longer need pam_misc_copy_env() which was there to provide the robustness that pam_getenvlist() lacked before... Accordingly, I have REMOVED the prototype from libpam_misc. (The function, however, will remain in the library as a wrapper for legacy apps, but will likely be removed from libpam_misc-1.0.) PLEASE FIX YOUR APPS *BEFORE* WE GET THERE! * Alexy Nogin reported garbage output from pam_env in the case of a non-existent environment variable. * 'fixed' pwdb compilation for pam_wheel. Not very cleanly done.. Mmmm. Should really clean up the entire source tree... * added prototypes for mapping functions <**WARNING**> various constants have had there names changed. Numerical values have been retained but be aware some source old modules/applications will need to be fixed before recompilation. * appended documentation to README for pam_rhosts module (Nicolai Langfeldt). * verified X/Open compatibility of header files - note, where we differ it is at the level of compilation warnings and the use of 'const char *' instead of 'char *'. Previously, Sun(X/open) have revised their spec to be more 'const'-ervative in the light of comments from Linux-PAM development. * Ooops! PAM_AUTHTOKEN_REQD should have been PAM_NEW_AUTHTOK_REQD. changed: pam_pwdb(pam_unix_acct) (also bug fix for _shadow_acct_mgmt_exp() return value), pam_stress, libpam/pam_dispatch, blank, xsh. * New: PAM_AUTHTOK_EXPIRED - password has expired. * Ooops! PAM_CRED_ESTABLISH (etc.) should have been PAM_ESTABLISH_CRED etc... (changed - this may break some people's modules - PLEASE TAKE NOTE!) changed: pam_group, pam_mail, blank, xsh; module and appl docs, pam_setcred manual page. * renamed internal _pam_handle structure to be pam_handle as per XSSO. * added PAM_RADIO_TYPE (for multiple choice input method). Also added PAM_BINARY_{MSG,PROMPT} (for interaction out of sight of user - this could be used for RSA type authentication but is currently just there for experimental purposes). The _BINARY_ types are now usable with hooks in the libpam_misc conversation function. Still have to add PAM_RADIO_TYPE. * added pam_access module (Alexei Nogin) * added documentation for pam_lastlog. Also modified the module to not (by default) print "welcome to your new account" when it cannot find a utmp entry for the user (you can turn this on with the "never" argument). * small correction to the pam_fail_delay manual page. Either the appl or the modules header file will prototype this function. * added "bigcrypt" (DEC's C2) algorithm(0) to pam_pwdb. (Andy Phillips) * *BSD tweaking for various #include's etc. (pam_lastlog, pam_rhosts, pam_wheel, libpam/pam_handlers). (Michael Smith) * added configuration directory $SCONFIGED for module specific configuration files. * added two new "linked" man pages (pam.conf(8) and pam.d(8)) * included a reasonable default for /etc/pam.conf (which can be translated to /etc/pam.d/* files with the pam_conv1 binary) * fixed the names of the new configuration files in conf/pam_conv1/pam_conv.y * fixed make check. * pam_lastlog fixed to handle UID in virgin part of /var/log/lastlog (bug report from Ronald Wahl). * grammar fix in pam_cracklib * segfault avoided in pam_pwdb (getting user). Updating of passwords that are directed to a "new" database are more robust now (bug noted by Michael K. Johnson). Added "unix" module argument for migrating passwords from another database to /etc/passwd. (documentation updated). Removed "bad username []" warning for empty passwords - on again if you supply the 'debug' module argument. * ctrl-D respected in conversation function (libpam_misc) * Removed -DPAM_FAIL_DELAY_ON from top-level Makefile. Nothing in the distribution uses it. I guess this change happened a while back, basically I'm trying to make the module parts of the distribution "source compatible" with the RFC definition of PAM. This implementation of PAM is a superset of that definition. I have added the following symbols to the Linux-PAM header files: PAM_DATA_SILENT (see _pam_types.h) HAVE_PAM_FAIL_DELAY (see _pam_types.h) PAM_DATA_REPLACE (see _pam_modules.h) Any module (or application) that wants to utilize these features, should check (#ifdef) for these tokens before using the associated functionality. (Credit to Michael K. Johnson for pointing out my earlier omission: not documenting this change :*) * first stab at making modules more independent of full library source. Modules converted: pam_deny pam_permit pam_lastlog pam_pwdb * pam_env.c: #include added to ease GNU libc use. (Michael K. Johnson) * pam_unix_passwd fixes to shadow aging code (Eliot Frank) * added README for pam_tally 0.57: Fri Apr 4 23:00:45 PST 1997 Andrew Morgan * added "nodelay" argument to pam_pwdb. This can be used to turn off the call to pam_fail_delay that takes effect when the user fails to authenticate themself. * added "suppress" argument to pam_rhosts_auth module. This will stop printing the "rlogin failure message" when the user does not have a .rhosts file. * Extra fixes for FAKEROOT in Makefiles (Savochkin Andrey Vladimirovich) * pam_tally added to tree courtesy of Tim Baverstock * pam_rhosts_auth was failing to read NFS mounted .rhosts files. (Fixed by Peter Allgeyer). Refixed and further enhanced (netgroups) by Nicolai Langfeldt. [Credit also to G.Wilford for some changes that were not actually included..] * optional (#ifdef PAM_READ_BOTH_CONFS) support for parsing of pam.d/ AND pam.conf files (Elliot Lee). * Added (and signed) Cristian's PGP key. (I've never met him, but I am convinced the key belongs to the guy that is making the PAM rpms and also producing libpwdb. Please note, I will not be signing anyone else's key without a personal introduction..) * fixed erroneous syslog warning in pam_listfile (Savochkin Andrey Vladimirovich, whole file reformatted by Cristian) * modified pam_securetty to return PAM_IGNORE in the case that the user's name is not known to the system (was previously, PAM_USER_UNKNOWN). The Rationale is that pam_securetty's sole purpose is to prevent superuser login anywhere other than at the console. It is not its concern that the user is unknown - only that they are _not_ root. Returning PAM_IGNORE, however, insures that the pam_securetty can never be used to "authenticate" a non-existent user. (Cristian Gafton with bug report from Roger Hu) * Modified pam_nologin to display the no-login message when the user is not known. The return value in this case is still PAM_USER_UNKNOWN. (Bug report from Cristian Gafton) * Added NEED_LCKPWD for pam_unix/ This is used to define the locking functions and should only be turned on if you don't have them in your libc. * tidied up pam_lastlog and pam_pwdb: removed function that was never used. * Note for package maintainers: I have added $(FAKEROOT) to the list of environment variables. This should help greatly when you build PAM in a subdirectory. I've gone through the tree and tried to make everything compatible with it. * added pam_env (courtesy of Dave Kinchlea) * removed pam_passwd+ from the tree. It has not been maintained in a long time and running a shell script was basically insecure. I've indicated where you can pick up the source if you want it. * #define HAVE_PAM_FAIL_DELAY . Applications can conditionally compile with this if they want to see if the facility is available. It is now always available. (corresponding compilation cleanups..) * _pam_sanitize() added to pam_misc. It purges the PAM_AUTHTOK and PAM_OLDAUTHTOK items. (calls replaced in pam_auth and pam_password) * pam_rhosts now knows about the '+' entry. Since I think this is a dangerous thing, I have required that the sysadmin supply the "promiscuous" flag for it in the corresponding configuration file before it will work. * FULL_LINUX_PAM_SOURCE_TREE exported from the top level make file. If you want to build a module, you can test for this to determine if it should take its directions from above or supply default locations for installation. Etc. 0.56: Sat Feb 15 12:21:01 PST 1997 * pam_handlers.c can now interpret the pam.d/ service config tree: - if /etc/pam.d/ exists /etc/pam.conf is IGNORED (otherwise /etc/pam.conf is treated as before) - given /etc/pam.d/ . config files are named (in lower case) by service-name . config files have same syntax as /etc/pam.conf except that the "service-name" field is not present. (there are thus three manditory fields (and arguments are optional): module-type control-flag module-path optional-args... ) * included conf/pam_conv1 for converting pam.conf to a pam.d/ version 1.0 directory tree. This program reads a pam.conf file on the standard input stream and creates ./pam.d/ (in the local directory) and fills it with ./pam.d/"service-name" files. *> Note: It will fail if ./pam.d/ already exists. PLEASE REPORT ANY BUGS WITH THIS CONVERSION PROGRAM... It currently cannot retain comments from the old conf file, so take care to do this by hand. Also, please email me with the fix that makes the shift/reduce conflict go away... * Added default module path to libpam for modules (see pam_handlers.c) it makes use of Makfile defined symbol: DEFAULT_MODULE_PATH which is inhereted from the defs/* variable $(SECUREDIR). Removed module paths from the sample pam.conf file as they are no longer needed. * pam_pwdb can now verify read protected passwords when it is not run by root. This is via a helper binary that is setuid root. * pam_permit now prompts for a username if it is not already determined * pam_rhosts now honors "debug" and no longer hardwire's "root" as the superuser's name. * pam_securetty now honors the "debug" flag * trouble parsing extra spaces fixed in pam_time and pam_group * added Michael K. Johnson's PGP key to the pgp.keys.asc list * pam_end->env not being free()'d: fixed * manuals relocated to section 3 * fixed bug in pam_mail.c, and enhanced to recognize '~' as a prefix to indicate the $HOME of the user (courtesy David Kinchlea). *Changed* from a "session" module to an "auth" module. It cannot be used to authenticate a user, but it can be used in setting credentials. * fixed a stupid bug in pam_warn.. Only PAM_SERVICE was being read :*( * pam_radius rewritten to exclusively make use of libpwdb. (minor fix to Makefile for cleaning up - AGM) * pam_limits extended to limit the total number of logins on a system at any given time. * libpam and libpam_misc use $(MAJOR_REL) and $(MINOR_REL) to set their version numbers [defined in top level makefile] * bugfix in sed command in defs/redhat.defs (AGM's fault) * The following was related to a possibility of buffer overruns in the syslogging code: removed fixed length array from syslogging function in the following modules [capitalized the log identifier so the sysadmin can "know" these are fixed on the local system], pam_ftp, pam_stress, pam_rootok, pam_securetty, pam_listfile, pam_shells, pam_warn, pam_lastlog and pam_unix_passwd (where it was definitely _not_ exploitable) 0.55: Sat Jan 4 14:43:02 PST 1997, Andrew Morgan * added "requisite" control_flag to /etc/pam.conf syntax. [See Sys. Admin. Guide for explanation] changes to pam_handlers.c * completely new handling of garbled pam.conf lines. The modus operandi now is to assume that any errors in the line are minor. Errors of this sort should *most definitely* lead to the module failing, however, just ignoring the line (as was the case previously) can lead to gaping security holes(! Not foreseen by the RFC). The "motivation" for the RFC's comments about ignoring garbled lines is present in spirit in the new code: basically a garbled line is treated like an instance of the pam_deny.so module. changes to pam_handlers.c and pam_dispatch.c . * patched libpam, to (a) call _pam_init_handlers from pam_start() and (b) to log a text error if there are no modules defined for a given service when a call to a module is requested. [pam_start() and pam_dispatch() were changed]. * patched pam_securetty to deal with "/dev/" prefix on PAM_TTY item. * reorganized the modules/Makefile to include *ALL* modules. It is now the responsibility of the modules themselves to test whether they can be compiled locally or not. * modified pam_group to add to the getgroups() list rather than overwrite it. [In the case of "HAVE_LIBPWDB" we use the pwdb_..() calls to translate the group names.]. Module now pays attention to PAM_CRED_.. flag(!) * identified and removed bugs in field reading code of pam_time and (thus) pam_group. * Cristian's patches to pam_listfile module, corresponding change to documentation. * I've discovered &ero; for sgml! Added pam_time documentation to the admin guide. * added manual pages: pam.8, pam_start.2(=pam_end.2), pam_authenticate.2, pam_setcred.2, pam_strerror.2, pam_open_session.2(=pam_close_session.2) and pam_chauthtok.2 . * added new modules: - pam_mail (tells the user if they have any new mail and sets their MAIL env variable) - pam_lastlog (reports on the last time this user called this module) * new module hooks provided. * added a timeout feature to the conversation function in libpam_misc. Documented it in the application developers' guide. * fixed bug in pam_misc_paste_env() function.. * slight modifications to wheel and rhosts writeup. * more security issues added to module and application guides. -- Things present but not mentioned in previous release (sorry) * pam_pwdb module now resets the "last_change" entry before updating a password. -- Sat Nov 30 19:30:20 PST 1996, Andrew Morgan * added environment handling to libpam. involved change to _pam_types.h also added supplementary functions to libpam_misc * added pam_radius - Cristian * slight speed up for pam_rhosts * significantly enhanced sys-admin documentation (8 p -> 41 p in PostScript). Added to other documentation too. Mostly the changes in the other docs concern the new PAM-environment support, there is also some coverage of libpam_misc in the App. Developers' guide. * Cristian's patches to pam_limits and pam_pwdb. Fixing bugs. (MORE added) * adopted Cristian's _pam_macros.h file to help with common macros and debugging stuff, gone through tree tidying up debugging lines to use this [not complete]. - for consistency replaced DROP() with _pam_drop() * commented memory debugging in top level makefile * added the following modules - pam_warn log information to syslog(3) about service application - pam_ftp if user is 'ftp' then set PAM_RUSER/PAM_RHOST with password (comment about nologin added to last release's notes) * modified the pam_listfile module. It now declares a meaningful static structure name. Sun Nov 10 13:26:39 PST 1996, Andrew Morgan **PLEASE *RE*AMEND YOUR PERSONAL LINKS** -------> http://parc.power.net/morgan/Linux-PAM/index.html <------- **PLEASE *RE*AMEND YOUR PERSONAL LINKS** A brief summary of what has changed: * many modules have been modified to accomodate fixing the pam_get_user() change. Please take note if you have a module in this distribution. * pam_unix is now the pam_unix that Red Hat has been using and which should be fairly well debugged. - I've added some #ifdef's to make it compile for me, and also updated it with respect to the libpam-0.53, so have a look at the .../modules/pam_unix/Makefile to enable cracklib and shadow features ** BECAUSE OF THIS, I cannot guarantee this code works as it ** ** did for Red Hat. Please test and report any problems. ** * the pam_unix of .52 (renamed to pam_pwdb) has been enhanced and made more flexible with by implementing it with respect to the new "Password Database Library" see http://parc.power.net/morgan/libpwdb/index.html modules included in this release that require this library to function are the following: - pam_pwdb (ne pam_unix-0.52 + some enhancements) - pam_wheel - pam_limits - pam_nologin * Added some optional code for memory debugging. In order to support this you have to enable MEMORY_DEBUG in the top level makefile and also #define MEMORY_DEBUG in your applications when they are compiled. The extra code resides in libpam (compiled if MEMORY_DEBUG is defined) and the macros for malloc etc. are to be found at the end of _pam_types.h * used above code to locate two memory leaks in pam_unix module and two in libpam (pam_handlers.h) * pam_get_user() now sets the PAM_USER item. After reading the Sun manual page again, it was clear that it should do this. Various modules have been assuming this and now I have modified most of them to account for this change. Additionally, pam_get_user() is now located in the module include file; modules are supposed to be the ones that use it(!) [Note, this is explicitly contrary to the Sun manual page, but in the spirit of the Linux distribution to date.] * replaced -D"LINUX" with -D"LINUX_PAM" as this is more explicit and less likely to be confused with -D"linux". Also, modified the libpam #include files to behave more like the Sun ones #ifndef LINUX_PAM. * removed 0. Before I begin, Linux-PAM has a new primary distribution site (kindly donated by Power Net Inc., Los Angeles) **PLEASE AMMEND YOUR PERSONAL LINKS** -------> http://www.power.net/morgan/Linux-PAM <------- **PLEASE AMMEND YOUR PERSONAL LINKS** 1. I'm hoping to make the next release a bug-fix release... So please find all the bugs(! ;^) 2. here are the changes for .52: * minor changes to module documentation [Incidently, it is now available on-line from the WWW page above]. More changes to follow in the next two releases. PLEASE EMAIL me or the list if there is anything that isn't clear! * completely changed the unix module. Now a single module for all four management groups (this meant that I could define all functions as static that were not part of the pam_sm_... scheme. AGM) - Shadow support added PASSWD - Elliot's account management included, and enhanced by Cristian Gafton. - MD5 password support added by Cristian Gafton. - maxtries for authentication now enforced. - Password changing function in pam_unix now works! Although obviously, I'm not going to *guarantee* it ;^) . - stole Marek's locking code from the Red Hat unix module. [ If you like you can #ifdef it in or out ... ] You can configure the module more from its Makefile in 0.52/modules/pam_unix/ If you are nervous that it will destroy your /etc/passwd or shadow files then EDIT the 0.52/modules/pam_unix/pam_unix_pass.-c file. Here is the warning comment from this file... -------------8<----------------- /* * * Uncomment the following #define if you are paranoid, and do not * want to risk losing your /etc/passwd or shadow files. * It works for me (AGM) but there are no guarantees. * * */ /* #define TMP__FILE */ ------------->8----------------- *** If anyone has any trouble, please *say*. Your problem will be fixed in the next release. Also please feel free to scour the code for race conditions etc... [* The above change requires that you purge your /usr/lib/security directory of the old pam_unix_XXX.so modules: they will NOT be deleted with a 'make remove'.] * the prototype for the cleanup function supplied to pam_set_data used to return "int". According to Sun it should be "void". CHANGED. * added some definitions for the 'error_status' mask values that are passed to the cleanup function associated with each module-data-item. These numbers were needed to keep up with changing a data item (see for example the code in pam_unix/support.-c that manages the maximum number of retries so far). Will see what Sun says (current indications are positive); this may be undone before 1.0 is released. Here are the definitions (from pam_modules.h). #define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */ #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ * Changed the .../conf/pam.conf file. It now points to the new pam_unix module for 'su' and 'passwd' [can get these as SimpleApps -- I use them for testing. A more extensive selection of applications is available from Red Hat...] * corrected a bug in pam_dispatch. Basically, the problem was that if all the modules were "sufficient" then the return value for this function was never set. The net effect was that _pam_dispatch_aux returned success when all the sufficient modules failed. :^( I think this is the correct fix to a problem that the Red Hat folks had found... sopwith* Removed advisory locking from libpam (thanks for the POSIX patch goes to Josh Wilmes's, my apologies for not using it in the end.). Advisory locking did not seem sufficiently secure for libpam. Thanks to Werner Almesberger for identifying the corresponding "denial of service attack". :*( * related to fix, have introduced a lock file /var/lock/subsys/PAM that can be used to indicate the system should pay attention to advisory locking on /etc/pam.conf file. To implement this you need to define PAM_LOCKING though. (see .52/libpam) * modified pam_fail_delay() function. Couldn't find the "not working" problem indicated by Michael, but modified it to do pseudo-random delays based on the values indicated by pam_fail_delay() -- the function "that may eventually go away"... Although Sun is warming to the idea. * new modules include: pam_shells - authentication for users with a shell listed in /etc/shells. Erik Troan pam_listfile - authentication based on the contents of files. Set to be more general than the above in the future. UNTESTED. Elliot Lee <@redhat.com> [Note, this module compiles with a non-trivial warning: AGM] Thu Aug 8 22:32:15 PDT 1996 (Andrew Morgan ) * modified makefiles to take more of their installation instructions from the top level makefile. Desired for integration into the Debian distribution, and generally a good idea. * fixed memory arithmetic in pam_handlers -- still need to track down why failure to load modules can lead to authentication succeding.. * added tags for new modules (smartcards from Alex -- just a promise at this stage) and a new module from Elliot Lee; pam_securetty * I have not had time to smooth out the wrinkles with it, but Alex's pam_unix modifications are provided in pam_unix-alex (in the modules directory) they will not be compiled by 'make all' and I can't even say if they do compile... I will try to look at them for .52 but, in the mean time please feel free to study/fix/discuss what is there. * pam_rhosts module. Removed code for manually setting the ruser etc. This was not very secure. * [remade .ps docs to be in letter format -- my printer complains about a4] Sunday July, 7 12:45:00 PST 1996 (Andrew Morgan ) * No longer accompanying the Linux-PAM release with apps installed. [Will provide what was here in a separate package.. (soon) lib Also see http://www.redhat.com/pam for some more (in .rpm form...)] * renamed libmisc to libpam_misc. It is currently configured to only compile the static library. For some strange reason (perhaps someone can investigate) my Linux 2.0.0 kernel with RedHat 3.0.3 system segfaults when I compile it to be a dynamic library. The segfault seems to be inside the call to the ** dl_XXX ** function...!? There is a simple flag in the libpam_misc/Makefile to turn on dynamic compiles. * Added a little unofficial code for delay support in libpam (will probably disappear later..) There is some documentation for it in the pam_modules doc now. That will obviously go too. * rewritten pam_time to use *logic* to specify the stringing together of users/times/terminals etc.. (what was there before was superficially logical but basically un-predictable!) * added pam_group. Its syntax is almost identical to pam_time but it has another field added; a list of groups to make the user a member of if they pass the previous tests. It seems to not co-exist too well with the groups in the /etc/group but I hope to have that fixed by the next release... * minor re-formatting of pam_modules documentation * removed ...// since it wasn't being used and didn't look like it would be! GCCSunday 23 22:35:00 PST 1996 (Andrew Morgan ) * The major change is the addition of a new module: pam_time for restricting access on terminals at given times for indicated users it comes with its own configuration file /etc/security/time.conf and the sample file simply restricts 'you' from satisfying the blank application if they try to use blank from any tty* * Small changes include - altered pam.conf to demonstrate above new module (try typing username: you) - very minor changes to the docs (pam_appl and pam_modules) Saturday June 2 01:40:00 PST 1996 (Andrew Morgan ) *** PLEASE READ THE README, it has changed *** * NOTE, 'su' exhibits a "system error", when static linking is used. This is because the pam_unix_... module currently only has partial static linking support. This is likely to change on Monday June 3, when Alex makes his latest version availible. I will include the updated module in next release. changes for .42: * modified the way in which libpam/pam_modules.h defines prototypes for the pam_sm_ functions. Now the module must declare which functions it is to provide *before* the #include line. (for contrasting examples, see the pam_deny and pam_rootok modules) This removed the ugly hack of defining functions that are never called to overcome warnings... This seems much tidier. insterted* updated the TODO list. (changed mailing list address) * updated README in .../modules to reflect modifications to static compliation protocol * modified the pam_modules documentation to describe this. * corrected last argument of pam_get_item( ... ) in pam_appl/modules.sgml, to "const void **". * altered GNU GPL's in the documentation, and various other parts of the distribution. *Please check* that any code you are responsible for is corrected. * Added ./Copyright (please check that it is acceptable) * updated ./README to make current and indicate the new mailing list address * have completely rewritten pam_filter. It now runs modular filter executables (stored in /usr/sbin/pam_filter/) This should make it trivial for others to write their own filters.. If you want yours included in the distribution please email the list/me. * changes to libpam; there was a silly bug with multiple arguments on a pam.conf line that was broken with a '\'. * 'su' rearranged code (to make better use of PAM) *Also* now uses POSIX signals--this should help the Alpha port. * 'passwd' now uses getlogin() to determine who's passwords to change. Sunday May 26 9:00:00 PST 1996 (Andrew Morgan ) * fixed module makefiles to create needed dynamic/static subdirectories Saturday May 25 20:30:27.8 PST 1996 (Andrew Morgan ) * LOTS has changed regarding how the modules/libpam are built. * Michael's mostly complete changes for static support--see below (Andrew got a little carried away and automated the static linking of modules---bugs are likely mine ;( ) * Thanks mostly to Michael, libpam now compiles without a single warning :^] * made static modules/library optional. CFLAGS* added 'make sterile' to top level makefile. This does extraclean and remove * added Michael and Joseph to documentation credits (and a subsection for future documentation of static module support in pam_modules.sgml) * libpam; many changes to makefiles and also automated the inclusion of static module objects in pam_static.c * modified modules for automated static/dynamic support. Added static & dynamic subdirectories, as instructed by Michael * removed an annoying syslog message from pam_filter: "parent exited.." * updated todo list (anyone know anything about svgalib/X? we probably should have some support for these...) Friday May 24 16:30:15 EDT 1996 (Michael K. Johnson ) * Added first (incomplete) cut at static support. This includes: . changes in libpam, including a new file, pam_static.c . changes to modules including exporting struct of function pointers . static and dynamic linking can be combined . right now, the only working combinations are just dynamic linking and dynamic libpam.so with static modules linked into libpam.so. That's on the list of things to fix... . modules are built differently depending on whether they are static or dynamic. Therefore, there are two directories under each module directory, one for static, and one for dynamic modules. * Fixed random brokenness in the Makefiles. [ foo -nt bar ] is rather redundant in a makefile, for instance. Also, passing on the command line is broken because it cannot be overridden in any way (even adding important parts) in lower-level makefiles. * Unfortunately, fixing some of the brokenness meant that I used GNU-specific stuff. However, I *think* that there was GNU-specific stuff already. And I think that we should just use the GNU extensions, because any platform that GNU make doesn't port to easily will be hard to port to anyway. It also won't be likely passwd to handle autoconf, which was Ted's suggestion for getting around limitations in standard make... For now, I suggest that we just use some simple GNU-specific extensions. Monday May 20 22:00:00 PST 1996 (Andrew Morgan ) * added some text to pam_modules.sgml * corrected Marek's name in all documentation * made pam_stress conform to chauthtok conventions -- ie can now request old password before proceeding. * included Alex's latest unix module * included Al's + password strength checking module * included pam_rootok module * fixed too many bugs in libpam.. all subtly related to the argument lists or use of syslog. Added more debugging lines here too. * fixed the pam.conf file * deleted pam_test module. It is pretty old and basically superceeded by pam_stress Friday May 9 1:00:00 PST 1996 (Andrew Morgan ) * updated documentaion, added Al Longyear to credits and corrected the spelling of Jeff's name(!). Most changes to pam.sgml (even added a figure!) * new module pam_rhosts_auth (from Al Longyear) * new apps rlogind and ftpd (a patch) from Al. * modified 'passwd' to not call pam_authenticate (note, none of the modules respect this convention yet!) * fixed bug in libpam that caused trouble if the last line of a pam.conf file ends with a module name and no newline character * also made more compatable with documentation, in that bad lines in pam.conf are now ignored rather than causing libpam to return an error to the app. * libpam now overwrites the AUTHTOKs when returning from pam_authenticate and pam_chauthtok calls (as per Sun/RFC too) * libpam is now installed as libpam.so.XXX in a way that ldconfig can handle! Wednesday May 1 22:00:00 PST 1996 (Andrew Morgan ) * removed .../test directory, use .../examples from now on. * added .../apps directory for fully functional applications - the apps directory contains directories that actually contain the apps. the idea is to make application compilation conditional on the presence of the directory. Note, there are entries in the Makefile for 'login' and 'ftpd' that are ready for installation... Email me if you want to reserve a directory name for an application you are working on... * similar changes to .../modules makefile [entries for pam_skey and pam_kerberos created---awaiting the directories.] Email me if you want to register another module... * minor changes to docs.. Not really worth reprinting them quite yet! [save the trees] * added misc_conv to libmisc. it is a generic conversation function for text based applications. [would be nice to see someone create an Xlib and/or svgalib version] * fixed ctrl-z/c bug with pam_filter module [try xsh with the default pam.conf file] * added 'required' argument to 'pam_stress' module. * added a TODO list... other suggestions to the list please. Saturday April 7 00:00:00 PST 1996 ( Andrew Morgan ) * Alex and Marek please note I have altered _pam_auth_unix a little, to make it get the passwords with the "proper method" (and also fixed it to not have as many compiler warnings) * updated the conf/pam.conf file * added new example application examples/xsh.c (like blank but invokes /bin/sh) * Marc's patches for examples/blank.c (and AGM's too) * fixed stacking of modules in libpam/pam_handlers.c * fixed RESETing in libpam/pam_item.c * added new module modules/pam_filter/ to demonstrate the possibility of inserting an arbitrary filter between the terminal and the application that could do customized logging etc... (see use of bin/xsh as defined in conf/pam.conf) Saturday March 16 19:00:00 PST 1996 ( Andrew Morgan ) These notes are for 0.3 I don't think I've left anything important out, but I will use emacs 'C-x v a' next time! (Thanks Jeff) * not much has changed with the functionality of the Linux-PAM lib .../libpam - pam_password calls module twice with different arguments - added const to some of the function arguments - added PAM_MAX_MES_ to - was a lot over zealous about purging old passwords... I have removed much of this from source to make it more compatible with SUN. - moved some PAM_... tokens to pam_modules.h from _pam_types.h (no-one should notice) * added three modules: pam_permit pam_deny pam_stress no prizes for guessing what the first two do. The third is a reasonably complete (functional) module. Is intended for testing applications with. * fixed a few pieces of examples/blank.c so that it works (with pam_stress) * ammended the documentation. Looking better, but suggestions/comments very welcome! Sunday March 10 10:50:00 PST 1996 ( Andrew Morgan ) These notes are for Linux-PAM release 0.21. They cover what's changed since I relased 0.2. * am now using RCS * substantially changed ./README * fixed bug reading \\\n in pam.conf file * small changes to documentation * added `blank' application to ./examples (could be viewed as a `Linux-PAM aware' application template.) * oops. now including pam_passwd.o and pam_session.o in pamlib.so * compute md5 checksums for all the source when making a release - added `make check' and `make RCScheck' to compute md5 checksums * create a second tar file with all the RCS files in. * removed the .html and .txt docs, supplying sgml sources instead. - see README for info on where to get .ps files Thursday March 6 0:44:?? PST 1996 ( Andrew Morgan ) These notes are for Linux-PAM release 0.2. They cover what's changed since Marc Ewing relased 0.1. **** Please note. All of the directories in this release have been modified **** slightly to conform to the new pamlib. A couple of new directories have **** been added. As well as some documentation. If some of your code **** was in the previous release. Feel free to update it, but please **** try to conform to the new headers and Makefiles. * Andrew Morgan (morgan@physics.ucla.edu) is making this release availible, Marc has been busy...! * Marc's pam-0.1/lib has been (quietly) enhanced and integrated into Alex Yurie's collected tree of library and module code (linux-pam.prop.1.tar.gz). Most of the changes are to do with error checking. Some more robustness in the reading of the pam.conf file and the addition of the pam_get_user() function. * The pam_*.h files have been reorganized to logically enforce the separation of modules from applications. [Don't panic! Apart from changing references of the form #include "pam_appl.h" to #include The reorganization should be backwardly compatable (ie. a module written for SUN will be as compatable as it was before with the previous version ;)~ ] (All of the source in this tree now conforms to this scheme...) The new reorganization means that modules can be compiled with a single header, , and applications with . * I have tried to remove all the compiler warnings from the updated "pamlib/*.c" files. On my system, (with a slightly modified email me if it interests you..) there are only two warnings that remain: they are that ansi does not permit void --> fn ptr assignment. K&Rv2 doesn't mention this....? As a matter of principle, if anyone knows how to get rid of that warning... please tell. Thanks! "-pedantic" * you can "make all" as a plain user, but * to "make install" you must be root. The include files are placed in /usr/include/security. The libpam.so library is installed in /usr/lib and the modules in /usr/lib/security. The two test binaries are installed in the Linux-PAM-0.2/bin directory and a chance is given to replace your /etc/pam.conf file with the one in Linux-PAM-0.2/conf. * I have included some documentation (pretty preliminary at the moment) which I have been working on in .../doc . I have had a little trouble with the modules, but atleast there are no segfaults! Please try it out and discuss your results... I actually hope it all works for you. But, Email any bugs/suggestions to the Linux-PAM list: linux-pam@mit.edu ..... Regards, Andrew Morgan (morgan@physics.ucla.edu) Sat Feb 17 17:30:24 EST 1996 (Alexander O. Yuriev alex@bach.cis.temple.edu) * conf directory created with example of pam_conf * stable code from pam_unix is added to modules/pam_unix * test/test.c now requests username and password and attempts to perform authentication pam/COPYING0000644000000000000000000000377513261244762007577 0ustar Unless otherwise *explicitly* stated the following text describes the licensed conditions under which the contents of this Linux-PAM release may be distributed: ------------------------------------------------------------------------- Redistribution and use in source and binary forms of Linux-PAM, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain any existing copyright notice, and this entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission. ALTERNATIVELY, this product may be distributed under the terms of the GNU General Public License, in which case the provisions of the GNU GPL are required INSTEAD OF the above restrictions. (This clause is necessary due to a potential conflict between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- pam/ChangeLog0000644000000000000000000007057413261244762010317 0ustar 2013-09-19 Thorsten Kukuk Release version 1.1.8. 2013-09-16 Thorsten Kukuk Check return value of setuid to remove glibc warnings. * modules/pam_unix/pam_unix_acct.c: Check setuid return value. * modules/pam_unix/support.c: Likewise. 2013-09-13 Tomas Mraz Write to *rounds only if non-NULL. modules/pam_unix/support.c(_set_ctrl): Write to *rounds only if non-NULL. Add missing ')' modules/pam_unix/pam_unix_passwd.c: Add missing ')'.. 2013-09-11 Thorsten Kukuk Release version 1.1.7. 2013-09-11 Tomas Mraz Updated translations from Transifex. po/*.po: Updated translations from Transifex. 2013-09-04 Thorsten Kukuk Extend pam_exec by stdout and type= options (ticket #8): * modules/pam_exec/pam_exec.c: Add stdout and type= option * modules/pam_exec/pam_exec.8.xml: Document new options 2013-08-30 Thorsten Kukuk Fix compile error. * modules/pam_unix/pam_unix_acct.c: fix last change 2013-08-29 Thorsten Kukuk Restart waitpid if it returns with EINTR (ticket #17) * modules/pam_unix/pam_unix_acct.c: run waitpid in a while loop. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c: Likewise. 2013-08-28 Thorsten Kukuk misc_conv.3: Fix documentation of misc_conv. doc/man/misc_conv.3.xml: Fix return value of misc_conv 2013-08-23 Tomas Mraz Apply the exclusive check in pam_sepermit only when loginuid not set. * modules/pam_sepermit/pam_sepermit.c(get_loginuid): Read loginuid from /proc (sepermit_match): Apply the exclusive check only when loginuid not set. 2013-08-22 Tomas Mraz Updated translations from Transifex. * po/*.po: Updated translations from Transifex. 2013-07-02 Dmitry V. Levin pam_rootok: fix linking in --enable-audit mode. pam_rootok.c explicitly uses functions from libaudit, so the module has to be linked with the library. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Add @LIBAUDIT@. 2013-07-01 Richard Guy Briggs pam_tty_audit: fix a typo that crept in during patch review. * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Replace all occurrences of HAVE_AUDIT_TTY_STATUS_LOG_PASSWD with HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD. * configure.in (HAVE_AUDIT_TTY_STATUS_LOG_PASSWD): Remove. 2013-06-21 Richard Guy Briggs pam_tty_audit: add an option to control logging of passwords: log_passwd Most commands are entered one line at a time and processed as complete lines in non-canonical mode. Commands that interactively require a password, enter canonical mode with echo set to off to do this. This feature (icanon and !echo) can be used to avoid logging passwords by audit while still logging the rest of the command. Adding a member to the struct audit_tty_status passed in by pam_tty_audit allows control of logging passwords per task. * configure.in: autoconf bits to conditionally add support at compile time depending on struct audit_tty_status kernel header version. * modules/pam_tty_audit/pam_tty_audit.8.xml: Document new pam_tty_audit module log_passwd option. * modules/pam_tty_audit/pam_tty_audit.c: (pam_sm_open_session): Added "log_passwd" option parsing. 2013-06-20 Tomas Mraz Man page fix - unix_update runs in the permissive mode as well. modules/pam_unix/unix_update.8.xml: unix_update helper runs in the permissive mode as well. 2013-06-18 Thorsten Kukuk Use hash from /etc/login.defs as default if no other one is specified as argument. * modules/pam_unix/support.c: Add search_key, call from __set_ctrl * modules/pam_unix/support.h: Add define for /etc/login.defs * modules/pam_unix/pam_unix.8.xml: Document new behavior. * modules/pam_umask/pam_umask.c: Add missing NULL pointer check 2013-04-12 Tomas Mraz pam_access: better not change the default function used to get domain name. modules/pam_access/pam_access.c (netgroup_match): As we did not use yp_get_default_domain() in the 1.1 branch due to typo in ifdef we should use it only as fallback. 2013-03-28 Tomas Mraz Fix strict aliasing issue in MD5 implementations. modules/pam_namespace/md5.c (MD5Final): Use memcpy instead of assignment. modules/pam_unix/md5.c (MD5Final): Use memcpy instead of assignment. 2013-03-22 Tomas Mraz pam_lastlog: Do not fail on short read if btmp is corrupted. modules/pam_lastlog/pam_lastlog.c (last_login_failed): Just warn, not fail on short read or read error. pam_rootok: Allow proper logging of the user AVC if access disallowed by SELinux modules/pam_rootok/pam_rootok.c (log_callback, selinux_check_root): New functions. (check_for_root): Use the selinux_check_root() instead of checkPasswdAccess. 2013-02-08 Tomas Mraz Add checks for crypt() returning NULL. modules/pam_pwhistory/opasswd.c (compare_password): Add check for crypt() NULL return. modules/pam_unix/bigcrypt.c (bigcrypt): Likewise. 2013-02-07 Tomas Mraz pam_userdb: Allow also modern password hashes supported by crypt(). modules/pam_userdb/pam_userdb.c (user_lookup): Allow password hashes longer than 13 characters and long salt. 2013-01-18 Walter de Jong pam_access: fix typo in ifdef. modules/pam_access/pam_access.c (netgroup_match): Fix typo in #ifdef HAVE_YP_GET_DEFAULT_DOMAIN. 2012-12-20 Tomas Mraz pam_cracklib: Mention checks that are not run for root. modules/pam_cracklib/pam_cracklib.8.xml: Add note about checks when run as root. Update also the POT file. po/Linux-PAM.pot: Update to reflect current sources. 2012-12-12 Tomas Mraz Updated translations from Transifex, added new languages. po/LINGUAS: Added new languages. po/*.po: Updated translations from Transifex including new languages. 2012-11-30 Tomas Mraz pam_selinux: Drop obsolete and unsupported manual context selection. modules/pam_selinux/pam_selinux.c (manual_context): Drop function. (compute_exec_context): Drop manual_context() call. 2012-11-23 Tomas Mraz pam_limits: fix grammatical mistake. modules/pam_limits/limits.conf: Fix grammatical mistake. 2012-11-13 Tomas Mraz Reflect the enforce_for_root semantics change in pam_pwhistory xtest. xtests/tst-pam_pwhistory1.pamd: Use enforce_for_root as the test is running with real uid == 0. 2012-10-10 Dmitry V. Levin pam_unix: fix build in --enable-selinux mode. glibc's starting with commit http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=glibc-2.15-231-gd94a467 does not include for POSIX 2008 conformance reasons, so when pam is being built with SELinux support enabled, pam_unix_passwd.c uses getrlimit(2) and therefore should include without relying on other headers. * modules/pam_unix/pam_unix_passwd.c: Include . Reported-by: Guido Trentalancia Reported-by: "Jory A. Pratt" Reported-by: Diego Elio Pettenò 2012-10-10 Tomas Mraz pam_namespace: add mntopts flag for tmpfs mount options. modules/pam_namespace/pam_namespace.h: Add mount_opts member to polydir structure. modules/pam_namespace/pam_namespace.c (del_polydir): Free the mount_opts. (parse_method): Parse the mntopts flag. (ns_setup): Pass the mount_opts to mount(). modules/pam_namespace/namespace.conf.5.xml: Document the mntopts flag. 2012-09-06 Tomas Mraz pam_selinux, pam_tally2: Add tty and rhost to audit data. modules/pam_selinux/pam_selinux.c (send_audit_message): Obtain tty and rhost from PAM items and pass them to audit. modules/pam_tally2/pam_tally2.c (tally_check): Obtain tty and rhost from PAM items and pass them to audit. (main): Obtain tty name of stdin and pass it to audit. Update configure.in to use more recent interfaces. configure.in: Use LT_INIT instead of AC_PROG_LIBTOOL and AS_HELP_STRING instead of AC_HELP_STRING. 2012-08-17 Tomas Mraz Add missing $(DESTDIR) when making directories on install. modules/pam_namespace/Makefile.am: Add missing $(DESTDIR) when making $(namespaceddir) on install. modules/pam_sepermit/Makefile.am: Add missing $(DESTDIR) when making $(sepermitlockdir) on install. 2012-08-17 Thorsten Kukuk release version 1.1.6. configure.in: Bump version to 1.1.6 NEWS: Document changes po/*.po: Regenerate *.po files 2012-08-16 Thorsten Kukuk Small documentation and define fixes. modules/pam_limits/limits.conf.5.xml: Document race of maxlogins [#10] modules/pam_namespace/pam_namespace.h: Define MS_SLAVE if necessary modules/pam_pwhistory/pam_pwhistory.c: Document how the module works modules/pam_unix/pam_unix.8.xml: Document remember option obsoleted by pam_pwhistory [#6] 2012-08-13 Tomas Mraz Respect PAM_AUTHTOK_TYPE in pam_get_authtok_verify(). libpam/pam_get_authtok.c (pam_get_authtok_internal): Set the PAM_AUTHTOK_TYPE item when obtained from module options. (pam_get_authtok_verify): Use the PAM_AUTHTOK_TYPE item when prompting. 2012-08-09 Tomas Mraz Document limits.d also in the limits.conf manpage. modules/pam_limits/limits.conf.5.xml: Document the limits.d existence. 2012-07-23 Tomas Mraz New autotools do not create empty directories on install. modules/pam_namespace/Makefile.am: Add install-data-local target to create namespaceddir. modules/pam_sepermit/Makefile.am: Add install-data-local target to create sepermitlockdir. 2012-07-09 Stevan Bajić RLIMIT_* variables are no longer defined unless you explicitly include sys/resource.h. modules/pam_unix/pam_unix_acct.c: Include sys/resource.h. 2012-06-27 Tomas Mraz pam_umask: correct the documentation of GECOS field parsing. modules/pam_umask/pam_umask.8.xml: Correct the documentation of GECOS field parsing. 2012-06-22 Tomas Mraz pam_cracklib: Add monotonic character sequence checking. modules/pam_cracklib/pam_cracklib.c (_pam_parse): Parse the maxsequence option. (sequence): New function to check for too long monotonic sequence of characters. (password_check): Call the sequence(). modules/pam_cracklib/pam_cracklib.8.xml: Document the maxsequence check. 2012-06-01 Tomas Mraz pam_timestamp: Fix copy&paste error in manpage. modules/pam_timestamp/pam_timestamp.8.xml: Fix AUTHOR section. 2012-05-28 Tomas Mraz Pulled new translations from Transifex. po/*.po: Updated translations. pam_pwhistory: Always record the old password even when root changes it. modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Use the UID of the process instead of the target user UID (same as in pam_cracklib) to check for root. Always record old password. 2012-05-24 Tomas Mraz pam_cracklib: Add enforce_for_root option. modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the enforce_for_root option. (pam_sm_chauthtok): Enforce errors for root with the option. modules/pam_cracklib/pam_cracklib.8.xml: Document the enforce_for_root option. 2012-04-30 Tomas Mraz pam_cracklib: Add maxclassrepeat, gecoscheck checks and remove unused difignore. modules/pam_cracklib/pam_cracklib.c (_pam_parse): Recognize the maxclassrepeat, gecoscheck options. Ignore difignore option. (simple): Add the check for the same class repetition. (usercheck): Refactor into wordcheck(). (gecoscheck): New test for words from the GECOS field. (password_check): Call the gecoscheck(). (pam_sm_chauthtok): Drop the diff_ignore from options struct. modules/pam_cracklib/pam_cracklib.8.xml: Document the maxclassrepeat and gecoscheck checks, update the documentation of the difok test. pam_lastlog: Never lock out the root account. modules/pam_lastlog/pam_lastlog.c (pam_sm_authenticate): Return PAM_SUCCESS if uid==0. modules/pam_lastlog/pam_lastlog.8.xml: Improve documentation. 2012-04-17 Tomas Mraz pam_lastlog: add possibility to lock out inactive users in auth or account * modules/pam_lastlog/pam_lastlog.8.xml: Document the new functionality and option. * modules/pam_lastlog/pam_lastlog.c: Add the inactive user lock out. (_pam_session_parse): Renamed from _pam_parse. (_pam_auth_parse): New function to parse auth arguments. (_last_login_open): Factor out opening of the lastlog file. (_last_login_read): Factor out opening of the lastlog file. (pam_sm_authenticate): Implement the lockout functionality. (pam_sm_setcred): Just return PAM_SUCCESS. (pam_sm_acct_mgmt): Call pam_sm_authenticate(). 2012-04-11 Paul Wouters Check for crypt() failure returning NULL. * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Adjust syslog message. * modules/pam_unix/passverify.c (create_password_hash): Check for crypt() returning NULL. 2012-02-03 Dmitry V. Levin pam_unix: make configuration consistent in --enable-static-modules mode. In --enable-static-modules mode, it was not possible to use "pam_unix" in PAM config files. Instead, different names had to be used for each management group: pam_unix_auth, pam_unix_acct, pam_unix_passwd and pam_unix_session. This change makes pam_unix configuration consistent with other PAM modules. * README: Remove the paragraph describing pam_unix distinctions in --enable-static-modules mode. * libpam/pam_static_modules.h (_pam_unix_acct_modstruct, _pam_unix_auth_modstruct, _pam_unix_passwd_modstruct, _pam_unix_session_modstruct): Remove. (_pam_unix_modstruct): New pam_module declaration. * modules/pam_unix/pam_unix_static.h: New file. * modules/pam_unix/pam_unix_static.c: Likewise. * modules/pam_unix/Makefile.am (noinst_HEADERS): Add pam_unix_static.h (pam_unix_la_SOURCES) [STATIC_MODULES]: Add pam_unix_static.c * modules/pam_unix/pam_unix_acct.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_acct_modstruct): Remove. * modules/pam_unix/pam_unix_auth.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_auth_modstruct): Remove. * modules/pam_unix/pam_unix_passwd.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_passwd_modstruct): Remove. * modules/pam_unix/pam_unix_sess.c [PAM_STATIC]: Include pam_unix_static.h [PAM_STATIC] (_pam_unix_session_modstruct): Remove. Suggested-by: Matveychikov Ilya 2012-01-27 Dmitry V. Levin Make --disable-cracklib compatible with --enable-static-modules mode. * configure.in: Define HAVE_LIBCRACK when cracklib is enabled. * libpam/pam_static_modules.h (static_modules): Guard the use of _pam_cracklib_modstruct by HAVE_LIBCRACK macro. 2012-02-10 Tomas Mraz Add missing includes for types used in the pam_modutil.h. * libpam/include/security/pam_modutil.h: Add missing includes for used types. 2012-01-27 Matveychikov Ilya Fix compile time errors in --enable-static-modules mode. * libpam/pam_static_modules.h (_pam_rhosts_auth_modstruct): Remove obsolete declaration. (static_modules): Remove undefined reference to _pam_rhosts_auth_modstruct. * modules/pam_pwhistory/opasswd.h: Rename {save,check}_old_password to {save,check}_old_pass in order to avoid conflicts with pam_unix. * modules/pam_pwhistory/opasswd.c: Likewise. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * modules/pam_tally2/pam_tally2.c: Rename _pam_tally_modstruct to _pam_tally2_modstruct. 2012-01-26 Dmitry V. Levin Fix SUBDIRS for --enable-static-modules mode. There is no way to build "modules" subdirectory before "libpam" anyway. In STATIC_MODULES mode, "libpam" subdirectory must be built twice to produce a usable libpam.a without undefined references to multiple _pam_*_modstruct symbols. * Makefile.am: Use default SUBDIRS in STATIC_MODULES mode. 2012-01-26 Matveychikov Ilya configure: fix typo in --disable-nis help string. * configure.in: Change '-disable-nis' to '--disable-nis'. 2012-01-26 Tomas Mraz Do not unmount anything by default in pam_namespace close session call. * modules/pam_namespace/pam_namespace.c (pam_sm_close_session): Recognize the unmount_on_close option and make the default to be to not unmount. * modules/pam_namespace/pam_namespace.h: Rename PAMNS_NO_UNMOUNT_ON_CLOSE to PAMNS_UNMOUNT_ON_CLOSE. * modules/pam_namespace/pam_namespace.8.xml: Document the change. 2012-01-24 Tomas Mraz Make / mount as rslave instead of bind mounting polydirs. * modules/pam_namespace/pam_namespace.c (protect_dir): Drop the always argument. (check_inst_parent): Drop the always argument from protect_dir(). (create_polydir): Likewise. (ns_setup): Likewise and do not mark the polydir with MS_PRIVATE. (setup_namespace): Mark the / with MS_SLAVE|MS_REC. * modules/pam_namespace/pam_namespace.8.xml: Reflect the change in docs. 2012-01-13 Tomas Mraz Add possibility to match ruser, rhost, and tty in pam_succeed_if. * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Match ruser, rhost, and tty as left operand. * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the new possible left operands. 2012-01-03 Tomas Mraz Merge branch 'master' of ssh://git.fedorahosted.org/git/linux-pam. Fix matching of usernames in the pam_unix remember feature. * modules/pam_unix/pam_unix_passwd.c (check_old_password): Make sure we match only the whole username in opasswd entry. * modules/pam_unix/passverify.c (save_old_password): Likewise make sure we match only the whole username in opasswd entry. 2011-12-26 Dmitry V. Levin pam_start: fix memory leak on error path. * libpam/pam_start.c (pam_start): If _pam_make_env() or _pam_init_handlers() returned an error, release the memory allocated for pam_conv structure. Patch-by: cancel . 2011-11-03 Dmitry V. Levin pam_selinux.8.xml: update. * modules/pam_selinux/pam_selinux.8.xml (pam_selinux-cmdsynopsis): Reorder options, add new "restore" option. pam_selinux-description): Rewrite. (pam_selinux-options): Reorder options, describe new "restore" option. (pam_selinux-return_values): Remove PAM_AUTH_ERR, PAM_SESSION_ERR and PAM_BUF_ERR. (pam_selinux-see_also): Remove pam.conf(5). Add execve(2), tty(4) and selinux(8). pam_selinux.c: add "restore" option. * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Add new "restore" option. pam_selinux.c: rewrite using pam_get_data/pam_set_data. * modules/pam_selinux/pam_selinux.c (security_restorelabel_tty, security_label_tty): Remove old functions. (module_data_t): New structure. (free_module_data, cleanup, get_module_data, get_item, set_exec_context, set_file_context, compute_exec_context, compute_tty_context, restore_context, set_context, create_context): New functions. (pam_sm_authenticate, pam_sm_setcred, pam_sm_open_session, pam_sm_close_session): Use them. 2011-10-28 Dmitry V. Levin Use libpam.la/libpam_misc.la to link with -lpam/-lpam_misc. GNU automake documentation recommends to avoid using -l options in LDADD or LIBADD when referring to libraries built by the package. Instead, it recommends to write the file name of the library explicitly, and use -l option only to list third-party libraries. As result, the default value of *_DEPENDENCIES will list all local libraries and omit the other ones. * modules/pam_access/Makefile.am (pam_access_la_LIBADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", to follow GNU automake recommendations. * modules/pam_cracklib/Makefile.am (pam_cracklib_la_LIBADD): Likewise. * modules/pam_debug/Makefile.am (pam_debug_la_LIBADD): Likewise. * modules/pam_deny/Makefile.am (pam_deny_la_LIBADD): Likewise. * modules/pam_echo/Makefile.am (pam_echo_la_LIBADD): Likewise. * modules/pam_env/Makefile.am (pam_env_la_LIBADD): Likewise. * modules/pam_exec/Makefile.am (pam_exec_la_LIBADD): Likewise. * modules/pam_faildelay/Makefile.am (pam_faildelay_la_LIBADD): Likewise. * modules/pam_filter/Makefile.am (pam_filter_la_LIBADD): Likewise. * modules/pam_filter/upperLOWER/Makefile.am (LDADD): Likewise. * modules/pam_ftp/Makefile.am (pam_ftp_la_LIBADD): Likewise. * modules/pam_group/Makefile.am (pam_group_la_LIBADD): Likewise. * modules/pam_issue/Makefile.am (pam_issue_la_LIBADD): Likewise. * modules/pam_keyinit/Makefile.am (pam_keyinit_la_LIBADD): Likewise. * modules/pam_lastlog/Makefile.am (pam_lastlog_la_LIBADD): Likewise. * modules/pam_limits/Makefile.am (pam_limits_la_LIBADD): Likewise. * modules/pam_listfile/Makefile.am (pam_listfile_la_LIBADD): Likewise. * modules/pam_localuser/Makefile.am (pam_localuser_la_LIBADD): Likewise. * modules/pam_loginuid/Makefile.am (pam_loginuid_la_LIBADD): Likewise. * modules/pam_mail/Makefile.am (pam_mail_la_LIBADD): Likewise. * modules/pam_mkhomedir/Makefile.am (pam_mkhomedir_la_LIBADD, mkhomedir_helper_LDADD): Likewise. * modules/pam_motd/Makefile.am (pam_motd_la_LIBADD): Likewise. * modules/pam_namespace/Makefile.am (pam_namespace_la_LIBADD): Likewise. * modules/pam_nologin/Makefile.am (pam_nologin_la_LIBADD): Likewise. * modules/pam_permit/Makefile.am (pam_permit_la_LIBADD): Likewise. * modules/pam_pwhistory/Makefile.am (pam_pwhistory_la_LIBADD): Likewise. * modules/pam_rhosts/Makefile.am (pam_rhosts_la_LIBADD): Likewise. * modules/pam_rootok/Makefile.am (pam_rootok_la_LIBADD): Likewise. * modules/pam_securetty/Makefile.am (pam_securetty_la_LIBADD): Likewise. * modules/pam_sepermit/Makefile.am (pam_sepermit_la_LIBADD): Likewise. * modules/pam_shells/Makefile.am (pam_shells_la_LIBADD): Likewise. * modules/pam_stress/Makefile.am (pam_stress_la_LIBADD): Likewise. * modules/pam_succeed_if/Makefile.am (pam_succeed_if_la_LIBADD): Likewise. * modules/pam_tally/Makefile.am (pam_tally_la_LIBADD): Likewise. * modules/pam_tally2/Makefile.am (pam_tally2_la_LIBADD, pam_tally2_LDADD): Likewise. * modules/pam_time/Makefile.am (pam_time_la_LIBADD): Likewise. * modules/pam_timestamp/Makefile.am (pam_timestamp_la_LIBADD, pam_timestamp_check_LDADD, hmacfile_LDADD): Likewise. * modules/pam_tty_audit/Makefile.am (pam_tty_audit_la_LIBADD): Likewise. * modules/pam_umask/Makefile.am (pam_umask_la_LIBADD): Likewise. * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Likewise. * modules/pam_userdb/Makefile.am (pam_userdb_la_LIBADD): Likewise. * modules/pam_warn/Makefile.am (pam_warn_la_LIBADD): Likewise. * modules/pam_wheel/Makefile.am (pam_wheel_la_LIBADD): Likewise. * modules/pam_xauth/Makefile.am (pam_xauth_la_LIBADD): Likewise. * tests/Makefile.am (LDADD): Likewise. * examples/Makefile.am (LDADD): Replace "-L$(top_builddir)/libpam -lpam" with "$(top_builddir)/libpam/libpam.la", and "-L$(top_builddir)/libpam_misc -lpam_misc" with "$(top_builddir)/libpam_misc/libpam_misc.la", to follow GNU automake recommendations. * xtests/Makefile.am (LDADD): Likewise. * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Likewise. Fix usage of LIBADD, LDADD and LDFLAGS. * modules/pam_selinux/Makefile.am: Rename pam_selinux_check_LDFLAGS to pam_selinux_check_LDADD. * modules/pam_userdb/Makefile.am: Split out pam_userdb_la_LIBADD from AM_LDFLAGS. * modules/pam_warn/Makefile.am: Split out pam_warn_la_LIBADD from AM_LDFLAGS. * modules/pam_wheel/Makefile.am: Split out pam_wheel_la_LIBADD from AM_LDFLAGS. * modules/pam_xauth/Makefile.am: split out pam_xauth_la_LIBADD from AM_LDFLAGS. * xtests/Makefile.am: Rename AM_LDFLAGS to LDADD. 2011-10-27 Dmitry V. Levin Update .gitignore files. * .gitignore: Add common ignore patterns. * m4/.gitignore: Unignore local m4 files. * dynamic/.gitignore: Unignore Makefile. * libpamc/test/modules/.gitignore: Likewise. * libpamc/test/regress/.gitignore: Likewise. * po/.gitignore: Add Makevars.template. * conf/.gitignore: Remove common ignore patterns. * conf/pam_conv1/.gitignore: Likewise. * doc/.gitignore: Likewise. * doc/specs/.gitignore: Likewise. * doc/specs/formatter/.gitignore: Likewise. * examples/.gitignore: Likewise. * modules/pam_filter/upperLOWER/.gitignore: Likewise. * modules/pam_mkhomedir/.gitignore: Likewise. * modules/pam_selinux/.gitignore: Likewise. * modules/pam_stress/.gitignore: Likewise. * modules/pam_tally/.gitignore: Likewise. * modules/pam_tally2/.gitignore: Likewise. * modules/pam_timestamp/.gitignore: Likewise. * modules/pam_unix/.gitignore: Likewise. * tests/.gitignore: Likewise. * xtests/.gitignore: Likewise. * doc/adg/.gitignore: Remove. * doc/man/.gitignore: Remove. * doc/mwg/.gitignore: Remove. * doc/sag/.gitignore: Remove. * libpamc/.gitignore: Remove. * libpamc/test/.gitignore: Remove. * libpam/.gitignore: Remove. * libpam_misc/.gitignore: Remove. * modules/.gitignore: Remove. * modules/pam_access/.gitignore: Remove. * modules/pam_cracklib/.gitignore: Remove. * modules/pam_debug/.gitignore: Remove. * modules/pam_deny/.gitignore: Remove. * modules/pam_echo/.gitignore: Remove. * modules/pam_env/.gitignore: Remove. * modules/pam_exec/.gitignore: Remove. * modules/pam_faildelay/.gitignore: Remove. * modules/pam_filter/.gitignore: Remove. * modules/pam_ftp/.gitignore: Remove. * modules/pam_group/.gitignore: Remove. * modules/pam_issue/.gitignore: Remove. * modules/pam_keyinit/.gitignore: Remove. * modules/pam_lastlog/.gitignore: Remove. * modules/pam_limits/.gitignore: Remove. * modules/pam_listfile/.gitignore: Remove. * modules/pam_localuser/.gitignore: Remove. * modules/pam_loginuid/.gitignore: Remove. * modules/pam_mail/.gitignore: Remove. * modules/pam_motd/.gitignore: Remove. * modules/pam_namespace/.gitignore: Remove. * modules/pam_nologin/.gitignore: Remove. * modules/pam_permit/.gitignore: Remove. * modules/pam_pwhistory/.gitignore: Remove. * modules/pam_rhosts/.gitignore: Remove. * modules/pam_rootok/.gitignore: Remove. * modules/pam_securetty/.gitignore: Remove. * modules/pam_sepermit/.gitignore: Remove. * modules/pam_shells/.gitignore: Remove. * modules/pam_succeed_if/.gitignore: Remove. * modules/pam_time/.gitignore: Remove. * modules/pam_tty_audit/.gitignore: Remove. * modules/pam_umask/.gitignore: Remove. * modules/pam_userdb/.gitignore: Remove. * modules/pam_warn/.gitignore: Remove. * modules/pam_wheel/.gitignore: Remove. * modules/pam_xauth/.gitignore: Remove. Move generated auxiliary files to build-aux directory. * configure.in: Add AC_CONFIG_AUX_DIR([build-aux]). Remove generated files. * ABOUT-NLS: Remove. * INSTALL: Remove. * config.rpath: Remove. * install-sh: Remove. * mkinstalldirs: Remove. * Makefile.am (EXTRA_DIST): Remove config.rpath and mkinstalldirs. * .gitignore: Add ABOUT-NLS and INSTALL. Create release tarballs using safe ownership and permissions. * Makefile.am: Define and export TAR_OPTIONS. Generate ChangeLog from git log. * .gitignore: Add ChangeLog * ChangeLog: Rename to ChangeLog-CVS. * Makefile.am (gen-changelog): New rule. (dist-hook, .PHONY): Depend on it. (EXTRA_DIST): Add ChangeLog-CVS. * README-hacking: New file. * gitlog-to-changelog: Import from gnulib. * autogen.sh: Create empty ChangeLog file to make automake strictness check happy. Use automated "autoreconf -fiv" instead of manual invocations of various autotools. Fix "make distcheck" There is no use to distribute m4 files manually, because automake does the right thing, while manual distribution is not only redundant but also very fragile. * Makefile.am (M4_FILES): Remove. (EXTRA_DIST): Remove M4_FILES. Remove modules/pam_timestamp/hmacfile from distribution. * modules/pam_timestamp/Makefile.am (dist_TESTS): Add tst-pam_timestamp. (nodist_TESTS): Add hmacfile. (EXTRA_DIST): Replace TESTS with dist_TESTS. Rename all .cvsignore files to .gitignore. Fix whitespace issues. Cleanup trailing whitespaces, indentation that uses spaces before tabs, and blank lines at EOF. Make the project free of warnings reported by git diff --check 4b825dc642cb6eb9a060e54bf8d69288fbee4904 HEAD See ChangeLog-CVS for earlier changes. pam/ChangeLog-CVS0000644000000000000000000053657013261244762010753 0ustar 2011-10-26 Dmitry V. Levin NB: ChangeLog file is no longer manually maintained. See README-hacking for details. 2011-10-25 Thorsten Kukuk * release version 1.1.5 * configure.in: Bump version number. * modules/pam_tally2/pam_tally2.8.xml: Remove never used option "no_lock_time". 2011-10-14 Kees Cook * modules/pam_env/pam_env.c (_expand_arg): Abort when encountering an overflowed environment variable expansion. Fixes CVE-2011-3149. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874565 * modules/pam_env/pam_env.c (_assemble_line): Correctly count leading whitespace. Fixes CVE-2011-3148. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/pam/+bug/874469 2011-10-10 Tomas Mraz * modules/pam_access/pam_access.c: Add hostname resolution cache. (user_match): Clear the cache in fake_item. (from_match): If from is not hostname, do not try to resolve it. Cache the getaddrinfo() result. (network_netmask_match): Cache the getaddrinfo() result. (pam_sm_authenticate): Free the getaddrinfo() result. * modules/pam_access/pam_access.c (netgroup_match): If getdomainname() fails or domainname not set use NULL as domain in innetgr(). 2011-09-30 Tomas Mraz * doc/man/pam.conf-syntax.xml: Improve documentation of the sufficient and requisite control values. (Red Hat Bug #742413) 2011-08-25 Tomas Mraz * modules/pam_access/pam_access.c (user_match): Fix the split on @ in the user field. (Red Hat Bug #732081) * modules/pam_loginuid/pam_loginuid.c: Correct the FSF address. 2011-08-23 Tomas Mraz * modules/pam_env/pam_env.c (_pam_parse): Fix missing dereference. 2011-06-22 Thorsten Kukuk * release version 1.1.4 * configure.in: Bump version number. * NEWS: Document changes since 1.1.3 * libpam/Makefile.am: Bump release number of shared library * po/de.po: Translate new string. * modules/pam_unix/Makefile.am (pam_unix_la_LIBADD): Reorder Libraries. 2011-06-21 Thorsten Kukuk * modules/pam_limits/pam_limits.c: Add set_all option, read limits from PID one if no limit is specified and set_all is set. * modules/pam_limits/pam_limits.8.xml: Document set_all option. Based on Patch by Kees Cook. 2011-06-15 Tomas Mraz * modules/pam_sepermit/pam_sepermit.c (check_running): Avoid leaking memory and dir handle on realloc failure. (sepermit_unlock): Cast fcntl() and close() calls to void. * modules/pam_pwhistory/opasswd.c (check_old_password): Do not needlessly call strdupa(). (save_old_password): Avoid memleaks in error paths. Avoid memleak of buf. Make the opasswd entry parsing more robust. * modules/pam_pwhistory/pam_pwhistory.8.xml: Document the special meaning of remember=0. * modules/pam_unix/support.c (_set_ctrl): Do not crash when remember, minlen, or rounds options are used with wrong module type. * modules/pam_timestamp/pam_timestamp.c (pam_sm_authenticate): Avoid memleak in error path. (pam_sm_open_session): Avoid memleak and fd leak in error path. * modules/pam_access/pam_access.c (user_match): Initialize the fake_item from item. 2011-06-14 Thorsten Kukuk * configure.in: Check for libtirpc by default. * libpam/Makefile.am: Add support for libtirpc. * modules/pam_access/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * modules/pam_unix/pam_unix_passwd.c: Change ifdefs for new libtirpc support. * modules/pam_unix/yppasswd_xdr.c: Only compile if we have rpc/rpc.h. 2011-06-13 Tomas Mraz * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Test also whether the tty is in the /sys/class/tty/console/active file. * modules/pam_securetty/pam_securetty.8.xml: Document the new check of /sys/class/tty/console/active/file. 2011-06-07 Tomas Mraz * modules/pam_namespace/pam_namespace.c (root_shared): New function to detect shared / mount. (pam_sm_open_session): Call the root_shared() and enable private mounts based on that. * modules/pam_namespace/pam_namespace.8.xml: Document the automatic detection of shared / mount. 2011-06-06 Tomas Mraz * modules/pam_group/pam_group.c (shift_bytes): Removed. (shift_buf, trim_spaces): Added new functions. (read_field): Thorough rewrite of the parsing. (check_account): read_field() now uses state information. No extra read_field() call at the end of configuration line. * modules/pam_time/pam_time.c (shift_bytes): Removed. (shift_buf, trim_spaces): Added new functions. (read_field): Thorough rewrite of the parsing. (check_account): read_field() now uses state information. No extra read_field() call at the end of configuration line. * modules/pam_namespace/pam_namespace.h: Define the MS_PRIVATE and MS_REC flags if they are not in sys/mount.h. 2011-06-06 Nguyá»…n Thái Ngá»c Duy * po/LINGUAS: Add vietnamese. * po/vi.po: Add vietnamese translation. 2011-06-02 Tomas Mraz * modules/pam_namespace/pam_namespace.c (protect_dir): Add parameter to always do protect mount the last directory in the path. (check_inst_parent, create_polydir): Update the protect_dir() call. (ns_setup): Likewise and add the MS_PRIVATE mount() call. (pam_sm_open_session): Check the mount_private option. * modules/pam_namespace/pam_namespace.h: Add the PAMNS_MOUNT_PRIVATE. * modules/pam_namespace/pam_namespace.8.xml: Document the mount_private option. * modules/pam_cracklib/pam_cracklib.c (str_lower): Make it no-op on NULL strings. (password_check): Guard for NULLs returned from memory allocation. * modules/pam_filter/pam_filter.c (process_args): Guard for error return from pam_get_user(). * modules/pam_echo/pam_echo.c (replace_and_print): Guard for error return from pam_get_item(). 2011-05-30 Thorsten Kukuk * modules/pam_timestamp/pam_timestamp.c (main): Remove unsused variable pretval. * modules/pam_stress/pam_stress.c (converse): **message is const. (stress_get_password): pmsg is const. (pam_sm_chauthtok): Likewise. * libpam/pam_item.c (pam_get_user): Make pmsg const and remove casts. 2011-05-30 Thorsten Kukuk * modules/pam_env/pam_env.c (_pam_parse): Implement debug option. Based on patch by Tomas Mraz. 2011-05-24 Thorsten Kukuk * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): quiet option has no argument, print no missing file if quiet is set [sf#3194930]. 2011-05-04 Thorsten Kukuk * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Don't abort with error if btmp file does not exist. 2011-03-21 Tomas Mraz * modules/pam_unix/md5.c (MD5Final): Clear the whole ctx. 2011-03-18 Tomas Mraz * modules/pam_namespace/md5.c (MD5Final): Clear the whole ctx. * modules/pam_namespace/pam_namespace.c (del_polydir): Guard for NULL poly. (protect_dir): Guard for -1 passing to close(). (ns_setup): Likewise. (pam_sm_open_session): Correctly test for SELinux enabled flag. 2011-03-17 Tomas Mraz * modules/pam_selinux/pam_selinux.c (config_context): Fix leak of type. (manual_context): Likewise. (context_from_env): Remove extraneous auditing in success case. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove extra close() call. 2011-02-22 Tomas Mraz * modules/pam_nologin/pam_nologin.8.xml: Add missing space. * modules/pam_limits/limits.conf.5.xml: Fix typo. 2010-12-21 Tomas Mraz * modules/pam_selinux/pam_selinux.c (mls_range_allowed): Unhardcode values for security class and av permission bit. 2010-12-14 Tomas Mraz * modules/pam_limits/pam_limits.c (parse_uid_range): New function to parse the range of uids or gids. (parse_config_file): Call parse_uid_range() and if uid/gid range is identified, setup the limits if the range matches. New parameters containing user's uid and primary gid. (pam_sm_open_session): Pass the user's uid and primary gid to parse_config_file(). * modules/pam_limits/limits.conf.5.xml: Document the uid/gid ranges. 2010-12-14 Bahadır Kandemir * po/tr.po: Updated translations. 2010-11-25 Tomas Mraz * modules/pam_securetty/pam_securetty.8.xml: Improve documentation of the kernel console feature and the noconsole option. 2010-11-24 Thorsten Kukuk * modules/pam_securetty/pam_securetty.c: Parse console= kernel option, add noconsole option. * modules/pam_securetty/pam_securetty.8.xml: Document new behavior for serial console. Patch from Lennart Poettering. 2010-11-24 Tomas Mraz * modules/pam_limits/limits.conf.5.xml: Document the %group syntax. 2010-11-18 Tomas Mraz * modules/pam_limits/pam_limits.c (pam_parse,pam_sm_open_session): Drop obsolete and broken option change_uid. * modules/pam_limits/pam_limits.8.xml: Likewise. 2010-11-16 Tomas Mraz * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Remove dead and duplicate code. Return PAM_INCOMPLETE instead of PAM_CONV_AGAIN. 2010-11-11 Tomas Mraz * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Fix potential use after free in case SELinux is misconfigured. * modules/pam_namespace/pam_namespace.c (process_line): Fix memory leak when parsing empty config file lines. 2010-10-28 Thorsten Kukuk * release version 1.1.3 * configure.in: Increase version to 1.1.3 * NEWS: document visible changes * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number. 2010-10-27 Thorsten Kukuk * doc/adg/Makefile.am: Use UTF-8 for html docu. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2010-10-22 Tomas Mraz * modules/pam_namespace/pam_namespace.c (inst_init): Use execle() to execute the init script with clean environment. (CVE-2010-3853) (cleanup_tmpdirs): Likewise for executing rm. 2010-10-21 Dmitry V. Levin * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Remove. (create_homedir): Use mkdir() instead of rec_mkdir(). (make_parent_dirs): New function. (main): Use make_parent_dirs() to create parent directories only for the home directory itself. 2010-10-21 Thorsten Kukuk * modules/pam_unix/support.c (_unix_getpwnam): Don't allocate unneeded buffer for uid/gid [sf#3059572]. 2010-10-20 Thorsten Kukuk * doc/man/pam_get_authtok.3.xml: Fix xml code. * doc/man/Makefile.am: Fix build dependencys of pam_get_authtok.3. * xtests/Makefile.am: Only build xtests if we run xtests. * configure.in: Check for libdb with symbol versions, too. Patch from Diego Elio Pettenò. * modules/pam_mkhomedir/mkhomedir_helper.c (rec_mkdir): Create parent directories always with mode 0755. (create_homedir): Create main directory with mode 0700 at first. 2010-10-19 Dmitry V. Levin * modules/pam_selinux/Makefile.am (pam_selinux_la_LIBADD): Add @LIBAUDIT@. * m4/ld-O1.m4 (PAM_LD_O1): Fix typo. * m4/ld-no-undefined.m4: New file. * configure.in: Use PAM_LD_NO_UNDEFINED. * Makefile.am (M4_FILES): Add m4/ld-no-undefined.m4. * modules/pam_selinux/pam_selinux.c (verbose_message): Remove. (pam_sm_open_session): Call send_text() instead of verbose_message(). 2010-10-19 Thorsten Kukuk * modules/pam_env/pam_env.8.xml: Document side effects of environment variables in the stack. * modules/pam_exec/pam_exec.8.xml: Document that user can have controll over the environment. 2010-10-07 Dmitry V. Levin * modules/pam_selinux/pam_selinux.c (verbose_message): Fix format string. 2010-10-04 Dmitry V. Levin * libpam/pam_modutil_priv.c: New file. * libpam/Makefile.am (libpam_la_SOURCES): Add it. * libpam/include/security/pam_modutil.h (struct pam_modutil_privs, PAM_MODUTIL_DEF_PRIVS, pam_modutil_drop_priv, pam_modutil_regain_priv): New declarations. * libpam/libpam.map (LIBPAM_MODUTIL_1.1.3): New interface. * modules/pam_env/pam_env.c (handle_env): Use new pam_modutil interface. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. (pam_sm_open_session): Remove redundant fchown call. Fixes CVE-2010-3430, CVE-2010-3431. 2010-10-01 Thorsten Kukuk * configure.in: Extend cross compiling check. * doc/specs/Makefile.am: Set CFLAGS and LDFLAGS to BUILD_CFLAGS and BUILD_LDFLAGS. Bug #3078936 / gentoo #339174 2010-09-30 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Warn if unlink() fails. 2010-09-27 Dmitry V. Levin * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Return PAM_SUCCESS immediately if no cookie file is defined. Return PAM_SESSION_ERR if cookie file is defined but target uid cannot be determined. Do not modify cookiefile string returned by pam_get_data. * modules/pam_xauth/pam_xauth.c (check_acl): Ensure that the given access control file is a regular file. 2010-09-16 Dmitry V. Levin * modules/pam_env/pam_env.c (handle_env): Use setfsuid() return code. * modules/pam_mail/pam_mail.c (_do_mail): Likewise. * modules/pam_xauth/pam_xauth.c (check_acl, pam_sm_open_session, pam_sm_close_session): Likewise. 2010-08-31 Thorsten Kukuk * release version 1.1.2 * configure.in: Bump version number. * NEWS: Document changes since 1.1.1. * doc/adg/Linux-PAM_ADG.xml: Bump version number. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise. * libpam/Makefile.am: Bump revision of shared library. * po/*.po: Regenerate. 2010-08-26 Tomas Mraz * modules/pam_nologin/pam_nologin.c (perform_check): Try first /var/run/nologin if the nologin file is not explicitly specified. * modules/pam_nologin/pam_nologin.8.xml: Document that /var/run/nologin is tried first. 2010-08-26 Sweta Kothari * po/gu.po: Updated translations. 2010-08-26 Geert Warrink * po/nl.po: Updated translations. 2010-08-26 Thorsten Kukuk * doc/specs/Makefile.am: Use CC_FOR_BUILD as compiler (cross compile support). * configure.in: Check for host compiler if cross compiling. Bug #2315432, debian#284854#42. 2010-08-17 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c: Implement minlen option. * modules/pam_unix/support.c: Likewise. * modules/pam_unix/support.h: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Adjust arguments for _set_ctrl call. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. * modules/pam_unix/pam_unix_session.c: Likewise. * modules/pam_unix/pam_unix.8.xml: Document minlen option. Based on patch by Steve Langasek. 2010-08-12 Thorsten Kukuk * modules/pam_mail/pam_mail.c: Check for mail only with user privilegs. * modules/pam_xauth/pam_xauth.c (run_coprocess): Check return value of setgid, setgroups and setuid. * modules/pam_xauth/pam_xauth.c (check_acl): Save errno for later usage. * modules/pam_env/pam_env.c (handle_env): Check if user exists, read local user config only with user privilegs.` 2010-08-09 Thorsten Kukuk * modules/pam_tally/pam_tally.8.xml: Document that pam_tally is deprecated. * modules/pam_tty_audit/Makefile.am (EXTRA_DIST): Fix make dist. * modules/pam_unix/passverify.c (check_shadow_expiry): Correct check for expired date. * modules/pam_unix/pam_unix_passwd.c (_pam_unix_approve_pass): Remove check for password length. Bug #2923437. 2010-08-04 Thorsten Kukuk * modules/pam_tally2/pam_tally2.c (get_tally): Create file with correct permissions. Patch by Diego Elio “Flameeyes†Pettenò. * modules/pam_unix/passverify.c (PAMH_ARG_DECL): Don't request password change if time is not yet set (1.1.1970). Bug #2730965. * modules/pam_access/pam_access.c (user_match): Make sure that user@host will not match @@netgroup. Bug #3035919. * modules/pam_group/pam_group.c (check_account): Add '%' for UNIX groups. * modules/pam_group/group.conf: Add example for '%'. * modules/pam_group/group.conf.5.xml: Document '%' syntax. Bug #3002340, #3037155. 2010-08-02 Steve Langasek * modules/pam_mkhomedir/Makefile.am: don't pass --version-script options when linking executables, only when linking libraries Patch from Julien Cristau 2010-07-12 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Add audit flag to enable logging about unknown user (#2917257). * modules/pam_succeed_if/pam_succeed_if.8.xml: Document audit. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/README: Regenerated from xml. 2010-06-22 Thorsten Kukuk * modules/pam_umask/pam_umask.8.xml: Remove comparisation of gid and uid for usergroups. * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Likewise. Bug #3004656 * configure.in: Don't check for libxcrypt if no xcrypt.h exists, fix typo introduced with 1.1.1. Reported by Diego Elio “Flameeyes†Pettenò. 2010-06-15 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_close_session): Call setfsuid to be allowed to remove temporary files (#3010705). (pam_sm_open_session): Call fchown with correct permissions. 2010-06-09 Thorsten Kukuk * modules/pam_tty_audit/Makefile.am (TESTS): Add tst-pam_tty_audit. * modules/pam_tty_audit/tst-pam_tty_audit: New. 2010-06-07 Steve Langasek * modules/pam_tty_audit/Makefile.am: If we don't have the libraries required for building pam_tty_audit, we shouldn't install the manpage either. 2010-05-27 Thorsten Kukuk * modules/pam_userdb/pam_userdb.c: Define HAVE_DBM for BerkDB 5.0 support. Patch by Diego Elio Pettenò. 2010-04-15 Thorsten Kukuk * modules/pam_exec/pam_exec.8.xml: Fix example. 2010-04-13 Thorsten Kukuk * modules/pam_pwhistory/opasswd.c: Fix compilation if cyprt_r() is not available. * configure.in: check for getutent_r. * modules/pam_timestamp/pam_timestamp.c: Use getutent() if getutent_r() does not exist. Patch from Diego Elio “Flameeyes†Pettenò. 2010-04-12 Thorsten Kukuk * doc/man/pam.conf-syntax.xml: Better documentation of "actionN". Patch from Michal Soltys . 2010-04-06 Thorsten Kukuk * modules/pam_rootok/pam_rootok.c: Add support for acct_mgmt and chauthtok. * modules/pam_rootok/pam_rootok.8.xml: Document new module types. 2010-03-29 Thorsten Kukuk * po/ar.po: Add missing Plural-Forms entry to header. 2010-03-25 Daniel Nylander * po/sv.po: Updated translations. 2010-03-24 Ani Peter * po/ml.po: Updated translations. 2010-03-08 Yuri Chornoivan * po/uk.po: Updated translations. 2010-02-09 Tomas Mraz * libpam/pam_get_authtok.c (pam_get_authtok_internal): Fix regression in the new password prompt. 2010-01-04 Elad * po/he.po: New translation to Hebrew. * po/LINGUAS: Add Hebrew to the list. 2009-12-16 Thorsten Kukuk * release version 1.1.1 * NEWS: Adjust for 1.1.1 * configure.in: Likewise. * doc/adg/Linux-PAM_ADG.xml: Likewise. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise. * po/*.po: Regenerated. 2009-12-08 Thorsten Kukuk * configure.in: Rename DEBUG to PAM_DEBUG. * libpam/pam_env.c: Likewise * libpam/pam_handlers.c: Likewise * libpam/pam_miscc.c: Likewise * libpam/pam_password.c: Likewise * libpam/include/security/_pam_macros.h: Likewise * libpamc/test/modules/pam_secret.c: Likewise * modules/pam_group/pam_group.c: Likewise * modules/pam_listfile/pam_listfile.c: Likewise * modules/pam_unix/pam_unix_auth.c: Likewise * modules/pam_unix/pam_unix_passwd.c: Likewise 2009-12-08 Tomas Mraz * modules/pam_unix/passverify.c(unix_update_shadow): Create a shadow entry if not present in the file. * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Remove unused function and variable. 2009-11-19 Tomas Mraz * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Return PAM_AUTH_ERR from the module if sepermit_lock() fails. 2009-11-18 Tomas Mraz * modules/pam_access/pam_access.c(user_match): Revert the netgroup match to the original behavior, add new syntax for adding the local hostname. * modules/pam_access/access.conf.5.xml: Document the new syntax for adding the local hostname to the netgroup match. 2009-11-10 Thorsten Kukuk * doc/man/pam_get_authtok.3.xml: Document pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/Makefile.am (libpam_la_LDFLAGS): Bump revesion of libpam. * libpam/pam_get_authtok.c (pam_get_authtok_internal): Renamed from pam_get_authtok, add flags argument, always check return values. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Use pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/include/security/pam_ext.h: Add prototypes for pam_get_authtok_noverify and pam_get_authtok_verify. * libpam/libpam.map: Add new pam_get_authtok_* functions. 2009-11-02 Ani Peter * po/ml.po: Updated translations. 2009-11-02 Tomas Mraz * modules/pam_sepermit/Makefile.am: Add sepermit.conf(5) manual page. * modules/pam_sepermit/pam_sepermit.8.xml: Add reference to sepermit.conf(5). Drop some redundant text. * modules/pam_sepermit/sepermit.conf.5.xml: New file. * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Implement the ignore option in sepermit.conf. 2009-10-29 Tomas Mraz * modules/pam_xauth/Makefile.am: Link with libselinux. * modules/pam_xauth/pam_xauth.c(pam_sm_open_session): Call setfscreatecon() if selinux is enabled to create the .xauth file with the right label. Original idea by Dan Walsh. 2009-10-08 Tomas Mraz * modules/pam_tty_audit/pam_tty_audit.8.xml: Add notice about aureport add SEE ALSO section. 2009-10-06 Tomas Mraz * modules/pam_listfile/pam_listfile.c(pam_sm_authenticate): Just call pam_modutil_user_in_group_nam_nam() instead of reimplementation of group matching. 2009-10-05 Kris Thomsen * po/da.po: Updated translations. 2009-09-29 Piotr DrÄ…g * po/pl.po: Updated translations. 2009-09-21 Yulia Poyarkova * po/ru.po: Updated translations. 2009-09-17 Kiyoto Hashida * po/ja.po: Updated translations. 2009-09-17 Eunju Kim * po/ko.po: Updated translations. 2009-09-17 Yulia Poyarkova * po/ru.po: Updated translations. 2009-09-10 Steve Langasek * modules/pam_securetty/pam_securetty.c: pam_securetty should not return PAM_USER_UNKNOWN when the tty is secure, regardless of what was entered as a username. Patch from Nicolas François . 2009-08-31 Steve Langasek * modules/pam_namespace/namespace.init: make this portable to POSIX awk, instead of using GNU awk extensions. 2009-08-25 Steve Langasek * modules/pam_sepermit/pam_sepermit.8.xml: fix up one reference to pam.d(8) left behind because I've forgotten how CVS works * po/es.po: fix missing whitespace in password prompts. 2009-08-24 Steve Langasek * doc/pam_get_authtok.3.xml: grammar fix. * doc/adg/Linux-PAM-ADG.xml: Likewise. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/man/pam_setcred.3.xml: fix a typo. 2009-07-21 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Delete new token if it does not match strength criteria. 2009-06-29 Thorsten Kukuk * modules/pam_unix/yppasswd_xdr.c: Remove unnecessary header files. * modules/pam_unix/support.c (_unix_getpwnam): Only compile in NIS support if all necessary functions exist. * modules/pam_unix/pam_unix_passwd.c (getNISserver): Add debug option, handle correct if OS has no NIS support. * modules/pam_access/pam_access.c (netgroup_match): Check if yp_get_default_domain and innetgr are available at compile time. * configure.in: Check for functions: innetgr, getdomainname check for headers: rpcsvc/ypclnt.h, rpcsvc/yp_prot.h. 2009-06-29 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Fix blowfish description. Reported by Diego E. “Flameeyes†Pettenò. 2009-06-26 Thorsten Kukuk * modules/pam_namespace/Makefile.am: Fix make maintainer-clean, fix docu dependencies. * modules/pam_xauth/Makefile.am: Fix make maintainer-clean. * modules/pam_access/Makefile.am: Likewise. * modules/pam_debug/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_echo/Makefile.am: Likewise. * modules/pam_env/Makefile.am: Likewise. * modules/pam_faildelay/Makefile.am: Likewise. * modules/pam_ftp/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_issue/Makefile.am: Likewise. * modules/pam_keyinit/Makefile.am: Likewise. * modules/pam_lastlog/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_listfile/Makefile.am: Likewise. * modules/pam_localuser/Makefile.am: Likewise. * modules/pam_loginuid/Makefile.am: Likewise. * modules/pam_mail/Makefile.am: Likewise. * modules/pam_mkhomedir/Makefile.am: Likewise. * modules/pam_motd/Makefile.am: Likewise. * modules/pam_nologin/Makefile.am: Likewise. * modules/pam_pwhistory/Makefile.am: Likewise. * modules/pam_rhosts/Makefile.am: Likewise. * modules/pam_rootok/Makefile.am: Likewise. * modules/pam_securetty/Makefile.am: Likewise. * modules/pam_shells/Makefile.am: Likewise. * modules/pam_succeed_if/Makefile.am: Likewise. * modules/pam_tally2/Makefile.am: Likewise. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise. * modules/pam_timestamp/Makefile.am: Likewise. * modules/pam_tty_audit/Makefile.am: Likewise. * modules/pam_umask/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * modules/pam_warn/Makefile.am: Likewise. * modules/pam_wheel/Makefile.am: Likewise. * modules/pam_filter/Makefile.am: Likewise. * configure.in: Make regeneration of docu configureable, rename enable_man to enable_docu. * modules/pam_env/pam_env.c (_pam_parse): Fix typo in debug code. * modules/pam_cracklib/Makefile.am: Don't install docu if module is disabled for building. * modules/pam_userdb/Makefile.am: Likewise. * modules/pam_unix/pam_unix_passwd.c: Remove dead SELinux code. * modules/pam_lastlog/pam_lastlog.c (last_login_failed): Fix usage of wrong variable [bug#2809661]. 2009-06-25 Thorsten Kukuk * configure.in: Rename crypt_gensalt_rn to crypt_gensalt_r * modules/pam_unix/passverify.c: Likewise. 2009-06-19 Thorsten Kukuk * release version 1.1.0 2009-06-16 Thorsten Kukuk * doc/sag/Linux-PAM_SAG.xml: Fix typos. * doc/adg/Linux-PAM_ADG.xml: Likewise. * doc/mwg/Linux-PAM_MWG.xml: Likewise. 2009-06-08 Rajesh Ranjan * po/hi.po: Updated translations. 2009-06-01 Jaswinder Singh * po/pa.po: Updated translations. 2009-06-01 Tomáš Mráz * modules/pam_pwhistory/opasswd.c (save_old_password): Don't call fclose() on NULL descriptor. Found by Steve Grubb. 2009-06-01 Ville Skyttä * modules/pam_limits/pam_limits.8.xml: Only *.conf files are parsed. Spelling fixes. * modules/pam_access/pam_access.8.xml: Spelling fixes. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_tally2/pam_tally2.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp.8.xml: Likewise. * modules/pam_timestamp/pam_timestamp_check.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise. 2009-05-28 Jaswinder Singh * po/pa.po: Updated translations. 2009-05-21 Albert Carabasa Giribet * po/ca.po: Updated translations. 2009-05-11 Ani Peter * po/ml.po: Updated translations. 2009-05-11 Charles-Antoine Couret * po/fr.po: Updated translations. 2009-05-11 Tomáš Mráz * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Remove unnecessary setuid() call. 2009-05-05 Thorsten Kukuk * release version 1.0.92 * libpamc/Makefile.am (libpamc_la_LDFLAGS): Increase revesion. * configure.in: Increase version to 1.0.92. 2009-04-20 Mario Santagiuliana * po/it.po: Updated translations. 2009-04-17 Fabian Affolter * po/de.po: Updated translations. 2009-04-16 Tomáš Mráz * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Add user parameter. Use user instead of pwd->pw_name in comparsions. (pam_sm_authenticate): Pass the original user to evaluate(). 2009-04-14 Amitakhya Phukan * po/as.po: Updated translations. 2009-04-14 Runa Bhattacharjee * po/bn_IN.po: Updated translations. 2009-04-14 Sweta Kothari * po/gu.po: Updated translations. 2009-04-14 Sandeep Shedmake * po/mr.po: Updated translations. 2009-04-14 Rui Gouveia * po/pt.po: Updated translations. 2009-04-14 I. Felix * po/ta.po: Updated translations. 2009-04-14 Krishna Babu K * po/te.po: Updated translations. 2009-04-09 Thorsten Kukuk * modules/pam_unix/yppasswd.h: Update license to GPLv2 or later on request of Olaf Kirch (Author). * modules/pam_unix/yppasswd_xdr.c: Likewise. 2009-04-06 R.E. van der Luit * po/nl.po: Updated translations. 2009-04-06 Terry Chuang * po/zh_TW.po: Updated translations. 2009-04-03 Shankar Prasad * po/kn.po: Updated translations. 2009-04-03 Manoj Kumar Giri * po/or.po: Updated translations. 2009-04-03 MiloÅ¡ KomarÄević * po/sr.po: Updated translations. * po/sr@latin.po: Updated translations. 2009-04-03 Leah Liu * po/zh_CN.po: Updated translations. 2009-04-03 Dmitry V. Levin * libpamc/pamc_load.c (__pamc_exec_agent): Replace call to exit(3) in child process with call to _exit(2). * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Likewise. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_xauth/pam_xauth.c (run_coprocess): Likewise. * modules/pam_exec/pam_exec.c (call_exec): Replace all calls to exit(3) in child process with calls to _exit(2). * modules/pam_filter/pam_filter.c (set_filter): Likewise. * modules/pam_namespace/pam_namespace.c (inst_init, cleanup_tmpdirs): Likewise. 2009-03-27 Thorsten Kukuk * modules/pam_unix/support.c (_unix_run_helper_binary): Don't ignore return value of write(). * libpamc/include/security/pam_client.h (PAM_BP_ASSERT): Honour NDEBUG. * modules/pam_timestamp/pam_timestamp.c: don't ignore return values of lchown and fchown. 2009-03-25 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c: Make option handling reentrant (#2487654) (_pam_parse): Fix umask option. * modules/pam_unix/passverify.c: Fix typo. * modules/pam_issue/pam_issue.c: Fix compiler warning. * modules/pam_ftp/pam_ftp.c: Likewise. 2009-03-25 Pavol Å imo * po/sk.po: Updated translations. 2009-03-24 Sulyok Péter * po/hu.po: Updated translations. 2009-03-24 Domingo Becker * po/es.po: Updated translations. 2009-03-24 Diego Búrigo Zacarão * po/pt_BR.po: Updated translations. 2009-03-24 Piotr DrÄ…g * po/pl.po: Updated translations. 2009-03-24 Tomas Mraz * modules/pam_unix/passverify.c(save_old_password): Call fflush() and fsync(). (unix_update_passwd, unix_update_shadow): Likewise. * modules/pam_pwhistory/opasswd.c(save_old_password): Likewise. * po/cs.po: Updated translations. 2009-03-09 Thorsten Kukuk * release version 1.0.91 * libpam/Makefile.am (libpam_la_LDFLAGS): Bump version number. * xtests/Makefile.am: Add tst-pam_unix4.pamd, tst-pam_unix4.sh and time.conf. 2009-03-03 Dmitry V. Levin * tests/tst-pam_mkargv.c (main): Fix for non-64bit architectures. 2009-03-03 Tomas Mraz * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Test for abnormal exit of the helper binary. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Likewise. 2009-02-27 Tomas Mraz * modules/pam_mkhomedir/pam_mkhomedir.c(create_homedir): Replace signal() with sigaction(). * modules/pam_namespace/pam_namespace.c(inst_init, cleanup_tmpdirs): Likewise. * modules/pam_unix/pam_unix_acct.c(_unix_run_verify_binary): Likewise. * modules/pam_unix/pam_unix_passwd.c(_unix_run_update_binary): Likewise. * modules/pam_unix/passverify.c(su_sighandler): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. * modules/pam_tally2/Makefile.am: Link the pam_tally2 app to libpam for auxiliary functions. * modules/pam_tally2/pam_tally2.8.xml: Drop non-existing no_reset option. Document new serialize option. * modules/pam_tally2/pam_tally2.c: Add support for the new serialize option. (_cleanup, tally_set_data, tally_get_data): Add tally file handle to tally PAM data. Needed for fcntl() locking. (get_tally): Use low level file access instead of stdio buffered FILE. If serialize option is used lock the tally file access. (set_tally, tally_bump, tally_reset): Use low level file access instead of stdio buffered FILE. Close the file handle only when it is not owned by PAM data. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass the tally file handle to tally_set_data(). Get it from tally_get_data(). (main): Use low level file access instead of stdio buffered FILE. 2009-02-26 Tomas Mraz * xtests/Makefile.am: Add tst-pam_unix4. * xtests/tst-pam_unix4.c: New test for password change and shadow min days limit. * xtests/tst-pam_unix4.pamd: Likewise. * xtests/tst-pam_unix4.sh: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Ignore PAM_AUTHTOK_ERR on shadow verification. * modules/pam_unix/passverify.c (check_shadow_expiry): Return PAM_AUTHTOK_ERR if sp_min limit for password change is defied. 2009-02-26 Timur Birsh * po/LINGUAS: New Kazakh translation. * po/kk.po: New Kazakh translation. 2009-02-25 Thorsten Kukuk * libpam/pam_misc.c (_pam_StrTok): Use unsigned char instead of int. Reported by Marcus Granado. * tests/Makefile.am (TESTS): Add tst-pam_mkargv. * tests/tst-pam_mkargv.c (main): Test case for _pam_mkargv. * po/de.po: Update fuzzy translations. 2009-02-25 Tomas Mraz * xtests/access.conf: Add a line for name resolution test case. * xtests/tst-pam_access4.c (main): Set PAM_RHOST for testing the LOCAL keyword. Add a test case for name resolution. * modules/pam_access/pam_access.c (from_match): Move name resolution to network_netmask_match(). (network_netmask_match): Do a name resolution of the origin only if matching against a real network/netmask. 2009-02-25 Fabian Affolter * po/de.po: Updated translations. 2009-02-25 Taylon Silmer Lacerda Silva * po/pt_BR.po: Updated translations. 2009-02-25 Domingo Becker * po/es.po: Updated translations. 2009-02-20 Thorsten Kukuk * modules/pam_limits/limits.conf.5.xml: Document that the kernel can refuse values out of range for the local system. * modules/pam_limits/pam_limits.c (setup_limits): Log if setrlimit fails. 2009-02-18 Thorsten Kukuk * libpam/pam_password.c (pam_chauthtok): Make sure applications don't set internal flags. 2009-02-17 Thorsten Kukuk * doc/man/pam_sm_chauthtok.3.xml: Document that sufficient can break the PRELIM_CHECK chain. * libpam/pam_dispatch.c: Don't freeze chain for chauthtok [bugzilla.novell.com#470337] 2009-02-11 Daniel Nylander * po/sv.po: Updated translations. 2009-01-29 Thorsten Kukuk * doc/man/pam_sm_setcred.3.xml: Document PAM_ESTABLISH_CRED. 2009-01-19 Tomas Mraz * modules/pam_mkhomedir/Makefile.am: Add mkhomedir_helper. * modules/pam_mkhomedir/mkhomedir_helper.8.xml: New file. Manual page for mkhomedir_helper. * modules/pam_mkhomedir/mkhomedir_helper.c: New file. Source for mkhomedir_helper. Most of the code moved from pam_mkhomedir.c. * modules/pam_mkhomedir/pam_mkhomedir.c (_pam_parse): Do not convert umask to integer. (rec_mkdir): Moved to mkhomedir_helper.c. (create_homedir): Just exec the helper. (pam_sm_open_session): Improve logging. 2009-01-19 Daniel Cabrera * po/es.po: Updated translations. 2009-01-14 Thorsten Kukuk * po/de.po: Updated translations. 2009-01-07 Piotr DrÄ…g * po/pl.po: Updated translations. 2008-12-23 Piotr DrÄ…g * po/pl.po: Updated translations. 2008-12-18 Thorsten Kukuk * modules/pam_pwhistory/pam_pwhistory.c (parse_option): Rename type= option to authtok_type= (because of pam_get_authtok). * modules/pam_pwhistory/pam_pwhistory.8.xml: Likewise. 2008-12-17 Tomas Mraz * modules/pam_tty_audit/pam_tty_audit.c (pam_sm_open_session): Do not abort on unknown option. Avoid double free of old_status. (pam_sm_close_session): Use LOG_DEBUG for restored status message. * configure.in: Test for getseuser(). * modules/pam_selinux/pam_selinux.c (pam_sm_open_session): Call getseuser() instead of getseuserbyname() if the function is available. 2008-12-12 Thorsten Kukuk * release version 1.0.90 * libpam_misc/Makefile.am: Increase version number of shared library. * libpamc/Makefile.am: Likewise. 2008-12-12 Tomas Mraz * modules/pam_tally2/pam_tally2.c (get_tally): Test for EACCES instead of EPERM. * modules/pam_tally2/pam_tally2.8.xml: Fix documentation. 2008-12-10 Thorsten Kukuk * doc/man/pam_item_types_ext.inc.xml: Document PAM_AUTHTOK_TYPE. * libpam/pam_end.c (pam_end): Free authtok_type. * tests/tst-pam_get_item.c: Add PAM_AUTHTOK_TYPE as test case. * tests/tst-pam_set_item.c: Likewise. * libpam/pam_start.c (pam_start): Initialize xdisplay, xauth and authtok_type. * libpam/pam_get_authtok.c (pam_get_authtok): Rename "type" to "authtok_type". * modules/pam_cracklib/pam_cracklib.8.xml: Replace "type=" with "authtok_type=". * doc/man/pam_get_authtok.3.xml: Document authtok_type argument. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Set type= argument as PAM_AUTHTOK_TYPE item. * libpam/pam_get_authtok.c (pam_get_authtok): If no type argument given, use PAM_AUTHTOK_TYPE item. * libpam/pam_item.c (pam_get_item): Fetch PAM_AUTHTOK_TYPE item. (pam_set_item): Store PAM_AUTHTOK_TYPE item. * libpam/pam_private.h: Add authtok_type to pam_handle. * libpam/include/security/_pam_types.h (PAM_AUTHTOK_TYPE): New. 2008-12-03 Thorsten Kukuk * modules/pam_access/access.conf.5.xml: Replace 2001:4ca0 with 2001:db8:: [bug#2356400]. * doc/man/Makefile.am: Add pam_get_authtok.3.xml. * doc/man/pam_get_authtok.3.xml: New. * libpam/Makefile.am: Add pam_get_authtok.c. * libpam/libpam.map: Export pam_get_authtok. * libpam/pam_get_authtok.c: New. * libpam/pam_private.h: Add mod_argc and mod_argv to pam_handle. * libpam_include/security/pam_ext.h: Add pam_get_authtok prototype. * modules/pam_cracklib/pam_cracklib.c: Use pam_get_authtok. * modules/pam_pwhistory/pam_pwhistory.c: Likewise. * po/POTFILES.in: Add libpam/pam_get_authtok.c. * xtests/tst-pam_cracklib1.c: Adjust error codes. * modules/pam_timestamp/Makefile.am: Remove hmactest.c from EXTRA_DIST. * po/*.po: Regenerated. 2008-12-02 Michael Calmer * modules/pam_limits/limits.conf.5.xml: Document valid values for limits (bnc#448314). 2008-12-02 Thorsten Kukuk * modules/pam_env/pam_env.c: Add support for user specific environment file. Based on a patch from Ubuntu. * modules/pam_env/pam_env.8.xml: Document new options. 2008-12-02 Olivier Fourdan * modules/pam_filter/pam_filter.c (master): Use /dev/ptmx instead of the old BSD pseudoterminal API. (set_filter): Call grantpt(), unlockpt() and ptsname(). Do not close pseudoterminal handle in filter child. * modules/pam_filter/upperLOWER/upperLOWER.c (main): Use regular read() instead of pam_modutil_read() to allow for short reads. 2008-12-02 Tomas Mraz * modules/pam_timestamp/Makefile.am: Add hmacfile to tests. * modules/pam_timestamp/hmacfile.c: Do not try the short key testvector. 2008-12-01 Tomas Mraz * modules/pam_unix/support.h: Fix masks for cipher algorithm flags. 2008-12-01 Thorsten Kukuk * modules/pam_unix/pam_unix.8.xml: Document blowfish option. * configure.in: Check for crypt_gensalt_rn. * modules/pam_unix/pam_unix_passwd.c: Pass pamh to create_password_hash function. * modules/pam_unix/passverify.c (create_password_hash): Add blowfish support. * modules/pam_unix/passverify.h: Adjust create_password_hash prototype. * modules/pam_unix/support.c: Add support for blowfish option. * modules/pam_unix/support.h: Add defines for blowfish option. Jozsef Kadlecsik 2008-12-01 Tomas Mraz * modules/pam_access/pam_access.8.xml: Fix description of nodefgroup option. * modules/pam_group/pam_group.c (is_same): Fix check for correct string length. 2008-11-29 Thorsten Kukuk * configure.in: Check for xcrypt.h, fix typo in libaudit check. * modules/pam_cracklib/pam_cracklib.c: Include xcrypt.h if available. * modules/pam_unix/bigcrypt.c: Likewise. * modules/pam_unix/passverify.c: Likewise. * modules/pam_userdb/pam_userdb.c: Likewise. Jozsef Kadlecsik * doc/man/pam_getenv.3.xml: Document that application should not free return value. * doc/man/pam.3.xml: Add Note about thread-safeness of libpam functions. 2008-11-28 Tomas Mraz * modules/pam_unix/unix_update.c (set_password): Allow root to change passwords without verification of the old ones. * modules/pam_tally2/pam_tally2.c (tally_check): Fix info format to be the same as in pam_tally. * configure.in: Add modules/pam_timestamp/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_timestamp.xml. * doc/sag/pam_timestamp.xml: New. * libpam/pam_static_modules.h: Add pam_timestamp static struct. * modules/Makefile.am: Add pam_timestamp directory. * modules/pam_timestamp/Makefile.am: New. * modules/pam_timestamp/README.xml: New. * modules/pam_timestamp/hmacsha1.h: New. * modules/pam_timestamp/sha1.h: New. * modules/pam_timestamp/pam_timestamp.8.xml: New. * modules/pam_timestamp/pam_timestamp_check.8.xml: New. * modules/pam_timestamp/pam_timestamp.c: New. * modules/pam_timestamp/pam_timestamp_check.c: New. * modules/pam_timestamp/hmacfile.c: New. * modules/pam_timestamp/hmacsha1.c: New. * modules/pam_timestamp/sha1.c: New. * modules/pam_timestamp/tst-pam_timestamp: New. * po/POTFILES.in: Add pam_timestamp sources. * po/*.po: Regenerate. * po/cs.po: Updated translations. 2008-11-25 Thorsten Kukuk * modules/pam_pwhistory/opasswd.c (save_old_password): Fix typo. * modules/pam_time/pam_time.c (is_same): Fix check of correct string length (debian bug #326407). 2008-11-24 Thorsten Kukuk * xtests/Makefile.am: Add pam_time1 tests. * xtests/tst-pam_time1.c: New test case. * xtests/tst-pam_time1.pamd: New. * xtests/time.conf: New. * xtests/run-xtests.sh: Copy time.conf. 2008-11-24 Tomas Mraz * libpam/pam_handlers.c (_pam_parse_conf_file): '-' at beginning of type token marks silent module. (_pam_load_module): Add handler_type parameter. Do not log module load error if module is silent. (_pam_add_handler): Pass handler_type to _pam_load_module(). * libpam/pam_private.h: Add PAM_HT_SILENT_MODULE. * doc/man/pam.conf-syntax.xml: Document the '-' at beginning of type. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Fix leaks in error path. * modules/pam_env/pam_env.c (_parse_env_file): Remove superfluous condition. * modules/pam_group/pam_group.c (check_account): Fix leak in error path. * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix leak in error path. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Remove superfluous condition. * modules/pam_stress/pam_stress.c (stress_get_password,pam_sm_authenticate): Remove superfluous conditions. (pam_sm_chauthtok): Fix mistaken && for &. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Remove superfluous condition. All the problems fixed in this commit were found by Steve Grubb. 2008-11-20 Tomas Mraz * modules/pam_sepermit/pam_sepermit.c (sepermit_match): Do not call sepermit_lock() if sense is deny. Do not crash on NULL seuser match. (pam_sm_authenticate): Try to call getseuserbyname() even if SELinux is disabled. 2008-11-19 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Preserve XAUTHLOCALHOSTNAME environment variable. * modules/pam_pwhistory/pam_pwhistory.c (pam_sm_chauthtok): Finish implementation of type=STRING option. * modules/pam_pwhistory/pam_pwhistory.8.xml: Document "type=STRING" option. 2008-10-27 Thorsten Kukuk * doc/man/pam_setcred.3.xml: Document when credentials should be deleted. * po/ja.po: Fix syntax error. * po/de.po: Update translations. * po/*.po: Regenerate with pam_tally2 added. 2008-10-23 Taylon Silmer Lacerda Silva * po/pt_BR.po: Updated translations. 2008-10-23 Krishna Babu K * po/LINGUAS: New language. * po/te.po: New translation to Telugu. 2008-10-23 Manoj Kumar Giri * po/or.po: Updated translations. 2008-10-21 Amitakhya Phukan * po/as.po: Updated translations. 2008-10-21 Ondrej Sulek * po/sk.po: Updated translations. 2008-10-21 Terry Chuang * po/zh_TW.po: Updated translations. 2008-10-21 Kiyoto Hashida * po/ja.po: Updated translations. 2008-10-21 Francesco Valente * po/it.po: Updated translations. 2008-10-21 Peter van Egdom * po/nl.po: Updated translations. 2008-10-20 Ani Peter * po/ml.po: Updated translations. 2008-10-20 Pablo Martin-Gomez * po/fr.po: Updated translations. 2008-10-20 Runa Bhattacharjee * po/bn_IN.po: Updated translations. 2008-10-20 Shankar Prasad * po/kn.po: Updated translations. 2008-10-20 Leah Liu * po/zh_CN.po: Updated translations. 2008-10-20 Ondrej Sulek * po/LINGUAS: New language. * po/sk.po: New translation to Slovak. 2008-10-17 Tomas Mraz * configure.in: Add modules/pam_tally2/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_tally2.xml. * doc/sag/pam_tally2.xml: New. * libpam/pam_static_modules.h: Add pam_tally2 static struct. * modules/Makefile.am: Add pam_tally2 directory. * modules/pam_tally2/Makefile.am: New. * modules/pam_tally2/README.xml: New. * modules/pam_tally2/tallylog.h: New. * modules/pam_tally2/pam_tally2.8.xml: New. * modules/pam_tally2/pam_tally2.c: New. * modules/pam_tally2/pam_tally2_app.c: New. * modules/pam_tally2/tst-pam_tally2: New. * po/POTFILES.in: Add pam_tally2 sources. 2008-10-17 Xavier Queralt Mateu * po/ca.po: Updated translations. 2008-10-15 Tomas Mraz * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Save the old euid to suid to be able to restore it. 2008-10-15 Piotr DrÄ…g * po/pl.po: Updated translations. 2008-10-13 Tomas Mraz * po/LINGUAS: New languages. * po/cs.po: Updated translations. 2008-10-13 Amitakhya Phukan * po/as.po: Updated translations. 2008-10-13 Shankar Prasad * po/kn.po: Updated translations. 2008-10-13 Sandeep Sheshrao Shedmake * po/mr.po: New translation to Marathi. 2008-10-13 Runa Bhattacharjee * po/bn_IN.po: Updated translations. 2008-10-13 Sharuzzaman Ahmat Raslan * po/ms.po: New translation to Malay. 2008-10-10 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Remove check for re-used passwords. * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation of re-used password check. * configure.in: add modules/pam_pwhistory/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. * doc/sag/pam_pwhistory.xml: New. * libpam/pam_static_modules.h: Add pam_pwhistory data. * modules/Makefile.am: Add pam_pwhistory directory. * modules/pam_pwhistory/Makefile.am: New. * modules/pam_pwhistory/README.xml: New. * modules/pam_pwhistory/opasswd.c: New. * modules/pam_pwhistory/opasswd.h: New. * modules/pam_pwhistory/pam_pwhistory.8.xml: New. * modules/pam_pwhistory/pam_pwhistory.c: New. * modules/pam_pwhistory/tst-pam_pwhistory: New. * xtests/Makefile.am: New. * xtests/run-xtests.sh: New. * xtests/tst-pam_pwhistory1.c: New. * xtests/tst-pam_pwhistory1.pamd: New. * xtests/tst-pam_pwhistory1.sh: New. * po/POTFILES.in: Add modules/pam_pwhistory/. * po/de.po: Update translations. 2008-10-02 Thorsten Kukuk * po/de.po: Update translations. 2008-09-30 Manoj Kumar Giri * po/or.po: Updated translations. 2008-09-30 Taylon Silmer Lacerda Silva * po/pt_BR.po: Updated translations. 2008-09-30 Tomas Mraz * modules/pam_lastlog/pam_lastlog.8.xml: Document new options noupdate and showfailed. * modules/pam_lastlog/pam_lastlog.c(pam_parse): Recognize the new options. (last_login_read): New output parameter lltime. Do not display the last login message if it would be empty. (last_login_date): New output parameter lltime. Do not write the last login info when LASTLOG_UPDATE is not set. (last_login_failed): New function to display the last bad login attempt from btmp. (pam_sm_open_session): Obtain lltime from last_login_date() and call last_login_failed() when appropriate. * po/Linux-pam.pot: Updated strings to translate. * po/*.po: Likewise. 2008-09-29 Thorsten Kukuk * modules/pam_echo/pam_echo.8.xml: Fix format error. 2008-09-25 Tomas Mraz * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message. (tally_check): Open faillog read only. Close file descriptor. Fix typos in messages. 2008-09-25 Thorsten Kukuk * modules/pam_mail/pam_mail.c (report_mail): Fix logic of "quiet" option (Patch from Andreas Henriksson ) * modules/pam_mail/pam_mail.8.xml: Fix typo. 2008-09-23 Tomas Mraz * modules/pam_limits/limits.conf.5.xml: Comment that rss limit is ignored. 2008-09-19 Tomas Mraz * modules/pam_cracklib/pam_cracklib.8.xml: Fix description of the palindrome test. Document new options maxrepeat and reject_username. * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Parse the maxrepeat and reject_username options. (password_check): Call the new tests usercheck() and consecutive(). (_pam_unix_approve_pass): Pass user name to the password_check(). 2008-09-16 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo. * modules/pam_unix/pam_unix.8.xml: Fix typo. 2008-09-03 Thorsten Kukuk * modules/pam_exec/pam_exec.c: Expose authtok if requested, provide environment variable containing service type. * modules/pam_exec/pam_exec.8.xml: Document new option. 2008-08-29 Tomas Mraz * modules/pam_loginuid/pam_loginuid.c(set_loginuid): Uids are unsigned. 2008-08-18 Thorsten Kukuk * Makefile.am (M4_FILES): Adjust list. * modules/pam_access/pam_access.8.xml: Fix module service vs. module type. * modules/pam_cracklib/pam_cracklib.8.xml: Likewise. * modules/pam_debug/pam_debug.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_exec/pam_exec.8.xml: Likewise. * modules/pam_faildelay/pam_faildelay.8.xml: Likewise. * modules/pam_filter/pam_filter.8.xml: Likewise. * modules/pam_ftp/pam_ftp.8.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_issue/pam_issue.8.xml: Likewise. * modules/pam_keyinit/pam_keyinit.8.xml: Likewise. * modules/pam_lastlog/pam_lastlog.8.xml: Likewise. * modules/pam_limits/pam_limits.8.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_localuser/pam_localuser.8.xml: Likewise. * modules/pam_loginuid/pam_loginuid.8.xml: Likewise. * modules/pam_mail/pam_mail.8.xml: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Likewise. * modules/pam_motd/pam_motd.8.xml: Likewise. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_nologin/pam_nologin.8.xml: Likewise. * modules/pam_permit/pam_permit.8.xml: Likewise. * modules/pam_rhosts/pam_rhosts.8.xml: Likewise. * modules/pam_rootok/pam_rootok.8.xml: Likewise. * modules/pam_securetty/pam_securetty.8.xml: Likewise. * modules/pam_selinux/pam_selinux.8.xml: Likewise. * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. * modules/pam_shells/pam_shells.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_tally/pam_tally.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_umask/pam_umask.8.xml: Likewise. * modules/pam_unix/pam_unix.8.xml: Likewise. * modules/pam_userdb/pam_userdb.8.xml: Likewise. * modules/pam_warn/pam_warn.8.xml: Likewise. * modules/pam_wheel/pam_wheel.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise. 2008-08-01 Thorsten Kukuk * configure.in: Add version for gettext, add search path for m4 directory, fix handling of --disable-* options. Patches from Diego Pettenò . * configure.in: Run autoupdate on it. * acincludde.m4: Rename to ... * m4/jh_path_xml_catalog.m4: ... this. * m4/*.m4: Remove all autoconf m4 files. 2008-07-29 Steve Langasek * modules/pam_cracklib/pam_cracklib.8.xml: correct a typo, "Only he" -> "Only the" 2008-07-28 Steve Langasek * libpamc/test/regress/test.libpamc.c: use standard u_int8_t type instead of __u8, as elsewhere. Patch from Roger Leigh . * modules/pam_unix/passverify.c: make save_old_password() thread-safe by using pam_modutil_getpwnam() instead of getpwnam() * modules/pam_unix/passverify.c, modules/pam_unix/passverify.h, modules/pam_unix/pam_unix_passwd.c: add pamh argument to save_old_password() 2008-07-27 Steve Langasek * modules/pam_*/pam_*.8.xml: fix up the references to pam.d, which is in manpage section 5, not 8. * modules/pam_env/environment, modules/pam_env/pam_env.8.xml: spelling fix, seperate -> separate 2008-07-26 Steve Langasek * modules/pam_env/pam_env.c: Fix module to skip over non-alphanumeric variable names, and to handle the case when asked to delete a non-existent variable. 2008-07-13 Tomas Mraz * modules/pam_mail/pam_mail.8.xml: Module supports session and not account service (#1980773). 2008-07-11 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Do not close the pipe descriptor in borderline case (#2009766). * modules/pam_unix/pam_unix_passwd.c (_unix_run_update_binary): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/support.h: Define upper limit of fds we will attempt to close. * modules/pam_selinux/pam_selinux.c (config_context): Do not ask for the level if use_current_range is set. (context_from_env): New function to obtain the context from PAM environment variables. (pam_sm_open_session): Call context_from_env() if env_params option is present. use_current_range now modifies behavior of the context_from_env and config_context options. * modules/pam_selinux/pam_selinux.8.xml: Describe the env_params option. Adjust description of use_current_range option. 2008-07-09 Thorsten Kukuk * modules/pam_exec/pam_exec.c (call_exec): Move all variable declaration to begin of a block (#1976310). * xtests/tst-pam_group1.c (run_test): Move no_grps declaration to begin of function (#1976310). * modules/pam_securetty/pam_securetty.8.xml: Replace PAM_IGNORE with PAM_USER_UNKNOWN (#1994330). * modules/pam_tally/pam_tally.c: Add support for silent and no_log_info options. * modules/pam_tally/pam_tally.8.xml: Document silent and no_log_info options. 2008-07-08 Thorsten Kukuk * modules/pam_unix/passverify.c (verify_pwd_hash): Adjust debug statement. 2008-06-22 Thorsten Kukuk * modules/pam_unix/unix_chkpwd.c (main): Fix compiling without audit support. * modules/pam_cracklib/pam_cracklib.8.xml: Fix typo in ucredit description (reported by Wayne Pollock ) 2008-06-19 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Detect configuration errors. Fail on incomplete condition. 2008-05-20 Tomas Mraz * configure.in: Work correctly with autoconf-2.62. 2008-05-19 Tomas Mraz * doc/man/pam_getenv.3.xml: Correct the pam_getenv documentation. * doc/man/pam_prompt.3.xml: Add missing description. 2008-05-14 Kjartan Maraas * po/nb.po: Updated translation. 2008-05-14 Sulyok Péter * po/hu.po: Updated translation. 2008-05-14 Tomas Mraz * libpam/pam_modutil_getgrgid.c: Replace hardcoded constant with define PWD_LENGTH_SHIFT. * libpam/pam_modutil_getgrnam.c: Likewise. * libpam/pam_modutil_getpwnam.c: Likewise. * libpam/pam_modutil_getpwuid.c: Likewise. * libpam/pam_modutil_getspnam.c: Likewise. * libpam/pam_modutil_private.h: Adjust values for PWD_ constants. * modules/pam_unix/pam_unix_passwd.c(pam_sm_chauthtok): Unset authtok item when password is not approved. * modules/pam_unix/support.c(_unix_read_password): UNIX_USE_FIRST_PASS is always set when UNIX_AUTHTOK is set, change order of conditions. 2008-05-02 Tomas Mraz * modules/pam_selinux/pam_selinux.c(query_response): Add handling for NULL response. (manual_context): Handle failed query_response() properly. Rename variable responses to response which is more correct name. (config_context): Likewise. (pam_sm_open_session): Do not base decision on whether there is a tty. 2008-04-22 Tomas Mraz * modules/pam_selinux/pam_selinux.c(pam_sm_close_sesion): Fix regression from the change from 2008-03-20. setexeccon() must be called also with NULL prev_context. 2008-04-21 Thorsten Kukuk * modules/pam_access/access.conf.5.xml: Document changed behavior of LOCAL keyword. * modules/pam_access/pam_access.c: Add from_remote_host to struct login_info to change behavior of LOCAL keyword: if PAM_RHOST is not set, LOCAL will be true. 2008-04-18 Tomas Mraz * modules/pam_namespace/pam_namespace.c: New functions unprotect_dirs(), cleanup_protect_data(), protect_mount(), protect_dir() to protect directory by bind mount. (cleanup_data): Renamed to cleanup_polydir_data(). (parse_create_params): Allow missing specification of mode or owner. (check_inst_parent): Call protect_dir() on the instance parent directory. The directory is created when it doesn't exist. (create_polydir): Protect and make the polydir by protect_dir(), remove potential races. (create_dirs): Renamed to create_instance(), remove call to inst_init(). (ns_setup): Call protect_dir() on the polydir if it already exists. Call inst_init() after the polydir is mounted. (setup_namespace): Set the namespace protect data to be cleaned up on pam_close_session()/pam_end(). (pam_sm_open_session): Initialize the protect_dirs. (pam_sm_close_session): Cleanup namespace protect data. * modules/pam_namespace/pam_namespace.h: Define struct for the stack of protected dirs. * modules/pam_namespace/pam_namespace.8.xml: Document when the instance init script is called. * modules/pam_namespace/namespace.conf.5.xml: Likewise. 2008-04-17 Tomas Mraz * modules/pam_access/pam_access.c(myhostname): Removed function. (user_match): Supply hostname of the machine to the netgroup_match(). Use hostname from the loginfo instead of calling myhostname(). (pam_sm_authenticate): Call gethostname() to fill hostname in the loginfo. * modules/pam_sepermit/pam_sepermit.c(sepermit_match): Do not try to lock if euid != 0. 2008-04-16 Tomas Mraz * modules/pam_unix/Makefile.am: Link unix_chkpwd with libaudit. * modules/pam_unix/unix_chkpwd.c(_audit_log): New function for audit. (main): Call _audit_log() when appropriate. * modules/pam_cracklib/pam_cracklib.c(_pam_parse): Recognize also try_first_pass and use_first_pass options. (pam_sm_chauthtok): Implement the new options. 2008-04-08 Tomas Mraz * modules/pam_xauth/pam_xauth.c(run_coprocess): Avoid multiple calls to sysconf() (based on patch by Sami Farin). * libpam/pam_item.c (TRY_SET): Do not set when destination is identical to source. (pam_set_item): Do not overwrite destination when it is identical to source. 2008-04-07 MiloÅ¡ KomarÄević * po/sr.po: New file with translation. * po/sr@latin.po: Likewise. * po/LINGUAS: Add sr and sr@latin. 2008-04-03 Thorsten Kukuk * release version 1.0.0 * configure.in: Set version number to 1.0.0. * libpam/Makefile.am: Bump patchlevel of libpam. * doc/adg/Linux-PAM_ADG.xml: Update version/date. * doc/mwg/Linux-PAM_MWG.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Likewise. 2008-03-31 Dan Walsh * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to be closed on exec. 2008-03-25 Leah Liu * po/zh_CN.po: Updated translation. 2008-03-20 Tomas Mraz * modules/pam_namespace/pam_namespace.c(poly_name): Switch to USER method only when appropriate. (setup_namespace): Do not umount when not mounted with RUSER. * modules/pam_selinux/pam_selinux.c(pam_sm_close_session): Call freecontext() after the context is logged not before. 2008-03-18 Canniot Thomas * po/fr.po: Updated translation. 2008-03-13 Ankit Patel * po/gu.po: Updated translation. 2008-03-05 Tomas Mraz * modules/pam_cracklib/pam_cracklib.c(pam_sm_chauthtok): Avoid unnecessary x_strdup() of resp. * modules/pam_ftp/pam_ftp(pam_sm_authenticate): Call _pam_overwrite() before dropping password resp. 2008-03-03 Tomas Mraz * modules/pam_selinux/pam_selinux.c: Do not translate syslog messages. * po/Linux-PAM.pot: Update. * libpam/pam_item.c(RESET): Rename to TRY_SET, handle strdup failure. (pam_set_item): Use TRY_SET() also for PAM_AUTHTOK and PAM_OLDAUTHTOK. Handle allocation failure for PAM_XAUTHDATA. (pam_get_user): Return error when conversation returns NULL user. Call pam_set_item() instead of RESET(). 2008-02-26 Tomas Mraz * modules/pam_unix/Makefile.am: Do not link to cracklib. * modules/pam_unix/pam_unix_passwd.c(_pam_unix_approve_pass): Do not call FascistCheck() from cracklib. 2008-02-29 Fabian Affolter * po/de.po: Updated translation. 2008-02-28 Piotr DrÄ…g * po/pl.po: Updated translation. 2008-02-26 Tomas Mraz * po/LINUGAS: New languages added. * po/es.po: Updated translations. * po/fr.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nl.po: Likewise. * po/pl.po: Likewise. * po/pt_BR.po: Likewise. * po/ru.po: Likewise. * po/zh_CN.po: Likewise. * po/as.po: New file. * po/gu.po: Likewise. * po/hi.po: Likewise. * po/kn.po: Likewise. * po/ko.po: Likewise. * po/ml.po: Likewise. * po/or.po: Likewise. * po/si.po: Likewise. * po/ta.po: Likewise. 2008-02-21 Tomas Mraz * libpam/pam_audit.c (_pam_audit_writelog): Silence syslog message on non-error return. * modules/pam_unix/unix_chkpwd.c (main): Proceed as unprivileged user when checking password of another user. * modules/pam_unix/unix_update.c: Fix comment. 2008-02-18 Dmitry V. Levin * libpam/pam_handlers.c (_pam_assemble_line): Fix potential buffer overflow. * xtests/tst-pam_assemble_line1.pamd: New test for _pam_assemble_line. * xtests/tst-pam_assemble_line1.sh: New script for tst-pam_assemble_line1. * xtests/Makefile.am (NOSRCTESTS): Add tst-pam_assemble_line1. (EXTRA_DIST): Add tst-pam_assemble_line1.pamd and tst-pam_assemble_line1.sh * modules/pam_exec/pam_exec.c (call_exec): Fix asprintf return code check. 2008-02-13 Thorsten Kukuk * release version 0.99.10.0 * configure.in: set version number. * modules/pam_rhosts/Makefile.am: Remove pam_rhosts_auth. * modules/pam_rhosts/pam_rhosts_auth.c: Removed. * modules/pam_rhosts/tst-pam_rhosts_auth: Removed. * modules/pam_namespace/Makefile.am (noinst_HEADERS): Add pam_namespace.h. 2008-02-13 Tomas Mraz * modules/pam_namespace/Makefile.am: Add argv_parse files and namespace.d dir. * modules/pam_namespace/argv_parse.c: New file. * modules/pam_namespace/argv_parse.h: New file. * modules/pam_namespace/namespace.conf.5.xml: Document new features. * modules/pam_namespace/pam_namespace.8.xml: Likewise. * modules/pam_namespace/pam_namespace.h: Use SECURECONF_DIR define. Define NAMESPACE_D_DIR and NAMESPACE_D_GLOB. Define new option flags and polydir flags. (polydir_s): Add rdir, replace exclusive with flags, add init_script, owner, group, and mode. (instance_data): Add ruser, gid, and ruid. * modules/pam_namespace/pam_namespace.c: Remove now unused copy_ent(). (add_polydir_entry): Add the entry directly, no copy. (del_polydir): New function. (del_polydir_list): Call del_polydir(). (expand_variables, parse_create_params, parse_iscript_params, parse_method): New functions. (process_line): Call expand_variables() on polydir and instance prefix. Call argv_parse() instead of strtok_r(). Allocate struct polydir_s on heap. (parse_config_file): Parse .conf files from namespace.d dir after namespace.conf. (form_context): Call getcon() or get_default_context_with_level() when appropriate flags are set. (poly_name): Handle shared polydir flag. (inst_init): Execute non-default init script when specified. (create_polydir): New function. (create_dirs): Remove the code which checks the polydir. Do not call inst_init() when noinit flag is set. (ns_setup): Check the polydir and eventually create it if the create flag is set. (setup_namespace): Use ruser uid from idata. Set the namespace polydir pam data only when namespace was set up correctly. Unmount polydir based on ruser. (get_user_data): New function. (pam_sm_open_session): Check for use_current_context and use_default_context options. Call get_user_data(). (pam_sm_close_session): Call get_user_data(). 2008-02-06 Thorsten Kukuk * po/de.po: Translate some more strings. 2008-02-05 Thorsten Kukuk * modules/pam_unix/unix_update.c: Remove unused declarations. 2008-02-04 Thorsten Kukuk * libpam/pam_static_modules.h: Add _pam_sepermit_modstruct. * modules/pam_sepermit/pam_sepermit.c: Fix typo. * modules/pam_sepermit/Makefile.am: Install config file only if we build the module. * README: Add --disable-pie to configure options for static library. * doc/man/Makefile.am: Fix building outside of src directory. * libpam/Makefile.am: Bump version number of libpam. * modules/Makefile.am: Add pam_sepermit. * doc/Makefile.am: Fix build out of source directory. * po/POTFILES.in: Add pam_sepermit.c. * modules/pam_exec/pam_exec.c: Set PAM environment variables and add 'quiet' option. * modules/pam_exec/pam_exec.8.xml: Document new behavior. Patch from Julien Lecomte . 2008-02-01 Tomas Mraz * modules/pam_namespace/namespace.conf.5.xml: Add documentation for tmpfs and tmpdir polyinst and for ~ user list modifier. * modules/pam_namespace/namespace.init: Add documentation for the new init parameter. Add home directory initialization script. * modules/pam_namespace/pam_namespace.8.xml: Document the new init parameter of the namespace.init script. * modules/pam_namespace/pam_namespace.c(copy_ent): Copy exclusive flag. (cleanup_data): New function. (process_line): Set exclusive flag. Add tmpfs and tmpdir methods. (ns_override): Change behavior on the exclusive flag. (poly_name): Process tmpfs and tmpdir methods. (inst_init): Add flag for new directory initialization. (create_dirs): Process the tmpdir method, add the new directory flag. (ns_setup): Remove unused code. Process the tmpfs method. (cleanup_tmpdirs): New function. (setup_namespace): Set data for proper cleanup. Cleanup the tmpdirs on failures. (pam_sm_close_session): Instead of parsing the config file again use the previously set data for cleanup. * modules/pam_namespace/pam_namespace.h: Add TMPFS and TMPDIR methods and exclusive flag. 2008-01-29 Tomas Mraz * configure.in: Test for setkeycreatecon needs libselinux. Add new module pam_sepermit. * modules/Makefile.am: Add new module pam_sepermit. * modules/pam_sepermit/.cvsignore: New file. * modules/pam_sepermit/Makefile.am: Likewise. * modules/pam_sepermit/README.xml: Likewise. * modules/pam_sepermit/pam_sepermit.8.xml: Likewise. * modules/pam_sepermit/pam_sepermit.c: Likewise. * modules/pam_sepermit/sepermit.conf: Likewise. * modules/pam_sepermit/tst-pam_sepermit: Likewise. * doc/sag/pam_sepermit.xml: Likewise. * doc/sag/pam_tty_audit.xml: Add pam_tty_audit to SAG. 2008-01-29 Miloslav Trmac * modules/pam_tty_audit/README.xml: Add notes section. * modules/pam_tty_audit/pam_tty_audit.8.xml: Describe patterns support and open_only option. Add notes. * modules/pam_tty_audit/pam_tty_audit.c(pam_sm_open_session): Add support for pattern matching and the open_only option. 2008-01-28 Thorsten Kukuk * libpam/pam_audit.c: Include pam_modutil_private.h. * libpam/pam_item.c (pam_set_item): Fix compiler warning. * libpam/pam_end.c (pam_end): Cast to correct pointer type. * libpam/include/security/_pam_macros.h (_pam_overwrite_n): Use unsigned int. * modules/pam_unix/passverify.c: Fix compiling without SELinux support. 2008-01-24 Tomas Mraz * modules/pam_unix/bigcrypt.c (bigcrypt): Use crypt_r() when available. * modules/pam_unix/passverify.c (strip_hpux_aging): New function to strip HP/UX aging info from password hash. (verify_pwd_hash): Call strip_hpux_aging(), use crypt_r() when available. 2008-01-23 Tomas Mraz * configure.in: Add test for crypt_r(). Add setting/disabling random device support. * modules/pam_unix/Makefile.am: Add unix_update.8 manpage generated from XML, generate also unix_chkpwd.8 from XML. * modules/pam_unix/pam_unix_acct.c: Add rounds parameter to _set_ctrl(). * modules/pam_unix/pam_unix_auth.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/support.c(_set_ctrl): Likewise. * modules/pam_unix/support.h: Likewise. Add UNIX_SHA256_PASS, UNIX_SHA512_PASS, and UNIX_ALGO_ROUNDS ctrls. (pam_sm_chauthtok): Refactor out new password encryption. * modules/pam_unix/passverify.c(crypt_make_salt): New function. (crypt_md5_wrapper): Call crypt_make_salt(). (create_password_hash): New function refactored out of pam_sm_chauthtok(). Support for new password hashes. * modules/pam_unix/passverify.h: Drop ascii_to_bin() and bin_to_ascii() macros. Add prototype for create_password_hash(). * modules/pam_unix/unix_update.8.xml: New file. * modules/pam_unix/unix_chkpwd.8.xml: Likewise. * modules/pam_unix/Makefile.am: Add unix_update helper. * modules/pam_unix/pam_unix_passwd.c: Move functions i64c(), crypt_md5_wrapper(), save_old_password(), _update_passwd() and _update_shadow() to passverify.c file. Rename _unix_run_shadow_binary() to _unix_run_update_binary(), which also verifies old password and does all writing. (_do_setpass, pam_sm_chauthtok): lckpwdf()->lock_pwdf(), the same for unlock. Call _unix_run_update_binary() appropriately. _update_passwd()->unix_update_passwd(), the same for shadow. * modules/pam_unix/passverify.c: Add new functions moved from pam_unix_passwd.c and unix_chkpwd.c. * modules/pam_unix/passverify.h: Likewise. * modules/pam_unix/unix_chkpwd.c: Remove SELinux checks. Move su_sighandler(), setup_signals(), getuidname() to passverify.c. (main): Remove 'shadow' option. Refactor out read_passwords() and call it. More strict checking how the binary is called. * modules/pam_unix/unix_update.c: New helper binary - non-setuid, called from SELinux confined apps only. * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): Return status and daysleft instead of fake shadow entry. (pam_sm_acct_mgmt): Call _unix_run_verify_binary() appropriately. * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Call get_account_info() and check_shadow_expiry(). * modules/pam_unix/support.h: Adjust _unix_run_verify_binary() prototype. * modules/pam_unix/support.c (_unix_run_helper_binary): Remove check on selinux enabled/disabled. * modules/pam_unix/unix_chkpwd.c (_verify_account): Rename to _check_expiry(), now checks shadow expiry info. (main): Remove check on selinux enabled/disabled. Check shadow expiry through _check_expiry(). * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Call get_account_info() and check_shadow_expiry(). * modules/pam_unix/passverify.c: Add get_account_info() to obtain shadow and passwd entry. Add check_shadow_expiry() to for shadow password expiry check. (get_pwd_hash): Call get_account_info(). * modules/pam_unix/passverify.h: Add prototypes for get_account_info() and check_shadow_expiry(). 2008-01-08 Thorsten Kukuk * doc/man/Makefile.am: Fix manual page dependencies, add hack for bug in xsl stylestheets. 2008-01-07 Thorsten Kukuk * po/it.po: Fix typos. * po/de.po: Few new translations. * po/POTFILES.in: Add pam_tty_audit.c and passverify.c. * doc/man/pam_xauth_data.3.xml: Added to CVS. * doc/man/pam_xauth_data.3: Likewise. * modules/pam_tty_audit/README: Likewise. * modules/pam_tty_audit/pam_tty_audit.8: Likewise. * po/sv.po: Update swedish translation [#1857531]. * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix cut & paste error [#1863490]. 2008-01-02 Petteri Räty * modules/pam_limits/limits.conf: document allowed values for nice. * modules/pam_limits/limits.conf.5.xml: Likewise. 2007-12-18 Thorsten Kukuk * README: Document how to run make check with static modules (SF#1822779). 2007-12-18 Peter Breitenlohner * README: Document that "make check" requires a file /etc/pam.d/other (SF#1822764). 2007-12-12 Eamon Walsh * doc/man/pam_item_types_ext.inc.xml: More appropriate wording for PAM_XDISPLAY doc. 2007-12-07 Tomas Mraz * po/cs.po: Updated translations. * libpam/libpam.map: Add LIBPAM_MODUTIL_1.1 version. * libpam/pam_audit.c: Add _pam_audit_open() and pam_modutil_audit_write(). (_pam_auditlog): Call _pam_audit_open(). * libpam/include/security/pam_modutil.h: Add pam_modutil_audit_write(). * modules/pam_access/pam_access.8.xml: Add noaudit option. Document auditing. * modules/pam_access/pam_access.c: Move fs, sep, pam_access_debug, and only_new_group_syntax variables to struct login_info. Add noaudit member. (_parse_args): Adjust for the move of variables and add support for noaudit option. (group_match): Add debug parameter. (string_match): Likewise. (network_netmask_match): Likewise. (login_access): Adjust for the move of variables. Add nonall_match. Add call to pam_modutil_audit_write(). (list_match): Adjust for the move of variables. (user_match): Likewise. (from_match): Likewise. (pam_sm_authenticate): Call _parse_args() earlier. * modules/pam_limits/pam_limits.8.xml: Add noaudit option. Document auditing. * modules/pam_limits/pam_limits.c (_pam_parse): Add noaudit option. (setup_limits): Call pam_modutil_audit_write(). * modules/pam_time/pam_time.8.xml: Add debug and noaudit options. Document auditing. * modules/pam_time/pam_time.c: Add option parsing (_pam_parse()). (check_account): Call _pam_parse(). Call pam_modutil_audit_write() and pam_syslog() on login denials. 2007-12-07 Luca Bruno * po/it.po: Updated translations. 2007-12-06 Eamon Walsh * libpam/include/security/_pam_macros.h: Add _pam_overwrite_n() macro. * libpam/include/security/_pam_types.h: Add PAM_XDISPLAY, PAM_XAUTHDATA items, pam_xauth_data struct. * libpam/pam_item.c (pam_set_item, pam_get_item): Handle PAM_XDISPLAY and PAM_XAUTHDATA items. * libpam/pam_end.c (pam_end): Destroy the new items. * libpam/pam_private.h (pam_handle): Add data members for new items. Add prototype for _pam_memdup. * libpam/pam_misc.c: Add _pam_memdup. * doc/man/Makefile.am: Add pam_xauth_data.3. Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_get_item.3.xml: Replace pam_item_types.inc.xml with pam_item_types_std.inc.xml and pam_item_types_ext.inc.xml. * doc/man/pam_set_item.3.xml: Likewise. * doc/man/pam_item_types.inc.xml: Removed file. * doc/man/pam_item_types_ext.inc.xml: New file. * doc/man/pam_item_types_std.inc.xml: New file. 2007-12-06 Tomas Mraz * modules/pam_tty_audit/pam_tty_audit.8.xml: Fix example. 2007-12-05 Miloslav Trmac * configure.in: Add test for audit_tty_status struct. Add pam_tty_audit module. * libpam/pam_static_modules.h: Add pam_tty_audit module. * modules/pam_tty_audit/Makefile.am: New file. * modules/pam_tty_audit/README.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.8.xml: Likewise. * modules/pam_tty_audit/pam_tty_audit.c: Likewise. 2007-12-05 Tomas Mraz * modules/pam_unix/Makefile.am: Add passverify.h and passverify.c as first part of pam_unix refactorization. * modules/pam_unix/pam_unix/pam_unix_acct.c: Include passverify.h. * modules/pam_unix/pam_unix_passwd.c: Likewise. * modules/pam_unix/passverify.c: New file with common functions. * modules/pam_unix/passverify.h: Prototypes for the common functions. * modules/pam_unix/support.c: Include passverify.h, move _unix_shadowed() to passverify.c. (_unix_verify_password): Refactor out verify_pwd_hash() function. * modules/pam_unix/support.h: Move _unix_shadowed() prototype to passverify.h * modules/pam_unix/unix_chkpwd.c: Use _unix_shadowed() and verify_pwd_hash() from passverify.c. 2007-11-20 Thorsten Kukuk * modules/pam_unix/Makefile.am (unix_chkpwd_LDADD): Don't link unix_chkpwd unnecessary against libpam (#1822779). * modules/pam_tally/pam_tally.c (tally_log): Map pam_modutil_getpwnam to getpwnam if we don't compile as module. * modules/pam_tally/Makefile.am: Don't link pam_tally_app against libpam (#1822779). 2007-11-06 Thorsten Kukuk * xtests/tst-pam_group1.c: Include stdlib.h * xtests/tst-pam_succeed_if1.c: Likewise. * xtests/tst-pam_limits1.c: Likewise. * xtests/tst-pam_access1.c: Likewise. * xtests/tst-pam_access2.c: Likewise. * xtests/tst-pam_access3.c: Likewise. * xtests/tst-pam_access4.c: Likewise. * xtests/tst-pam_unix1.c: Likewise. * xtests/tst-pam_unix2.c: Likewise. * xtests/tst-pam_unix3.c: Likewise. * xtests/tst-pam_cracklib1.c: Likewise. * xtests/tst-pam_cracklib2.c: Likewise. * libpam/pam_static_modules.h: Fix name of pam_namespace variable. 2007-11-01 Peter Breitenlohner * doc/man/pam_conv.3.xml: Correct typo. 2007-10-30 Peter Breitenlohner * modules/pam_rhosts/pam_rhosts_auth.c (__icheckhost): Correct misplaced parenthesis. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Prevent use of dngettext() when NLS is disabled. * modules/pam_exec/pam_exec.c (call_exec): Avoid gcc warning. * doc/specs/parse_y.y (set_label, new_counter): Break trigraphs to avoid gcc warning. * modules/pam_wheel/pam_wheel.c: Remove excessive initializer elements. * modules/pam_cracklib/pam_cracklib.8.xml: Correct typo. * modules/pam_limits/limits.conf.5.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_xauth/pam_xauth.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Correct spelling. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_permit/pam_permit.8.xml: Likewise. * modules/pam_shells/pam_shells.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_warn/pam_warn.8.xml: Likewise. * tests/tst-dlopen.c: Return 77 in case of static modules, such that all modules/pam_*/tst-pam_* tests yield SKIP instead of FAIL. * libpam/Makefile.am (libpam_la_LIBADD): Use "$(shell ls ...)" instead of "`ls ...`", to allow for static modules. * libpam/pam_static_modules.h: Make pam_keyinit module depend on HAVE_KEY_MANAGEMENT; correct name of pam_faildelay pam_module struct. * modules/pam_faildelay/pam_faildelay.c: Correct name of pam_module struct. 2007-10-25 Steve Langasek * modules/pam_tally/pam_tally.c: fix the definition of OPT_AUDIT to be octal instead of decimal, so that it works properly in a bit field instead of forcing the "even_deny_root_account" and "no_reset" options to on. Patch from Corey Wright . 2007-10-19 Tomas Mraz * xtests/tst-pam_access1.c: Use different name for user and group. * xtests/tst-pam_access1.sh: Likewise. * xtests/tst-pam_access2.c: Likewise. * xtests/tst-pam_access2.sh: Likewise. * xtests/tst-pam_access4.c: Likewise. * xtests/tst-pam_access4.sh: Likewise. * xtests/group.conf: Likewise. * xtests/tst-pam_group1.c: Likewise. * xtests/tst-pam_group1.sh: Likewise. * libpam/pam_dispatch.c (_pam_dispatch_aux): Save states for substacks, record substack level, skip over virtual substack modules, implement evaluation of done, die, reset and jumps in substacks. Also fixes too far jumps in substacks. * libpam/pam_end.c (pam_end): Drop substack evaluation states. * libpam/pam_handlers.c (_pam_parse_conf_file): Add substack level parameter, instead of must_fail use handler_type needed for virtual substack modules. (_pam_load_conf_file): Add substack level parameter. (_pam_init_handlers): Substack level parameter added to _pam_parse_conf_file() calls. (_pam_load_module): New function. (_pam_add_handler): Refactor code into the _pam_load_module(). Add support for virtual substack modules. * libpam/pam_private.h: Rename must_fail to handler_type, add stack_level to struct handler. Define handler type constants. Add struct for substack evaluation states. Define constant for maximum substack level. Add substack states pointer to former state struct. * libpam/pam_start.c (pam_start): Initialize pointer to substack states. * doc/man/pam.conf-syntax.xml: Document substack control. * xtests/Makefile.am: Add new tests for substack evaluation. * xtests/run_xtests.sh: Support multiple .pamd files in a test. * xtests/tst-pam_authfail.pamd: New tests for substack evaluation. * xtests/tst-pam_authsucceed.pamd: Likewise. * xtests/tst-pam_substack1.pamd: Likewise. * xtests/tst-pam_substack1a.pamd: Likewise. * xtests/tst-pam_substack1.sh: Likewise. * xtests/tst-pam_substack2.pamd: Likewise. * xtests/tst-pam_substack2a.pamd: Likewise. * xtests/tst-pam_substack2.sh: Likewise. * xtests/tst-pam_substack3.pamd: Likewise. * xtests/tst-pam_substack3a.pamd: Likewise. * xtests/tst-pam_substack3.sh: Likewise. * xtests/tst-pam_substack4.pamd: Likewise. * xtests/tst-pam_substack4a.pamd: Likewise. * xtests/tst-pam_substack4.sh: Likewise. * xtests/tst-pam_substack5.pamd: Likewise. * xtests/tst-pam_substack5a.pamd: Likewise. * xtests/tst-pam_substack5.sh: Likewise. 2007-10-18 Tomas Mraz * xtests/tst-pam_dispatch4.c: Fix comment about the test. * xtests/tst-pam_dispatch4.pamd: Improve the testcase. * xtests/tst-pam_cracklib2.c: Make the testcase more robust. 2007-10-12 Thorsten Kukuk * xtests/Makefile.am: Add tst-pam_dispatch5 sources * xtests/tst-pam_dispatch5.c: New test for jump too far. * xtests/tst-pam_dispatch5.pamd: New test configuration. 2007-10-09 Tomas Mraz * modules/pam_tally/pam_tally.8.xml: Document audit option correctly. 2007-10-09 Thorsten Kukuk * release version 0.99.9.0 * configure.in: Increase vesion number. * libpam/Makefile.am: Increase release number. * libpam_misc/Makefile.am: Increase release number. * po/*.po: Regenerate. 2007-10-08 Thorsten Kukuk * modules/pam_time/pam_time.c (is_same): Length of strings without wildcard needs to be the same. * modules/pam_group/pam_group.c (is_same): Likewise. 2007-10-01 Thorsten Kukuk * xtests/tst-pam_group1.c: New test case for user compare in pam_group. * xtests/tst-pam_group1.sh: Script to run test case. * xtests/tst-pam_group1.pamd: Config for test case. * xtests/Makefile.am: Add tst-pam_group1 test case. * xtests/run-xtests.sh: Save/restore group.conf. * xtests/group.conf: New. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Don't free arguments used for putenv(). * doc/man/pam_putenv.3.xml: Document that application has to free the memory. 2007-09-27 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): Fix in operator rhbz #295151. * modules/pam_namespace/pam_namespace.c (poly_name): Do not try to get context when SELinux is disabled. 2007-09-27 Thorsten Kukuk * xtests/tst-pam_succeed_if1.c: New test case for https://bugzilla.redhat.com/show_bug.cgi?id=295151 * xtests/tst-pam_succeed_if1.sh: Script to run test case. * xtests/tst-pam_succeed_if1.pamd: Config for test case. * xtests/Makefile.am: Add tst-pam_succeed_if1 test case. * xtests/run-xtests.sh: Add support to skip tests. * xtests/tst-pam_limits1.c: Skip test if RLIMIT_NICE is not defined. 2007-09-03 Steve Langasek * modules/pam_limits/pam_limits.c: remove a number of unnecessary string manipulations, including a strncpy() that was acting on overlapping memory. * libpam_misc/misc_conv.c: don't block SIGINT in misc_conv; it's perfectly valid to allow the user to interrupt at a prompt. If an application wants prompts to not be interruptable, the application should take responsibility for blocking SIGINT. 2007-09-02 Thorsten Kukuk * examples/Makefile.am: Fix usage of LIBADD, LDADD and LDFLAGS. * libpam/Makefile.am: Likewise. * modules/pam_access/Makefile.am: Likewise. * modules/pam_cracklib/Makefile.am: Likewise. * modules/pam_debug/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_echo/Makefile.am: Likewise. * modules/pam_env/Makefile.am: Likewise. * modules/pam_exec/Makefile.am: Likewise. * modules/pam_faildelay/Makefile.am: Likewise. * modules/pam_filter/Makefile.am: Likewise. * modules/pam_filter/upperLOWER/Makefile.am: Likewise. * modules/pam_ftp/Makefile.am: Likewise. * modules/pam_group/Makefile.am: Likewise. * modules/pam_issue/Makefile.am: Likewise. * modules/pam_keyinit/Makefile.am: Likewise. * modules/pam_lastlog/Makefile.am: Likewise. * modules/pam_limits/Makefile.am: Likewise. * modules/pam_listfile/Makefile.am: Likewise. * modules/pam_localuser/Makefile.am: Likewise. * modules/pam_loginuid/Makefile.am: Likewise. * modules/pam_mail/Makefile.am: Likewise. * modules/pam_mkhomedir/Makefile.am: Likewise. * modules/pam_motd/Makefile.am: Likewise. * modules/pam_namespace/Makefile.am: Likewise. * modules/pam_nologin/Makefile.am: Likewise. * modules/pam_permit/Makefile.am: Likewise. * modules/pam_rhosts/Makefile.am: Likewise. * modules/pam_rootok/Makefile.am: Likewise. * modules/pam_securetty/Makefile.am: Likewise. * modules/pam_selinux/Makefile.am: Likewise. * modules/pam_shells/Makefile.am: Likewise. * modules/pam_stress/Makefile.am: Likewise. * modules/pam_succeed_if/Makefile.am: Likewise. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_time/Makefile.am: Likewise. * modules/pam_umask/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * tests/Makefile.am: Likewise. 2007-08-31 Steve Langasek * modules/pam_group/group.conf: don't use "games" as an example group, on some distros this is a pre-existing group that it would be a security hole to give users access to. 2007-08-30 Thorsten Kukuk * modules/pam_limits/limits.conf.5.xml: Document that maxlogins is ignored for users with UID 0. 2007-08-30 Steve Langasek * modules/pam_unix/support.c, modules/pam_unix/unix_chkpwd.c: A wrong username doesn't need to be logged at LOG_ALERT; LOG_WARNING should be sufficient. Patch from Sam Hartman . * modules/pam_cracklib/pam_cracklib.c: s/CRACKLIB_DICT/CRACKLIB_DICTS/, for consistency with existing #define in pam_unix 2007-08-29 Steve Langasek * libpam/pam_modutil_getgrgid.c, libpam/pam_modutil_getgrnam.c, libpam/pam_modutil_getpwnam.c, libpam/pam_modutil_getpwuid.c, libpam/pam_modutil_getspnam.c: don't use pthread mutexes in libpam unnecessarily; this avoids linking problems on non-Linux platforms. * modules/pam_listfile/pam_listfile.c, modules/pam_listfile/README, modules/pam_listfile/pam_listfile.8, modules/pam_listfile/pam_listfile.8.xml: add a 'quiet' option to avoid logging errors any time a user is refused service by this module. 2007-08-29 Thorsten Kukuk * modules/pam_rhosts/pam_rhosts_auth.c: buflen needs to be size_t. (__icheckhost): Cast to int32_t to fix limited range error. * modules/pam_cracklib/pam_cracklib.c: Mark cracklib_dictpath as const. 2007-08-29 Steve Langasek * modules/pam_rhosts/pam_rhosts_auth.c: getline returns -1 at EOF, not 0. Check accordingly to fix an infinite loop. Thanks to Stephan Springl for catching this. 2007-08-28 Steve Langasek * configure.in: call AC_CHECK_HEADERS instead of AC_CHECK_HEADER for crack.h, so we get a HAVE_CRACK_H define. * modules/pam_cracklib/pam_cracklib.c: don't copy around the cracklib dictpath into a fixed-width buffer, when we can just point at the existing strings; and allow users to override the default cracklib path with -DCRACKLIB_DICT, required for compatibility with cracklib 2.7. 2007-08-27 Steve Langasek * modules/pam_limits/pam_limits.c: when building on non-Linux systems, give a warning only, not an error; no one seems to remember why this error was here in the first place, but leave something in that might still grab the attention of non-Linux users. Patch from Michal Suchanek . * configure.in, modules/pam_rhosts/pam_rhosts_auth.c: check for the presence of net/if.h before using, required for Hurd compatibility. Patch from Igor Khavkine . * modules/pam_limits/pam_limits.c: conditionalize the use of RLIMIT_AS, which is not present on the Hurd. Patch from Igor Khavkine . * modules/pam_rhosts/pam_rhosts_auth.c: use getline() instead of a static buffer when available; fixes the build on systems without MAXHOSTNAMELEN (i.e., the Hurd). * modules/pam_xauth/pam_xauth.c: make sure PATH_MAX is defined before using it. 2007-08-26 Andrew Morgan * doc/man/pam.conf-syntax.xml Minor fixes: '\[' -> '\]'. 2007-08-25 Steve Langasek * doc/man/pam.conf-syntax.xml, doc/man/pam.conf.5: Document "new" control options conv_again and incomplete, supported in pam.d's extended syntax. Patch from Ben Collins . 2007-08-15 Tomas Mraz * modules/pam_access/pam_access.c (list_match): Add explicit sptr argument for strtok_r, otherwise the code is not portable. 2007-08-13 Olivier Blin * doc/man/pam.3.xml: Fix typo. * doc/man/pam.3: Likewise. * doc/man/pam_end.3.xml: Likewise. * doc/man/pam_end.3: Likewise. 2007-07-18 Thorsten Kukuk * release version 0.99.8.1 * libpam/pam_audit.c: Include unistd.h for getuid(). * libpam/Makefile.am: Bump version number. 2007-07-12 Thorsten Kukuk * libpam/pam_audit.c (_pam_audit_writelog): Don't return error if application runs as normal user. Fixes regression introduced with last change. 2007-07-10 Thorsten Kukuk * configure.in: Add --with-db-uniquename option to support db libraries and functions with unique name extension. Patch from Diego 'Flameeyes' Pettenò . * modules/pam_limits/pam_limits.c: Include locale.h. 2007-07-06 Thorsten Kukuk * release version 0.99.8.0 * configure.in: Check for audit_log_acct_message instead of audit_log_user_message. * libpam/pam_audit.c: Use audit_log_acct_message. Based on patch from Mark J Cox . * libpam/Makefile.am: Bump version number of libpam. * modules/pam_umask/pam_umask.c (set_umask): mode_t is 32bit, not 64bit. * xtests/tst-pam_limits1.c: Fix printf arguments. * po/*.po: Merge po files with latest code changes. 2007-06-26 Thorsten Kukuk * modules/pam_limits/pam_limits.c (process_limit): Check upper and lower limit of nice value, fix off-by-one in conversation to rlim_t. * xtests/Makefile.am: Add new pam_limits test case. * xtests/limits.conf: New, config file for test case. * xtests/pam_limits1.c: New, test case for RLIMIT_NICE. * xtests/pam_limits1.sh: Likewise. * xtests/pam_limits1.pamd: Likewise. 2007-06-25 Thorsten Kukuk * modules/pam_access/pam_access.c (list_match): Use saveptr of strtok_r result for recursive calls. * xtests/Makefile.am: Add new pam_access test cases. * xtests/pam_access1.c: New test case. * xtests/pam_access2.c: Likewise. * xtests/pam_access3.c: Likewise. * xtests/pam_access4.c: Likewise. * xtests/pam_access1.sh: Wrapper to create user accounts. * xtests/pam_access2.sh: Likewise. * xtests/pam_access3.sh: Likewise. * xtests/pam_access4.sh: Likewise. * xtests/pam_access1.pamd: PAM config file for pam_access tests. * xtests/pam_access2.pamd: Likewise. * xtests/pam_access3.pamd: Likewise. * xtests/pam_access4.pamd: Likewise. * xtests/access.conf: Config file for pam_access tests. * xtests/run-tests.sh: Install access.conf into system. 2007-06-22 Thorsten Kukuk * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Print better error message if /proc/self/loginuid cannot be opened. * modules/pam_limits/pam_limits.c (process_limit): Check for variable overflow after multiplication [bnc#283001]. * modules/pam_access/pam_access.c: Add new syntax for groups in access.conf to differentiate group names from account names. Based on patch from Julien Lecomte , solves feature request [#411390]. * modules/pam_access/access.conf: Add example for new group syntax. * modules/pam_access/access.conf.5.xml: Document new syntax. 2007-06-20 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.8.xml: Document new minclass option. * modules/pam_cracklib/pam_cracklib.c: Add support for minimum character classes [#1688777]. Based on patch from Keith Schincke. * xtests/tst-pam_cracklib2.c: New, test case for minclass option. * xtests/tst-pam_cracklib2.pamd: New, PAM config file for test case. * xtests/Makefile.am: Add new testcase. * xtests/pam_cracklib.c: Fix comment what this application tests. * configure.in: Use /lib64 on x86-64, ppc64, s390x, sparc64 2007-06-15 Tomas Mraz * modules/pam_selinux/pam_selinux.8.xml: Remove multiple option, add select_context and use_current_range options. * modules/pam_selinux/pam_selinux.c (send_audit_message): Added function for auditing role/level changes. (query_response): Add default response. (select_context): Removed. (manual_context): Query only role and level. (mls_range_allowed): Added function for range check. (config_context): Added function for role and level override. (pam_sm_open_session): Remove multiple option, add select_context and use_current_range_options. Use getseuserbyname to obtain SELinux user and level. Audit role/level changes. Call setkeycreatecon to assign key creation context. Don't fail on errors when SELinux is not in enforcing mode. * configure.in: Check for setkeycreatecon(). * modules/pam_namespace/README.xml: Avoid duplication of documentation. * modules/pam_namespace/namespace.conf: More real life example from MLS support. * modules/pam_namespace/namespace.conf.5.xml: Likewise plus properly describe how instance directory names are formed. * modules/pam_namespace/namespace.init: Preserve euid when called from setuid apps (su, newrole). * modules/pam_namespace/pam_namespace.8.xml: Added option no_unmount_on_close. * modules/pam_namespace/pam_namespace.c (process_line): Polyinst methods are now user, level and context. Fix crash on unknown override user in config file. (ns_override): Add explicit uid parameter. (form_context): Skip for user method. Implement level based polyinstantiation. (poly_name): Initialize contexts. Add level based polyinst, remove 'both' metod. Use raw contexts for instance names, truncate long instance names and add hash. (ns_setup): Hashing moved to poly_name(). (setup_namespace): Handle correctly override users for su (when unmnt_remnt is used). (pam_sm_close_session): Added no_unmount_on_close option. * modules/pam_namespace/pam_namespace.h: Added no_unmount_on_close_option, level method, limit on instance directory name length. 2007-05-04 Thorsten Kukuk * xtests/run-xtests.sh: Use SRCDIR to find PAM config files. * xtests/Makefile.am: Call run-xtests.sh with srcdir as first argument. Based on patch by Bernard Leak . 2007-04-30 Thorsten Kukuk * modules/pam_limits/limits.conf: Address space limit is KB. * modules/pam_limits/limits.conf.5.xml: Likewise. Reported by Thomas Vander Stichele . * modules/pam_mail/pam_mail.c (_do_mail): Remove duplicate check for PAM_SILENT and don't bail out if it is set [#1706247]. 2007-03-29 Tomas Mraz * modules/pam_access/pam_access.c (login_access, list_match): Replace strtok with strtok_r. * modules/pam_cracklib/pam_cracklib.c (check_old_password): Likewise. * modules/pam_ftp/pam_ftp.c (lookup, pam_authenticate): Likewise. * modules/pam_unix/pam_unix_passwd.c (check_old_password, save_old_password): Likewise. * modules/pam_limits/Makefile.am: Define limits.d dir and install it. * modules/pam_limits/pam_limits.8.xml: Describe limits.d parsing. * modules/pam_limits/pam_limits.c (pam_limit_s): Make conf_file ptr. (pam_parse): conf_file is now ptr. (pam_sm_open_session): Add parsing files from limits.d subdir using glob, change pl to pointer. 2007-03-12 Thorsten Kukuk * po/ar.po: New translation. * po/ca.po: Likewise. * po/da.po: Likewise. * po/ru.po: Likewise. * po/sv.po: Likewise. * po/zu.po: Likewise. * po/LINGUAS: Add ar, ca, da, ru, sv, zu * po/hu.po: Update translation. 2007-02-21 Tomas Mraz * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Test for allocation failure in bigcrypt(). * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Allow modification of '*' password by root. 2007-02-06 Tomas Mraz * modules/pam_loginuid/pam_loginuid.c (set_loginuid): Remove debug syslog message when loginuid doesn't exist. 2007-02-01 Tomas Mraz * xtests/tst-pam_unix3.c: Fix typos in comments. * modules/pam_unix/support.c (_unix_verify_password): Explicitly disallow '!' in the beginning of password hash. Treat only 13 bytes password hash specifically. (Suggested by Solar Designer.) Fix a warning and test for allocation failure. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. 2007-01-31 Thorsten Kukuk * xtests/Makefile.am: Add new pam_unix.so tests * xtests/run-xtests.sh: Prefer shell scripts (wrapper) over binaries. * xtests/tst-pam_cracklib1.c: Fix typo. * xtests/tst-pam_unix1.c: New, for sucurity fix. * xtests/tst-pam_unix1.pamd: New. * xtests/tst-pam_unix1.sh: New. * xtests/tst-pam_unix2.c: New, for crypt checks. * xtests/tst-pam_unix2.pamd: New. * xtests/tst-pam_unix2.sh: New. * xtests/tst-pam_unix3.c: New, for bigcrypt checks. * xtests/tst-pam_unix3.pamd: New. * xtests/tst-pam_unix3.sh: New. 2007-01-23 Thorsten Kukuk * release 0.99.7.1 * configure.in: Set version number to 0.99.7.1 2007-01-23 Thorsten Kukuk Tomas Mraz * modules/pam_unix/support.c (_unix_verify_password): Always compare full encrypted passwords (CVE-2007-0003). 2007-01-23 Tomas Mraz * modules/pam_loginuid/Makefile.am (AM_LDFLAGS): Add LIBAUDIT. * modules/pam_selinux/Makefile.am (pam_selinux_check_LDFLAGS): Add AM_LDFLAGS. (pam_selinux_la_LDFLAGS): Likewise. 2007-01-17 Thorsten Kukuk * release 0.99.7.0 * configure.in: Set version number to 0.99.7.0 * Makefile.am (M4_FILES): Replace GNU make extension by listing all m4 files. 2007-01-17 Tomas Mraz * po/*.po: Updated strings to translate. * po/Linux-PAM.pot: Likewise. 2007-01-16 Thorsten Kukuk * doc/man/pam.conf-syntax.xml: Improve documentation about sufficient keyword (Patch by Petteri Räty ) 2006-12-20 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Forbid only '+' and '-' as first characters for account names. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): Likewise. 2006-12-18 Thorsten Kukuk * configure.in: Fix ENOKEY check (specify errno.h as header file to search in). * configure.in: Add AM_PROG_CC_C_O. * libpam/Makefile.am: Add content of AM_LDFLAGS to *_LDFLAGS. * modules/pam_tally/Makefile.am: Likewise. * modules/pam_unix/Makefile.am: Likewise. * modules/pam_stress/pam_stress.c (pam_sm_chauthtok): Fix localisation of message printed to user. * po/de.po: Adjust translation. 2006-12-18 Tomas Mraz * modules/pam_unix/pam_unix_passwd.c (pam_sm_chauthtok): Localize message printed to user. * modules/pam_unix/support.c (_unix_verify_password): Use strncmp only for bigcrypt result. * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Switch to new egid first, euid next. Revert euid/egid to old euid/egid and not ruid/rgid. (pam_sm_open_session): Switch to new rgid first, ruid next. 2006-12-13 Thorsten Kukuk * modules/pam_localuser/pam_localuser.c: Add support for session and chauthtok [SF#1606180]. * modules/pam_localuser/pam_localuser.8.xml: Document last change. * libpam/pam_audit.c (_pam_audit_writelog): Print error message only once. 2006-12-12 Thorsten Kukuk * libpam/pam_audit.c (_pam_audit_writelog): Print error message on failure to syslog. 2006-12-09 Thorsten Kukuk * modules/pam_umask/pam_umask.c: Use strtoul instead of strtol, fix overflow detection. 2006-12-06 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.c (rec_mkdir): Fix handling of left-most path component [SF#1591598]. (create_homedir): Mark user visible messages for translation. * po/de.po: Adjust german translation for pam_mkhomedir. * modules/pam_faildelay/pam_faildelay.c: If no argument is given, try to read FAIL_DELAY from /etc/login.defs. * modules/pam_faildelay/pam_faildelay.8.xml: Document usage of /etc/login.defs. 2006-12-04 Tomas Mraz * po/jp.po: Fixed mistake in Password: message (from Peng Huang ). 2006-11-28 Thorsten Kukuk * po/hu.po: Update hungarian translation (from Kalman Kemenczy ). * configure.in: Allow disabling support for cracklib, audit, libdb. * modules/pam_faildelay/pam_faildelay.8.xml: Correct name of Author. * configure.in: Remove --enable-docdir (obsolete by --docdir). * doc/Makefile.am: Don't overwrite htmldir. * doc/adg/Makefile.am: Use docdir, htmldir and pdfdir. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Use docdir. * tests/tst-pam_set_data.c: New test cases for pam_set_data(). * tests/Makefile.am: Add pam_set_data test case. * libpam/pam_data.c: Add NULL pointer check for module_data_name. * libpam/Makefile.am: Bump revision of shared library. 2006-11-08 Thorsten Kukuk * configure.in: Add modules/pam_faildelay/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_faildelay.xml. * doc/sag/pam_faildelay.xml: New. * libpam/pam_static_modules.h: Include static pam_faildelay data. * modules/Makefile.am: Add pam_faildelay directory. * modules/pam_faildelay/Makefile.am: New. * modules/pam_faildelay/README: New, generated from XML file. * modules/pam_faildelay/README.xml: New. * modules/pam_faildelay/pam_faildelay.8: New, generated from xml. * modules/pam_faildelay/pam_faildelay.8.xml: New. * modules/pam_faildelay/pam_faildelay.c: New. * modules/pam_faildelay/tst-pam_faildelay: New. * po/POTFILES.in: Add pam_faildelay.c and pam_loginuid.c. 2006-11-07 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c: PAM_DEBUG_ARG is a bit mask and not a boolean value (Reported by Jochen Voss ). 2006-10-26 Thorsten Kukuk * doc/man/pam.3.xml: Add pam_get_user function. * modules/pam_motd/pam_motd.8.xml: Fix typo. 2006-10-24 Thorsten Kukuk * modules/pam_namespace/pam_namespace.c: Reserve space for trailing zero. 2006-10-24 Thorsten Kukuk * modules/pam_unix/support.c (_unix_verify_password): Try system crypt() if we don't know the hash alogorithm. * modules/pam_unix/unix_chkpwd.c (_unix_verify_password): Likewise. 2006-10-13 Tomas Mraz * doc/mwg/Linux-PAM_MWG.xml: Add id[s] to section[s]. * doc/sag/pam_access.xml: Likewise. * doc/sag/pam_echo.xml: Likewise. * doc/sag/pam_env.xml: Likewise. * doc/sag/pam_exec.xml: Likewise. * doc/sag/pam_group.xml: Likewise. * doc/sag/pam_limits.xml: Likewise. * doc/sag/pam_namespace.xml: Likewise. * doc/sag/pam_time.xml: Likewise. * doc/sag/Linux-PAM_SAG.xml: Add id to book. * doc/adg/Linux-PAM_ADG.xml: Add id to book. * doc/mwg/Linux-PAM_MWG.xml: Add id to book. 2006-10-07 Thorsten Kukuk * po/hu.po: Updated hungarian translation (from Kalman Kemenczy ) 2006-09-20 Thorsten Kukuk * doc/adg/Makefile.am: Add manual pages as dependency. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/sag/Linux-PAM_SAG.xml: Include pam_unix.xml. * doc/sag/pam_unix.xml: New. * modules/pam_unix/Makefile.am: Generate pam_unix.8 manual page. * modules/pam_unix/README.xml: New. * modules/pam_unix/pam_unix.8.xml: New. * modules/pam_unix/README: Regenerate from XML. * modules/pam_unix/pam_unix.8: Generated from XML. 2006-09-09 Dmitry V. Levin * modules/pam_wheel/pam_wheel.8.xml: Fix typo. * modules/pam_wheel/pam_wheel.8: Likewise. * modules/pam_wheel/README: Likewise. 2006-09-08 Thorsten Kukuk * po/de.po: Fix typo. 2006-09-06 Thorsten Kukuk * release version 0.99.6.3 2006-09-01 Thorsten Kukuk * modules/pam_loginuid/pam_loginuid.8.xml: Fix typo in config name. 2006-08-31 Thorsten Kukuk * modules/pam_env/environment: New, dummy environment example config file. * modules/pam_namespace/Makefile.am: Don't install manual page if we don't build module. * m4/ld-as-needed.m4: Don't set LDFLAGS if check failed. * m4/ld-O1: Likewise. 2006-08-30 Tomas Mraz * modules/pam_access/pam_access.8.xml: All services supported. * modules/pam_access/pam_access.c (pam_sm_open_session): New. (pam_sm_close_session): New. (pam_sm_chauthtok): New. * modules/pam_access/pam_succeed_if.8.xml: All services supported. * modules/pam_access/pam_succeed_if.c (pam_sm_setcred): Return PAM_IGNORE rather than success. (pam_sm_open_session): New. (pam_sm_close_session): New. (pam_sm_chauthtok): New. 2006-08-30 Thorsten Kukuk * xtests/Makefile.am: Move shell code to execute tests from here ... * xtests/run-xtests.sh: ... to here. * xtests/*.c: Include config.h. * tests/*.c: Likewise. * modules/pam_namespace/pam_namespace.c: Use pam_modutil_getpwnam() instead of getpwnam(). 2006-08-29 Thorsten Kukuk * doc/sag/pam_loginuid.xml: New. * doc/sag/Linux-PAM_SAG.xml: Include pam_loginuid.xml. * configure.in: Add modules/pam_loginuid/Makefile. * modules/Makefile.am: Add pam_loginuid sub directory. * libpam/pam_static_modules.h: Add pam_loginuid. * modules/pam_loginuid/Makefile.am: New. * modules/pam_loginuid/tst-pam_loginuid: New. * modules/pam_loginuid/pam_loginuid.8.xml: New. * modules/pam_loginuid/pam_loginuid.8: New, generated from XML source. * modules/pam_loginuid/pam_loginuid.c: New. * modules/pam_loginuid/README.xml: New. * modules/pam_loginuid/README: New, generated from XML source. 2006-08-29 Dmitry V. Levin * modules/pam_exec/pam_exec.c (call_exec): Add required third argument to open() call with O_CREAT flag set. 2006-08-28 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Remove duplicate code. 2006-08-24 Thorsten Kukuk * release version 0.99.6.2 * modules/pam_lastlog/pam_lastlog.c (last_login_date): Create lastlog file if it does not exist. * modules/pam_cracklib/pam_cracklib.c (pam_sm_chauthtok): Check for error from getting second token. * xtests/Makefile.am: Add tst-pam_cracklib1 * xtests/tst-pam_cracklib1.c: New, check for pam_cracklib seg.fault. * xtests/tst-pam_cracklib1.pamd: New, config for cracklib test. 2006-08-24 Thorsten Kukuk * xtests/tst-pam_dispatch4.c: New test. * xtests/tst-pam_dispatch4.pamd: PAM config for new test. 2006-08-09 Thorsten Kukuk * release version 0.99.6.1 2006-08-09 David Howells * modules/pam_keyinit/pam_keyinit.c (kill_keyrings): Set real uid to user's before revoking. (pam_sm_open_session): Remember the uid. 2006-08-06 Thorsten Kukuk * modules/pam_umask/pam_umask.c (setup_limits_from_gecos): Add error handling. * modules/pam_umask/pam_umask.8.xml: Document silent option. * xtests/Makefile.am: Fix includes for bootstrapping. Reported by Greg Schafer . 2006-08-05 Thorsten Kukuk * release version 0.99.6.0 * modules/pam_limits/pam_limits.c (pam_sm_open_session): Use pam_modutil_getpwnam instead of getpwnam. * modules/pam_succeed_if/pam_succeed_if.c (evaluate): Cast svc variable to char pointer for snprintf. * configure.in: Generate xtests/Makefile. * Makefile.am (SUBDIRS): Add xtests. * README: Document make check and make xtests. * xtests/Makefile.am: New. * xtests/tst-pam_dispatch1.pamd: New. * xtests/tst-pam_dispatch2.pamd: New. * xtests/tst-pam_dispatch3.pamd: New. * xtests/tst-pam_dispatch1.c: New. * xtests/tst-pam_dispatch2.c: New. * xtests/tst-pam_dispatch3.c: New. 2006-08-04 Ray Strode * modules/pam_succeed_if/pam_succeed_if.c (pam_sm_authenticate): Return PAM_USER_UNKNOWN instead of PAM_SERVICE_ERR where appropriate. 2006-08-03 David Howells * modules/pam_keyinit/pam_keyinit.c: Debug should be off by default. (init_keyrings): Properly handle multiple invocations of the module. (kill_keyrings, pam_sm_open_session, pam_sm_close_session): Likewise. 2006-08-03 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (evaluate_inlist): New function for list matching. (evaluate_notinlist): Likewise. (evaluate): Add service value match, list matching. * modules/pam_succeed_if/pam_succeed_if.8.xml: Document the features. * modules/pam_selinux/pam_selinux.c (security_label_tty): Don't log relabelling error when the tty device doesn't exist (ENOENT). 2006-08-01 Thorsten Kukuk * doc/man/pam_fail_delay.3.xml: Fix some Bugs and enhance rationale about when this function should be used and when not. * doc/index.html: Cleanup to look prettier. 2006-08-01 Thorsten Kukuk * libpam/Makefile.am: Bump patchlevel of libpam. * libpam/pam_dispatch.c (_pam_dispatch_aux): If [return=die] or [return=bad] is used, don't return PAM_IGNORE. Based on patch by Tomas Mraz , [BRC#196859]. 2006-07-28 Thorsten Kukuk * ABOUT-NLS: Upgrade to gettext-0.15. * config.rpath: Likewise. * m4/gettext.m4: Upgrade to gettext-0.15. * m4/inttypes-h.m4: New file, from gettext-0.15. * m4/inttypes-pri.m4: Upgrade to gettext-0.15. * m4/lib-link.m4: Upgrade to gettext-0.15. * m4/lib-prefix.m4: Upgrade to gettext-0.15. * m4/lock.m4: New file, from gettext-0.15. * m4/longdouble.m4: Upgrade to gettext-0.15. * m4/nls.m4: Upgrade to gettext-0.15. * m4/po.m4: Upgrade to gettext-0.15. * m4/size_max.m4: Upgrade to gettext-0.15. * m4/visibility.m4: New file, from gettext-0.15. * po/Makefile.in.in: Upgrade to gettext-0.15. 2006-07-24 David Quigley * modules/pam_namespace/Makefile.am: Add pam_namespace.h. * modules/pam_namespace/pam_namespace.c: Move includes and data structure definitions from here ... * modules/pam_namespace/pam_namespace.h: ... here. New file. * modules/pam_namespace/pam_namespace.c: Move large sections of code into new functions. 2006-07-24 Thorsten Kukuk * doc/adg/Makefile.am: Add uninstall and distclean rules. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-07-08 Daniel Richard G. * conf/pam_conv1/Makefile.am: Fix rules for lex and yacc files. * conf/pam_conv1/pam_conv.lex: Rename to ... * conf/pam_conv1/pam_conv_l.l: ... this. * conf/pam_conv1/pam_conv.y: Rename to ... * conf/pam_conv1/pam_conv_y.y: ... this. * configure.in: Add AC_HELP_STRING()s to various AC_ARG_ENABLE() calls. * doc/Makefile.am: Fix rule to install index.html. * doc/adg/Makefile.am: Fix test usage. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. * doc/specs/Makefile.am: Fix rules for lex and yacc files. * specs/parse.lex: Rename to ... * doc/specs/parse_l.l: ... this. * doc/specs/parse.y: Rename to ... * doc/specs/parse_y.y: ... this. * libpam/pam_account.c: Fix #if vs. #ifdef. * libpam/pam_audit.c: Likewise. * libpam/pam_auth.c: Likewise. * libpam/pam_password.c: Likewise. * libpam/pam_private.h: Likewise. * libpam/pam_session.c: Likewise. * libpam/pam_start.c: Likewise. * libpam/pam_static.c: Fix "empty sourcefile" warning. * modules/pam_limits/pam_limits.c: Check for __linux, too. * modules/pam_userdb/Makefile.am: Don't run test if no libdb available. * tests/tst-dlopen.c: Include config.h. 2006-07-03 Dan Yefimov * configure.in: Fixed have_key_syscalls test. * modules/pam_access/pam_access.c (from_match): Fixed IPv4 network match, removed AI_ADDRCONFIG flag. 2006-06-30 Tomas Mraz * modules/pam_namespace/Makefile.am(EXTRA_DIST): Add namespace.init. 2006-06-29 Thorsten Kukuk * doc/Makefile.am (releasedocs): Fix directory layout. * doc/adg/Makefile.am: Likewise. * doc/mwg/Makefile.am: Likewise. * doc/sag/Makefile.am: Likewise. 2006-06-28 Thorsten Kukuk * doc/sag: System Administrator Guide as XML source. * doc/sag/Makefile.am: New. * doc/sag/Linux-PAM_SAG.xml: New, main XML document. * doc/sag/pam_*.xml: New, wrapper to include module documentation. * doc/adg: Application Developers Guide as XML source. * doc/adg/Makefile.am: New. * doc/adg/Linux-PAM_ADG.xml: New, main XML document. * doc/adg/pam_*.xml: New, wrappers to include manual pages. * doc/mwg: Application Developers Guide as XML source. * doc/mwg/Makefile.am: New. * doc/mwg/Linux-PAM_MWG.xml: New, main XML document. * doc/mwg/pam_*.xml: New, wrappers to include manual pages. * doc/CREDITS: Removed. * doc/NOTES: Removed. * doc/pam_appl.sgml: Removed. * doc/pam_modules.sgml: Removed. * doc/pam_source.sgml: Removed. * doc/figs/pam_orient.txt: Removed. * doc/figs: Removed. * configure.in: Remove checks for sgml2* progrs, add sag, adg and mwg Makefiles. * doc/Makefile.am: Remove references to sgml, add sag, adg and mwg directories. * doc/modules: Remove directory. * doc/html: Remove directory. * doc/ps: Remove directory. * doc/pdf: Remove directory. * doc/txts: Remove directory. * doc/index.html: Moved from html directory to here. 2006-06-28 Thorsten Kukuk * release version 0.99.5.0 * bump version number to 0.99.5.0 * modules/pam_rhosts/pam_rhosts.c: New module, replaces pam_rhosts_auth.so. * modules/pam_rhosts/pam_rhosts.8.xml: New. * modules/pam_rhosts/pam_rhosts.8: New, generated from XML source. * modules/pam_rhosts/tst-pam_rhosts: New. * modules/pam_rhosts/Makefile.am: Add pam_rhosts, generate manual page and README. * modules/pam_rhosts/README.xml: New. * modules/pam_rhosts/reADME: Regenerated from XML source. * doc/man/pam_sm_acct_mgmt.3.xml: Adjust syntax for module writers guide. * doc/man/pam_sm_authenticate.3.xml: Likewise. * doc/man/pam_sm_chauthtok.3.xml: Likewise. * doc/man/pam_sm_close_session.3.xml: Likewise. * doc/man/pam_sm_open_session.3.xml: Likewise. * doc/man/pam_sm_setcred.3.xml: Likewise. * po/POTFILES.in: Add new source files. * libpam/pam_static_modules.h: Add new modules. * modules/pam_keyinit.c: Add _pam_keyinit_modstruct. * modules/pam_keyinit/Makefile.am (EXTRA_DIST): Add XML files and manual page. 2006-06-27 Thorsten Kukuk * configure.in: Allow disabling of SELinux support, check for rootok_af. 2006-06-27 Tomas Mraz * modules/pam_namespace/pam_namespace.c: New module originally written by Janak Desai. * modules/pam_namespace/Makefile.am: New. * modules/pam_namespace/README: New. * modules/pam_namespace/md5.c: New. * modules/pam_namespace/md5.h: New. * modules/pam_namespace/namespace.conf: New. * modules/pam_namespace/namespace.conf.5: New. * modules/pam_namespace/namespace.conf.5.xml: New. * modules/pam_namespace/namespace.init: New. * modules/pam_namespace/pam_namespace.8: New. * modules/pam_namespace/pam_namespace.8.xml: New. * modules/pam_namespace/tst-pam_namespace: New. * modules/Makefile.am: Added pam_namespace. * configure.in: Added pam_namespace, test for unshare library call. 2006-06-27 David Howells * modules/pam_keyinit/pam_keyinit.c: New module. * modules/pam_keyinit/pam_keyinit.8: New. * modules/pam_keyinit/pam_keyinit.8.xml: New. * modules/pam_keyinit/README: New. * modules/pam_keyinit/README.xml: New. * modules/pam_keyinit/Makefile.am: New. * modules/pam_keyinit/tst-pam_keyinit: New. * modules/Makefile.am: Added pam_keyinit. * configure.in: Added test for the key mgmt syscall. 2006-06-27 Thorsten Kukuk * m4/libprelude.m4: Sync with upstream. 2006-06-27 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): signal() fails with SIG_ERR return * modules/pam_unix/pam_unix_passwd.c(_unix_run_shadow_binary): Likewise. * modules/pam_unix/support.c(_unix_run_helper_binary): Likewise. 2006-06-25 Thorsten Kukuk * doc/man/misc_conv.3.xml: New. * doc/man/misc_conv.3: New. * doc/man/pam_misc_paste_env.3.xml: New. * doc/man/pam_misc_paste_env.3: New. * doc/man/pam_misc_drop_env.3.xml: New. * doc/man/pam_misc_drop_env.3: New. * doc/man/pam_misc_setenv.3.xml: New. * doc/man/pam_misc_setenv.3: New. * doc/man/Makefile.am: Add new manual pages. * doc/man/pam_acct_mgmt.3.xml: Fix syntax for inclusion in Applicatoin Developer Guide. * doc/man/pam_authenticate.3.xml: Likewise * doc/man/pam_chauthtok.3.xml: Likewise * doc/man/pam_close_session.3.xml: Likewise * doc/man/pam_conv.3.xml: Likewise * doc/man/pam_end.3.xml: Likewise * doc/man/pam_fail_delay.3.xml: Likewise * doc/man/pam_getenv.3.xml: Likewise * doc/man/pam_getenvlist.3.xml: Likewise * doc/man/pam_open_session.3.xml: Likewise * doc/man/pam_putenv.3.xml: Likewise * doc/man/pam_setcred.3.xml: Likewise * doc/man/pam_start.3.xml: Likewise * doc/man/pam_strerror.3.xml: Likewise * doc/man/pam_acct_mgmt.3: Regenerate from XML source. * doc/man/pam_authenticate.3: Likewise * doc/man/pam_chauthtok.3: Likewise * doc/man/pam_close_session.3: Likewise * doc/man/pam_conv.3: Likewise * doc/man/pam_end.3: Likewise * doc/man/pam_fail_delay.3: Likewise * doc/man/pam_getenv.3: Likewise * doc/man/pam_getenvlist.3: Likewise * doc/man/pam_open_session.3: Likewise * doc/man/pam_putenv.3: Likewise * doc/man/pam_setcred.3: Likewise * doc/man/pam_sm_close_session.3: Likewise * doc/man/pam_start.3: Likewise * doc/man/pam_strerror.3: Likewise * doc/man/pam_syslog.3: Likewise * doc/man/PAM.8: Likewise 2006-06-24 Thorsten Kukuk * modules/pam_limits/pam_limits.c (setup_limits): Don't reset priority for root. 2006-06-23 Thorsten Kukuk * modules/pam_access/access.conf.5.xml: Fix syntax for SAG. * modules/pam_access/pam_access.8.xml: Likewise. * modules/pam_deny/pam_deny.8.xml: Likewise. * modules/pam_echo/pam_echo.8.xml: Likewise. * modules/pam_env/pam_env.8.xml: Likewise. * modules/pam_env/pam_env.conf.5.xml: Likewise. * modules/pam_group/group.conf.5.xml: Likewise. * modules/pam_group/pam_group.8.xml: Likewise. * modules/pam_limits/limits.conf.5.xml: Likewise. * modules/pam_listfile/pam_listfile.8.xml: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Likewise. * modules/pam_time/pam_time.8.xml: Likewise. * modules/pam_time/time.conf.5.xml: Likewise. * modules/pam_access/access.conf.5: Regenerate. * modules/pam_access/pam_access.8: Likewise. * modules/pam_deny/pam_deny.8: Likewise. * modules/pam_echo/README: Likewise. * modules/pam_echo/pam_echo.8: Likewise. * modules/pam_env/pam_env.8: Likewise. * modules/pam_env/pam_env.conf.5: Likewise. * modules/pam_group/README: Likewise. * modules/pam_group/group.conf.5: Likewise. * modules/pam_group/pam_group.8: Likewise. * modules/pam_limits/limits.conf.5: Likewise. * modules/pam_listfile/README: Likewise. * modules/pam_listfile/pam_listfile.8: Likewise. * modules/pam_succeed_if/pam_succeed_if.8: Likewise. * modules/pam_time/pam_time.8: Likewise. * modules/pam_time/time.conf.5: Likewise. * doc/man/Makefile.am: Add pam.conf-desc.xml, pam.conf-dir.xml and pam.conf-syntax.xml. * doc/man/pam.conf.5.xml: Split into different pieces for SAG. * doc/man/pam.conf.5: Regenerated. * doc/man/pam.conf-desc.xml: New. * doc/man/pam.conf-dir.xml: New. * doc/man/pam.conf-syntax.xml: New. 2006-06-21 Thorsten Kukuk * modules/pam_selinux/Makefile.am: Fix "make dist" if libselinux is not installed. * modules/pam_issue/pam_issue.8.xml: Fix listing of escapes. * modules/pam_issue/pam_issue.8: Regenerate. 2006-06-20 Thorsten Kukuk * configure.in: Remove unused check for libcap. * m4/ld-as-needed.m4: New. * m4/ld-O1.m4: New. * configure.in: Call PAM_LD_AS_NEEDED and PAM_LD_O1, require docbook version 4.4. 2006-06-19 Thorsten Kukuk * doc/man/pam.8.xml: Syntax cleanup. * doc/pam/PAM.8: Regenerated from xml source. * man/pam_sm_chauthtok.3: New. * man/pam_sm_chauthtok.3.xml: New. * man/pam_sm_close_session.3: New. * man/pam_sm_close_session.3.xml: New. * man/pam_sm_open_session.3: New. * man/pam_sm_open_session.3.xml: New. * man/pam_sm_authenticate.3: New. * man/pam_sm_authenticate.3.xml: New. * man/pam_sm_setcred.3: New. * man/pam_sm_setcred.3.xml: New. * man/Makefile.am: Add new pam_sm_* manual pages. * specs/Makefile.am: Fix rule to generate draft. 2006-06-18 Thorsten Kukuk * modules/pam_tally/Makefile.am: Include Make.xml.rules. * modules/pam_tally/pam_tally.8.xml: New. * modules/pam_tally/pam_tally.8: New, generated from xml file. * modules/pam_tally/README.xml: New. * modules/pam_tally/README: Regenerated from xml file. * modules/pam_selinux/Makefile.am: Include Make.xml.rules. * modules/pam_selinux/pam_selinux.8.xml: New. * modules/pam_selinux/pam_selinux.8: Regenerated from xml file. * modules/pam_selinux/README.xml: New. * modules/pam_selinux/README: Regenerated from xml file. 2006-06-17 Thorsten Kukuk * modules/pam_debug/Makefile.am: Include Make.xml.rules. * modules/pam_debug/pam_debug.8.xml: New. * modules/pam_debug/pam_debug.8: New, generated from xml file. * modules/pam_debug/README.xml: New. * modules/pam_debug/README: Regenerated from xml file. * examples/vpass.c: UID is unsigned on Linux. * modules/pam_exec/pam_exec.c: Likewise. * modules/pam_unix/pam_unix_acct.c: Likewise. * modules/pam_unix/pam_unix_sess.c: Likewise. * modules/pam_succeed_if/pam_succeed_if.8.xml: Fix syntax error. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated. * modules/pam_succeed_if/README: Regenerated. * modules/pam_limits/Makefile.am: Include Make.xml.rules. * modules/pam_limits/limits.conf.5: New, generated from xml file. * modules/pam_limits/limits.conf.5.xml: New. * modules/pam_limits/pam_limits.8: New, generated from xml file. * modules/pam_limits/pam_limits.8.xml: New. * modules/pam_limits/README.xml: New. * modules/pam_limits/README: Regenerated from README.xml. 2006-06-16 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (save_old_password): UIDs are unsigned on Linux, don't truncate them. (_do_setpass): err is of type clnt_stat, not int. * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't truncate UID for syslog output. * modules/pam_time/pam_time.c: Replace type boolean with int. * modules/pam_group/pam_group.c: Likewise. 2006-06-15 Thorsten Kukuk * modules/pam_unix/bigcrypt.h: New. * modules/pam_unix/Makefile.am: Add bigcrypt.h. * modules/pam_unix/bigcrypt.c: Include bigcrypt.h. * modules/pam_unix/support.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/bigcrypt_main.c: Include bigcrypt.h, remove own prototype. * modules/pam_unix/pam_unix_passwd.c: Include bigcrypt.h, remove own prototype. * modules/pam_time/pam_time.c (logic_member): Remove unused variable len. * modules/pam_group/pam_group.c (logic_field): Accept colon in tty name. [#1428276]. (logic_member): Remove unused variable len. (check_account): Fix usage of err variable in debug code. * modules/pam_time/pam_time.c (logic_field): Likewise. * configure.in: Add special exceptions for icc: different compiler warnings, no PIE support. 2006-06-14 Thorsten Kukuk * libpam/pam_misc.c (_pam_strdup): Use strlen and strcpy. * configure.in: Remove --enable-memory-debug, add option to disable prelude if installed. * modules/pam_tally/pam_tally.c: Remove MEMORY_DEBUG * modules/pam_filter/upperLOWER/upperLOWER.c: Likewise. * modules/pam_unix/unix_chkpwd.c: Likewise. * libpam/include/security/_pam_types.h: Likewise. * libpam/libpam.map: Remove LIBPAM_MALLOC_DEBUG export. * libpam/pam_malloc.c: Remove file. * libpam/Makefile.am: Remove pam_malloc.c and pam_malloc.h. * libpam/pam_handlers.c (extract_modulename): Use _pam_strdup instead of strdup. * libpam/pam_private.h: Remove _pam_strCMP. * libpam/pam_misc.c: Likewise. * libpam/pam_handlers.c: Replaced _pam_strCMP with strcasecmp. 2006-06-12 Thorsten Kukuk * modules/pam_tally/Makefile.am (AM_LDFLAGS): Remove flags for modules from main application. 2006-06-09 Thorsten Kukuk * modules/pam_time/Makefile.am: Include Make.xml.rules. * modules/pam_time/time.conf.5: New, generated from xml file. * modules/pam_time/time.conf.5.xml: New. * modules/pam_time/pam_time.8: New, generated from xml file. * modules/pam_time/pam_time.8.xml: New. * modules/pam_time/README.xml: New. * modules/pam_time/README: Regenerated from README.xml. * modules/pam_wheel/Makefile.am: Include Make.xml.rules. * modules/pam_wheel/pam_wheel.8.xml: New. * modules/pam_wheel/pam_wheel.8: New, generated from xml file. * modules/pam_wheel/README.xml: New. * modules/pam_wheel/README: Regenerated from xml file. * modules/pam_xauth/Makefile.am: Include Make.xml.rules. * modules/pam_xauth/pam_xauth.8.xml: New. * modules/pam_xauth/pam_xauth.8: Regenerated from xml file. * modules/pam_xauth/README.xml: New. * modules/pam_xauth/README: Regenerated from xml file. * modules/pam_deny/pam_deny.8.xml: Fix syntax errors. * modules/pam_deny/pam_deny.8: Regenerate from xml file. * modules/pam_deny/README: Likewise. * modules/pam_warn/Makefile.am: Include Make.xml.rules. * modules/pam_warn/pam_warn.8.xml: New. * modules/pam_warn/pam_warn.8: New, generated from xml file. * modules/pam_warn/README.xml: New. * modules/pam_warn/README: Regenerated from xml file. * modules/pam_userdb/Makefile.am: Include Make.xml.rules. * modules/pam_userdb/pam_userdb.8.xml: New. * modules/pam_userdb/pam_userdb.8: New, generated from xml file. * modules/pam_userdb/README.xml: New. * modules/pam_userdb/README: Regenerated from xml file. 2006-06-06 Thorsten Kukuk * modules/pam_shells/Makefile.am: Include Make.xml.rules. * modules/pam_shells/pam_shells.8.xml: New. * modules/pam_shells/pam_shells.8: New, generated from xml file. * modules/pam_shells/README.xml: New. * modules/pam_shells/README: Regenerated from xml file. * libpam/include/security/pam_malloc.h: Add missing license informations. * libpam/include/security/pam_ext.h: Add brackets for C++. * libpam/include/security/pam_modutil.h: Likewise. * libpam/include/security/pam_modules.h: Document where to find the copyright/license informations. * libpam/include/security/pam_appl.h: Move _pam_compat.h include inside of brackets. 2006-06-04 Thorsten Kukuk * modules/pam_securetty/Makefile.am: Include Make.xml.rules. * modules/pam_securetty/pam_securetty.8.xml: New. * modules/pam_securetty/pam_securetty.8: Regenerated from xml file. * modules/pam_securetty/README.xml: New. * modules/pam_securetty/README: Regenerated from xml file. * modules/pam_rootok/Makefile.am: Include Make.xml.rules. * modules/pam_rootok/pam_rootok.8.xml: New. * modules/pam_rootok/pam_rootok.8: New, generated from xml file. * modules/pam_rootok/README.xml: New. * modules/pam_rootok/README: Regenerated from xml file. * modules/pam_permit/Makefile.am: Include Make.xml.rules. * modules/pam_permit/pam_permit.8.xml: New. * modules/pam_permit/pam_permit.8: New, generated from xml file. * modules/pam_permit/README.xml: New. * modules/pam_permit/README: Regenerated from xml file. * modules/pam_nologin/Makefile.am: Include Make.xml.rules. * modules/pam_nologin/pam_nologin.8.xml: New. * modules/pam_nologin/pam_nologin.8: Regenerated from xml file. * modules/pam_nologin/README.xml: New. * modules/pam_nologin/README: Regenerated from xml file. 2006-06-03 Thorsten Kukuk * modules/pam_motd/Makefile.am: Include Make.xml.rules. * modules/pam_motd/pam_motd.8.xml: New. * modules/pam_motd/pam_motd.8: New, generated from xml file. * modules/pam_motd/README.xml: New. * modules/pam_motd/README: New, generated from xml file. 2006-06-02 Thorsten Kukuk * modules/pam_mail/Makefile.am: Include Make.xml.rules. * modules/pam_mail/pam_mail.8.xml: New. * modules/pam_mail/pam_mail.8: New, generated from xml file. * modules/pam_mail/README.xml: New. * modules/pam_mail/README: Regenerated from xml file. * modules/pam_localuser/Makefile.am: Include Make.xml.rules. * modules/pam_localuser/pam_localuser.8.xml: New. * modules/pam_localuser/pam_localuser.8: New, generated from xml file. * modules/pam_localuser/README.xml: New. * modules/pam_localuser/README: Regenerated from xml file. * doc/man/PAM.8: Regenerate with DocBook XSL Stylesheets v1.70.1. * doc/man/pam.3: Likewise. * doc/man/pam.conf.5: Likewise. * doc/man/pam_acct_mgmt.3: Likewise. * doc/man/pam_authenticate.3: Likewise. * doc/man/pam_chauthtok.3: Likewise. * doc/man/pam_close_session.3: Likewise. * doc/man/pam_conv.3: Likewise. * doc/man/pam_end.3: Likewise. * doc/man/pam_error.3: Likewise. * doc/man/pam_fail_delay.3: Likewise. * doc/man/pam_get_data.3: Likewise. * doc/man/pam_get_item.3: Likewise. * doc/man/pam_get_user.3: Likewise. * doc/man/pam_getenv.3: Likewise. * doc/man/pam_getenvlist.3: Likewise. * doc/man/pam_info.3: Likewise. * doc/man/pam_open_session.3: Likewise. * doc/man/pam_prompt.3: Likewise. * doc/man/pam_putenv.3: Likewise. * doc/man/pam_set_data.3: Likewise. * doc/man/pam_set_item.3: Likewise. * doc/man/pam_setcred.3: Likewise. * doc/man/pam_sm_acct_mgmt.3: Likewise. * doc/man/pam_start.3: Likewise. * doc/man/pam_strerror.3: Likewise. * doc/man/pam_syslog.3: Likewise. * modules/pam_access/access.conf.5: Likewise. * modules/pam_access/pam_access.8: Likewise. * modules/pam_cracklib/pam_cracklib.8: Likewise. * modules/pam_deny/pam_deny.8: Likewise. * modules/pam_echo/pam_echo.8: Likewise. * modules/pam_env/pam_env.8: Likewise. * modules/pam_env/pam_env.conf.5: Likewise. * modules/pam_exec/pam_exec.8: Likewise. * modules/pam_filter/pam_filter.8: Likewise. * modules/pam_ftp/pam_ftp.8: Likewise. * modules/pam_group/group.conf.5: Likewise. * modules/pam_group/pam_group.8: Likewise. * modules/pam_issue/pam_issue.8: Likewise. * modules/pam_lastlog/pam_lastlog.8: Likewise. * modules/pam_mkhomedir/pam_mkhomedir.8: Likewise. * modules/pam_succeed_if/pam_succeed_if.8: Likewise. * modules/pam_umask/pam_umask.8: Likewise. * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use dngettext if available [#1427738]. * configure.in: Check for dngettext [#1427738]. * po/*.po: Update to dngettext usage. * modules/pam_listfile/Makefile.am: Include Make.xml.rules. * modules/pam_listfile/pam_listfile.8.xml: New. * modules/pam_listfile/pam_listfile.8: New, generated from xml file. * modules/pam_listfile/README.xml: New. * modules/pam_listfile/README: Regenerated from xml file. 2006-06-01 Thorsten Kukuk * modules/pam_lastlog/Makefile.am: Include Make.xml.rules. * modules/pam_lastlog/pam_lastlog.8.xml: New. * modules/pam_lastlog/pam_lastlog.8: New, generated from xml file. * modules/pam_lastlog/README.xml: New. * modules/pam_lastlog/README: Regenerated from xml file. * modules/pam_group/Makefile.am: Include Make.xml.rules. * modules/pam_group/group.conf.5.xml: New. * modules/pam_group/group.conf.5: New, generated from xml file. * modules/pam_group/pam_group.8.xml: New. * modules/pam_group/pam_group.8: New, generated from xml file. * modules/pam_group/README.xml: New. * modules/pam_group/README: Regenerated from xml file. * modules/pam_ftp/Makefile.am: Include Make.xml.rules. * modules/pam_ftp/pam_ftp.8.xml: New. * modules/pam_ftp/pam_ftp.8: New, generated from xml file. * modules/pam_ftp/README.xml: New. * modules/pam_ftp/README: Regenerated from xml file. * modules/pam_issue/Makefile.am: Include Make.xml.rules. * modules/pam_issue/pam_issue.8.xml: New. * modules/pam_issue/pam_issue.8: New, generated from xml file. * modules/pam_issue/README.xml: New. * modules/pam_issue/README: Regenerated from xml file. * modules/pam_filter/Makefile.am: Include Make.xml.rules. * modules/pam_filter/pam_filter.8.xml: New. * modules/pam_filter/pam_filter.8: New, generated from xml file. * modules/pam_filter/README.xml: New. * modules/pam_filter/README: Regenerated from xml file. 2006-05-30 Thorsten Kukuk * modules/pam_mkhomedir/pam_mkhomedir.8.xml: Fix umask and skel directory documentation. * modules/pam_umask/Makefile.am: Include Make.xml.rules. * modules/pam_umask/pam_umask.8.xml: New. * modules/pam_umask/pam_umask.8: New, generated from xml file. * modules/pam_umask/README.xml: New. * modules/pam_umask/README: Regenerated from xml file. 2006-05-29 Thorsten Kukuk * modules/pam_mkhomedir/Makefile.am: Include Make.xml.rules. * modules/pam_mkhomedir/pam_mkhomedir.8.xml: New. * modules/pam_mkhomedir/pam_mkhomedir.8: New, generated from xml file. * modules/pam_mkhomedir/README.xml: New. * modules/pam_mkhomedir/README: Regenerated from xml file. 2006-05-23 Thorsten Kukuk * modules/pam_echo/pam_echo.c (pam_echo): Use pam_modutil_read() instead of read(). 2006-05-22 Thorsten Kukuk * modules/pam_listfile/pam_listfile.c (pam_sm_authenticate): Fix memory leaks, [#1490956] found by Coverity. * modules/pam_tally/pam_tally.c (pam_get_uid): Check return value of pam_get_user(). (tally_get_data): Check if oldtime is not NULL. [#1489818] found by Coverity. * modules/pam_mkhomedir/pam_mkhomedir.c (create_homedir): Don't ignore return value of stat(). [#1489808] found by Coverity. * modules/pam_mail/pam_mail.c (get_folder): Fix a potential NULL pointer dereference. [#1489792] found by Coverity. * libpam/Makefile.am: bump release number of libpam.so. * libpam/pam_misc.c (_pam_mkargv): Fix memory leak, [#1489804] found by Coverity. * modules/pam_echo/pam_echo.c (replace_and_print): Initialize str, [#1489658] found by Coverity. * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): Fix a potential NULL pointer dereference. (pam_sm_chauthtok): Remove dead code. [#1489634] found by Coverity. 2006-05-04 Thorsten Kukuk * configure.in: Check for fseeko. * modules/pam_tally/pam_tally.c: Use fseeko if available (Based on patch by IBM). 2006-05-04 Thorsten Kukuk * release version 0.99.4.0 * libpam/pam_strerror.c: Unify error messages. * po/zh_TW.po: Adjust for last pam_strerror changes. * po/zh_CN.po: Likewise. * po/uk.po: Likewise. * po/tr.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/pl.po: Likewise. * po/ja.po: Likewise. * po/nl.po: Likewise. * po/nb.po: Likewise. * po/it.po: Likewise. * po/hu.po: Likewise. * po/fr.po: Likewise. * po/fi.po: Likewise. * po/es.po: Likewise. * po/de.po: Likewise. * po/cs.po: Likewise. * doc/man/pam.3.xml: New. * doc/man/pam.3. New, generated from XML file. * doc/man/pam_sm_acct_mgmt.3.xml: New. * doc/man/pam_sm_acct_mgmt.3: New, generated from XML file. * doc/man/*.xml: Fix encoding and use always UTF-8, regenerate all manual pages. * doc/pam_modules.sgml (PAM_NEW_AUTHTOKEN_REQD): Fix typo. 2006-05-02 Thorsten Kukuk * modules/pam_unix/pam_unix_acct.c (pam_sm_acct_mgmt): Use different strings for plural or not [#1427738] * po/*.po: Adjust for pam_unix.so translation fix. * modules/pam_tally/pam_tally.c: Always close file handle in error case, don't close it depending on *TALLY value [#1478180] 2006-04-21 Thorsten Kukuk * po/fr.po: Updated. 2006-04-11 Thorsten Kukuk * po/km.po: Updated. 2006-03-27 Thorsten Kukuk * po/LINGUAS: Add uk. * po/uk.po: New. * po/cs.po: Updated. * po/po/es.po: Updated. * po/fi.po: Updated. * po/fr.po: Updated. * po/hu.po: Updated. * po/it.po: Updated. * po/ja.po: Updated. * po/nb.po: Updated. * po/pl.po: Updated. * po/pt.po: Updated. * po/pt_BR.po: Updated. * po/zh_CN.po: Updated. * po/zh_TW.po: Updated. 2006-03-21 Thorsten Kukuk * configure.in: Remove ALL_LINGUAS. * po/LINGUAS: New. * po/tr.po: New (from Ismail Donmez ). 2006-03-13 Thorsten Kukuk * doc/man/pam_error.3.xml: New. * doc/man/pam_error.3: New, generated from XML file. * doc/man/pam_verror.3: New, generated from XML file. * doc/man/Makefile.am: Add pam_error.3 and pam_verror.3. * modules/pam_lastlog/Makefile.am: Fix typo. * modules/pam_lastlog/pam_lastlog.c: Move comment for translators in right line. * po/*.po: Update po files with comment for translator. 2006-03-12 Thorsten Kukuk * doc/man/Makefile.am: Add new manual pages. * doc/man/pam.conf.5.xml: Replace link with content of PAM admin guide. * doc/man/pam.conf.5: Regenerated from XML file. * doc/man/pam_info.3.xml: New. * doc/man/pam_info.3: New, generated from XML file. * doc/man/pam_vinfo.3: New, generated from XML file. * doc/man/pam_conv.3.xml: New. * doc/man/pam_conv.3: New, generated from XML file. * doc/man/pam_putenv.3.xml: New. * doc/man/pam_putenv.3: New, generated from XML file. * doc/man/pam_getenv.3.xml: New. * doc/man/pam_getenv.3: New, generated from XML file. * doc/man/pam_getenvlist.3.xml: New. * doc/man/pam_getenvlist.3: New, generated from XML file. * libpam/pam_item.c (pam_get_user): Check for valid pamh before using it. * configure.in: create tests/Makefile * Makefile.am (SUBDIRS): Add tests * tests/Makefile.am: New. * tests/tst-dlopen.c: New. * tests/tst-pam_acct_mgmt.c: New. * tests/tst-pam_authenticate.c: New. * tests/tst-pam_chauthtok.c: New. * tests/tst-pam_close_session.c: New. * tests/tst-pam_end.c: New. * tests/tst-pam_fail_delay.c: New. * tests/tst-pam_getenvlist.c: New. * tests/tst-pam_get_item.c: New. * tests/tst-pam_open_session.c: New. * tests/tst-pam_setcred.c: New. * tests/tst-pam_set_item.c: New. * tests/tst-pam_start.c: New. * tests/tst-pam_get_user.c: New. * modules/pam_access/Makefile.am: Add rules for make check * modules/pam_access/tst-pam_access: New * modules/pam_cracklib/Makefile.am: Add rules for make check * modules/pam_cracklib/tst-pam_cracklib: New * modules/pam_debug/Makefile.am: Add rules for make check * modules/pam_debug/tst-pam_debug: New * modules/pam_deny/Makefile.am: Add rules for make check * modules/pam_deny/tst-pam_deny: New * modules/pam_echo/Makefile.am: Add rules for make check * modules/pam_echo/tst-pam_echo: New * modules/pam_env/Makefile.am: Add rules for make check * modules/pam_env/tst-pam_env: New * modules/pam_exec/Makefile.am: Add rules for make check * modules/pam_exec/tst-pam_exec: New * modules/pam_filter/Makefile.am: Add rules for make check * modules/pam_filter/tst-pam_filter: New * modules/pam_ftp/Makefile.am: Add rules for make check * modules/pam_ftp/tst-pam_ftp: New * modules/pam_group/Makefile.am: Add rules for make check * modules/pam_group/tst-pam_group: New * modules/pam_issue/Makefile.am: Add rules for make check * modules/pam_issue/tst-pam_issue: New * modules/pam_lastlog/Makefile.am: Add rules for make check * modules/pam_lastlog/tst-pam_lastlog: New * modules/pam_limits/Makefile.am: Add rules for make check * modules/pam_limits/tst-pam_limits: New * modules/pam_listfile/Makefile.am: Add rules for make check * modules/pam_listfile/tst-pam_listfile: New * modules/pam_localuser/Makefile.am: Add rules for make check * modules/pam_localuser/tst-pam_localuser: New * modules/pam_mail/Makefile.am: Add rules for make check * modules/pam_mail/tst-pam_mail: New * modules/pam_mkhomedir/Makefile.am: Add rules for make check * modules/pam_mkhomedir/tst-pam_mkhomedir: New * modules/pam_motd/Makefile.am: Add rules for make check * modules/pam_motd/tst-pam_motd: New * modules/pam_nologin/Makefile.am: Add rules for make check * modules/pam_nologin/tst-pam_nologin: New * modules/pam_permit/Makefile.am: Add rules for make check * modules/pam_permit/tst-pam_permit: New * modules/pam_rhosts/Makefile.am: Add rules for make check * modules/pam_rhosts/tst-pam_rhosts: New * modules/pam_rootok/Makefile.am: Add rules for make check * modules/pam_rootok/tst-pam_rootok: New * modules/pam_securetty/Makefile.am: Add rules for make check * modules/pam_securetty/tst-pam_securetty: New * modules/pam_selinux/Makefile.am: Add rules for make check * modules/pam_selinux/tst-pam_selinux: New * modules/pam_shells/Makefile.am: Add rules for make check * modules/pam_shells/tst-pam_shells: New * modules/pam_stress/Makefile.am: Add rules for make check * modules/pam_stress/tst-pam_stress: New * modules/pam_succeed_if/Makefile.am: Add rules for make check * modules/pam_succeed_if/tst-pam_succeed_if: New * modules/pam_tally/Makefile.am: Add rules for make check * modules/pam_tally/tst-pam_tally: New * modules/pam_time/Makefile.am: Add rules for make check * modules/pam_time/tst-pam_time: New * modules/pam_umask/Makefile.am: Add rules for make check * modules/pam_umask/tst-pam_umask: New * modules/pam_unix/Makefile.am: Add rules for make check * modules/pam_unix/tst-pam_unix: New * modules/pam_userdb/Makefile.am: Add rules for make check * modules/pam_userdb/tst-pam_userdb: New * modules/pam_warn/Makefile.am: Add rules for make check * modules/pam_warn/tst-pam_warn: New * modules/pam_wheel/Makefile.am: Add rules for make check * modules/pam_wheel/tst-pam_wheel: New * modules/pam_xauth/Makefile.am: Add rules for make check * modules/pam_xauth/tst-pam_xauth: New 2006-03-11 Thorsten Kukuk * doc/man/pam_fail_delay.3.xml: New. * doc/man/pam_fail_delay.3: New, generated from xml. * doc/man/pam_prompt.3.xml: New. * doc/man/pam_prompt.3: New, generated from xml. * doc/man/pam_syslog.3.xml: New. * doc/man/pam_syslog.3: New, generated from xml. * doc/man/pam_vprompt.3: New, generated from xml. * doc/man/pam_vsyslog.3: New, generated from xml. 2006-02-24 Thorsten Kukuk * po/km.po: Update Khmer translation. 2006-02-24 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on version from #1425487. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/Makefile.am: Include XML rules. * modules/pam_succeed_if/README.xml: New. * modules/pam_succeed_if/README: Regenerated from xml. * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about return values. 2006-02-22 Thorsten Kukuk * configure.in: Fix check for incomplete libaudit installations (Patch from Ruediger Oertel ). * modules/pam_lastlog/pam_lastlog.c (last_login_write): Initialize correct last_login field [#1427401]. * modules/pam_lastlog/pam_lastlog.c (last_login_read): Mark strftime format string for translation to allow reorder [#1428269]. * po/*.po: Update with last pam_lastlog change. 2006-02-17 Thorsten Kukuk * doc/man/Makefile.am: Add new manual pages. * doc/man/pam_end.3: Regenerated from xml file. * doc/man/pam_end.3.xml: Document freeing of item data. * doc/man/pam_get_user.3: New. * doc/man/pam_get_user.3.xml: New. * modules/pam_access/access.conf.5.xml: Fix typos. * modules/pam_env/Makefile.am: Add new manual pages. * modules/pam_env/README: Regenerate from xml file. * modules/pam_env/README.xml: New. * modules/pam_env/pam_env.8: New. * modules/pam_env/pam_env.8.xml: New. * modules/pam_env/pam_env.conf.5: New. * modules/pam_env/pam_env.conf.5.xml New. 2006-02-14 Thorsten Kukuk * po/fi.po: Updated translations. * po/pl.po: Likewise. * po/km.po: New translation. * configure.in: Add km as new language. 2006-02-13 Thorsten Kukuk * modules/pam_echo/pam_echo.8.xml: New. * modules/pam_echo/pam_echo.8: Regenerated from xml file. * modules/pam_echo/Makefile.am: Include Make.xml.rules. * modules/pam_echo/pam_echo.c: Fix return value. * doc/modules/pam_chroot.sgml: Remove obsolete sgml file. 2006-02-12 Thorsten Kukuk * configure.in: Add doc/man/Makefile. * Make.xml.rules: Enable xincludes for manual pages. * doc/Makefile.am (EXRA_DIST): Remove manual pages. (SUBDIR): Add man subdirectory. * doc/man/Makefile.am: New. * doc/man/pam_acct_mgmt.3: New. * doc/man/pam_acct_mgmt.3.xml: New. * doc/man/pam_get_data.3: New. * doc/man/pam_get_data.3.xml: New. * doc/man/pam_set_data.3: New. * doc/man/pam_set_data.3.xml: New. * doc/man/pam.8.xml: New. * doc/man/pam.8: Regenerated from xml file. * doc/man/pam_authenticate.3.xml: New. * doc/man/pam_authenticate.3: Regenerated from xml file. * doc/man/pam_chauthtok.3.xml: New. * doc/man/pam_chauthtok.3: Regenerated from xml file. * doc/man/pam_close_session.3.xml: New. * doc/man/pam_close_session.3: Regenerated from xml file. * doc/man/pam_end.3.xml: New. * doc/man/pam_end.3: Regenerated from xml file. * doc/man/pam_fail_delay.3.xml: New. * doc/man/pam_fail_delay.3: Regenerated from xml file. * doc/man/pam_get_item.3.xml: New. * doc/man/pam_get_item.3: Regenerated from xml file. * doc/man/pam_item_types.inc.xml: New. * doc/man/pam_open_session.3.xml: New. * doc/man/pam_open_session.3: Regenerated from xml file. * doc/man/pam_set_item.3.xml: New. * doc/man/pam_set_item.3: Regenerated from xml file. * doc/man/pam_setcred.3.xml: New. * doc/man/pam_setcred.3: Regenerated from xml file. * doc/man/pam_start.3.xml: New. * doc/man/pam_start.3: Regenerated from xml file. * doc/man/pam_strerror.3.xml: New. * doc/man/pam_strerror.3: Regenerated from xml file. * doc/man/template-man: Removed. 2006-02-10 Thorsten Kukuk * configure.in: Remove pam_pwdb support. * modules/Makefile.am: remove pam_pwdb. * modules/pam_pwdb: Remove complete directory. * libpam/Makefile.am: Remove LIBPWDB references. * libpam/pam_static_modules.h: Remove pam_pwdb references. * doc/modules/pam_pwdb.sgml: Removed. * po/POTFILES.in: Remove modules/pam_pwdb/*.c entries. * doc/pam_source.sgml: Remove references to libpwdb. * doc/modules/pam_limits.sgml: Remove wrong reference to libpwdb. * doc/modules/pam_group.sgml: Likewise. * doc/modules/pam_cracklib.sgml: Replace pam_pwdb with pam_unix. * doc/modules/pam_userdb.sgml: Likewise. * modules/pam_cracklib/pam_cracklib.8.xml: Replace pam_pwdb with pam_unix. * modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. * modules/pam_group/pam_group.c: Remove dead code for libpwdb. * modules/pam_access/Makefile.am: Fix EXTRA_DIST. * modules/pam_cracklib/Makefile.am: Likewise. * modules/pam_deny/Makefile.am: Likewise. * modules/pam_exec/Makefile.am: Likewise. 2006-02-07 Thorsten Kukuk * configure.in: Check for text browser. * Make.xml.rules: Add rule to generate README from README.xml. * modules/pam_access/Makefile.am: Include Make.xml.rules. * modules/pam_access/README: Regenerated from README.xml. * modules/pam_access/README.xml: New. * modules/pam_access/access.conf: Extended by new examples. * modules/pam_access/access.conf.5: New, generated from xml file. * modules/pam_access/access.conf.5.xml: New. * modules/pam_access/pam_access.8: New, generated from xml file. * modules/pam_access/pam_access.8.xml: New. * modules/pam_access/pam_access.c: Add rules for IPv6 and netmasks. Based on patch from Mike Becher . * modules/pam_deny/Makefile.am: Include Make.xml.rules. * modules/pam_deny/pam_deny.8.xml: New. * modules/pam_deny/pam_deny.8: New, generated from xml file. * modules/pam_deny/README.xml: New. * modules/pam_deny/README: Regenerated from xml file. * modules/pam_cracklib/Makefile.am: Include Make.xml.rules. * modules/pam_cracklib/pam_cracklib.8.xml: New. * modules/pam_cracklib/pam_cracklib.8: New, generated from xml file. * modules/pam_cracklib/README.xml: New. * modules/pam_cracklib/README: Regenerated from xml file. * modules/pam_exec/Makefile.am: Add rule to generate README. * modules/pam_exec/README: Regenerated from xml file. * modules/pam_exec/pam_exec.8: Regenerated from xml file. * modules/pam_exec/pam_exec.8.xml: Syntax files. 2006-02-06 Thorsten Kukuk * po/nl.po: New. * po/pt.po: Update translations. * configure.in: Add nl as new language. 2006-01-30 Thorsten Kukuk * modules/pam_exec/pam_exec.8.xml: Fix syntax of Return Value section. * modules/pam_exec/Makefile.am: Include Make.xml.rules. * Make.xml.rules: New. * Makefile.am (EXTRA_DIST): Add Make.xml.rules. 2006-01-27 Thorsten Kukuk * configure.in: Prefer libdb over libndbm, fix check for libcrack and remove not needed BACKUP_LIBS. 2006-01-24 Thorsten Kukuk * modules/pam_debug/pam_debug.c: Fix name of pam_module struct. * po/de.po: Fix one translation. * configure.in: Add modules/pam_exec. * modules/Makefile.am: Add pam_exec subdirectory. * modules/pam_exec/README: New. * modules/pam_exec/Makefile.am: New. * modules/pam_exec/pam_exec.8: New. * modules/pam_exec/pam_exec.c: New. * modules/pam_exec/pam_exec.8.xml: New. * po/POTFILES.in: Add modules/pam_exec/pam_exec.c. * po/*.po: Merge new pam_exec strings. * libpam/pam_static_modules.h: New. * Makefile.am: Reorder subdirectories for static modules. * configure.in: Add --enable-static-modules option. * libpam/Makefile.am: Define WITH_SELINUX and WITH_PWDB if necessary, add pam_static_modules.h, link against all PAM module object files if STATIC_MODULES is defined. * libpam/pam_static.c: Remove old _static_module* includes, include pam_static_modules.h. * configure.in: Add checks for xsltproc, xmllint and docbook xsl stylesheet. * m4/jh_path_xml_catalog.m4: New. 2006-01-22 Thorsten Kukuk * modules/pam_succeed_if/pam_succeed_if.c: Add support for static modules. * modules/pam_xauth/pam_xauth.c: Likewise. * libpam/pam_static.c (_pam_open_static_handler): Add pamh as argument. * libpam/pam_private.h: Adjust prototype. * libpam/pam_handlers.c (_pam_add_handler): Add pamh to _pam_open_static_handler call. * configure.in: Don't define PAM_DYNAMIC. * libpam/pam_handlers.c: Get ride of PAM_DYNAMIC, don't include pam_dynamic.h * libpam/pam_dynamic.c: Don't include pam_dynamic.h, exclude functions if we compile with PAM_STATIC. * libpam/pam_dynamic.h: Remove. * libpam/pam_private.h: Add function prototypes from pam_dynamic.h. * libpam/Makefile.am: Bump version number of libpam, remove pam_dynamic.h. 2006-01-21 Thorsten Kukuk * modules/pam_listfile/pam_listfile.c: Add support for session and password management. 2006-01-19 Thorsten Kukuk * doc/specs/Makefile.am (spec): Add padout to fix parallel build (Reported by Andreas Haumer ). 2006-01-15 Thorsten Kukuk * modules/pam_echo/pam_echo.c: Define HOST_NAME_MAX if not already defined. 2006-01-13 Thorsten Kukuk * release version 0.99.3.0 * libpam_misc/misc_conv.c (misc_conv): Fix strict aliasing error. * modules/pam_umask/pam_umask.c (search_key): Don't ignore EOF/error return value from fgets(). * configure.in: Check for getline and getdelim * po/fi.po: Add new translations. * po/de.po: Likewise. * po/es.po: Likewise. * po/fr.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CH.po: Likewise. * po/zh_TW.po: Likewise. 2006-01-13 Dmitry V. Levin * libpam/pam_audit.c (_pam_auditlog): Replace strerror(errno) call with %m specifier. 2006-01-12 Thorsten Kukuk * configure.in: Add check for -fpie/-pie * modules/pam_filter/upperLOWER/Makefile.am: Compile/link upperLOWER with -fpie/-pie if supported. * modules/pam_unix/Makefile.am: Compile/link unix_chkpwd with -fpie/-pie if supported. 2006-01-12 Steve Grubb * configure.in: Add check for audit library. * libpam/Makefile.am (libpam_la_LDFLAGS): Add LIBAUDIT. (libpam_la_SOURCES): Add pam_audit.c. * libpam/pam_account.c (pam_acct_mgmt): Add _pam_auditlog() call. * libpam/pam_auth.c (pam_authenticate), (pam_setcred): Likewise. * libpam/pam_password.c (pam_chauthtok): Likewise. * libpam/pam_session.c (pam_open_session), (pam_close_session): Likewise. * libpam/pam_private.h: Add audit_state member to pam_handle, declare _pam_auditlog and _pam_audit_end. * libpam/pam_start.c (pam_start): Initialize audit_state. * libpam/pam_audit.c: New file with _pam_auditlog and _pam_audit_end implementation. * libpam/pam_end.c (pam_end): Add _pam_audit_end() call. * NEWS: Note about added auditing. 2006-01-11 Thorsten Kukuk * libpam/Makefile.am (AM_CFLAGS): Define LIBPAM_COMPILE. * libpam/include/security/_pam_types.h: Don't define PAM_NONNULL if we compile libpam itself. * po/hu.po: Update with new translations. 2006-01-08 Thorsten Kukuk * modules/pam_cracklib/pam_cracklib.c: Use PAM_AUTHTOK_RECOVERY_ERR instead of PAM_AUTHTOK_RECOVER_ERR. * modules/pam_pwdb/support.-c: Likewise. * modules/pam_unix/support.c: Likewise. * modules/pam_userdb/pam_userdb.c (pam_sm_authenticate): Likewise. * libpam/pam_strerror.c (pam_strerror): Likewise. * libpam/include/security/_pam_compat.h: Define PAM_AUTHTOK_RECOVER_ERR for backward compatibility. * libpam/include/security/_pam_types.h: Rename PAM_AUTHTOK_RECOVER_ERR to PAM_AUTHTOK_RECOVERY_ERR. 2006-01-05 Thorsten Kukuk * libpam/include/security/_pam_types.h: Remove nonnull attribute from third paramter (item) of pam_get_item. * libpam/Makefile.am: Bump version number of shared library. 2005-12-21 Tomas Mraz * modules/pam_succeed_if/pam_succeed_if.c (evaluate_ingroup), (evaluate_notingroup): Simplified. (evaluate_innetgr), (evaluate_notinnetgr): New functions. (evaluate): Added calls to evaluate_(not)innetgr(). * modules/pam_succeed_if/README: Documented netgroup matching. * NEWS: Mentioned the added netgroup matching support. 2005-12-20 Thorsten Kukuk * modules/pam_lastlog/pam_lastlog.c (last_login_read): Use strftime instead of ctime. * po/de.po: Fix typo. 2005-12-19 Thorsten Kukuk * libpam/pam_syslog.c: Define LOG_AUTHPRIV as LOG_AUTH on Solaris. Reported by Charles_H_Bedford@nbc.gov. * modules/pam_time/pam_time.c (check_account): Implement support for netgroups. * modules/pam_time/time.conf: Document usage of netgroups. 2005-12-16 Thorsten Kukuk * modules/pam_group/pam_group.c (check_account): Implement support for netgroups. * modules/pam_group/group.conf: Add all documentation to this example config file and don't reference to outdated configs. * modules/pam_group/README: New. * modules/pam_group/Makefile.am: Add README to EXTRADIST. 2005-12-15 Thorsten Kukuk * modules/pam_lastlog/pam_lastlog.c (last_login_read): Don't report an error if user logins the first time. * modules/pam_lastlog/README: New. * modules/pam_lastlog/Makefile.am: Add README to EXTRADIST. 2005-12-14 Thorsten Kukuk * modules/pam_deny/pam_deny.c: Fix comment. * doc/pam_appl.sgml: Fix typo. Reported by Russell Bateman 2005-12-12 Thorsten Kukuk * release version 0.99.2.1 * po/de.po: Remove new fuzzy entry * NEWS: Add 0.99.2.1 changes * configure.in: bump version number to 0.99.2.1 2005-12-12 Dmitry V. Levin Cleanup pam_syslog messages. * modules/pam_env/pam_env.c (_expand_arg): Fix compiler warning. * modules/pam_filter/pam_filter.c (set_filter): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_group/pam_group.c (read_field): Likewise. * modules/pam_mkhomedir/pam_mkhomedir.c (make_remark): Remove. (create_homedir): Do not use make_remark() wrapper, call pam_info() directly. Call pam_syslog() right after failed operation and append %m specifier to pam_syslog messages where appropriate. * modules/pam_rhosts/pam_rhosts_auth.c (pam_iruserok): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Append %m specifier to pam_syslog messages where appropriate. * modules/pam_securetty/pam_securetty.c (securetty_perform_check): Append %m specifier to pam_syslog messages where appropriate. * modules/pam_shells/pam_shells.c (perform_check): Likewise. 2005-12-12 Tomas Mraz * modules/pam_mail/pam_mail.c (report_mail): Fixed typo in string. * po/Linux-PAM.pot: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. * po/de.po: Add new translation, fixed typo in string. 2005-12-12 Mike Becher * doc/Makefile.am: Fixed install of PS, PDF, TXT and HTML files. 2005-12-12 Thorsten Kukuk * modules/pam_mail/README: Document "quiet" and "standard" options. 2005-12-07 Thorsten Kukuk * modules/pam_mail/pam_mail.c: Modify assembling of output for easier translation. * po/de.po: Translate new pam_mail messages. 2005-11-24 Thorsten Kukuk * po/de.po: Add new translation, fix wrong format specifier. * po/cs.po: Fix wrong format specifier. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-11-24 Dmitry V. Levin * config.h.in: Remove generated file. * .cvsignore: Add config.h.in. * configure.in: Do not check for strerror. * libpam_misc/misc_conv.c (read_string): Replace strerror() call with %m specifier. * libpamc/pamc_converse.c (pamc_converse): Likewise. * modules/pam_echo/pam_echo.c (pam_echo): Likewise. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Likewise. * modules/pam_selinux/pam_selinux.c (security_label_tty): Likewise. (security_restorelabel_tty, security_label_tty): Append %m specifier where appropriate. * modules/pam_selinux/pam_selinux_check.c (main): Replace strerror() call with %m specifier. * modules/pam_unix/pam_unix_passwd.c (save_old_password, _update_passwd, _update_shadow): Likewise. * modules/pam_unix/support.c (_unix_run_helper_binary): Likewise. * modules/pam_unix/unix_chkpwd.c (_update_shadow): Likewise. * po/Linux-PAM.pot: Update strings from pam_selinux. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-11-23 Thorsten Kukuk * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Introduce new variable to fix compiler warning. * libpam/pam_modutil_getlogin.c (pam_modutil_getlogin): PAM_TTY don't need to start with /dev/. 2005-11-21 Thorsten Kukuk * release version 0.99.2.0 * libpam_misc/Makefile.am: Increase release number (for change from 2005-11-09) * NEWS: Adjust for 0.99.2.0 2005-11-17 Thorsten Kukuk * libpam/include/security/_pam_compat.h: Fix wrong #ifdef nesting. Redefine PAM_CHANGE_EXPIRED_AUTHTOK [#604380] 2005-11-16 Thorsten Kukuk * libpam/pam_handlers.c: Replace code for all dlopen variants with a generic wrapper. * libpam/pam_dynamic.c: Implement generic wrapper for dlopen. * libpam/pam_dynamic.h: Provide prototypes. For Mac OS X support [#534205] 2005-11-09 Tomas Mraz * modules/pam_access/pam_access.c (pam_sm_acct_mgmt): Parse correctly full path tty name. * modules/pam_time/pam_time.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * modules/pam_group/pam_group.c (pam_sm_acct_mgmt): Parse correctly full path tty name. Allow unset tty. (logic_member): Allow matching ':' in tty name. * libpam_misc/misc_conv.c (read_string): Read only up to EOL if stdin is not terminal. 2005-11-07 Thorsten Kukuk * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Use correct variable names. 2005-11-06 Steve Langasek * modules/pam_env/pam_env.c: don't treat a missing /etc/environment as a fatal error when attempting to read it, and try to read this file by default; this restores the behavior from Linux-PAM 0.76. 2005-11-02 Tomas Mraz * modules/pam_unix/support.c (_unix_getpwnam): Fix typo [#1224807] by ohyajapn. * modules/pam_unix/pam_unix_passwd.c (_unix_verify_shadow): Change the logic when comparing dates to handle corner cases better [#1245888]. 2005-10-31 Thorsten Kukuk * modules/pam_filter/pam_filter.c: Use XCASE only if defined [#624214] 2005-10-27 Thorsten Kukuk * doc/man/pam.8: Fix wording for authentication chapter [#1197444] 2005-10-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary), modules/pam_unix/pam_unix_passwd.c (_unix_run_shadow_binary), modules/pam_unix/support.c (_unix_run_shadow_binary_): Set real uid to 0 before executing the helper if SELinux is enabled. * modules/pam_unix/unix_chkpwd.c (main): Disable user check only if real uid is 0 (CVE-2005-2977). Log failed password check attempt. 2005-10-20 Tomas Mraz * configure.in: Added check for xauth binary and --with-xauth option. * config.h.in: Added configurable PAM_PATH_XAUTH. * modules/pam_xauth/README, modules/pam_xauth/pam_xauth.8: Document where xauth is looked for. * modules/pam_xauth/pam_xauth.c (pam_sm_open_session): Implement searching xauth binary on multiple places. (run_coprocess): Don't use execvp as it can be a security risk. 2005-10-04 Steve Langasek * libpam/include/security/pam_malloc.h, libpam/include/security/pam_modules.h: Declare public header files extern "C" so that they are C++-safe. 2005-10-02 Dmitry V. Levin Steve Langasek Cleanup gratuitous use of strdup(). Fix "missing argument" checks. * modules/pam_env/pam_env.c (_pam_parse): Add const qualifier to conffile and envfile arguments. Do not use x_strdup() for conffile and envfile initialization. Fix "missing argument" checks. (_parse_config_file): Take conffile argument of type "const char *" instead of "char **". Do not free conffile. (_parse_env_file): Take env_file argument of type "const char *" instead of "char **". Do not free env_file. (pam_sm_setcred): Add const qualifier to conf_file and env_file. Pass conf_file and env_file to _parse_config_file() and _parse_env_file() by value. (pam_sm_open_session): Likewise. * modules/pam_ftp/pam_ftp.c (_pam_parse): Add const qualifier to users argument. Do not use x_strdup() for users initialization. (lookup): Add const qualifier to list argument. (pam_sm_authenticate): Add const qualifier to users argument. * modules/pam_mail/pam_mail.c (_pam_parse): Add const qualifier to maildir argument. Do not use x_strdup() for maildir initialization. Fix "missing argument" check. (get_folder): Take path_mail argument of type "const char *" instead of "char **". Do not free path_mail. (_do_mail): Add const qualifier to path_mail argument. Pass path_mail to get_folder() by value. * modules/pam_motd/pam_motd.c: Include . (pam_sm_open_session): Add const qualifier to motd_path. Do not use x_strdup() for motd_path initialization. Do not free motd_path. Fix "missing argument" check. Add "unknown option" warning. * modules/pam_userdb/pam_userdb.c (_pam_parse): Add const qualifier to database and cryptmode arguments. Fix "missing argument" checks. (pam_sm_authenticate): Add const qualifier to database and cryptmode. (pam_sm_acct_mgmt): Likewise. 2005-10-01 Steve Langasek * modules/pam_userdb/pam_userdb.c: spelling fix in log message. 2005-09-30 Steve Langasek * modules/pam_userdb/pam_userdb.c: Fix memory leak due to gratuitous use of strdup(). 2005-09-27 Thorsten Kukuk * release 0.99.1.0 * doc/specs/Makefile.am (install-data-local): Install rfc and draft. (all): Copy rfc if we build outside of source directory. 2005-09-27 Thorsten Kukuk * NEWS: Document removal of pam_radius. * autogen.sh: Make configure script executeable. * conv/pam_conv1/Makefile (EXTRA_DIST): Removed lex.yy.c (lex.yy.c): Fixed out of tree build. * conv/pam_conv1/pam_conv.y: Fix main prototype. * README: Adjust. * po/POTFILES.in: Remove files not distributed by tar archive and not containing strings for translation. 2005-09-26 Tomas Mraz * NEWS: Add a few missing entries from CHANGELOG. * AUTHORS: Fixed entries for Toady and me. * Makefile.am (M4_FILES): Fixed out of tree build. * doc/specs/Makefile.am (EXTRA_DIST): Removed lex.yy.c (spec, lex.yy.c): Fixed out of tree build. * modules/pam_userdb/README: Document try_first_pass and use_first_pass options, remove use_authtok option. 2005-09-26 Dmitry V. Levin * NEWS: Mention changes in pam_lastlog. 2005-09-26 Thorsten Kukuk * NEWS: New file. * autogen.sh: Don't generate NEWS file. * CHANGELOG: Document it as obsolete. 2005-09-26 Tomas Mraz * modules/pam_unix/pam_unix_acct.c (_unix_run_verify_binary): _log_err() -> pam_syslog() (pam_sm_acct_mgmt): _log_err() -> pam_syslog(), fix warning. * modules/pam_unix/pam_unix_auth.c (pam_sm_authenticate): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_passwd.c: removed obsolete ifdef (getNISserver, _unix_run_shadow_binary, _update_passwd, _update_shadow, _do_setpass, _pam_unix_approve_pass, pam_sm_chauthtok): _log_err() -> pam_syslog() * modules/pam_unix/pam_unix_sess.c: removed obsolete ifdef (pam_sm_open_session, pam_sm_close_session): _log_err() -> pam_syslog() * modules/pam_unix/support.c (_log_err, converse): removed (_make_remark): use pam_prompt() instead of converse() (_set_ctrl, _cleanup_failures, _unix_run_helper_binary, _unix_verify_password, _unix_read_password): _log_err() -> pam_syslog() _cleanup(), _unix_cleanup(): Silence unused param warnings. (_cleanup_failures, _unix_verify_password, _unix_getpwnam, _unix_run_helper_binary): Silence incorrect type warnings. (_unix_read_password): Use multiple pam_prompt() and pam_info() calls instead of converse(). * modules/pam_unix/support.h (_log_err): removed * modules/pam_unix/unix_chkpwd.c (_log_err): LOG_AUTH -> LOG_AUTHPRIV 2005-09-26 Thorsten Kukuk * configure.in: Add doc/specs/Makefile. * Makefile.am: Add releasedocs rule. * doc/Makefile.am: Add specs subdir, remove files from specs directory, add rfc86.0.txt to releasedocs. * doc/specs/Makefile.am: New file. * doc/specs/formatter/parse.y: move from here ... * doc/specs/parse.y: ... here. * doc/specs/formatter/parse.lex: move from here ... * doc/specs/parse.lex: ... here. * modules/pam_mail/pam_mail.c: Mark missing strings for translation * po/Linux-PAM.pot: Add new strings from pam_mail * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-23 Tomas Mraz * modules/pam_access/pam_access.c (from_match): Support NULL from. (string_match): Support NULL string, add NONE keyword matching it. (pam_sm_acct_mgmt): Don't fail when ttyname returns NULL. * modules/pam_access/access.conf: NONE keyword description * modules/pam_access/README: NONE keyword description 2005-09-22 Dmitry V. Levin * modules/pam_xauth/pam_xauth.c: (check_acl, pam_sm_open_session, pam_sm_close_session): Strip redundant "pam_xauth: " prefix from text of log messages. (pam_sm_open_session): Replace sequence of malloc(), strcpy() and strcat() calls with asprintf(). Replace syslog() calls with pam_syslog(). * modules/pam_nologin/pam_nologin.c (parse_args): Use strncmp() instead of memcmp() for string comparison. 2005-09-21 Dmitry V. Levin * modules/pam_nologin/pam_nologin.c: Include . (parse_args): Add pam_handle_t* argument. Log unrecognized options. (perform_check): Log pam_get_user() and malloc() failures. (pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt): Pass pam_handle_t* to parse_args(). * modules/pam_mail/pam_mail.c: Include . Remove YOUR_MAIL_VERBOSE_FORMAT, YOUR_MAIL_STANDARD_FORMAT and NO_MAIL_STANDARD_FORMAT macros. (parse_args, get_folder): Cleanup error messages. (get_folder): Fix leak of the path_mail variable in case of pam_get_user() failure. Cleanup memory management. (get_mail_status): Add pam_handle_t* argument. Fix leaks of namelist variable. Cleanup memory management. Log memory allocation failures. Remove 250-byte limit on Maildir pathname. (report_mail): Mark text messages for translation. (_do_mail): Cleanup memory management. Pass pam_handle_t* to get_mail_status(). * po/Linux-PAM.pot: Update with new strings from pam_mail for translation. * po/cs.po: Likewise. * po/de.po: Likewise. * po/es.po: Likewise. * po/fi.po: Likewise. * po/fr.po: Likewise. * po/hu.po: Likewise. * po/it.po: Likewise. * po/ja.po: Likewise. * po/nb.po: Likewise. * po/pa.po: Likewise. * po/pl.po: Likewise. * po/pt.po: Likewise. * po/pt_BR.po: Likewise. * po/zh_CN.po: Likewise. * po/zh_TW.po: Likewise. 2005-09-20 Thorsten Kukuk * configure.in: Add finish translation. * po/fi.po: New. * acinclude.m4: remove libprelude macros. * m4/libprelude.m4: New. * Makefile.am (EXTRA_DIST): make sure we include all m4 macros. * libpamc/Makefile.am (EXTRA_DIST): Add License. See CHANGELOG for earlier changes. pam/Copyright0000644000000000000000000000377513261244762010437 0ustar Unless otherwise *explicitly* stated the following text describes the licensed conditions under which the contents of this Linux-PAM release may be distributed: ------------------------------------------------------------------------- Redistribution and use in source and binary forms of Linux-PAM, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain any existing copyright notice, and this entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission. ALTERNATIVELY, this product may be distributed under the terms of the GNU General Public License, in which case the provisions of the GNU GPL are required INSTEAD OF the above restrictions. (This clause is necessary due to a potential conflict between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- pam/INSTALL0000644000000000000000000003633213261244762007570 0ustar Installation Instructions ************************* Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. This file is offered as-is, without warranty of any kind. Basic Installation ================== Briefly, the shell commands `./configure; make; make install' should configure, build, and install this package. The following more-detailed instructions are generic; see the `README' file for instructions specific to this package. Some packages provide this `INSTALL' file but do not implement all of the features documented below. The lack of an optional feature in a given package is not necessarily a bug. More recommendations for GNU packages can be found in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that you can run in the future to recreate the current configuration, and a file `config.log' containing compiler output (useful mainly for debugging `configure'). It can also use an optional file (typically called `config.cache' and enabled with `--cache-file=config.cache' or simply `-C') that saves the results of its tests to speed up reconfiguring. Caching is disabled by default to prevent problems with accidental use of stale cache files. If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can be considered for the next release. If you are using the cache, and at some point `config.cache' contains results you don't want to keep, you may remove or edit it. The file `configure.ac' (or `configure.in') is used to create `configure' by a program called `autoconf'. You need `configure.ac' if you want to change it or regenerate `configure' using a newer version of `autoconf'. The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type `./configure' to configure the package for your system. Running `configure' might take a while. While running, it prints some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and documentation. When installing into a prefix owned by root, it is recommended that the package be configured and built as a regular user, and only the `make install' phase executed with root privileges. 5. Optionally, type `make installcheck' to repeat any self-tests, but this time using the binaries in their final installed location. This target does not install anything. Running this target as a regular user, particularly if the prior `make install' required root privileges, verifies that the installation completed correctly. 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is also a `make maintainer-clean' target, but that is intended mainly for the package's developers. If you use it, you may have to get all sorts of other programs in order to regenerate files that came with the distribution. 7. Often, you can also type `make uninstall' to remove the installed files again. In practice, not all packages have tested that uninstallation works correctly, even though it is required by the GNU Coding Standards. 8. Some packages, particularly those that use Automake, provide `make distcheck', which can by used by developers to test that all other targets like `make install' and `make uninstall' work correctly. This target is generally not run by end users. Compilers and Options ===================== Some systems require unusual options for compilation or linking that the `configure' script does not know about. Run `./configure --help' for details on some of the pertinent environment variables. You can give `configure' initial values for configuration parameters by setting variables in the command line or in the environment. Here is an example: ./configure CC=c99 CFLAGS=-g LIBS=-lposix *Note Defining Variables::, for more details. Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their own directory. To do this, you can use GNU `make'. `cd' to the directory where you want the object files and executables to go and run the `configure' script. `configure' automatically checks for the source code in the directory that `configure' is in and in `..'. This is known as a "VPATH" build. With a non-GNU `make', it is safer to compile the package for one architecture at a time in the source code directory. After you have installed the package for one architecture, use `make distclean' before reconfiguring for another architecture. On MacOS X 10.5 and later systems, you can create libraries and executables that work on multiple system types--known as "fat" or "universal" binaries--by specifying multiple `-arch' options to the compiler but only a single `-arch' option to the preprocessor. Like this: ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ CPP="gcc -E" CXXCPP="g++ -E" This is not guaranteed to produce working output in all cases, you may have to build one architecture at a time and combine the results using the `lipo' tool if you have problems. Installation Names ================== By default, `make install' installs the package's commands under `/usr/local/bin', include files under `/usr/local/include', etc. You can specify an installation prefix other than `/usr/local' by giving `configure' the option `--prefix=PREFIX', where PREFIX must be an absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you pass the option `--exec-prefix=PREFIX' to `configure', the package uses PREFIX as the prefix for installing programs and libraries. Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories you can set and what kinds of files go in them. In general, the default for these options is expressed in terms of `${prefix}', so that specifying just `--prefix' will affect all of the other directory specifications that were not explicitly provided. The most portable way to affect installation locations is to pass the correct locations to `configure'; however, many packages provide one or both of the following shortcuts of passing variable assignments to the `make install' command line to change installation locations without having to reconfigure or recompile. The first method involves providing an override variable for each affected directory. For example, `make install prefix=/alternate/directory' will choose an alternate location for all directory configuration variables that were expressed in terms of `${prefix}'. Any directories that were specified during `configure', but not in terms of `${prefix}', must each be overridden at install time for the entire installation to be relocated. The approach of makefile variable overrides for each directory variable is required by the GNU Coding Standards, and ideally causes no recompilation. However, some platforms have known limitations with the semantics of shared libraries that end up requiring recompilation when using this method, particularly noticeable in packages that use GNU Libtool. The second method involves providing the `DESTDIR' variable. For example, `make install DESTDIR=/alternate/directory' will prepend `/alternate/directory' before all installation names. The approach of `DESTDIR' overrides is not required by the GNU Coding Standards, and does not work on platforms that have drive letters. On the other hand, it does better at avoiding recompilation issues, and works well even when some directory options were not specified in terms of `${prefix}' at `configure' time. Optional Features ================= If the package supports it, you can cause programs to be installed with an extra prefix or suffix on their names by giving `configure' the option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE is something like `gnu-as' or `x' (for the X Window System). The `README' should mention any `--enable-' and `--with-' options that the package recognizes. For packages that use the X Window System, `configure' can usually find the X include and library files automatically, but if it doesn't, you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. Some packages offer the ability to configure how verbose the execution of `make' will be. For these packages, running `./configure --enable-silent-rules' sets the default to minimal output, which can be overridden with `make V=1'; while running `./configure --disable-silent-rules' sets the default to verbose, which can be overridden with `make V=0'. Particular systems ================== On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC is not installed, it is recommended to use the following options in order to use an ANSI C compiler: ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" and if that doesn't work, install pre-built binaries of GCC for HP-UX. On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot parse its `' header file. The option `-nodtk' can be used as a workaround. If GNU CC is not installed, it is therefore recommended to try ./configure CC="cc" and if that doesn't work, try ./configure CC="cc -nodtk" On Solaris, don't put `/usr/ucb' early in your `PATH'. This directory contains several dysfunctional programs; working variants of these programs are available in `/usr/bin'. So, if you need `/usr/ucb' in your `PATH', put it _after_ `/usr/bin'. On Haiku, software installed for all users goes in `/boot/common', not `/usr/local'. It is recommended to use the following options: ./configure --prefix=/boot/common Specifying the System Type ========================== There may be some features `configure' cannot figure out automatically, but needs to determine by the type of machine the package will run on. Usually, assuming the package is built to be run on the _same_ architectures, `configure' can figure that out, but if it prints a message saying it cannot guess the machine type, give it the `--build=TYPE' option. TYPE can either be a short name for the system type, such as `sun4', or a canonical name which has the form: CPU-COMPANY-SYSTEM where SYSTEM can have one of these forms: OS KERNEL-OS See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't need to know the machine type. If you are _building_ compiler tools for cross-compiling, you should use the option `--target=TYPE' to select the type of system they will produce code for. If you want to _use_ a cross compiler, that generates code for a platform different from the build platform, you should specify the "host" platform (i.e., that on which the generated programs will eventually be run) with `--host=TYPE'. Sharing Defaults ================ If you want to set default values for `configure' scripts to share, you can create a site shell script called `config.site' that gives default values for variables like `CC', `cache_file', and `prefix'. `configure' looks for `PREFIX/share/config.site' if it exists, then `PREFIX/etc/config.site' if it exists. Or, you can set the `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. Defining Variables ================== Variables not defined in a site shell script can be set in the environment passed to `configure'. However, some packages may run configure again during the build, and the customized values of these variables may be lost. In order to avoid this problem, you should set them in the `configure' command line, using `VAR=value'. For example: ./configure CC=/usr/local2/bin/gcc causes the specified `gcc' to be used as the C compiler (unless it is overridden in the site shell script). Unfortunately, this technique does not work for `CONFIG_SHELL' due to an Autoconf bug. Until the bug is fixed you can use this workaround: CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash `configure' Invocation ====================== `configure' recognizes the following options to control how it operates. `--help' `-h' Print a summary of all of the options to `configure', and exit. `--help=short' `--help=recursive' Print a summary of the options unique to this package's `configure', and exit. The `short' variant lists options used only in the top level, while the `recursive' variant lists options also present in any nested packages. `--version' `-V' Print the version of Autoconf used to generate the `configure' script, and exit. `--cache-file=FILE' Enable the cache: use and save the results of the tests in FILE, traditionally `config.cache'. FILE defaults to `/dev/null' to disable caching. `--config-cache' `-C' Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' Do not print messages saying which checks are being made. To suppress all normal output, redirect it to `/dev/null' (any error messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. `--prefix=DIR' Use DIR as the installation prefix. *note Installation Names:: for more details, including other options available for fine-tuning the installation locations. `--no-create' `-n' Run the configure checks, but stop before creating any output files. `configure' also accepts some other, not widely useful, options. Run `configure --help' for more details. pam/Make.xml.rules0000644000000000000000000000215013261244762011256 0ustar # # Copyright (c) 2006 Thorsten Kukuk # README: README.xml $(XSLTPROC) --path $(srcdir) --xinclude --stringparam generate.toc "none" --nonet http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $(srcdir)/$@ %.1: %.1.xml $(XMLLINT) --nonet --xinclude --postvalid --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< %.3: %.3.xml $(XMLLINT) --nonet --xinclude --postvalid --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< %.5: %.5.xml $(XMLLINT) --nonet --xinclude --postvalid --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< %.8: %.8.xml $(XMLLINT) --nonet --xinclude --postvalid --noout $< $(XSLTPROC) -o $(srcdir)/$@ --path $(srcdir) --xinclude --nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $< #CLEANFILES += $(man_MANS) README pam/Makefile.am0000644000000000000000000000230013261244762010557 0ustar # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests CLEANFILES = *~ EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules ACLOCAL_AMFLAGS = -I m4 release: dist releasedocs release-docs: releasedocs releasedocs: rm -rf Linux-PAM-$(VERSION) mkdir -p Linux-PAM-$(VERSION)/doc make -C doc releasedocs tar zfc Linux-PAM-$(VERSION)-docs.tar.gz \ Linux-PAM-$(VERSION)/doc tar jfc Linux-PAM-$(VERSION)-docs.tar.bz2 \ Linux-PAM-$(VERSION)/doc rm -rf Linux-PAM-$(VERSION) xtests: make -C xtests xtests .PHONY: xtests gen_changelog_start_date = 2011-10-26 gen-ChangeLog: if test -d .git; then \ ( $(top_srcdir)/gitlog-to-changelog --append-dot \ --since=$(gen_changelog_start_date) && \ echo && echo && \ echo 'See ChangeLog-CVS for earlier changes.' \ ) > $(distdir)/ChangeLog.new && \ rm -f $(distdir)/ChangeLog && \ mv $(distdir)/ChangeLog.new $(distdir)/ChangeLog; \ fi dist-hook: gen-ChangeLog .PHONY: gen-ChangeLog export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner --mode=go-w,go+rX pam/Makefile.in0000644000000000000000000006300513261244762010601 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = . DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in $(srcdir)/config.h.in \ $(top_srcdir)/configure ABOUT-NLS AUTHORS COPYING ChangeLog \ INSTALL NEWS build-aux/compile build-aux/config.guess \ build-aux/config.rpath build-aux/config.sub build-aux/depcomp \ build-aux/install-sh build-aux/ltmain.sh build-aux/missing \ build-aux/ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir dist dist-all distcheck ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) am__remove_distdir = \ { test ! -d "$(distdir)" \ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ && rm -fr "$(distdir)"; }; } am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.bz2 GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print distcleancheck_listfiles = find . -type f -print ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = 1.9 gnu dist-bzip2 check-news SUBDIRS = libpam tests libpamc libpam_misc modules po conf doc examples xtests CLEANFILES = *~ EXTRA_DIST = pgp.keys.asc CHANGELOG ChangeLog-CVS Copyright Make.xml.rules ACLOCAL_AMFLAGS = -I m4 gen_changelog_start_date = 2011-10-26 all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive .SUFFIXES: am--refresh: @: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \ && exit 0; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ echo ' $(SHELL) ./config.status'; \ $(SHELL) ./config.status;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck $(top_srcdir)/configure: $(am__configure_deps) $(am__cd) $(srcdir) && $(AUTOCONF) $(ACLOCAL_M4): $(am__aclocal_m4_deps) $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) $(am__aclocal_m4_deps): config.h: stamp-h1 @if test ! -f $@; then \ rm -f stamp-h1; \ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \ else :; fi stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status @rm -f stamp-h1 cd $(top_builddir) && $(SHELL) ./config.status config.h $(srcdir)/config.h.in: $(am__configure_deps) ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) rm -f stamp-h1 touch $@ distclean-hdr: -rm -f config.h stamp-h1 mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs distclean-libtool: -rm -f libtool config.lt # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @case `sed 15q $(srcdir)/NEWS` in \ *"$(VERSION)"*) : ;; \ *) \ echo "NEWS not updated; not releasing" 1>&2; \ exit 1;; \ esac $(am__remove_distdir) test -d "$(distdir)" || mkdir "$(distdir)" @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$(top_distdir)" distdir="$(distdir)" \ dist-hook -test -n "$(am__skip_mode_fix)" \ || find "$(distdir)" -type d ! -perm -755 \ -exec chmod u+rwx,go+rx {} \; -o \ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ || chmod -R a+r "$(distdir)" dist-gzip: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz $(am__remove_distdir) dist-bzip2: distdir tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) dist-lzma: distdir tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma $(am__remove_distdir) dist-xz: distdir tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz $(am__remove_distdir) dist-tarZ: distdir tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__remove_distdir) dist-shar: distdir shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__remove_distdir) dist-zip: distdir -rm -f $(distdir).zip zip -rq $(distdir).zip $(distdir) $(am__remove_distdir) dist dist-all: distdir tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2 $(am__remove_distdir) # This target untars the dist file and tries a VPATH configuration. Then # it guarantees that the distribution is self-contained by making another # tarfile. distcheck: dist case '$(DIST_ARCHIVES)' in \ *.tar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\ *.tar.bz2*) \ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ *.tar.lzma*) \ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\ *.tar.xz*) \ xz -dc $(distdir).tar.xz | $(am__untar) ;;\ *.tar.Z*) \ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ *.shar.gz*) \ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ esac chmod -R a-w $(distdir); chmod a+w $(distdir) mkdir $(distdir)/_build mkdir $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ && $(am__cd) $(distdir)/_build \ && ../configure --srcdir=.. --prefix="$$dc_install_base" \ $(DISTCHECK_CONFIGURE_FLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ && $(MAKE) $(AM_MAKEFLAGS) install \ && $(MAKE) $(AM_MAKEFLAGS) installcheck \ && $(MAKE) $(AM_MAKEFLAGS) uninstall \ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ distuninstallcheck \ && chmod -R a-w "$$dc_install_base" \ && ({ \ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ } || { rm -rf "$$dc_destdir"; exit 1; }) \ && rm -rf "$$dc_destdir" \ && $(MAKE) $(AM_MAKEFLAGS) dist \ && rm -rf $(DIST_ARCHIVES) \ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ && cd "$$am__cwd" \ || exit 1 $(am__remove_distdir) @(echo "$(distdir) archives ready for distribution: "; \ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' distuninstallcheck: @$(am__cd) '$(distuninstallcheck_dir)' \ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \ || { echo "ERROR: files left after uninstall:" ; \ if test -n "$(DESTDIR)"; then \ echo " (check DESTDIR support)"; \ fi ; \ $(distuninstallcheck_listfiles) ; \ exit 1; } >&2 distcleancheck: distclean @if test '$(srcdir)' = . ; then \ echo "ERROR: distcleancheck can only run from a VPATH build" ; \ exit 1 ; \ fi @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ || { echo "ERROR: files left in build directory after distclean:" ; \ $(distcleancheck_listfiles) ; \ exit 1; } >&2 check-am: all-am check: check-recursive all-am: Makefile config.h installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -f Makefile distclean-am: clean-am distclean-generic distclean-hdr \ distclean-libtool distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f $(am__CONFIG_DISTCLEAN_FILES) -rm -rf $(top_srcdir)/autom4te.cache -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \ ctags-recursive install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am am--refresh check check-am clean clean-generic \ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \ dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \ dist-zip distcheck distclean distclean-generic distclean-hdr \ distclean-libtool distclean-tags distcleancheck distdir \ distuninstallcheck dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-recursive uninstall uninstall-am release: dist releasedocs release-docs: releasedocs releasedocs: rm -rf Linux-PAM-$(VERSION) mkdir -p Linux-PAM-$(VERSION)/doc make -C doc releasedocs tar zfc Linux-PAM-$(VERSION)-docs.tar.gz \ Linux-PAM-$(VERSION)/doc tar jfc Linux-PAM-$(VERSION)-docs.tar.bz2 \ Linux-PAM-$(VERSION)/doc rm -rf Linux-PAM-$(VERSION) xtests: make -C xtests xtests .PHONY: xtests gen-ChangeLog: if test -d .git; then \ ( $(top_srcdir)/gitlog-to-changelog --append-dot \ --since=$(gen_changelog_start_date) && \ echo && echo && \ echo 'See ChangeLog-CVS for earlier changes.' \ ) > $(distdir)/ChangeLog.new && \ rm -f $(distdir)/ChangeLog && \ mv $(distdir)/ChangeLog.new $(distdir)/ChangeLog; \ fi dist-hook: gen-ChangeLog .PHONY: gen-ChangeLog export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner --mode=go-w,go+rX # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/NEWS0000644000000000000000000002215313261244762007232 0ustar Linux-PAM NEWS -- history of user-visible changes. Release 1.1.8 * pam_unix: bug fix for compiling with SELinux, fix crash at login time Release 1.1.7 * Update translations * pam_exec: add stdout and type= options * pam_tty_audit: add options to control logging of passwords * pam_unix: Read defaults from /etc/login.defs * pam_userdb: Allow modern password hashes * pam_selinux/pam_tally2: Add tty and rhost to audit data * Lot of docu and code fixes Release 1.1.6 * Update translations * pam_cracklib: Add more checks for weak passwords * pam_lastlog: Never lock out root * Lot of bug fixes and smaller enhancements Release 1.1.5 * pam_env: Fix CVE-2011-3148 and CVE-2011-3149 * pam_access: Add hostname resolution cache * Documentation: Improvements/fixes Release 1.1.4 * Add vietnamese translation * pam_namepace: Add new functionality * pam_securetty: Honour console= kernel option, add noconsole option * pam_limits: Add %group syntax, drop change_uid option, add set_all option * Lot of small bug fixes * Lot of compiler warnings fixed * Add support for libtirpc Release 1.1.3 * pam_namespace: Clean environment for childs (CVE-2010-3853) * libpam: New interface to drop/regain privilegs * Drop root privilegs in pam_env, pam_mail and pam_xauth before accessing user files (CVE-2010-3430, CVE-2010-3431) * pam_unix: Add minlen option, change default from 6 to 0 * Documentation improvements * Lot of small bug fixes Release 1.1.2 * pam_unix: Add minlen= option * pam_group: Add support for UNIX groups beside netgroups * pam_tally: Document that it is deprecated * pam_rootok: Add support for chauthtok and acct_mgmt * Update translations Release 1.1.1 * Update translations * pam_access: Revert netgroup match to original behavior, add new syntax for adding the local hostname to netgroup match * libpam: Add new functions pam_get_authtok_noverify() and pam_get_authtok_verify() * Add sepermit.conf.5 manual page * Lot of bug fixes Release 1.1.0 * Update translations * Documentation updates and fixes Release 1.0.92 * Update translations * pam_succeed_if: Use provided username * pam_mkhomedir: Fix handling of options Release 1.0.91 * Fixed CVE-2009-0579 (minimum days limit on password change is ignored). * Fix libpam internal config/argument parser * Add optional file locking to pam_tally2 * Update translations * pam_access improvements * Changes in the behavior of the password stack. Results of PRELIM_CHECK are not used for the final run. Release 1.0.90 * Supply hostname of the machine to netgroup match call in pam_access * Make pam_namespace to work safe on child directories of parent directories owned by users * Redefine LOCAL keyword of pam_access configuration file * Add support for try_first_pass and use_first_pass to pam_cracklib * Print informative messages for rejected login and add silent and no_log_info options to pam_tally * Add support for passing PAM_AUTHTOK to stdin of helpers from pam_exec * New password quality tests in pam_cracklib * New options for pam_lastlog to show last failed login attempt and to disable lastlog update * New pam_pwhistory module to store last used passwords * New pam_tally2 module similar to pam_tally with wordsize independent tally data format * Make libpam not log missing module if its type is prepended with '-' * New pam_timestamp module for authentication based on recent successful login. * Add blowfish support to pam_unix. * Add support for user specific environment file to pam_env. * Add pam_get_authtok to libpam as Linux-PAM extension. * Rename type option of pam_cracklib to authtok_type. Release 1.0.3 * Small bug fix release Release 1.0.2 * Regression fixed in pam_selinux * Problem with big UIDs fixed in pam_loginuid Release 1.0.1 * Regression fixed in pam_set_item() Release 1.0.0 * Small bug fixes * Translation updates Release 0.99.10.0 * New substack directive in config file syntax. * New module pam_tty_audit.so for enabling and disabling tty auditing. * New PAM items PAM_XDISPLAY and PAM_XAUTHDATA. * Auditing login denials based by origin (pam_access), time (pam_time), and number of sessions (pam_limits) to the Linux audit subsystem. * Support sha256 and sha512 algorithms in pam_unix when they are supported by crypt(). * New pam_sepermit.so module for allowing/rejecting access based on SELinux mode. * Improved functionality of pam_namespace.so module (method flags, namespace.d configuration directory, new options). * Finaly removed deprecated pam_rhosts_auth module. Release 0.99.9.0 * misc_conv no longer blocks SIGINT; applications that don't want user-interruptable prompts should block SIGINT themselves * Merge fixes from Debian * Fix parser for pam_group and pam_time Release 0.99.8.1 * Fix a regression in audit code introduced with last release * Fix compiling with --disable-nls Release 0.99.8.0 * Add translations for ar, ca, da, ru, sv and zu. * Update hungarian translation. * Add support for limits.d directory to pam_limits. * Improve pam_namespace module tobe more useful for MLS, fixed crash with bad config files. * Improve pam_selinux module to be more useful for MLS. * Add minclass option to pam_cracklib * Add new group syntax to pam_access Release 0.99.7.1 * Security fix for pam_unix.so (CVE-2007-0003). Release 0.99.7.0 * Add manual page for pam_unix.so. * Add pam_faildelay module to set pam_fail_delay() value. * Fix possible seg.fault in libpam/pam_set_data(). * Cleanup of configure options. * Update hungarian translation, fix german translation. Release 0.99.6.3 * pam_loginuid: New PAM module. * pam_access, pam_succeed_if: Support passwd and session services. Release 0.99.6.2 * pam_lastlog: Don't refuse login if lastlog file got lost. * pam_cracklib: Fix a user triggerable crash. * documentation: Regenerate with fixed docbook stylesheet. Release 0.99.6.1 * Fix bootstrapping problems. * Bug fixes: pam_keyinit, pam_umask Release 0.99.6.0 * pam_namespace: Code cleanup, add init script to tar archive. * pam_succeed_if: Add support for service match. * Add xtests (to run after installation). * Documentation: Convert sgml guides to XML, unify documentation for PAM functions and modules. Release 0.99.5.0 * pam_tally: Fix support for large UIDs * Fixed all problems found by Coverity * Add support for Intel C Compiler * Add manual page for pam_mkhomedir, pam_umask, pam_filter, pam_issue, pam_ftp, pam_group, pam_lastlog, pam_listfile, pam_localuser, pam_mail, pam_motd, pam_nologin, pam_permit, pam_rootok, pam_securetty, pam_shells, pam_userdb, pam_warn, pam_time, pam_limits, pam_debug, pam_tally * The libpam memory debug code was removed * pam_keyinit: New module to initialise kernel session keyring. * pam_namespace: New module to configure private namespace for a session. * pam_rhosts: New module which replaces pam_rhosts_auth, now IPv6 capable. * pam_rhosts_auth: This module is now deprecated. Release 0.99.4.0 * Add test suite * Fix building of static variants of libpam, libpamc and libpam_misc * pam_listfile: Add support for password and session management * pam_exec: New PAM module to execute arbitary commands * Fix building of a static libpam including all PAM modules * New/updated translations for: nl, pt, pl, fi, km, tr, uk, fr * pam_access: Add network(address) / netmask and IPv6 support * Add manual pages for pam_cracklib, pam_deny and pam_access * pam_pwdb: This deprecated module was removed * Manual pages: Major rewrite/cleanup Release 0.99.3.0 * Fix NULL pointer checks in libpam.so * pam_succeed_if, pam_group, pam_time: Support netgroup matching * New translations for: nb, hu, fi, de, es, fr, it, ja, pt_BR, zh_CN, zh_TW * Audit PAM calls if Linux Audit is available * Compile upperLOWER and unix_chkpwd as PIE binaries Release 0.99.2.1 * Fix install of PS, PDF, TXT and HTML files * pam_mail: Update README * Use %m consistent * pam_modutil_getlogin: Fix parsing of PAM_TTY variable Release 0.99.2.0 * Fix parsing of full path tty name in various modules * pam_xauth: Look for xauth executable in multiple places * pam_unix: Disable user check in unix_chkpwd only if real uid is 0 (CVE-2005-2977). Log failed password check attempt. * pam_env: Support /etc/environment again, but don't treat it as error if it is missing. * pam_userdb: Fix memory leak. Release 0.99.1.0 * Use autoconf/automake/libtool * Add gettext support * Add translations for cs, de, es, fr, hu, it, ja, nb, pa, pt_BR, pt, zh_CN and zh_TW * libpam: Remove pam_authenticate_secondary stub * libpam: Add pam_prompt,pam_vprompt,pam_error,pam_verror,pam_info and pam_vinfo functions for use by modules as extension * libpam: Add pam_syslog function for unified syslog messages from PAM modules * libpam: Moved functions from pammodutil to libpam * pam_umask: New module for setting umask from GECOS field, /etc/login.defs or /etc/default/login * pam_echo: New PAM module for message output * pam_userdb: Fix regression (crash when crypt param not specified) * pam_limits: Fix regression from RLIMIT_NICE support (wrong limit values for other limits are applied) * pam_access: Support for NULL tty - matches ALL and NONE keywords * pam_lastlog: Enable log to wtmp by default. Add "nowtmp" option * pam_radius: This module was removed pam/README0000644000000000000000000000314413261244762007412 0ustar Hello! Thanks for downloading Linux-PAM. NOTES: How to use it is as follows: ./configure --help | less ./configure make To make sure everything was compiled correct, run: make check If a test fails, you should not continue to install this build. These tests require a suitable file /etc/pam.d/other; if necessary, create such a file containing, e.g., these five lines (not indented) #%PAM-1.0 auth required pam_deny.so account required pam_deny.so password required pam_deny.so session required pam_deny.so Note, if you are worried - don't even think about doing the next line (most Linux distributions already support PAM out of the box, so if something goes wrong with installing the code from this version your box may stop working..) make install That said, please report problems to the bug reporting database on sourceforge.net. You can run additional checks after installing by executing make xtests as root. WARNING: Running "make xtests" can overwrite configuration data or make the system insecure/unfunctional for a short time! Backup all important data before! If you do not wish to make the modules dynamically loadable, but build a static libpam including all PAM modules, you have to call: ./configure --enable-static-modules --disable-pie To run the build checks with static modules, you need to run the following command: make -C test check && make check To regenerate manual pages from the XML source files you need the docbook-xsl stylesheets in version 1.69.1 or newer, older versions had a bug which generates a broken layout. pam/aclocal.m40000644000000000000000000012235013261244762010373 0ustar # generated automatically by aclocal 1.11.1 -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],, [m4_warning([this file was generated for autoconf 2.65. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically `autoreconf'.])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # # Copyright © 2004 Scott James Remnant . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # PKG_PROG_PKG_CONFIG([MIN-VERSION]) # ---------------------------------- AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])# PKG_PROG_PKG_CONFIG # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # # Check to see whether a particular set of modules exists. Similar # to PKG_CHECK_MODULES(), but does not set variables or print errors. # # # Similar to PKG_CHECK_MODULES, make sure that the first instance of # this or PKG_CHECK_MODULES is called, or make sure to call # PKG_CHECK_EXISTS manually # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_ifval([$2], [$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) # --------------------------------------------- m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" elif test -n "$PKG_CONFIG"; then PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], [pkg_failed=yes]) else pkg_failed=untried fi[]dnl ])# _PKG_CONFIG # _PKG_SHORT_ERRORS_SUPPORTED # ----------------------------- AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])# _PKG_SHORT_ERRORS_SUPPORTED # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], # [ACTION-IF-NOT-FOUND]) # # # Note that if there is a possibility the first call to # PKG_CHECK_MODULES might not happen, you should be sure to include an # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac # # # -------------------------------------------------------------- AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $1]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD ifelse([$4], , [AC_MSG_ERROR(dnl [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT ])], [AC_MSG_RESULT([no]) $4]) elif test $pkg_failed = untried; then ifelse([$4], , [AC_MSG_FAILURE(dnl [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])], [$4]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) ifelse([$3], , :, [$3]) fi[]dnl ])# PKG_CHECK_MODULES # Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.11' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.11.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.11.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to # `$srcdir', `$srcdir/..', or `$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is `.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [dnl Rely on autoconf to set up CDPATH properly. AC_PREREQ([2.50])dnl # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 9 # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ(2.52)dnl ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 10 # There are a few dirty hacks below to avoid letting `AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "GCJ", or "OBJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl ifelse([$1], CC, [depcc="$CC" am_compiler_list=], [$1], CXX, [depcc="$CXX" am_compiler_list=], [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], UPC, [depcc="$UPC" am_compiler_list=], [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE(dependency-tracking, [ --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. #serial 5 # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`AS_DIRNAME("$mf")` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`AS_DIRNAME(["$file"])` AS_MKDIR_P([$dirpart/$fdir]) # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking # is enabled. FIXME. This creates each `.P' file that we will # need in order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"]) ]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, # 2005, 2006, 2008, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 16 # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.62])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version}) AM_MISSING_PROG(AUTOCONF, autoconf) AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version}) AM_MISSING_PROG(AUTOHEADER, autoheader) AM_MISSING_PROG(MAKEINFO, makeinfo) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl # We need awk for the "check" target. The system "awk" is bad on # some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES(CC)], [define([AC_PROG_CC], defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES(CXX)], [define([AC_PROG_CXX], defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES(OBJC)], [define([AC_PROG_OBJC], defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl ]) _AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl dnl The `parallel-tests' driver may need to know about EXEEXT, so add the dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro dnl is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl ]) dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST(install_sh)]) # Copyright (C) 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2005 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_PROG_LEX # ----------- # Autoconf leaves LEX=: if lex or flex can't be found. Change that to a # "missing" invocation, for better error output. AC_DEFUN([AM_PROG_LEX], [AC_PREREQ(2.50)dnl AC_REQUIRE([AM_MISSING_HAS_RUN])dnl AC_REQUIRE([AC_PROG_LEX])dnl if test "$LEX" = :; then LEX=${am_missing_run}flex fi]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # AM_MAKE_INCLUDE() # ----------------- # Check to see how make treats includes. AC_DEFUN([AM_MAKE_INCLUDE], [am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. AC_MSG_CHECKING([for style of include used by $am_make]) am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi AC_SUBST([am__include]) AC_SUBST([am__quote]) AC_MSG_RESULT([$_am_result]) rm -f confinc confmf ]) # Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_PROG_CC_C_O # -------------- # Like AC_PROG_CC_C_O, but changed for automake. AC_DEFUN([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC_C_O])dnl AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([compile])dnl # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi dnl Make sure AC_PROG_CC is never called again, or it will override our dnl setting of CC. m4_define([AC_PROG_CC], [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) ]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 6 # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it supports --run. # If it does, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= AC_MSG_WARN([`missing' script is too old or missing]) fi ]) # Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_MKDIR_P # --------------- # Check for `mkdir -p'. AC_DEFUN([AM_PROG_MKDIR_P], [AC_PREREQ([2.60])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P, dnl while keeping a definition of mkdir_p for backward compatibility. dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile. dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of dnl Makefile.ins that do not define MKDIR_P, so we do our own dnl adjustment using top_builddir (which is defined more often than dnl MKDIR_P). AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl case $mkdir_p in [[\\/$]]* | ?:[[\\/]]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 4 # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # ------------------------------ # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), 1)]) # _AM_SET_OPTIONS(OPTIONS) # ---------------------------------- # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008 # Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 5 # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT(yes)]) # Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor `install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in `make install-strip', and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be `maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006, 2008 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004, 2005 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # serial 2 # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of `v7', `ustar', or `pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. AM_MISSING_PROG([AMTAR], [tar]) m4_if([$1], [v7], [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'], [m4_case([$1], [ustar],, [pax],, [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' _am_tools=${am_cv_prog_tar_$1-$_am_tools} # Do not fold the above two line into one, because Tru64 sh and # Solaris sh will not grok spaces in the rhs of `-'. for _am_tool in $_am_tools do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([m4/gettext.m4]) m4_include([m4/iconv.m4]) m4_include([m4/japhar_grep_cflags.m4]) m4_include([m4/jh_path_xml_catalog.m4]) m4_include([m4/ld-O1.m4]) m4_include([m4/ld-as-needed.m4]) m4_include([m4/ld-no-undefined.m4]) m4_include([m4/lib-ld.m4]) m4_include([m4/lib-link.m4]) m4_include([m4/lib-prefix.m4]) m4_include([m4/libprelude.m4]) m4_include([m4/libtool.m4]) m4_include([m4/ltoptions.m4]) m4_include([m4/ltsugar.m4]) m4_include([m4/ltversion.m4]) m4_include([m4/lt~obsolete.m4]) m4_include([m4/nls.m4]) m4_include([m4/po.m4]) m4_include([m4/progtest.m4]) pam/build-aux/0000755000000000000000000000000013261244762010422 5ustar pam/build-aux/compile0000755000000000000000000000727113261244762012007 0ustar #! /bin/sh # Wrapper for compilers which do not understand `-c -o'. scriptversion=2009-10-06.20; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software # Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: compile [--help] [--version] PROGRAM [ARGS] Wrapper for compilers which do not understand `-c -o'. Remove `-o dest.o' from ARGS, run PROGRAM with the remaining arguments, and rename the output as expected. If you are trying to build a whole package this is not the right script to run: please start by reading the file `INSTALL'. Report bugs to . EOF exit $? ;; -v | --v*) echo "compile $scriptversion" exit $? ;; esac ofile= cfile= eat= for arg do if test -n "$eat"; then eat= else case $1 in -o) # configure might choose to run compile as `compile cc -o foo foo.c'. # So we strip `-o arg' only if arg is an object. eat=1 case $2 in *.o | *.obj) ofile=$2 ;; *) set x "$@" -o "$2" shift ;; esac ;; *.c) cfile=$1 set x "$@" "$1" shift ;; *) set x "$@" "$1" shift ;; esac fi shift done if test -z "$ofile" || test -z "$cfile"; then # If no `-o' option was seen then we might have been invoked from a # pattern rule where we don't need one. That is ok -- this is a # normal compilation that the losing compiler can handle. If no # `.c' file was seen then we are probably linking. That is also # ok. exec "$@" fi # Name of file we expect compiler to create. cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` # Create the lock directory. # Note: use `[/\\:.-]' here to ensure that we don't use the same name # that we are using for the .o file. Also, base the name on the expected # object file name, since that is what matters with a parallel build. lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d while true; do if mkdir "$lockdir" >/dev/null 2>&1; then break fi sleep 1 done # FIXME: race condition here if user kills between mkdir and trap. trap "rmdir '$lockdir'; exit 1" 1 2 15 # Run the compile. "$@" ret=$? if test -f "$cofile"; then test "$cofile" = "$ofile" || mv "$cofile" "$ofile" elif test -f "${cofile}bj"; then test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" fi rmdir "$lockdir" exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: pam/build-aux/config.guess0000755000000000000000000013031113261244762012741 0ustar #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 # Free Software Foundation, Inc. timestamp='2009-11-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA # 02110-1301, USA. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Per Bothner. Please send patches (context # diff format) to and include a ChangeLog # entry. # # This script attempts to guess a canonical system name similar to # config.sub. If it succeeds, it prints the system name on stdout, and # exits with 0. Otherwise, it exits with 1. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" >&2 exit 1 ;; * ) break ;; esac done if test $# != 0; then echo "$me: too many arguments$help" >&2 exit 1 fi trap 'exit 1' 1 2 15 # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires # temporary files to be created and, as you can see below, it is a # headache to deal with in a portable fashion. # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still # use `HOST_CC' if defined, but it is deprecated. # Portable tmp directory creation inspired by the Autoconf team. set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in ,,) echo "int x;" > $dummy.c ; for c in cc gcc c89 c99 ; do if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; if test x"$CC_FOR_BUILD" = x ; then CC_FOR_BUILD=no_compiler_found ; fi ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) if (test -f /.attbin/uname) >/dev/null 2>&1 ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown case "${UNAME_MACHINE}" in i?86) test -z "$VENDOR" && VENDOR=pc ;; *) test -z "$VENDOR" && VENDOR=unknown ;; esac test -f /etc/SuSE-release -o -f /.buildenv && VENDOR=suse # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently # switched to ELF, *-*-netbsd* would select the old # object file format. This provides both forward # compatibility and a consistent mechanism for selecting the # object file format. # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ /usr/sbin/$sysctl 2>/dev/null || echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in arm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). # Return netbsd for either. FIX? os=netbsd else os=netbsdelf fi ;; *) os=netbsd ;; esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. case "${UNAME_VERSION}" in Debian*) release='-gnu' ;; *) release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` echo ${UNAME_MACHINE_ARCH}-${VENDOR}-openbsd${UNAME_RELEASE} exit ;; *:ekkoBSD:*:*) echo ${UNAME_MACHINE}-${VENDOR}-ekkobsd${UNAME_RELEASE} exit ;; *:SolidBSD:*:*) echo ${UNAME_MACHINE}-${VENDOR}-solidbsd${UNAME_RELEASE} exit ;; macppc:MirBSD:*:*) echo powerpc-${VENDOR}-mirbsd${UNAME_RELEASE} exit ;; *:MirBSD:*:*) echo ${UNAME_MACHINE}-${VENDOR}-mirbsd${UNAME_RELEASE} exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` ;; *5.*) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` ;; esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") UNAME_MACHINE="alpha" ;; "EV4.5 (21064)") UNAME_MACHINE="alpha" ;; "LCA4 (21066/21068)") UNAME_MACHINE="alpha" ;; "EV5 (21164)") UNAME_MACHINE="alphaev5" ;; "EV5.6 (21164A)") UNAME_MACHINE="alphaev56" ;; "EV5.6 (21164PC)") UNAME_MACHINE="alphapca56" ;; "EV5.7 (21164PC)") UNAME_MACHINE="alphapca57" ;; "EV6 (21264)") UNAME_MACHINE="alphaev6" ;; "EV6.7 (21264A)") UNAME_MACHINE="alphaev67" ;; "EV6.8CB (21264C)") UNAME_MACHINE="alphaev68" ;; "EV6.8AL (21264B)") UNAME_MACHINE="alphaev68" ;; "EV6.8CX (21264D)") UNAME_MACHINE="alphaev68" ;; "EV6.9A (21264/EV69A)") UNAME_MACHINE="alphaev69" ;; "EV7 (21364)") UNAME_MACHINE="alphaev7" ;; "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-${VENDOR}-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-${VENDOR}-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-${VENDOR}-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition exit ;; *:z/VM:*:*) echo s390-ibm-zvmoe exit ;; *:OS400:*:*) echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} exit ;; arm:riscos:*:*|arm:RISCOS:*:*) echo arm-${VENDOR}-riscos exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then echo pyramid-pyramid-sysv3 else echo pyramid-pyramid-bsd fi exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 exit ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) echo i386-pc-auroraux${UNAME_RELEASE} exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) eval $set_cc_for_build SUN_ARCH="i386" # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH="x86_64" fi fi echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) echo m68k-sun-sunos${UNAME_RELEASE} ;; sun4) echo sparc-sun-sunos${UNAME_RELEASE} ;; esac exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor # > m68000). The system name ranges from "MiNT" over "FreeMiNT" # to the lowercase version "mint" (or "freemint"). Finally # the system name "TOS" denotes a system which is actually not # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-${VENDOR}-mint${UNAME_RELEASE} exit ;; m68k:machten:*:*) echo m68k-apple-machten${UNAME_RELEASE} exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __cplusplus #include /* for printf() prototype */ int main (int argc, char *argv[]) { #else int main (argc, argv) int argc; char *argv[]; { #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`$dummy $dummyarg` && { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] then if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ [ ${TARGET_BINARY_INTERFACE}x = x ] then echo m88k-dg-dgux${UNAME_RELEASE} else echo m88k-dg-dguxbcs${UNAME_RELEASE} fi else echo i586-dg-dgux${UNAME_RELEASE} fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include main() { if (!__power_pc()) exit(1); puts("powerpc-ibm-aix3.2.5"); exit(0); } EOF if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` then echo "$SYSTEM_NAME" else echo rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi exit ;; *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in 9000/31? ) HP_ARCH=m68000 ;; 9000/[34]?? ) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` case "${sc_cpu_version}" in 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 case "${sc_kernel_bits}" in 32) HP_ARCH="hppa2.0n" ;; 64) HP_ARCH="hppa2.0w" ;; '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 esac ;; esac fi if [ "${HP_ARCH}" = "" ]; then eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #define _HPUX_SOURCE #include #include int main () { #if defined(_SC_KERNEL_BITS) long bits = sysconf(_SC_KERNEL_BITS); #endif long cpu = sysconf (_SC_CPU_VERSION); switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0"); break; case CPU_PA_RISC1_1: puts ("hppa1.1"); break; case CPU_PA_RISC2_0: #if defined(_SC_KERNEL_BITS) switch (bits) { case 64: puts ("hppa2.0w"); break; case 32: puts ("hppa2.0n"); break; default: puts ("hppa2.0"); break; } break; #else /* !defined(_SC_KERNEL_BITS) */ puts ("hppa2.0"); break; #endif default: puts ("hppa1.0"); break; } exit (0); } EOF (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac if [ ${HP_ARCH} = "hppa2.0w" ] then eval $set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler # generating 64-bit code. GNU and HP use different nomenclature: # # $ CC_FOR_BUILD=cc ./config.guess # => hppa2.0w-hp-hpux11.23 # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then HP_ARCH="hppa2.0w" else HP_ARCH="hppa64" fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #include int main () { long cpu = sysconf (_SC_CPU_VERSION); /* The order matters, because CPU_IS_HP_MC68K erroneously returns true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct results, however. */ if (CPU_IS_PA_RISC (cpu)) { switch (cpu) { case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; default: puts ("hppa-hitachi-hiuxwe2"); break; } } else if (CPU_IS_HP_MC68K (cpu)) puts ("m68k-hitachi-hiuxwe2"); else puts ("unknown-hitachi-hiuxwe2"); exit (0); } EOF $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-${VENDOR}-osf1mk else echo ${UNAME_MACHINE}-${VENDOR}-osf1 fi exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} exit ;; sparc*:BSD/OS:*:*) echo sparc-${VENDOR}-bsdi${UNAME_RELEASE} exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-${VENDOR}-bsdi${UNAME_RELEASE} exit ;; *:FreeBSD:*:*) case ${UNAME_MACHINE} in pc98) echo i386-${VENDOR}-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; amd64) echo x86_64-${VENDOR}-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; *) echo ${UNAME_MACHINE}-${VENDOR}-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; esac exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) # uname -m includes "-pc" on this system. echo ${UNAME_MACHINE}-mingw32 exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; *:Interix*:*) case ${UNAME_MACHINE} in x86) echo i586-pc-interix${UNAME_RELEASE} exit ;; authenticamd | genuineintel | EM64T) echo x86_64-${VENDOR}-interix${UNAME_RELEASE} exit ;; IA64) echo ia64-${VENDOR}-interix${UNAME_RELEASE} exit ;; esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; 8664:Windows_NT:*) echo x86_64-pc-mks exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-${VENDOR}-cygwin exit ;; p*:CYGWIN*:*) echo powerpcle-${VENDOR}-cygwin exit ;; prep*:SunOS:5.*:*) echo powerpcle-${VENDOR}-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; *:GNU:*:*) # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-${VENDOR}-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland echo ${UNAME_MACHINE}-${VENDOR}-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; PCA57) UNAME_MACHINE=alphapca56 ;; EV6) UNAME_MACHINE=alphaev6 ;; EV67) UNAME_MACHINE=alphaev67 ;; EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu${LIBC} exit ;; arm*:Linux:*:*) eval $set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu else echo ${UNAME_MACHINE}-${VENDOR}-linux-gnueabi fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu exit ;; crisv32:Linux:*:*) echo crisv32-axis-linux-gnu exit ;; frv:Linux:*:*) echo frv-${VENDOR}-linux-gnu exit ;; i*86:Linux:*:*) LIBC=gnu eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #ifdef __dietlibc__ LIBC=dietlibc #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` echo "${UNAME_MACHINE}-${VENDOR}-linux-${LIBC}" exit ;; ia64:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; m32r*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; mips:Linux:*:* | mips64:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) CPU=${UNAME_MACHINE}el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) CPU=${UNAME_MACHINE} #else CPU= #endif #endif EOF eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-${VENDOR}-linux-gnu"; exit; } ;; or32:Linux:*:*) echo or32-${VENDOR}-linux-gnu exit ;; padre:Linux:*:*) echo sparc-${VENDOR}-linux-gnu exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-${VENDOR}-linux-gnu exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in PA7*) echo hppa1.1-${VENDOR}-linux-gnu ;; PA8*) echo hppa2.0-${VENDOR}-linux-gnu ;; *) echo hppa-${VENDOR}-linux-gnu ;; esac exit ;; ppc64:Linux:*:*) echo powerpc64-${VENDOR}-linux-gnu exit ;; ppc:Linux:*:*) echo powerpc-${VENDOR}-linux-gnu exit ;; s390:Linux:*:* | s390x:Linux:*:*) echo ${UNAME_MACHINE}-ibm-linux exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; vax:Linux:*:*) echo ${UNAME_MACHINE}-dec-linux-gnu exit ;; x86_64:Linux:*:*) echo x86_64-${VENDOR}-linux-gnu exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-${VENDOR}-linux-gnu exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-${VENDOR}-stop exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-${VENDOR}-atheos exit ;; i*86:syllable:*:*) echo ${UNAME_MACHINE}-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) echo i386-${VENDOR}-lynxos${UNAME_RELEASE} exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi exit ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-${VENDOR}-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ && UNAME_MACHINE=i586 (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 echo ${UNAME_MACHINE}-pc-sco$UNAME_REL else echo ${UNAME_MACHINE}-pc-sysv32 fi exit ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configury will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 exit ;; paragon:*:*:*) echo i860-intel-osf1 exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-${VENDOR}-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix exit ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; NCR*:*:4.2:* | MPRAS*:*:4.2:*) OS_REL='.3' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-${VENDOR}-lynxos${UNAME_RELEASE} exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-${VENDOR}-lynxos${UNAME_RELEASE} exit ;; rs6000:LynxOS:2.*:*) echo rs6000-${VENDOR}-lynxos${UNAME_RELEASE} exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) echo powerpc-${VENDOR}-lynxos${UNAME_RELEASE} exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` echo ${UNAME_MACHINE}-sni-sysv4 else echo ns32k-sni-sysv fi exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. echo ${UNAME_MACHINE}-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-${VENDOR}-sysv${UNAME_RELEASE} fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. echo i586-pc-haiku exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; SX-7:SUPER-UX:*:*) echo sx7-nec-superux${UNAME_RELEASE} exit ;; SX-8:SUPER-UX:*:*) echo sx8-nec-superux${UNAME_RELEASE} exit ;; SX-8R:SUPER-UX:*:*) echo sx8r-nec-superux${UNAME_RELEASE} exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown case $UNAME_PROCESSOR in i386) eval $set_cc_for_build if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then UNAME_PROCESSOR="x86_64" fi fi ;; unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; NSE-?:NONSTOP_KERNEL:*:*) echo nse-tandem-nsk${UNAME_RELEASE} exit ;; NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. if test "$cputype" = "386"; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-${VENDOR}-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-${VENDOR}-tops10 exit ;; *:TENEX:*:*) echo pdp10-${VENDOR}-tenex exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 exit ;; *:TOPS-20:*:*) echo pdp10-${VENDOR}-tops20 exit ;; *:ITS:*:*) echo pdp10-${VENDOR}-its exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} exit ;; *:DragonFly:*:*) echo ${UNAME_MACHINE}-${VENDOR}-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` case "${UNAME_MACHINE}" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; esac ;; *:XENIX:*:SysV) echo i386-pc-xenix exit ;; i*86:skyos:*:*) echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' exit ;; i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; i*86:AROS:*:*) echo ${UNAME_MACHINE}-pc-aros exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 #echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 eval $set_cc_for_build cat >$dummy.c < # include #endif main () { #if defined (sony) #if defined (MIPSEB) /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, I don't know.... */ printf ("mips-sony-bsd\n"); exit (0); #else #include printf ("m68k-sony-newsos%s\n", #ifdef NEWSOS4 "4" #else "" #endif ); exit (0); #endif #endif #if defined (__arm) && defined (__acorn) && defined (__unix) printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) printf ("m68k-hp-bsd\n"); exit (0); #endif #if defined (NeXT) #if !defined (__ARCHITECTURE__) #define __ARCHITECTURE__ "m68k" #endif int version; version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; if (version < 4) printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); else printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); exit (0); #endif #if defined (MULTIMAX) || defined (n16) #if defined (UMAXV) printf ("ns32k-encore-sysv\n"); exit (0); #else #if defined (CMU) printf ("ns32k-encore-mach\n"); exit (0); #else printf ("ns32k-encore-bsd\n"); exit (0); #endif #endif #endif #if defined (__386BSD__) printf ("i386-pc-bsd\n"); exit (0); #endif #if defined (sequent) #if defined (i386) printf ("i386-sequent-dynix\n"); exit (0); #endif #if defined (ns32000) printf ("ns32k-sequent-dynix\n"); exit (0); #endif #endif #if defined (_SEQUENT_) struct utsname un; uname(&un); if (strncmp(un.version, "V2", 2) == 0) { printf ("i386-sequent-ptx2\n"); exit (0); } if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ printf ("i386-sequent-ptx1\n"); exit (0); } printf ("i386-sequent-ptx\n"); exit (0); #endif #if defined (vax) # if !defined (ultrix) # include # if defined (BSD) # if BSD == 43 printf ("vax-dec-bsd4.3\n"); exit (0); # else # if BSD == 199006 printf ("vax-dec-bsd4.3reno\n"); exit (0); # else printf ("vax-dec-bsd\n"); exit (0); # endif # endif # else printf ("vax-dec-bsd\n"); exit (0); # endif # else printf ("vax-dec-ultrix\n"); exit (0); # endif #endif #if defined (alliant) && defined (i860) printf ("i860-alliant-bsd\n"); exit (0); #endif exit (1); } EOF $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) if [ -x /usr/convex/getsysinfo ] then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi exit ;; c34*) echo c34-convex-bsd exit ;; c38*) echo c38-convex-bsd exit ;; c4*) echo c4-convex-bsd exit ;; esac fi cat >&2 < in order to provide the needed information to handle your system. config.guess timestamp = $timestamp uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` /bin/uname -X = `(/bin/uname -X) 2>/dev/null` hostinfo = `(hostinfo) 2>/dev/null` /bin/universe = `(/bin/universe) 2>/dev/null` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` /bin/arch = `(/bin/arch) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` UNAME_MACHINE = ${UNAME_MACHINE} UNAME_RELEASE = ${UNAME_RELEASE} UNAME_SYSTEM = ${UNAME_SYSTEM} UNAME_VERSION = ${UNAME_VERSION} EOF exit 1 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: pam/build-aux/config.rpath0000755000000000000000000003744413261244762012746 0ustar #! /bin/sh # Output a system dependent set of variables, describing how to set the # run time search path of shared libraries in an executable. # # Copyright 1996-2006 Free Software Foundation, Inc. # Taken from GNU libtool, 2001 # Originally by Gordon Matzigkeit , 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # # The first argument passed to this file is the canonical host specification, # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld # should be set by the caller. # # The set of defined variables is at the end of this script. # Known limitations: # - On IRIX 6.5 with CC="cc", the run time search patch must not be longer # than 256 bytes, otherwise the compiler driver will dump core. The only # known workaround is to choose shorter directory names for the build # directory and/or the installation directory. # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a shrext=.so host="$1" host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` # Code taken from libtool.m4's _LT_CC_BASENAME. for cc_temp in $CC""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` # Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC. wl= if test "$GCC" = yes; then wl='-Wl,' else case "$host_os" in aix*) wl='-Wl,' ;; darwin*) case $cc_basename in xlc*) wl='-Wl,' ;; esac ;; mingw* | pw32* | os2*) ;; hpux9* | hpux10* | hpux11*) wl='-Wl,' ;; irix5* | irix6* | nonstopux*) wl='-Wl,' ;; newsos6) ;; linux*) case $cc_basename in icc* | ecc*) wl='-Wl,' ;; pgcc | pgf77 | pgf90) wl='-Wl,' ;; ccc*) wl='-Wl,' ;; como) wl='-lopt=' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) wl='-Wl,' ;; esac ;; esac ;; osf3* | osf4* | osf5*) wl='-Wl,' ;; sco3.2v5*) ;; solaris*) wl='-Wl,' ;; sunos4*) wl='-Qoption ld ' ;; sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) wl='-Wl,' ;; sysv4*MP*) ;; unicos*) wl='-Wl,' ;; uts4*) ;; esac fi # Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS. hardcode_libdir_flag_spec= hardcode_libdir_separator= hardcode_direct=no hardcode_minus_L=no case "$host_os" in cygwin* | mingw* | pw32*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes if test "$with_gnu_ld" = yes; then # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. # Unlike libtool, we use -rpath here, not --rpath, since the documented # option of GNU ld is called -rpath, not --rpath. hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' case "$host_os" in aix3* | aix4* | aix5*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no fi ;; amigaos*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # Samuel A. Falvo II reports # that the semantics of dynamic libraries on AmigaOS, at least up # to version 4, is to share data among multiple programs linked # with the same dynamic library. Since this doesn't match the # behavior of shared libraries on other platforms, we cannot use # them. ld_shlibs=no ;; beos*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; cygwin* | mingw* | pw32*) # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then : else ld_shlibs=no fi ;; interix3*) hardcode_direct=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; linux*) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; netbsd*) ;; solaris*) if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then ld_shlibs=no elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' else ld_shlibs=no fi ;; esac ;; sunos4*) hardcode_direct=yes ;; *) if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then : else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then hardcode_libdir_flag_spec= fi else case "$host_os" in aix3*) # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix4* | aix5*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix5*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac fi hardcode_direct=yes hardcode_libdir_separator=':' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && \ strings "$collect2name" | grep resolve_lib_name >/dev/null then # We have reworked collect2 hardcode_direct=yes else # We have old collect2 hardcode_direct=unsupported hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac fi # Begin _LT_AC_SYS_LIBPATH_AIX. echo 'int main () { return 0; }' > conftest.c ${CC} ${LDFLAGS} conftest.c -o conftest aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } }'` if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } }'` fi if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib" fi rm -f conftest.c conftest # End _LT_AC_SYS_LIBPATH_AIX. if test "$aix_use_runtimelinking" = yes; then hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' else hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" fi fi ;; amigaos*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes # see comment about different semantics on the GNU ld section ld_shlibs=no ;; bsdi[45]*) ;; cygwin* | mingw* | pw32*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec=' ' libext=lib ;; darwin* | rhapsody*) hardcode_direct=no if test "$GCC" = yes ; then : else case $cc_basename in xlc*) ;; *) ld_shlibs=no ;; esac fi ;; dgux*) hardcode_libdir_flag_spec='-L$libdir' ;; freebsd1*) ld_shlibs=no ;; freebsd2.2*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; freebsd2*) hardcode_direct=yes hardcode_minus_L=yes ;; freebsd* | kfreebsd*-gnu | dragonfly*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; hpux9*) hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; hpux10*) if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no ;; *) hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; netbsd*) hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes ;; newsos6) hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; openbsd*) hardcode_direct=yes if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then hardcode_libdir_flag_spec='${wl}-rpath,$libdir' else case "$host_os" in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) hardcode_libdir_flag_spec='-R$libdir' ;; *) hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; osf3*) hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) if test "$GCC" = yes; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else # Both cc and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi hardcode_libdir_separator=: ;; solaris*) hardcode_libdir_flag_spec='-R$libdir' ;; sunos4*) hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes ;; sysv4) case $host_vendor in sni) hardcode_direct=yes # is this really true??? ;; siemens) hardcode_direct=no ;; motorola) hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac ;; sysv4.3*) ;; sysv4*MP*) if test -d /usr/nec; then ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*) ;; sysv5* | sco3.2v5* | sco5v6*) hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' hardcode_libdir_separator=':' ;; uts4*) hardcode_libdir_flag_spec='-L$libdir' ;; *) ld_shlibs=no ;; esac fi # Check dynamic linker characteristics # Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER. libname_spec='lib$name' case "$host_os" in aix3*) ;; aix4* | aix5*) ;; amigaos*) ;; beos*) ;; bsdi[45]*) ;; cygwin* | mingw* | pw32*) shrext=.dll ;; darwin* | rhapsody*) shrext=.dylib ;; dgux*) ;; freebsd1*) ;; kfreebsd*-gnu) ;; freebsd* | dragonfly*) ;; gnu*) ;; hpux9* | hpux10* | hpux11*) case $host_cpu in ia64*) shrext=.so ;; hppa*64*) shrext=.sl ;; *) shrext=.sl ;; esac ;; interix3*) ;; irix5* | irix6* | nonstopux*) case "$host_os" in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; *) libsuff= shlibsuff= ;; esac ;; esac ;; linux*oldld* | linux*aout* | linux*coff*) ;; linux*) ;; knetbsd*-gnu) ;; netbsd*) ;; newsos6) ;; nto-qnx*) ;; openbsd*) ;; os2*) libname_spec='$name' shrext=.dll ;; osf3* | osf4* | osf5*) ;; solaris*) ;; sunos4*) ;; sysv4 | sysv4.3*) ;; sysv4*MP*) ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) ;; uts4*) ;; esac sed_quote_subst='s/\(["`$\\]\)/\\\1/g' escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` shlibext=`echo "$shrext" | sed -e 's,^\.,,'` escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <. Submit a context # diff and a properly formatted GNU ChangeLog entry. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. # If it is invalid, we print an error message on stderr and exit with code 1. # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases # that are meaningful with *any* GNU software. # Each package is responsible for reporting which valid configurations # it does not support. The user should be able to distinguish # a failure to support a valid configuration from a meaningless # configuration. # The goal of this file is to map all the various variations of a given # machine specification into a single specification in the form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM # or in some cases, the newer four-part form: # CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM # It is wrong to echo any other type of specification. me=`echo "$0" | sed -e 's,.*/,,'` usage="\ Usage: $0 [OPTION] CPU-MFR-OPSYS $0 [OPTION] ALIAS Canonicalize a configuration name. Operation modes: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit Report bugs and patches to ." version="\ GNU config.sub ($timestamp) Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." help=" Try \`$me --help' for more information." # Parse command line while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) echo "$timestamp" ; exit ;; --version | -v ) echo "$version" ; exit ;; --help | --h* | -h ) echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. break ;; -* ) echo "$me: invalid option $1$help" exit 1 ;; *local*) # First pass through any local machine types. echo $1 exit ;; * ) break ;; esac done case $# in 0) echo "$me: missing argument$help" >&2 exit 1;; 1) ;; *) echo "$me: too many arguments$help" >&2 exit 1;; esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; *) basic_machine=`echo $1 | sed 's/-[^-]*$//'` if [ $basic_machine != $1 ] then os=`echo $1 | sed 's/.*-/-/'` else os=; fi ;; esac ### Let's recognize common machines as not being operating systems so ### that things like config.sub decstation-3100 work. We also ### recognize some manufacturers as not being operating systems, so we ### can provide default operating systems below. case $os in -sun*os*) # Prevent following clause from handling this invalid input. ;; -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ -apple | -axis | -knuth | -cray | -microblaze) os= basic_machine=$1 ;; -bluegene*) os=-cnk ;; -sim | -cisco | -oki | -wec | -winbond) os= basic_machine=$1 ;; -scout) ;; -wrs) os=-vxworks basic_machine=$1 ;; -chorusos*) os=-chorusos basic_machine=$1 ;; -chorusrdb) os=-chorusrdb basic_machine=$1 ;; -hiux*) os=-hiuxwe2 ;; -sco6) os=-sco5v6 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -udk*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` ;; -lynx*) os=-lynxos ;; -ptx*) basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` ;; -windowsnt*) os=`echo $os | sed -e 's/windowsnt/winnt/'` ;; -psos*) os=-psos ;; -mint | -mint[0-9]*) basic_machine=m68k-atari os=-mint ;; esac # Decode aliases for certain CPU-COMPANY combinations. case $basic_machine in # Recognize the basic CPU types without company name. # Some are omitted here because they have special meanings below. 1750a | 580 \ | a29k \ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ | am33_2.0 \ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ | mips64r5900 | mips64r5900el \ | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ | moxie \ | mt \ | msp430 \ | nios | nios2 \ | ns16k | ns32k \ | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | rx \ | score \ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ | spu | strongarm \ | tahoe | thumb | tic4x | tic80 | tron \ | ubicom32 \ | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12 | picochip) # Motorola 68HC11/12. basic_machine=$basic_machine-unknown os=-none ;; m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) ;; ms1) basic_machine=mt-unknown ;; # We use `pc' rather than `unknown' # because (1) that's what they normally are, and # (2) the word "unknown" tends to confuse beginning users. i*86 | x86_64) basic_machine=$basic_machine-pc ;; # Object if more than one company name word. *-*-*) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. 580-* \ | a29k-* \ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \ | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ | mips64r5900-* | mips64r5900el-* \ | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipstx39-* | mipstx39el-* \ | mmix-* \ | mt-* \ | msp430-* \ | nios-* | nios2-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | ubicom32-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ | xstormy16-* | xtensa*-* \ | ymp-* \ | z8k-* | z80-*) ;; # Recognize the basic CPU types without company name, with glob match. xtensa*) basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) basic_machine=i386-unknown os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) basic_machine=m68000-att ;; 3b*) basic_machine=we32k-att ;; a29khif) basic_machine=a29k-amd os=-udi ;; abacus) basic_machine=abacus-unknown ;; adobe68k) basic_machine=m68010-adobe os=-scout ;; alliant | fx80) basic_machine=fx80-alliant ;; altos | altos3068) basic_machine=m68k-altos ;; am29k) basic_machine=a29k-none os=-bsd ;; amd64) basic_machine=x86_64-pc ;; amd64-*) basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl os=-sysv ;; amiga | amiga-*) basic_machine=m68k-unknown ;; amigaos | amigados) basic_machine=m68k-unknown os=-amigaos ;; amigaunix | amix) basic_machine=m68k-unknown os=-sysv4 ;; apollo68) basic_machine=m68k-apollo os=-sysv ;; apollo68bsd) basic_machine=m68k-apollo os=-bsd ;; aros) basic_machine=i386-pc os=-aros ;; aux) basic_machine=m68k-apple os=-aux ;; balance) basic_machine=ns32k-sequent os=-dynix ;; blackfin) basic_machine=bfin-unknown os=-linux ;; blackfin-*) basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) basic_machine=powerpc-ibm os=-cnk ;; c90) basic_machine=c90-cray os=-unicos ;; cegcc) basic_machine=arm-unknown os=-cegcc ;; convex-c1) basic_machine=c1-convex os=-bsd ;; convex-c2) basic_machine=c2-convex os=-bsd ;; convex-c32) basic_machine=c32-convex os=-bsd ;; convex-c34) basic_machine=c34-convex os=-bsd ;; convex-c38) basic_machine=c38-convex os=-bsd ;; cray | j90) basic_machine=j90-cray os=-unicos ;; craynv) basic_machine=craynv-cray os=-unicosmp ;; cr16) basic_machine=cr16-unknown os=-elf ;; crds | unos) basic_machine=m68k-crds ;; crisv32 | crisv32-* | etraxfs*) basic_machine=crisv32-axis ;; cris | cris-* | etrax*) basic_machine=cris-axis ;; crx) basic_machine=crx-unknown os=-elf ;; da30 | da30-*) basic_machine=m68k-da30 ;; decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) basic_machine=mips-dec ;; decsystem10* | dec10*) basic_machine=pdp10-dec os=-tops10 ;; decsystem20* | dec20*) basic_machine=pdp10-dec os=-tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) basic_machine=m68k-motorola ;; delta88) basic_machine=m88k-motorola os=-sysv3 ;; dicos) basic_machine=i686-pc os=-dicos ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp ;; dpx20 | dpx20-*) basic_machine=rs6000-bull os=-bosx ;; dpx2* | dpx2*-bull) basic_machine=m68k-bull os=-sysv3 ;; ebmon29k) basic_machine=a29k-amd os=-ebmon ;; elxsi) basic_machine=elxsi-elxsi os=-bsd ;; encore | umax | mmax) basic_machine=ns32k-encore ;; es1800 | OSE68k | ose68k | ose | OSE) basic_machine=m68k-ericsson os=-ose ;; fx2800) basic_machine=i860-alliant ;; genix) basic_machine=ns32k-ns ;; gmicro) basic_machine=tron-gmicro os=-sysv ;; go32) basic_machine=i386-pc os=-go32 ;; h3050r* | hiux*) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; h8300hms) basic_machine=h8300-hitachi os=-hms ;; h8300xray) basic_machine=h8300-hitachi os=-xray ;; h8500hms) basic_machine=h8500-hitachi os=-hms ;; harris) basic_machine=m88k-harris os=-sysv3 ;; hp300-*) basic_machine=m68k-hp ;; hp300bsd) basic_machine=m68k-hp os=-bsd ;; hp300hpux) basic_machine=m68k-hp os=-hpux ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) basic_machine=m68000-hp ;; hp9k3[2-9][0-9]) basic_machine=m68k-hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) basic_machine=hppa1.0-hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) basic_machine=hppa1.1-hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp basic_machine=hppa1.1-hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) basic_machine=hppa1.1-hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; hppa-next) os=-nextstep3 ;; hppaosf) basic_machine=hppa1.1-hp os=-osf ;; hppro) basic_machine=hppa1.1-hp os=-proelf ;; i370-ibm* | ibm*) basic_machine=i370-ibm ;; # I'm not sure what "Sysv32" means. Should this be sysv3.2? i*86v32) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; i386-vsta | vsta) basic_machine=i386-unknown os=-vsta ;; iris | iris4d) basic_machine=mips-sgi case $os in -irix*) ;; *) os=-irix4 ;; esac ;; isi68 | isi) basic_machine=m68k-isi os=-sysv ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; m88k-omron*) basic_machine=m88k-omron ;; magnum | m3230) basic_machine=mips-mips os=-sysv ;; merlin) basic_machine=ns32k-utek os=-sysv ;; microblaze) basic_machine=microblaze-xilinx ;; mingw32) basic_machine=i386-pc os=-mingw32 ;; mingw32ce) basic_machine=arm-unknown os=-mingw32ce ;; miniframe) basic_machine=m68000-convergent ;; *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) basic_machine=m68k-atari os=-mint ;; mips3*-*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` ;; mips3*) basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k os=-coff ;; morphos) basic_machine=powerpc-unknown os=-morphos ;; msdos) basic_machine=i386-pc os=-msdos ;; ms1-*) basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` ;; mvs) basic_machine=i370-ibm os=-mvs ;; ncr3000) basic_machine=i486-ncr os=-sysv4 ;; netbsd386) basic_machine=i386-unknown os=-netbsd ;; netwinder) basic_machine=armv4l-rebel os=-linux ;; news | news700 | news800 | news900) basic_machine=m68k-sony os=-newsos ;; news1000) basic_machine=m68030-sony os=-newsos ;; news-3600 | risc-news) basic_machine=mips-sony os=-newsos ;; necv70) basic_machine=v70-nec os=-sysv ;; next | m*-next ) basic_machine=m68k-next case $os in -nextstep* ) ;; -ns2*) os=-nextstep2 ;; *) os=-nextstep3 ;; esac ;; nh3000) basic_machine=m68k-harris os=-cxux ;; nh[45]000) basic_machine=m88k-harris os=-cxux ;; nindy960) basic_machine=i960-intel os=-nindy ;; mon960) basic_machine=i960-intel os=-mon960 ;; nonstopux) basic_machine=mips-compaq os=-nonstopux ;; np1) basic_machine=np1-gould ;; nsr-tandem) basic_machine=nsr-tandem ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf ;; openrisc | openrisc-*) basic_machine=or32-unknown ;; os400) basic_machine=powerpc-ibm os=-os400 ;; OSE68000 | ose68000) basic_machine=m68000-ericsson os=-ose ;; os68k) basic_machine=m68k-none os=-os68k ;; pa-hitachi) basic_machine=hppa1.1-hitachi os=-hiuxwe2 ;; paragon) basic_machine=i860-intel os=-osf ;; parisc) basic_machine=hppa-unknown os=-linux ;; parisc-*) basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` os=-linux ;; pbd) basic_machine=sparc-tti ;; pbb) basic_machine=m68k-tti ;; pc532 | pc532-*) basic_machine=ns32k-pc532 ;; pc98) basic_machine=i386-pc ;; pc98-*) basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc ;; pentiumpro | p6 | 6x86 | athlon | athlon_*) basic_machine=i686-pc ;; pentiumii | pentium2 | pentiumiii | pentium3) basic_machine=i686-pc ;; pentium4) basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pentium4-*) basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould ;; power) basic_machine=power-ibm ;; ppc) basic_machine=powerpc-unknown ;; ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppcle | powerpclittle | ppc-le | powerpc-little) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ppc64le | powerpc64little | ppc64-le | powerpc64-little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm ;; pw32) basic_machine=i586-unknown os=-pw32 ;; rdos) basic_machine=i386-pc os=-rdos ;; rom68k) basic_machine=m68k-rom68k os=-coff ;; rm[46]00) basic_machine=mips-siemens ;; rtpc | rtpc-*) basic_machine=romp-ibm ;; s390 | s390-*) basic_machine=s390-ibm ;; s390x | s390x-*) basic_machine=s390x-ibm ;; sa29200) basic_machine=a29k-amd os=-udi ;; sb1) basic_machine=mipsisa64sb1-unknown ;; sb1el) basic_machine=mipsisa64sb1el-unknown ;; sde) basic_machine=mipsisa32-sde os=-elf ;; sei) basic_machine=mips-sei os=-seiux ;; sequent) basic_machine=i386-sequent ;; sh) basic_machine=sh-hitachi os=-hms ;; sh5el) basic_machine=sh5le-unknown ;; sh64) basic_machine=sh64-unknown ;; sparclite-wrs | simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; sps7) basic_machine=m68k-bull os=-sysv2 ;; spur) basic_machine=spur-unknown ;; st2000) basic_machine=m68k-tandem ;; stratus) basic_machine=i860-stratus os=-sysv4 ;; sun2) basic_machine=m68000-sun ;; sun2os3) basic_machine=m68000-sun os=-sunos3 ;; sun2os4) basic_machine=m68000-sun os=-sunos4 ;; sun3os3) basic_machine=m68k-sun os=-sunos3 ;; sun3os4) basic_machine=m68k-sun os=-sunos4 ;; sun4os3) basic_machine=sparc-sun os=-sunos3 ;; sun4os4) basic_machine=sparc-sun os=-sunos4 ;; sun4sol2) basic_machine=sparc-sun os=-solaris2 ;; sun3 | sun3-*) basic_machine=m68k-sun ;; sun4) basic_machine=sparc-sun ;; sun386 | sun386i | roadrunner) basic_machine=i386-sun ;; sv1) basic_machine=sv1-cray os=-unicos ;; symmetry) basic_machine=i386-sequent os=-dynix ;; t3e) basic_machine=alphaev5-cray os=-unicos ;; t90) basic_machine=t90-cray os=-unicos ;; tic54x | c54x*) basic_machine=tic54x-unknown os=-coff ;; tic55x | c55x*) basic_machine=tic55x-unknown os=-coff ;; tic6x | c6x*) basic_machine=tic6x-unknown os=-coff ;; tile*) basic_machine=tile-unknown os=-linux-gnu ;; tx39) basic_machine=mipstx39-unknown ;; tx39el) basic_machine=mipstx39el-unknown ;; toad1) basic_machine=pdp10-xkl os=-tops20 ;; tower | tower-32) basic_machine=m68k-ncr ;; tpf) basic_machine=s390x-ibm os=-tpf ;; udi29k) basic_machine=a29k-amd os=-udi ;; ultra3) basic_machine=a29k-nyu os=-sym1 ;; v810 | necv810) basic_machine=v810-nec os=-none ;; vaxv) basic_machine=vax-dec os=-sysv ;; vms) basic_machine=vax-dec os=-vms ;; vpp*|vx|vx-*) basic_machine=f301-fujitsu ;; vxworks960) basic_machine=i960-wrs os=-vxworks ;; vxworks68) basic_machine=m68k-wrs os=-vxworks ;; vxworks29k) basic_machine=a29k-wrs os=-vxworks ;; w65*) basic_machine=w65-wdc os=-none ;; w89k-*) basic_machine=hppa1.1-winbond os=-proelf ;; xbox) basic_machine=i686-pc os=-mingw32 ;; xps | xps100) basic_machine=xps100-honeywell ;; ymp) basic_machine=ymp-cray os=-unicos ;; z8k-*-coff) basic_machine=z8k-unknown os=-sim ;; z80-*-coff) basic_machine=z80-unknown os=-sim ;; none) basic_machine=none-none os=-none ;; # Here we handle the default manufacturer of certain CPU types. It is in # some cases the only manufacturer, in others, it is the most popular. w89k) basic_machine=hppa1.1-winbond ;; op50n) basic_machine=hppa1.1-oki ;; op60c) basic_machine=hppa1.1-oki ;; romp) basic_machine=romp-ibm ;; mmix) basic_machine=mmix-knuth ;; rs6000) basic_machine=rs6000-ibm ;; vax) basic_machine=vax-dec ;; pdp10) # there are many clones, so DEC is not a safe bet basic_machine=pdp10-unknown ;; pdp11) basic_machine=pdp11-dec ;; we32k) basic_machine=we32k-att ;; sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) basic_machine=sparc-sun ;; cydra) basic_machine=cydra-cydrome ;; orion) basic_machine=orion-highlevel ;; orion105) basic_machine=clipper-highlevel ;; mac | mpw | mac-mpw) basic_machine=m68k-apple ;; pmac | pmac-mpw) basic_machine=powerpc-apple ;; *-unknown) # Make sure to match an already-canonicalized machine name. ;; *) echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 exit 1 ;; esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` ;; *-commodore*) basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` ;; *) ;; esac # Decode manufacturer-specific aliases for certain operating systems. if [ x"$os" != x"" ] then case $os in # First match some system type aliases # that might get confused with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux ;; -solaris1 | -solaris1.*) os=`echo $os | sed -e 's|solaris1|sunos4|'` ;; -solaris) os=-solaris2 ;; -svr4*) os=-sysv4 ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; # First accept the basic system types. # The portable systems comes first. # Each alternative MUST END IN A *, to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ | -openbsd* | -solidbsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) case $basic_machine in x86-* | i*86-*) ;; *) os=-nto$os ;; esac ;; -nto-qnx*) ;; -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) os=`echo $os | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc ;; -linux*) os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) os=`echo $os | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) os=`echo $os | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition ;; -os400*) os=-os400 ;; -wince*) os=-wince ;; -osfrose*) os=-osfrose ;; -osf*) os=-osf ;; -utek*) os=-bsd ;; -dynix*) os=-bsd ;; -acis*) os=-aos ;; -atheos*) os=-atheos ;; -syllable*) os=-syllable ;; -386bsd) os=-bsd ;; -ctix* | -uts*) os=-sysv ;; -nova*) os=-rtmk-nova ;; -ns2 ) os=-nextstep2 ;; -nsk*) os=-nsk ;; # Preserve the version number of sinix5. -sinix5.*) os=`echo $os | sed -e 's|sinix|sysv|'` ;; -sinix*) os=-sysv4 ;; -tpf*) os=-tpf ;; -triton*) os=-sysv3 ;; -oss*) os=-sysv3 ;; -svr4) os=-sysv4 ;; -svr3) os=-sysv3 ;; -sysvr4) os=-sysv4 ;; # This must come after -sysvr4. -sysv*) ;; -ose*) os=-ose ;; -es1800*) os=-ose ;; -xenix) os=-xenix ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; -aros*) os=-aros ;; -kaos*) os=-kaos ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 exit 1 ;; esac else # Here we handle the default operating systems that come with various machines. # The value should be what the vendor currently ships out the door with their # machine or put another way, the most popular os provided with the machine. # Note that if you're going to try to match "-MANUFACTURER" here (say, # "-sun"), then you have to tell the case statement up towards the top # that MANUFACTURER isn't an operating system. Otherwise, code above # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. case $basic_machine in score-*) os=-elf ;; spu-*) os=-elf ;; *-acorn) os=-riscix1.2 ;; arm*-rebel) os=-linux ;; arm*-semi) os=-aout ;; c4x-* | tic4x-*) os=-coff ;; # This must come before the *-dec entry. pdp10-*) os=-tops20 ;; pdp11-*) os=-none ;; *-dec | vax-*) os=-ultrix4.2 ;; m68*-apollo) os=-domain ;; i386-sun) os=-sunos4.0.2 ;; m68000-sun) os=-sunos3 # This also exists in the configure program, but was not the # default. # os=-sunos4 ;; m68*-cisco) os=-aout ;; mep-*) os=-elf ;; mips*-cisco) os=-elf ;; mips*-*) os=-elf ;; or32-*) os=-coff ;; *-tti) # must be before sparc entry or we get the wrong os. os=-sysv3 ;; sparc-* | *-sun) os=-sunos4.1.1 ;; *-be) os=-beos ;; *-haiku) os=-haiku ;; *-ibm) os=-aix ;; *-knuth) os=-mmixware ;; *-wec) os=-proelf ;; *-winbond) os=-proelf ;; *-oki) os=-proelf ;; *-hp) os=-hpux ;; *-hitachi) os=-hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) os=-sysv ;; *-cbm) os=-amigaos ;; *-dg) os=-dgux ;; *-dolphin) os=-sysv3 ;; m68k-ccur) os=-rtu ;; m88k-omron*) os=-luna ;; *-next ) os=-nextstep ;; *-sequent) os=-ptx ;; *-crds) os=-unos ;; *-ns) os=-genix ;; i370-*) os=-mvs ;; *-next) os=-nextstep3 ;; *-gould) os=-sysv ;; *-highlevel) os=-bsd ;; *-encore) os=-bsd ;; *-sgi) os=-irix ;; *-siemens) os=-sysv4 ;; *-masscomp) os=-rtu ;; f30[01]-fujitsu | f700-fujitsu) os=-uxpv ;; *-rom68k) os=-coff ;; *-*bug) os=-coff ;; *-apple) os=-macos ;; *-atari*) os=-mint ;; *) os=-none ;; esac fi # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. vendor=unknown case $basic_machine in *-unknown) case $os in -riscix*) vendor=acorn ;; -sunos*) vendor=sun ;; -cnk*|-aix*) vendor=ibm ;; -beos*) vendor=be ;; -hpux*) vendor=hp ;; -mpeix*) vendor=hp ;; -hiux*) vendor=hitachi ;; -unos*) vendor=crds ;; -dgux*) vendor=dg ;; -luna*) vendor=omron ;; -genix*) vendor=ns ;; -mvs* | -opened*) vendor=ibm ;; -os400*) vendor=ibm ;; -ptx*) vendor=sequent ;; -tpf*) vendor=ibm ;; -vxsim* | -vxworks* | -windiss*) vendor=wrs ;; -aux*) vendor=apple ;; -hms*) vendor=hitachi ;; -mpw* | -macos*) vendor=apple ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) vendor=atari ;; -vos*) vendor=stratus ;; esac basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` ;; esac echo $basic_machine$os exit # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" # End: pam/build-aux/depcomp0000755000000000000000000004426713261244762012014 0ustar #! /bin/sh # depcomp - compile a program generating dependencies as side-effects scriptversion=2009-04-28.21; # UTC # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free # Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # Originally written by Alexandre Oliva . case $1 in '') echo "$0: No command. Try \`$0 --help' for more information." 1>&2 exit 1; ;; -h | --h*) cat <<\EOF Usage: depcomp [--help] [--version] PROGRAM [ARGS] Run PROGRAMS ARGS to compile a file, generating dependencies as side-effects. Environment variables: depmode Dependency tracking mode. source Source file read by `PROGRAMS ARGS'. object Object file output by `PROGRAMS ARGS'. DEPDIR directory where to store dependencies. depfile Dependency file to output. tmpdepfile Temporary file to use when outputing dependencies. libtool Whether libtool is used (yes/no). Report bugs to . EOF exit $? ;; -v | --v*) echo "depcomp $scriptversion" exit $? ;; esac if test -z "$depmode" || test -z "$source" || test -z "$object"; then echo "depcomp: Variables source, object and depmode must be set" 1>&2 exit 1 fi # Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. depfile=${depfile-`echo "$object" | sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} rm -f "$tmpdepfile" # Some modes work just like other modes, but use different flags. We # parameterize here, but still list the modes in the big case below, # to make depend.m4 easier to write. Note that we *cannot* use a case # here, because this file can only contain one case statement. if test "$depmode" = hp; then # HP compiler uses -M and no extra arg. gccflag=-M depmode=gcc fi if test "$depmode" = dashXmstdout; then # This is just like dashmstdout with a different argument. dashmflag=-xM depmode=dashmstdout fi cygpath_u="cygpath -u -f -" if test "$depmode" = msvcmsys; then # This is just like msvisualcpp but w/o cygpath translation. # Just convert the backslash-escaped backslashes to single forward # slashes to satisfy depend.m4 cygpath_u="sed s,\\\\\\\\,/,g" depmode=msvisualcpp fi case "$depmode" in gcc3) ## gcc 3 implements dependency tracking that does exactly what ## we want. Yay! Note: for some reason libtool 1.4 doesn't like ## it if -MD -MP comes after the -MF stuff. Hmm. ## Unfortunately, FreeBSD c89 acceptance of flags depends upon ## the command line argument order; so add the flags where they ## appear in depend2.am. Note that the slowdown incurred here ## affects only configure: in makefiles, %FASTDEP% shortcuts this. for arg do case $arg in -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; *) set fnord "$@" "$arg" ;; esac shift # fnord shift # $arg done "$@" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi mv "$tmpdepfile" "$depfile" ;; gcc) ## There are various ways to get dependency output from gcc. Here's ## why we pick this rather obscure method: ## - Don't want to use -MD because we'd like the dependencies to end ## up in a subdir. Having to rename by hand is ugly. ## (We might end up doing this anyway to support other compilers.) ## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like ## -MM, not -M (despite what the docs say). ## - Using -M directly means running the compiler twice (even worse ## than renaming). if test -z "$gccflag"; then gccflag=-MD, fi "$@" -Wp,"$gccflag$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" echo "$object : \\" > "$depfile" alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz ## The second -e expression handles DOS-style file names with drive letters. sed -e 's/^[^:]*: / /' \ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" ## This next piece of magic avoids the `deleted header file' problem. ## The problem is that when a header file which appears in a .P file ## is deleted, the dependency causes make to die (because there is ## typically no way to rebuild the header). We avoid this by adding ## dummy dependencies for each header file. Too bad gcc doesn't do ## this for us directly. tr ' ' ' ' < "$tmpdepfile" | ## Some versions of gcc put a space before the `:'. On the theory ## that the space means something, we add a space to the output as ## well. ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; sgi) if test "$libtool" = yes; then "$@" "-Wp,-MDupdate,$tmpdepfile" else "$@" -MDupdate "$tmpdepfile" fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files echo "$object : \\" > "$depfile" # Clip off the initial element (the dependent). Don't try to be # clever and replace this with sed code, as IRIX sed won't handle # lines with more than a fixed number of characters (4096 in # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; # the IRIX cc adds comments like `#:fec' to the end of the # dependency line. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \ tr ' ' ' ' >> "$depfile" echo >> "$depfile" # The second pass generates a dummy entry for each header file. tr ' ' ' ' < "$tmpdepfile" \ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; aix) # The C for AIX Compiler uses -M and outputs the dependencies # in a .u file. In older versions, this file always lives in the # current directory. Also, the AIX compiler puts `$object:' at the # start of each line; $object doesn't have directory information. # Version 6 uses the directory in both cases. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.u tmpdepfile2=$base.u tmpdepfile3=$dir.libs/$base.u "$@" -Wc,-M else tmpdepfile1=$dir$base.u tmpdepfile2=$dir$base.u tmpdepfile3=$dir$base.u "$@" -M fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then # Each line is of the form `foo.o: dependent.h'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a tab and a space in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else # The sourcefile does not contain any dependencies, so just # store a dummy comment line, to avoid errors with the Makefile # "include basename.Plo" scheme. echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; icc) # Intel's C compiler understands `-MD -MF file'. However on # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c # ICC 7.0 will fill foo.d with something like # foo.o: sub/foo.c # foo.o: sub/foo.h # which is wrong. We want: # sub/foo.o: sub/foo.c # sub/foo.o: sub/foo.h # sub/foo.c: # sub/foo.h: # ICC 7.1 will output # foo.o: sub/foo.c sub/foo.h # and will wrap long lines using \ : # foo.o: sub/foo.c ... \ # sub/foo.h ... \ # ... "$@" -MD -MF "$tmpdepfile" stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile" exit $stat fi rm -f "$depfile" # Each line is of the form `foo.o: dependent.h', # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. # Do two passes, one to just change these to # `$object: dependent.h' and one to simply `dependent.h:'. sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" # Some versions of the HPUX 10.20 sed can't process this invocation # correctly. Breaking it into two sed invocations is a workaround. sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; hp2) # The "hp" stanza above does not work with aCC (C++) and HP's ia64 # compilers, which have integrated preprocessors. The correct option # to use with these is +Maked; it writes dependencies to a file named # 'foo.d', which lands next to the object file, wherever that # happens to be. # Much of this is similar to the tru64 case; see comments there. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then tmpdepfile1=$dir$base.d tmpdepfile2=$dir.libs/$base.d "$@" -Wc,+Maked else tmpdepfile1=$dir$base.d tmpdepfile2=$dir$base.d "$@" +Maked fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile" # Add `dependent.h:' lines. sed -ne '2,${ s/^ *// s/ \\*$// s/$/:/ p }' "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" "$tmpdepfile2" ;; tru64) # The Tru64 compiler uses -MD to generate dependencies as a side # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'. # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put # dependencies in `foo.d' instead, so we check for that too. # Subdirectories are respected. dir=`echo "$object" | sed -e 's|/[^/]*$|/|'` test "x$dir" = "x$object" && dir= base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'` if test "$libtool" = yes; then # With Tru64 cc, shared objects can also be used to make a # static library. This mechanism is used in libtool 1.4 series to # handle both shared and static libraries in a single compilation. # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d. # # With libtool 1.5 this exception was removed, and libtool now # generates 2 separate objects for the 2 libraries. These two # compilations output dependencies in $dir.libs/$base.o.d and # in $dir$base.o.d. We have to check for both files, because # one of the two compilations can be disabled. We should prefer # $dir$base.o.d over $dir.libs/$base.o.d because the latter is # automatically cleaned when .libs/ is deleted, while ignoring # the former would cause a distcleancheck panic. tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4 tmpdepfile2=$dir$base.o.d # libtool 1.5 tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5 tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504 "$@" -Wc,-MD else tmpdepfile1=$dir$base.o.d tmpdepfile2=$dir$base.d tmpdepfile3=$dir$base.d tmpdepfile4=$dir$base.d "$@" -MD fi stat=$? if test $stat -eq 0; then : else rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" exit $stat fi for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4" do test -f "$tmpdepfile" && break done if test -f "$tmpdepfile"; then sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile" # That's a tab and a space in the []. sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile" else echo "#dummy" > "$depfile" fi rm -f "$tmpdepfile" ;; #nosideeffect) # This comment above is used by automake to tell side-effect # dependency tracking mechanisms from slower ones. dashmstdout) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout, regardless of -o. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done test -z "$dashmflag" && dashmflag=-M # Require at least two characters before searching for `:' # in the target name. This is to cope with DOS-style filenames: # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise. "$@" $dashmflag | sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" tr ' ' ' ' < "$tmpdepfile" | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; dashXmstdout) # This case only exists to satisfy depend.m4. It is never actually # run, as this mode is specially recognized in the preamble. exit 1 ;; makedepend) "$@" || exit $? # Remove any Libtool call if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # X makedepend shift cleared=no eat=no for arg do case $cleared in no) set ""; shift cleared=yes ;; esac if test $eat = yes; then eat=no continue fi case "$arg" in -D*|-I*) set fnord "$@" "$arg"; shift ;; # Strip any option that makedepend may not understand. Remove # the object too, otherwise makedepend will parse it as a source file. -arch) eat=yes ;; -*|$object) ;; *) set fnord "$@" "$arg"; shift ;; esac done obj_suffix=`echo "$object" | sed 's/^.*\././'` touch "$tmpdepfile" ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" rm -f "$depfile" cat < "$tmpdepfile" > "$depfile" sed '1,2d' "$tmpdepfile" | tr ' ' ' ' | \ ## Some versions of the HPUX 10.20 sed can't process this invocation ## correctly. Breaking it into two sed invocations is a workaround. sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile" rm -f "$tmpdepfile" "$tmpdepfile".bak ;; cpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi # Remove `-o $object'. IFS=" " for arg do case $arg in -o) shift ;; $object) shift ;; *) set fnord "$@" "$arg" shift # fnord shift # $arg ;; esac done "$@" -E | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' | sed '$ s: \\$::' > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" cat < "$tmpdepfile" >> "$depfile" sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" rm -f "$tmpdepfile" ;; msvisualcpp) # Important note: in order to support this mode, a compiler *must* # always write the preprocessed file to stdout. "$@" || exit $? # Remove the call to Libtool. if test "$libtool" = yes; then while test "X$1" != 'X--mode=compile'; do shift done shift fi IFS=" " for arg do case "$arg" in -o) shift ;; $object) shift ;; "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") set fnord "$@" shift shift ;; *) set fnord "$@" "$arg" shift shift ;; esac done "$@" -E 2>/dev/null | sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" rm -f "$depfile" echo "$object : \\" > "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile" echo " " >> "$depfile" sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" rm -f "$tmpdepfile" ;; msvcmsys) # This case exists only to let depend.m4 do its work. It works by # looking at the text of this script. This case will never be run, # since it is checked for above. exit 1 ;; none) exec "$@" ;; *) echo "Unknown depmode $depmode" 1>&2 exit 1 ;; esac exit 0 # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: pam/build-aux/install-sh0000755000000000000000000003253713261244762012440 0ustar #!/bin/sh # install - install a program, script, or datafile scriptversion=2009-04-28.21; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the # following copyright and license. # # Copyright (C) 1994 X Consortium # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN # AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- # TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # # Except as contained in this notice, the name of the X Consortium shall not # be used in advertising or otherwise to promote the sale, use or other deal- # ings in this Software without prior written authorization from the X Consor- # tium. # # # FSF changes to this file are in the public domain. # # Calling this script install-sh is preferred over install.sh, to prevent # `make' implicit rules from creating a file called install from it # when there is no Makefile. # # This script is compatible with the BSD install script, but was written # from scratch. nl=' ' IFS=" "" $nl" # set DOITPROG to echo to test this script # Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} if test -z "$doit"; then doit_exec=exec else doit_exec=$doit fi # Put in absolute file names if you don't have them in your path; # or use environment vars. chgrpprog=${CHGRPPROG-chgrp} chmodprog=${CHMODPROG-chmod} chownprog=${CHOWNPROG-chown} cmpprog=${CMPPROG-cmp} cpprog=${CPPROG-cp} mkdirprog=${MKDIRPROG-mkdir} mvprog=${MVPROG-mv} rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} posix_glob='?' initialize_posix_glob=' test "$posix_glob" != "?" || { if (set -f) 2>/dev/null; then posix_glob= else posix_glob=: fi } ' posix_mkdir= # Desired mode of installed file. mode=0755 chgrpcmd= chmodcmd=$chmodprog chowncmd= mvcmd=$mvprog rmcmd="$rmprog -f" stripcmd= src= dst= dir_arg= dst_arg= copy_on_change=false no_target_directory= usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE or: $0 [OPTION]... SRCFILES... DIRECTORY or: $0 [OPTION]... -t DIRECTORY SRCFILES... or: $0 [OPTION]... -d DIRECTORIES... In the 1st form, copy SRCFILE to DSTFILE. In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. In the 4th, create DIRECTORIES. Options: --help display this help and exit. --version display version info and exit. -c (ignored) -C install only if different (preserve the last data modification time) -d create directories instead of installing files. -g GROUP $chgrpprog installed files to GROUP. -m MODE $chmodprog installed files to MODE. -o USER $chownprog installed files to USER. -s $stripprog installed files. -t DIRECTORY install into DIRECTORY. -T report an error if DSTFILE is a directory. Environment variables override the default commands: CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG RMPROG STRIPPROG " while test $# -ne 0; do case $1 in -c) ;; -C) copy_on_change=true;; -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 case $mode in *' '* | *' '* | *' '* | *'*'* | *'?'* | *'['*) echo "$0: invalid mode: $mode" >&2 exit 1;; esac shift;; -o) chowncmd="$chownprog $2" shift;; -s) stripcmd=$stripprog;; -t) dst_arg=$2 shift;; -T) no_target_directory=true;; --version) echo "$0 $scriptversion"; exit $?;; --) shift break;; -*) echo "$0: invalid option: $1" >&2 exit 1;; *) break;; esac shift done if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. # Otherwise, the last argument is the destination. Remove it from $@. for arg do if test -n "$dst_arg"; then # $@ is not empty: it contains at least $arg. set fnord "$@" "$dst_arg" shift # fnord fi shift # arg dst_arg=$arg done fi if test $# -eq 0; then if test -z "$dir_arg"; then echo "$0: no input file specified." >&2 exit 1 fi # It's OK to call `install-sh -d' without argument. # This can happen when creating conditional directories. exit 0 fi if test -z "$dir_arg"; then trap '(exit $?); exit' 1 2 13 15 # Set umask so as not to create temps with too-generous modes. # However, 'strip' requires both read and write access to temps. case $mode in # Optimize common cases. *644) cp_umask=133;; *755) cp_umask=22;; *[0-7]) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then u_plus_rw= else u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac fi for src do # Protect names starting with `-'. case $src in -*) src=./$src;; esac if test -n "$dir_arg"; then dst=$src dstdir=$dst test -d "$dstdir" dstdir_status=$? else # Waiting for this to be detected by the "$cpprog $src $dsttmp" command # might cause directories to be created, which would be especially bad # if $src (and thus $dsttmp) contains '*'. if test ! -f "$src" && test ! -d "$src"; then echo "$0: $src does not exist." >&2 exit 1 fi if test -z "$dst_arg"; then echo "$0: no destination specified." >&2 exit 1 fi dst=$dst_arg # Protect names starting with `-'. case $dst in -*) dst=./$dst;; esac # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then if test -n "$no_target_directory"; then echo "$0: $dst_arg: Is a directory" >&2 exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else # Prefer dirname, but fall back on a substitute if dirname fails. dstdir=` (dirname "$dst") 2>/dev/null || expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$dst" : 'X\(//\)[^/]' \| \ X"$dst" : 'X\(//\)$' \| \ X"$dst" : 'X\(/\)' \| . 2>/dev/null || echo X"$dst" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q' ` test -d "$dstdir" dstdir_status=$? fi fi obsolete_mkdir_used=false if test $dstdir_status != 0; then case $posix_mkdir in '') # Create intermediate dirs using mode 755 as modified by the umask. # This is like FreeBSD 'install' as of 1997-10-28. umask=`umask` case $stripcmd.$umask in # Optimize common cases. *[2367][2367]) mkdir_umask=$umask;; .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; *[0-7]) mkdir_umask=`expr $umask + 22 \ - $umask % 100 % 40 + $umask % 20 \ - $umask % 10 % 4 + $umask % 2 `;; *) mkdir_umask=$umask,go-w;; esac # With -d, create the new directory with the user-specified mode. # Otherwise, rely on $mkdir_umask. if test -n "$dir_arg"; then mkdir_mode=-m$mode else mkdir_mode= fi posix_mkdir=false case $umask in *[123567][0-7][0-7]) # POSIX mkdir -p sets u+wx bits regardless of umask, which # is incompatible with FreeBSD 'install' when (umask & 300) != 0. ;; *) tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 if (umask $mkdir_umask && exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 then if test -z "$dir_arg" || { # Check for POSIX incompatibilities with -m. # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or # other-writeable bit of parent directory when it shouldn't. # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. ls_ld_tmpdir=`ls -ld "$tmpdir"` case $ls_ld_tmpdir in d????-?r-*) different_mode=700;; d????-?--*) different_mode=755;; *) false;; esac && $mkdirprog -m$different_mode -p -- "$tmpdir" && { ls_ld_tmpdir_1=`ls -ld "$tmpdir"` test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" } } then posix_mkdir=: fi rmdir "$tmpdir/d" "$tmpdir" else # Remove any dirs left behind by ancient mkdir implementations. rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null fi trap '' 0;; esac;; esac if $posix_mkdir && ( umask $mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else # The umask is ridiculous, or mkdir does not conform to POSIX, # or it failed possibly due to a race condition. Create the # directory the slow way, step by step, checking for races as we go. case $dstdir in /*) prefix='/';; -*) prefix='./';; *) prefix='';; esac eval "$initialize_posix_glob" oIFS=$IFS IFS=/ $posix_glob set -f set fnord $dstdir shift $posix_glob set +f IFS=$oIFS prefixes= for d do test -z "$d" && continue prefix=$prefix$d if test -d "$prefix"; then prefixes= else if $posix_mkdir; then (umask=$mkdir_umask && $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break # Don't fail if two instances are running concurrently. test -d "$prefix" || exit 1 else case $prefix in *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; *) qprefix=$prefix;; esac prefixes="$prefixes '$qprefix'" fi fi prefix=$prefix/ done if test -n "$prefixes"; then # Don't fail if two instances are running concurrently. (umask $mkdir_umask && eval "\$doit_exec \$mkdirprog $prefixes") || test -d "$dstdir" || exit 1 obsolete_mkdir_used=true fi fi fi if test -n "$dir_arg"; then { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 else # Make a couple of temp file names in the proper directory. dsttmp=$dstdir/_inst.$$_ rmtmp=$dstdir/_rm.$$_ # Trap to clean up those temp files at exit. trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # # If any of these fail, we abort the whole thing. If we want to # ignore errors from any of these, just make sure not to ignore # errors from the above "$doit $cpprog $src $dsttmp" command. # { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && eval "$initialize_posix_glob" && $posix_glob set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && $posix_glob set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then rm -f "$dsttmp" else # Rename the file to the real destination. $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || # The rename failed, perhaps because mv can't rename something else # to itself, or perhaps because mv is so ancient that it does not # support -f. { # Now remove or move aside any old file at destination location. # We try this two ways since rm can't unlink itself on some # systems and the destination file might be busy for other # reasons. In this case, the final cleanup might fail but the new # file should still install successfully. { test ! -f "$dst" || $doit $rmcmd -f "$dst" 2>/dev/null || { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } } || { echo "$0: cannot unlink or rename $dst" >&2 (exit 1); exit 1 } } && # Now rename the file to the real destination. $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 trap '' 0 fi done # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: pam/build-aux/ltmain.sh0000755000000000000000000073310413261244762012255 0ustar # Generated from ltmain.m4sh. # ltmain.sh (GNU libtool) 2.2.6 # Written by Gordon Matzigkeit , 1996 # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc. # This is free software; see the source for copying conditions. There is NO # warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. # GNU Libtool is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, # or obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Usage: $progname [OPTION]... [MODE-ARG]... # # Provide generalized library-building support services. # # --config show all configuration variables # --debug enable verbose shell tracing # -n, --dry-run display commands without modifying any files # --features display basic configuration information and exit # --mode=MODE use operation mode MODE # --preserve-dup-deps don't remove duplicate dependency libraries # --quiet, --silent don't print informational messages # --tag=TAG use configuration variables from tag TAG # -v, --verbose print informational messages (default) # --version print version information # -h, --help print short or long help message # # MODE must be one of the following: # # clean remove files from the build directory # compile compile a source file into a libtool object # execute automatically set library path, then run a program # finish complete the installation of libtool libraries # install install libraries or executables # link create a library or an executable # uninstall remove libraries from an installed directory # # MODE-ARGS vary depending on the MODE. # Try `$progname --help --mode=MODE' for a more detailed description of MODE. # # When reporting a bug, please describe a test case to reproduce it and # include the following information: # # host-triplet: $host # shell: $SHELL # compiler: $LTCC # compiler flags: $LTCFLAGS # linker: $LD (gnu? $with_gnu_ld) # $progname: (GNU libtool) 2.2.6 # automake: $automake_version # autoconf: $autoconf_version # # Report bugs to . PROGRAM=ltmain.sh PACKAGE=libtool VERSION=2.2.6 TIMESTAMP="" package_revision=1.3012 # Be Bourne compatible if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # NLS nuisances: We save the old values to restore during execute mode. # Only set LANG and LC_ALL to C if already set. # These must not be set unconditionally because not all systems understand # e.g. LANG=C (notably SCO). lt_user_locale= lt_safe_locale= for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${$lt_var+set}\" = set; then save_$lt_var=\$$lt_var $lt_var=C export $lt_var lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\" lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\" fi" done $lt_unset CDPATH : ${CP="cp -f"} : ${ECHO="echo"} : ${EGREP="/usr/bin/grep -E"} : ${FGREP="/usr/bin/grep -F"} : ${GREP="/usr/bin/grep"} : ${LN_S="ln -s"} : ${MAKE="make"} : ${MKDIR="mkdir"} : ${MV="mv -f"} : ${RM="rm -f"} : ${SED="/opt/local/bin/gsed"} : ${SHELL="${CONFIG_SHELL-/bin/sh}"} : ${Xsed="$SED -e 1s/^X//"} # Global variables: EXIT_SUCCESS=0 EXIT_FAILURE=1 EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. exit_status=$EXIT_SUCCESS # Make sure IFS has a sensible default lt_nl=' ' IFS=" $lt_nl" dirname="s,/[^/]*$,," basename="s,^.*/,," # func_dirname_and_basename file append nondir_replacement # perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # Implementation must be kept synchronized with func_dirname # and func_basename. For efficiency, we do not delegate to # those functions but instead duplicate the functionality here. func_dirname_and_basename () { # Extract subdirectory from the argument. func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` } # Generated shell functions inserted here. # Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh # is ksh but when the shell is invoked as "sh" and the current value of # the _XPG environment variable is not equal to 1 (one), the special # positional parameter $0, within a function call, is the name of the # function. progpath="$0" # The name of this program: # In the unlikely event $progname began with a '-', it would play havoc with # func_echo (imagine progname=-n), so we prepend ./ in that case: func_dirname_and_basename "$progpath" progname=$func_basename_result case $progname in -*) progname=./$progname ;; esac # Make sure we have an absolute path for reexecution: case $progpath in [\\/]*|[A-Za-z]:\\*) ;; *[\\/]*) progdir=$func_dirname_result progdir=`cd "$progdir" && pwd` progpath="$progdir/$progname" ;; *) save_IFS="$IFS" IFS=: for progdir in $PATH; do IFS="$save_IFS" test -x "$progdir/$progname" && break done IFS="$save_IFS" test -n "$progdir" || progdir=`pwd` progpath="$progdir/$progname" ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed="${SED}"' -e 1s/^X//' sed_quote_subst='s/\([`"$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Re-`\' parameter expansions in output of double_quote_subst that were # `\'-ed in input to the same. If an odd number of `\' preceded a '$' # in input to double_quote_subst, that '$' was protected from expansion. # Since each input `\' is now two `\'s, look for any number of runs of # four `\'s followed by two `\'s and then a '$'. `\' that '$'. bs='\\' bs2='\\\\' bs4='\\\\\\\\' dollar='\$' sed_double_backslash="\ s/$bs4/&\\ /g s/^$bs2$dollar/$bs&/ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g s/\n//g" # Standard options: opt_dry_run=false opt_help=false opt_quiet=false opt_verbose=false opt_warning=: # func_echo arg... # Echo program name prefixed message, along with the current mode # name if it has been set yet. func_echo () { $ECHO "$progname${mode+: }$mode: $*" } # func_verbose arg... # Echo program name prefixed message in verbose mode only. func_verbose () { $opt_verbose && func_echo ${1+"$@"} # A bug in bash halts the script if the last line of a function # fails when set -e is in force, so we need another command to # work around that: : } # func_error arg... # Echo program name prefixed message to standard error. func_error () { $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2 } # func_warning arg... # Echo program name prefixed warning message to standard error. func_warning () { $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2 # bash bug again: : } # func_fatal_error arg... # Echo program name prefixed message to standard error, and exit. func_fatal_error () { func_error ${1+"$@"} exit $EXIT_FAILURE } # func_fatal_help arg... # Echo program name prefixed message to standard error, followed by # a help hint, and exit. func_fatal_help () { func_error ${1+"$@"} func_fatal_error "$help" } help="Try \`$progname --help' for more information." ## default # func_grep expression filename # Check whether EXPRESSION matches any line of FILENAME, without output. func_grep () { $GREP "$1" "$2" >/dev/null 2>&1 } # func_mkdir_p directory-path # Make sure the entire path to DIRECTORY-PATH is available. func_mkdir_p () { my_directory_path="$1" my_dir_list= if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then # Protect directory names starting with `-' case $my_directory_path in -*) my_directory_path="./$my_directory_path" ;; esac # While some portion of DIR does not yet exist... while test ! -d "$my_directory_path"; do # ...make a list in topmost first order. Use a colon delimited # list incase some portion of path contains whitespace. my_dir_list="$my_directory_path:$my_dir_list" # If the last portion added has no slash in it, the list is done case $my_directory_path in */*) ;; *) break ;; esac # ...otherwise throw away the child directory and loop my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"` done my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'` save_mkdir_p_IFS="$IFS"; IFS=':' for my_dir in $my_dir_list; do IFS="$save_mkdir_p_IFS" # mkdir can fail with a `File exist' error if two processes # try to create one of the directories concurrently. Don't # stop in that case! $MKDIR "$my_dir" 2>/dev/null || : done IFS="$save_mkdir_p_IFS" # Bail out if we (or some other process) failed to create a directory. test -d "$my_directory_path" || \ func_fatal_error "Failed to create \`$1'" fi } # func_mktempdir [string] # Make a temporary directory that won't clash with other running # libtool processes, and avoids race conditions if possible. If # given, STRING is the basename for that directory. func_mktempdir () { my_template="${TMPDIR-/tmp}/${1-$progname}" if test "$opt_dry_run" = ":"; then # Return a directory name, but don't create it in dry-run mode my_tmpdir="${my_template}-$$" else # If mktemp works, use that first and foremost my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null` if test ! -d "$my_tmpdir"; then # Failing that, at least try and use $RANDOM to avoid a race my_tmpdir="${my_template}-${RANDOM-0}$$" save_mktempdir_umask=`umask` umask 0077 $MKDIR "$my_tmpdir" umask $save_mktempdir_umask fi # If we're not in dry-run mode, bomb out on failure test -d "$my_tmpdir" || \ func_fatal_error "cannot create temporary directory \`$my_tmpdir'" fi $ECHO "X$my_tmpdir" | $Xsed } # func_quote_for_eval arg # Aesthetically quote ARG to be evaled later. # This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT # is double-quoted, suitable for a subsequent eval, whereas # FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters # which are still active within double quotes backslashified. func_quote_for_eval () { case $1 in *[\\\`\"\$]*) func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;; *) func_quote_for_eval_unquoted_result="$1" ;; esac case $func_quote_for_eval_unquoted_result in # Double-quote args containing shell metacharacters to delay # word splitting, command substitution and and variable # expansion for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\"" ;; *) func_quote_for_eval_result="$func_quote_for_eval_unquoted_result" esac } # func_quote_for_expand arg # Aesthetically quote ARG to be evaled later; same as above, # but do not quote variable references. func_quote_for_expand () { case $1 in *[\\\`\"]*) my_arg=`$ECHO "X$1" | $Xsed \ -e "$double_quote_subst" -e "$sed_double_backslash"` ;; *) my_arg="$1" ;; esac case $my_arg in # Double-quote args containing shell metacharacters to delay # word splitting and command substitution for a subsequent eval. # Many Bourne shells cannot handle close brackets correctly # in scan sets, so we specify it separately. *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") my_arg="\"$my_arg\"" ;; esac func_quote_for_expand_result="$my_arg" } # func_show_eval cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. func_show_eval () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$my_cmd" my_status=$? if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_show_eval_locale cmd [fail_exp] # Unless opt_silent is true, then output CMD. Then, if opt_dryrun is # not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP # is given, then evaluate it. Use the saved locale for evaluation. func_show_eval_locale () { my_cmd="$1" my_fail_exp="${2-:}" ${opt_silent-false} || { func_quote_for_expand "$my_cmd" eval "func_echo $func_quote_for_expand_result" } if ${opt_dry_run-false}; then :; else eval "$lt_user_locale $my_cmd" my_status=$? eval "$lt_safe_locale" if test "$my_status" -eq 0; then :; else eval "(exit $my_status); $my_fail_exp" fi fi } # func_version # Echo version message to standard output and exit. func_version () { $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / { s/^# // s/^# *$// s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/ p }' < "$progpath" exit $? } # func_usage # Echo short help message to standard output and exit. func_usage () { $SED -n '/^# Usage:/,/# -h/ { s/^# // s/^# *$// s/\$progname/'$progname'/ p }' < "$progpath" $ECHO $ECHO "run \`$progname --help | more' for full usage" exit $? } # func_help # Echo long help message to standard output and exit. func_help () { $SED -n '/^# Usage:/,/# Report bugs to/ { s/^# // s/^# *$// s*\$progname*'$progname'* s*\$host*'"$host"'* s*\$SHELL*'"$SHELL"'* s*\$LTCC*'"$LTCC"'* s*\$LTCFLAGS*'"$LTCFLAGS"'* s*\$LD*'"$LD"'* s/\$with_gnu_ld/'"$with_gnu_ld"'/ s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/ s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/ p }' < "$progpath" exit $? } # func_missing_arg argname # Echo program name prefixed message to standard error and set global # exit_cmd. func_missing_arg () { func_error "missing argument for $1" exit_cmd=exit } exit_cmd=: # Check that we have a working $ECHO. if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then # Yippee, $ECHO works! : else # Restart under the correct shell, and then maybe $ECHO will work. exec $SHELL "$progpath" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat </dev/null 2>&1; then taglist="$taglist $tagname" # Evaluate the configuration. Be careful to quote the path # and the sed script, to avoid splitting on whitespace, but # also don't use non-portable quotes within backquotes within # quotes we have to do it in 2 steps: extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` eval "$extractedcf" else func_error "ignoring unknown tag $tagname" fi ;; esac } # Parse options once, thoroughly. This comes as soon as possible in # the script to make things like `libtool --version' happen quickly. { # Shorthand for --mode=foo, only valid as the first argument case $1 in clean|clea|cle|cl) shift; set dummy --mode clean ${1+"$@"}; shift ;; compile|compil|compi|comp|com|co|c) shift; set dummy --mode compile ${1+"$@"}; shift ;; execute|execut|execu|exec|exe|ex|e) shift; set dummy --mode execute ${1+"$@"}; shift ;; finish|finis|fini|fin|fi|f) shift; set dummy --mode finish ${1+"$@"}; shift ;; install|instal|insta|inst|ins|in|i) shift; set dummy --mode install ${1+"$@"}; shift ;; link|lin|li|l) shift; set dummy --mode link ${1+"$@"}; shift ;; uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) shift; set dummy --mode uninstall ${1+"$@"}; shift ;; esac # Parse non-mode specific arguments: while test "$#" -gt 0; do opt="$1" shift case $opt in --config) func_config ;; --debug) preserve_args="$preserve_args $opt" func_echo "enabling shell trace mode" opt_debug='set -x' $opt_debug ;; -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break execute_dlfiles="$execute_dlfiles $1" shift ;; --dry-run | -n) opt_dry_run=: ;; --features) func_features ;; --finish) mode="finish" ;; --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break case $1 in # Valid mode arguments: clean) ;; compile) ;; execute) ;; finish) ;; install) ;; link) ;; relink) ;; uninstall) ;; # Catch anything else as an error *) func_error "invalid argument for $opt" exit_cmd=exit break ;; esac mode="$1" shift ;; --preserve-dup-deps) opt_duplicate_deps=: ;; --quiet|--silent) preserve_args="$preserve_args $opt" opt_silent=: ;; --verbose| -v) preserve_args="$preserve_args $opt" opt_silent=false ;; --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break preserve_args="$preserve_args $opt $1" func_enable_tag "$1" # tagname is set here shift ;; # Separate optargs to long options: -dlopen=*|--mode=*|--tag=*) func_opt_split "$opt" set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"} shift ;; -\?|-h) func_usage ;; --help) opt_help=: ;; --version) func_version ;; -*) func_fatal_help "unrecognized option \`$opt'" ;; *) nonopt="$opt" break ;; esac done case $host in *cygwin* | *mingw* | *pw32* | *cegcc*) # don't eliminate duplications in $postdeps and $predeps opt_duplicate_compiler_generated_deps=: ;; *) opt_duplicate_compiler_generated_deps=$opt_duplicate_deps ;; esac # Having warned about all mis-specified options, bail out if # anything was wrong. $exit_cmd $EXIT_FAILURE } # func_check_version_match # Ensure that we are using m4 macros, and libtool script from the same # release of libtool. func_check_version_match () { if test "$package_revision" != "$macro_revision"; then if test "$VERSION" != "$macro_version"; then if test -z "$macro_version"; then cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from an older release. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, but the $progname: definition of this LT_INIT comes from $PACKAGE $macro_version. $progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION $progname: and run autoconf again. _LT_EOF fi else cat >&2 <<_LT_EOF $progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, $progname: but the definition of this LT_INIT comes from revision $macro_revision. $progname: You should recreate aclocal.m4 with macros from revision $package_revision $progname: of $PACKAGE $VERSION and run autoconf again. _LT_EOF fi exit $EXIT_MISMATCH fi } ## ----------- ## ## Main. ## ## ----------- ## $opt_help || { # Sanity checks first: func_check_version_match if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then func_fatal_configuration "not configured to build any kind of library" fi test -z "$mode" && func_fatal_error "error: you must specify a MODE." # Darwin sucks eval std_shrext=\"$shrext_cmds\" # Only execute mode is allowed to have -dlopen flags. if test -n "$execute_dlfiles" && test "$mode" != execute; then func_error "unrecognized option \`-dlopen'" $ECHO "$help" 1>&2 exit $EXIT_FAILURE fi # Change the help message to a mode-specific one. generic_help="$help" help="Try \`$progname --help --mode=$mode' for more information." } # func_lalib_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_lalib_p () { test -f "$1" && $SED -e 4q "$1" 2>/dev/null \ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 } # func_lalib_unsafe_p file # True iff FILE is a libtool `.la' library or `.lo' object file. # This function implements the same check as func_lalib_p without # resorting to external programs. To this end, it redirects stdin and # closes it afterwards, without saving the original file descriptor. # As a safety measure, use it only where a negative result would be # fatal anyway. Works if `file' does not exist. func_lalib_unsafe_p () { lalib_p=no if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then for lalib_p_l in 1 2 3 4 do read lalib_p_line case "$lalib_p_line" in \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; esac done exec 0<&5 5<&- fi test "$lalib_p" = yes } # func_ltwrapper_script_p file # True iff FILE is a libtool wrapper script # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_script_p () { func_lalib_p "$1" } # func_ltwrapper_executable_p file # True iff FILE is a libtool wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_executable_p () { func_ltwrapper_exec_suffix= case $1 in *.exe) ;; *) func_ltwrapper_exec_suffix=.exe ;; esac $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 } # func_ltwrapper_scriptname file # Assumes file is an ltwrapper_executable # uses $file to determine the appropriate filename for a # temporary ltwrapper_script. func_ltwrapper_scriptname () { func_ltwrapper_scriptname_result="" if func_ltwrapper_executable_p "$1"; then func_dirname_and_basename "$1" "" "." func_stripname '' '.exe' "$func_basename_result" func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper" fi } # func_ltwrapper_p file # True iff FILE is a libtool wrapper script or wrapper executable # This function is only a basic sanity check; it will hardly flush out # determined imposters. func_ltwrapper_p () { func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" } # func_execute_cmds commands fail_cmd # Execute tilde-delimited COMMANDS. # If FAIL_CMD is given, eval that upon failure. # FAIL_CMD may read-access the current command in variable CMD! func_execute_cmds () { $opt_debug save_ifs=$IFS; IFS='~' for cmd in $1; do IFS=$save_ifs eval cmd=\"$cmd\" func_show_eval "$cmd" "${2-:}" done IFS=$save_ifs } # func_source file # Source FILE, adding directory component if necessary. # Note that it is not necessary on cygwin/mingw to append a dot to # FILE even if both FILE and FILE.exe exist: automatic-append-.exe # behavior happens only for exec(3), not for open(2)! Also, sourcing # `FILE.' does not work on cygwin managed mounts. func_source () { $opt_debug case $1 in */* | *\\*) . "$1" ;; *) . "./$1" ;; esac } # func_infer_tag arg # Infer tagged configuration to use if any are available and # if one wasn't chosen via the "--tag" command line option. # Only attempt this if the compiler in the base compile # command doesn't match the default compiler. # arg is usually of the form 'gcc ...' func_infer_tag () { $opt_debug if test -n "$available_tags" && test -z "$tagname"; then CC_quoted= for arg in $CC; do func_quote_for_eval "$arg" CC_quoted="$CC_quoted $func_quote_for_eval_result" done case $@ in # Blanks in the command may have been stripped by the calling shell, # but not from the CC environment variable when configure was run. " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;; # Blanks at the start of $base_compile will cause this to fail # if we don't check for them as well. *) for z in $available_tags; do if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then # Evaluate the configuration. eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" CC_quoted= for arg in $CC; do # Double-quote args containing other shell metacharacters. func_quote_for_eval "$arg" CC_quoted="$CC_quoted $func_quote_for_eval_result" done case "$@ " in " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) # The compiler in the base compile command matches # the one in the tagged configuration. # Assume this is the tagged configuration we want. tagname=$z break ;; esac fi done # If $tagname still isn't set, then no tagged configuration # was found and let the user know that the "--tag" command # line option must be used. if test -z "$tagname"; then func_echo "unable to infer tagged configuration" func_fatal_error "specify a tag with \`--tag'" # else # func_verbose "using $tagname tagged configuration" fi ;; esac fi } # func_write_libtool_object output_name pic_name nonpic_name # Create a libtool object file (analogous to a ".la" file), # but don't create it if we're doing a dry run. func_write_libtool_object () { write_libobj=${1} if test "$build_libtool_libs" = yes; then write_lobj=\'${2}\' else write_lobj=none fi if test "$build_old_libs" = yes; then write_oldobj=\'${3}\' else write_oldobj=none fi $opt_dry_run || { cat >${write_libobj}T <?"'"'"' &()|`$[]' \ && func_warning "libobj name \`$libobj' may not contain shell special characters." func_dirname_and_basename "$obj" "/" "" objname="$func_basename_result" xdir="$func_dirname_result" lobj=${xdir}$objdir/$objname test -z "$base_compile" && \ func_fatal_help "you must specify a compilation command" # Delete any leftover library objects. if test "$build_old_libs" = yes; then removelist="$obj $lobj $libobj ${libobj}T" else removelist="$lobj $libobj ${libobj}T" fi # On Cygwin there's no "real" PIC flag so we must build both object types case $host_os in cygwin* | mingw* | pw32* | os2* | cegcc*) pic_mode=default ;; esac if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then # non-PIC code in shared libraries is not supported pic_mode=default fi # Calculate the filename of the output object if compiler does # not support -o with -c if test "$compiler_c_o" = no; then output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext} lockfile="$output_obj.lock" else output_obj= need_locks=no lockfile= fi # Lock this critical section if it is needed # We use this script file to make the link, it avoids creating a new file if test "$need_locks" = yes; then until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do func_echo "Waiting for $lockfile to be removed" sleep 2 done elif test "$need_locks" = warn; then if test -f "$lockfile"; then $ECHO "\ *** ERROR, $lockfile exists and contains: `cat $lockfile 2>/dev/null` This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi removelist="$removelist $output_obj" $ECHO "$srcfile" > "$lockfile" fi $opt_dry_run || $RM $removelist removelist="$removelist $lockfile" trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 if test -n "$fix_srcfile_path"; then eval srcfile=\"$fix_srcfile_path\" fi func_quote_for_eval "$srcfile" qsrcfile=$func_quote_for_eval_result # Only build a PIC object if we are building libtool libraries. if test "$build_libtool_libs" = yes; then # Without this assignment, base_compile gets emptied. fbsd_hideous_sh_bug=$base_compile if test "$pic_mode" != no; then command="$base_compile $qsrcfile $pic_flag" else # Don't build PIC code command="$base_compile $qsrcfile" fi func_mkdir_p "$xdir$objdir" if test -z "$output_obj"; then # Place PIC objects in $objdir command="$command -o $lobj" fi func_show_eval_locale "$command" \ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed, then go on to compile the next one if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then func_show_eval '$MV "$output_obj" "$lobj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi # Allow error messages only from the first compilation. if test "$suppress_opt" = yes; then suppress_output=' >/dev/null 2>&1' fi fi # Only build a position-dependent object if we build old libraries. if test "$build_old_libs" = yes; then if test "$pic_mode" != yes; then # Don't build PIC code command="$base_compile $qsrcfile$pie_flag" else command="$base_compile $qsrcfile $pic_flag" fi if test "$compiler_c_o" = yes; then command="$command -o $obj" fi # Suppress compiler output if we already did a PIC compilation. command="$command$suppress_output" func_show_eval_locale "$command" \ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' if test "$need_locks" = warn && test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then $ECHO "\ *** ERROR, $lockfile contains: `cat $lockfile 2>/dev/null` but it should contain: $srcfile This indicates that another process is trying to use the same temporary object file, and libtool could not work around it because your compiler does not support \`-c' and \`-o' together. If you repeat this compilation, it may succeed, by chance, but you had better avoid parallel builds (make -j) in this platform, or get a better compiler." $opt_dry_run || $RM $removelist exit $EXIT_FAILURE fi # Just move the object if needed if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then func_show_eval '$MV "$output_obj" "$obj"' \ 'error=$?; $opt_dry_run || $RM $removelist; exit $error' fi fi $opt_dry_run || { func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" # Unlock the critical section if it was locked if test "$need_locks" != no; then removelist=$lockfile $RM "$lockfile" fi } exit $EXIT_SUCCESS } $opt_help || { test "$mode" = compile && func_mode_compile ${1+"$@"} } func_mode_help () { # We need to display help for each of the modes. case $mode in "") # Generic help is extracted from the usage comments # at the start of this file. func_help ;; clean) $ECHO \ "Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... Remove files from the build directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, object or program, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; compile) $ECHO \ "Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE Compile a source file into a libtool library object. This mode accepts the following additional options: -o OUTPUT-FILE set the output file name to OUTPUT-FILE -no-suppress do not suppress compiler output for multiple passes -prefer-pic try to building PIC objects only -prefer-non-pic try to building non-PIC objects only -shared do not build a \`.o' file suitable for static linking -static only build a \`.o' file suitable for static linking COMPILE-COMMAND is a command to be used in creating a \`standard' object file from the given SOURCEFILE. The output file name is determined by removing the directory component from SOURCEFILE, then substituting the C source code suffix \`.c' with the library object suffix, \`.lo'." ;; execute) $ECHO \ "Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... Automatically set library path, then run a program. This mode accepts the following additional options: -dlopen FILE add the directory containing FILE to the library path This mode sets the library path environment variable according to \`-dlopen' flags. If any of the ARGS are libtool executable wrappers, then they are translated into their corresponding uninstalled binary, and any of their required library directories are added to the library path. Then, COMMAND is executed, with ARGS as arguments." ;; finish) $ECHO \ "Usage: $progname [OPTION]... --mode=finish [LIBDIR]... Complete the installation of libtool libraries. Each LIBDIR is a directory that contains libtool libraries. The commands that this mode executes may require superuser privileges. Use the \`--dry-run' option if you just want to see what would be executed." ;; install) $ECHO \ "Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... Install executables or libraries. INSTALL-COMMAND is the installation command. The first component should be either the \`install' or \`cp' program. The following components of INSTALL-COMMAND are treated specially: -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation The rest of the components are interpreted as arguments to that command (only BSD-compatible install options are recognized)." ;; link) $ECHO \ "Usage: $progname [OPTION]... --mode=link LINK-COMMAND... Link object files or libraries together to form another library, or to create an executable program. LINK-COMMAND is a command using the C compiler that you would use to create a program from several object files. The following components of LINK-COMMAND are treated specially: -all-static do not do any dynamic linking at all -avoid-version do not add a version suffix if possible -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) -export-symbols SYMFILE try to export only the symbols listed in SYMFILE -export-symbols-regex REGEX try to export only the symbols matching REGEX -LLIBDIR search LIBDIR for required installed libraries -lNAME OUTPUT-FILE requires the installed library libNAME -module build a library that can dlopened -no-fast-install disable the fast-install mode -no-install link a not-installable executable -no-undefined declare that a library does not refer to external symbols -o OUTPUT-FILE create OUTPUT-FILE from the specified objects -objectlist FILE Use a list of object files found in FILE to specify objects -precious-files-regex REGEX don't remove output files matching REGEX -release RELEASE specify package release information -rpath LIBDIR the created library will eventually be installed in LIBDIR -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries -shared only do dynamic linking of libtool libraries -shrext SUFFIX override the standard shared library file extension -static do not do any dynamic linking of uninstalled libtool libraries -static-libtool-libs do not do any dynamic linking of libtool libraries -version-info CURRENT[:REVISION[:AGE]] specify library version info [each variable defaults to 0] -weak LIBNAME declare that the target provides the LIBNAME interface All other options (arguments beginning with \`-') are ignored. Every other argument is treated as a filename. Files ending in \`.la' are treated as uninstalled libtool libraries, other files are standard or library object files. If the OUTPUT-FILE ends in \`.la', then a libtool library is created, only library objects (\`.lo' files) may be specified, and \`-rpath' is required, except when creating a convenience library. If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created using \`ar' and \`ranlib', or on Windows using \`lib'. If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file is created, otherwise an executable program is created." ;; uninstall) $ECHO \ "Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... Remove libraries from an installation directory. RM is the name of the program to use to delete files associated with each FILE (typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed to RM. If FILE is a libtool library, all the files associated with it are deleted. Otherwise, only FILE itself is deleted using RM." ;; *) func_fatal_help "invalid operation mode \`$mode'" ;; esac $ECHO $ECHO "Try \`$progname --help' for more information about other modes." exit $? } # Now that we've collected a possible --mode arg, show help if necessary $opt_help && func_mode_help # func_mode_execute arg... func_mode_execute () { $opt_debug # The first argument is the command name. cmd="$nonopt" test -z "$cmd" && \ func_fatal_help "you must specify a COMMAND" # Handle -dlopen flags immediately. for file in $execute_dlfiles; do test -f "$file" \ || func_fatal_help "\`$file' is not a file" dir= case $file in *.la) # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$lib' is not a valid libtool archive" # Read the libtool library. dlname= library_names= func_source "$file" # Skip this library if it cannot be dlopened. if test -z "$dlname"; then # Warn if it was a shared library. test -n "$library_names" && \ func_warning "\`$file' was not linked with \`-export-dynamic'" continue fi func_dirname "$file" "" "." dir="$func_dirname_result" if test -f "$dir/$objdir/$dlname"; then dir="$dir/$objdir" else if test ! -f "$dir/$dlname"; then func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'" fi fi ;; *.lo) # Just add the directory containing the .lo file. func_dirname "$file" "" "." dir="$func_dirname_result" ;; *) func_warning "\`-dlopen' is ignored for non-libtool libraries and objects" continue ;; esac # Get the absolute pathname. absdir=`cd "$dir" && pwd` test -n "$absdir" && dir="$absdir" # Now add the directory to shlibpath_var. if eval "test -z \"\$$shlibpath_var\""; then eval "$shlibpath_var=\"\$dir\"" else eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" fi done # This variable tells wrapper scripts just to set shlibpath_var # rather than running their programs. libtool_execute_magic="$magic" # Check if any of the arguments is a wrapper script. args= for file do case $file in -*) ;; *) # Do a test to see if this is really a libtool program. if func_ltwrapper_script_p "$file"; then func_source "$file" # Transform arg to wrapped name. file="$progdir/$program" elif func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" func_source "$func_ltwrapper_scriptname_result" # Transform arg to wrapped name. file="$progdir/$program" fi ;; esac # Quote arguments (to preserve shell metacharacters). func_quote_for_eval "$file" args="$args $func_quote_for_eval_result" done if test "X$opt_dry_run" = Xfalse; then if test -n "$shlibpath_var"; then # Export the shlibpath_var. eval "export $shlibpath_var" fi # Restore saved environment variables for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES do eval "if test \"\${save_$lt_var+set}\" = set; then $lt_var=\$save_$lt_var; export $lt_var else $lt_unset $lt_var fi" done # Now prepare to actually exec the command. exec_cmd="\$cmd$args" else # Display what would be done. if test -n "$shlibpath_var"; then eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" $ECHO "export $shlibpath_var" fi $ECHO "$cmd$args" exit $EXIT_SUCCESS fi } test "$mode" = execute && func_mode_execute ${1+"$@"} # func_mode_finish arg... func_mode_finish () { $opt_debug libdirs="$nonopt" admincmds= if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then for dir do libdirs="$libdirs $dir" done for libdir in $libdirs; do if test -n "$finish_cmds"; then # Do each command in the finish commands. func_execute_cmds "$finish_cmds" 'admincmds="$admincmds '"$cmd"'"' fi if test -n "$finish_eval"; then # Do the single finish_eval. eval cmds=\"$finish_eval\" $opt_dry_run || eval "$cmds" || admincmds="$admincmds $cmds" fi done fi # Exit here if they wanted silent mode. $opt_silent && exit $EXIT_SUCCESS $ECHO "X----------------------------------------------------------------------" | $Xsed $ECHO "Libraries have been installed in:" for libdir in $libdirs; do $ECHO " $libdir" done $ECHO $ECHO "If you ever happen to want to link against installed libraries" $ECHO "in a given directory, LIBDIR, you must either use libtool, and" $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'" $ECHO "flag during linking and do at least one of the following:" if test -n "$shlibpath_var"; then $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable" $ECHO " during execution" fi if test -n "$runpath_var"; then $ECHO " - add LIBDIR to the \`$runpath_var' environment variable" $ECHO " during linking" fi if test -n "$hardcode_libdir_flag_spec"; then libdir=LIBDIR eval flag=\"$hardcode_libdir_flag_spec\" $ECHO " - use the \`$flag' linker flag" fi if test -n "$admincmds"; then $ECHO " - have your system administrator run these commands:$admincmds" fi if test -f /etc/ld.so.conf; then $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'" fi $ECHO $ECHO "See any operating system documentation about shared libraries for" case $host in solaris2.[6789]|solaris2.1[0-9]) $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual" $ECHO "pages." ;; *) $ECHO "more information, such as the ld(1) and ld.so(8) manual pages." ;; esac $ECHO "X----------------------------------------------------------------------" | $Xsed exit $EXIT_SUCCESS } test "$mode" = finish && func_mode_finish ${1+"$@"} # func_mode_install arg... func_mode_install () { $opt_debug # There may be an optional sh(1) argument at the beginning of # install_prog (especially on Windows NT). if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh || # Allow the use of GNU shtool's install command. $ECHO "X$nonopt" | $GREP shtool >/dev/null; then # Aesthetically quote it. func_quote_for_eval "$nonopt" install_prog="$func_quote_for_eval_result " arg=$1 shift else install_prog= arg=$nonopt fi # The real first argument should be the name of the installation program. # Aesthetically quote it. func_quote_for_eval "$arg" install_prog="$install_prog$func_quote_for_eval_result" # We need to accept at least all the BSD install flags. dest= files= opts= prev= install_type= isdir=no stripme= for arg do if test -n "$dest"; then files="$files $dest" dest=$arg continue fi case $arg in -d) isdir=yes ;; -f) case " $install_prog " in *[\\\ /]cp\ *) ;; *) prev=$arg ;; esac ;; -g | -m | -o) prev=$arg ;; -s) stripme=" -s" continue ;; -*) ;; *) # If the previous option needed an argument, then skip it. if test -n "$prev"; then prev= else dest=$arg continue fi ;; esac # Aesthetically quote the argument. func_quote_for_eval "$arg" install_prog="$install_prog $func_quote_for_eval_result" done test -z "$install_prog" && \ func_fatal_help "you must specify an install program" test -n "$prev" && \ func_fatal_help "the \`$prev' option requires an argument" if test -z "$files"; then if test -z "$dest"; then func_fatal_help "no file or destination specified" else func_fatal_help "you must specify a destination" fi fi # Strip any trailing slash from the destination. func_stripname '' '/' "$dest" dest=$func_stripname_result # Check to see that the destination is a directory. test -d "$dest" && isdir=yes if test "$isdir" = yes; then destdir="$dest" destname= else func_dirname_and_basename "$dest" "" "." destdir="$func_dirname_result" destname="$func_basename_result" # Not a directory, so check to see that there is only one file specified. set dummy $files; shift test "$#" -gt 1 && \ func_fatal_help "\`$dest' is not a directory" fi case $destdir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) for file in $files; do case $file in *.lo) ;; *) func_fatal_help "\`$destdir' must be an absolute directory name" ;; esac done ;; esac # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" staticlibs= future_libdirs= current_libdirs= for file in $files; do # Do each installation. case $file in *.$libext) # Do the static libraries later. staticlibs="$staticlibs $file" ;; *.la) # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$file" \ || func_fatal_help "\`$file' is not a valid libtool archive" library_names= old_library= relink_command= func_source "$file" # Add the libdir to current_libdirs if it is the destination. if test "X$destdir" = "X$libdir"; then case "$current_libdirs " in *" $libdir "*) ;; *) current_libdirs="$current_libdirs $libdir" ;; esac else # Note the libdir as a future libdir. case "$future_libdirs " in *" $libdir "*) ;; *) future_libdirs="$future_libdirs $libdir" ;; esac fi func_dirname "$file" "/" "" dir="$func_dirname_result" dir="$dir$objdir" if test -n "$relink_command"; then # Determine the prefix the user has applied to our future dir. inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"` # Don't allow the user to place us outside of our expected # location b/c this prevents finding dependent libraries that # are installed to the same prefix. # At present, this check doesn't affect windows .dll's that # are installed into $libdir/../bin (currently, that works fine) # but it's something to keep an eye on. test "$inst_prefix_dir" = "$destdir" && \ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir" if test -n "$inst_prefix_dir"; then # Stick the inst_prefix_dir data into the link command. relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` else relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"` fi func_warning "relinking \`$file'" func_show_eval "$relink_command" \ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"' fi # See the names of the shared library. set dummy $library_names; shift if test -n "$1"; then realname="$1" shift srcname="$realname" test -n "$relink_command" && srcname="$realname"T # Install the shared library and build the symlinks. func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \ 'exit $?' tstripme="$stripme" case $host_os in cygwin* | mingw* | pw32* | cegcc*) case $realname in *.dll.a) tstripme="" ;; esac ;; esac if test -n "$tstripme" && test -n "$striplib"; then func_show_eval "$striplib $destdir/$realname" 'exit $?' fi if test "$#" -gt 0; then # Delete the old symlinks, and create new ones. # Try `ln -sf' first, because the `ln' binary might depend on # the symlink we replace! Solaris /bin/ln does not understand -f, # so we also need to try rm && ln -s. for linkname do test "$linkname" != "$realname" \ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" done fi # Do each command in the postinstall commands. lib="$destdir/$realname" func_execute_cmds "$postinstall_cmds" 'exit $?' fi # Install the pseudo-library for information purposes. func_basename "$file" name="$func_basename_result" instname="$dir/$name"i func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' # Maybe install the static library, too. test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library" ;; *.lo) # Install (i.e. copy) a libtool object. # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # Deduce the name of the destination old-style object file. case $destfile in *.lo) func_lo2o "$destfile" staticdest=$func_lo2o_result ;; *.$objext) staticdest="$destfile" destfile= ;; *) func_fatal_help "cannot copy a libtool object to \`$destfile'" ;; esac # Install the libtool object if requested. test -n "$destfile" && \ func_show_eval "$install_prog $file $destfile" 'exit $?' # Install the old object if enabled. if test "$build_old_libs" = yes; then # Deduce the name of the old-style object file. func_lo2o "$file" staticobj=$func_lo2o_result func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' fi exit $EXIT_SUCCESS ;; *) # Figure out destination file name, if it wasn't already specified. if test -n "$destname"; then destfile="$destdir/$destname" else func_basename "$file" destfile="$func_basename_result" destfile="$destdir/$destfile" fi # If the file is missing, and there is a .exe on the end, strip it # because it is most likely a libtool script we actually want to # install stripped_ext="" case $file in *.exe) if test ! -f "$file"; then func_stripname '' '.exe' "$file" file=$func_stripname_result stripped_ext=".exe" fi ;; esac # Do a test to see if this is really a libtool program. case $host in *cygwin* | *mingw*) if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" wrapper=$func_ltwrapper_scriptname_result else func_stripname '' '.exe' "$file" wrapper=$func_stripname_result fi ;; *) wrapper=$file ;; esac if func_ltwrapper_script_p "$wrapper"; then notinst_deplibs= relink_command= func_source "$wrapper" # Check the variables that should have been set. test -z "$generated_by_libtool_version" && \ func_fatal_error "invalid libtool wrapper script \`$wrapper'" finalize=yes for lib in $notinst_deplibs; do # Check to see that each library is installed. libdir= if test -f "$lib"; then func_source "$lib" fi libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test if test -n "$libdir" && test ! -f "$libfile"; then func_warning "\`$lib' has not been installed in \`$libdir'" finalize=no fi done relink_command= func_source "$wrapper" outputname= if test "$fast_install" = no && test -n "$relink_command"; then $opt_dry_run || { if test "$finalize" = yes; then tmpdir=`func_mktempdir` func_basename "$file$stripped_ext" file="$func_basename_result" outputname="$tmpdir/$file" # Replace the output file specification. relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'` $opt_silent || { func_quote_for_expand "$relink_command" eval "func_echo $func_quote_for_expand_result" } if eval "$relink_command"; then : else func_error "error: relink \`$file' with the above command before installing it" $opt_dry_run || ${RM}r "$tmpdir" continue fi file="$outputname" else func_warning "cannot relink \`$file'" fi } else # Install the binary that we compiled earlier. file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"` fi fi # remove .exe since cygwin /usr/bin/install will append another # one anyway case $install_prog,$host in */usr/bin/install*,*cygwin*) case $file:$destfile in *.exe:*.exe) # this is ok ;; *.exe:*) destfile=$destfile.exe ;; *:*.exe) func_stripname '' '.exe' "$destfile" destfile=$func_stripname_result ;; esac ;; esac func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' $opt_dry_run || if test -n "$outputname"; then ${RM}r "$tmpdir" fi ;; esac done for file in $staticlibs; do func_basename "$file" name="$func_basename_result" # Set up the ranlib parameters. oldlib="$destdir/$name" func_show_eval "$install_prog \$file \$oldlib" 'exit $?' if test -n "$stripme" && test -n "$old_striplib"; then func_show_eval "$old_striplib $oldlib" 'exit $?' fi # Do each command in the postinstall commands. func_execute_cmds "$old_postinstall_cmds" 'exit $?' done test -n "$future_libdirs" && \ func_warning "remember to run \`$progname --finish$future_libdirs'" if test -n "$current_libdirs"; then # Maybe just do a dry run. $opt_dry_run && current_libdirs=" -n$current_libdirs" exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs' else exit $EXIT_SUCCESS fi } test "$mode" = install && func_mode_install ${1+"$@"} # func_generate_dlsyms outputname originator pic_p # Extract symbols from dlprefiles and create ${outputname}S.o with # a dlpreopen symbol table. func_generate_dlsyms () { $opt_debug my_outputname="$1" my_originator="$2" my_pic_p="${3-no}" my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'` my_dlsyms= if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then if test -n "$NM" && test -n "$global_symbol_pipe"; then my_dlsyms="${my_outputname}S.c" else func_error "not configured to extract global symbols from dlpreopened files" fi fi if test -n "$my_dlsyms"; then case $my_dlsyms in "") ;; *.c) # Discover the nlist of each of the dlfiles. nlist="$output_objdir/${my_outputname}.nm" func_show_eval "$RM $nlist ${nlist}S ${nlist}T" # Parse the name list into a source file. func_verbose "creating $output_objdir/$my_dlsyms" $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ /* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */ /* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */ #ifdef __cplusplus extern \"C\" { #endif /* External symbol declarations for the compiler. */\ " if test "$dlself" = yes; then func_verbose "generating symbol list for \`$output'" $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" # Add our own program objects to the symbol list. progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` for progfile in $progfiles; do func_verbose "extracting global C symbols from \`$progfile'" $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'" done if test -n "$exclude_expsyms"; then $opt_dry_run || { eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi if test -n "$export_symbols_regex"; then $opt_dry_run || { eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' } fi # Prepare the list of exported symbols if test -z "$export_symbols"; then export_symbols="$output_objdir/$outputname.exp" $opt_dry_run || { $RM $export_symbols eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' case $host in *cygwin* | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' ;; esac } else $opt_dry_run || { eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' eval '$MV "$nlist"T "$nlist"' case $host in *cygwin | *mingw* | *cegcc* ) eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' ;; esac } fi fi for dlprefile in $dlprefiles; do func_verbose "extracting global C symbols from \`$dlprefile'" func_basename "$dlprefile" name="$func_basename_result" $opt_dry_run || { eval '$ECHO ": $name " >> "$nlist"' eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'" } done $opt_dry_run || { # Make sure we have at least an empty file. test -f "$nlist" || : > "$nlist" if test -n "$exclude_expsyms"; then $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T $MV "$nlist"T "$nlist" fi # Try sorting and uniquifying the output. if $GREP -v "^: " < "$nlist" | if sort -k 3 /dev/null 2>&1; then sort -k 3 else sort +2 fi | uniq > "$nlist"S; then : else $GREP -v "^: " < "$nlist" > "$nlist"S fi if test -f "$nlist"S; then eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' else $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms" fi $ECHO >> "$output_objdir/$my_dlsyms" "\ /* The mapping between symbol names and symbols. */ typedef struct { const char *name; void *address; } lt_dlsymlist; " case $host in *cygwin* | *mingw* | *cegcc* ) $ECHO >> "$output_objdir/$my_dlsyms" "\ /* DATA imports from DLLs on WIN32 con't be const, because runtime relocations are performed -- see ld's documentation on pseudo-relocs. */" lt_dlsym_const= ;; *osf5*) echo >> "$output_objdir/$my_dlsyms" "\ /* This system does not cope well with relocations in const data */" lt_dlsym_const= ;; *) lt_dlsym_const=const ;; esac $ECHO >> "$output_objdir/$my_dlsyms" "\ extern $lt_dlsym_const lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[]; $lt_dlsym_const lt_dlsymlist lt_${my_prefix}_LTX_preloaded_symbols[] = {\ { \"$my_originator\", (void *) 0 }," case $need_lib_prefix in no) eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; *) eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" ;; esac $ECHO >> "$output_objdir/$my_dlsyms" "\ {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt_${my_prefix}_LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif\ " } # !$opt_dry_run pic_flag_for_symtable= case "$compile_command " in *" -static "*) ;; *) case $host in # compiling the symbol table file with pic_flag works around # a FreeBSD bug that causes programs to crash when -lm is # linked before any other PIC object. But we must not use # pic_flag when linking with -static. The problem exists in # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; *-*-hpux*) pic_flag_for_symtable=" $pic_flag" ;; *) if test "X$my_pic_p" != Xno; then pic_flag_for_symtable=" $pic_flag" fi ;; esac ;; esac symtab_cflags= for arg in $LTCFLAGS; do case $arg in -pie | -fpie | -fPIE) ;; *) symtab_cflags="$symtab_cflags $arg" ;; esac done # Now compile the dynamic symbol file. func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' # Clean up the generated files. func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"' # Transform the symbol file into the correct name. symfileobj="$output_objdir/${my_outputname}S.$objext" case $host in *cygwin* | *mingw* | *cegcc* ) if test -f "$output_objdir/$my_outputname.def"; then compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` else compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` fi ;; *) compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"` ;; esac ;; *) func_fatal_error "unknown suffix for \`$my_dlsyms'" ;; esac else # We keep going just in case the user didn't refer to # lt_preloaded_symbols. The linker will fail if global_symbol_pipe # really was required. # Nullify the symbol file. compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"` finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"` fi } # func_win32_libid arg # return the library type of file 'arg' # # Need a lot of goo to handle *both* DLLs and import libs # Has to be a shell function in order to 'eat' the argument # that is supplied when $file_magic_command is called. func_win32_libid () { $opt_debug win32_libid_type="unknown" win32_fileres=`file -L $1 2>/dev/null` case $win32_fileres in *ar\ archive\ import\ library*) # definitely import win32_libid_type="x86 archive import" ;; *ar\ archive*) # could be an import, or static if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then win32_nmres=`eval $NM -f posix -A $1 | $SED -n -e ' 1,100{ / I /{ s,.*,import, p q } }'` case $win32_nmres in import*) win32_libid_type="x86 archive import";; *) win32_libid_type="x86 archive static";; esac fi ;; *DLL*) win32_libid_type="x86 DLL" ;; *executable*) # but shell scripts are "executable" too... case $win32_fileres in *MS\ Windows\ PE\ Intel*) win32_libid_type="x86 DLL" ;; esac ;; esac $ECHO "$win32_libid_type" } # func_extract_an_archive dir oldlib func_extract_an_archive () { $opt_debug f_ex_an_ar_dir="$1"; shift f_ex_an_ar_oldlib="$1" func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?' if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then : else func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" fi } # func_extract_archives gentop oldlib ... func_extract_archives () { $opt_debug my_gentop="$1"; shift my_oldlibs=${1+"$@"} my_oldobjs="" my_xlib="" my_xabs="" my_xdir="" for my_xlib in $my_oldlibs; do # Extract the objects. case $my_xlib in [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;; *) my_xabs=`pwd`"/$my_xlib" ;; esac func_basename "$my_xlib" my_xlib="$func_basename_result" my_xlib_u=$my_xlib while :; do case " $extracted_archives " in *" $my_xlib_u "*) func_arith $extracted_serial + 1 extracted_serial=$func_arith_result my_xlib_u=lt$extracted_serial-$my_xlib ;; *) break ;; esac done extracted_archives="$extracted_archives $my_xlib_u" my_xdir="$my_gentop/$my_xlib_u" func_mkdir_p "$my_xdir" case $host in *-darwin*) func_verbose "Extracting $my_xabs" # Do not bother doing anything if just a dry run $opt_dry_run || { darwin_orig_dir=`pwd` cd $my_xdir || exit $? darwin_archive=$my_xabs darwin_curdir=`pwd` darwin_base_archive=`basename "$darwin_archive"` darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` if test -n "$darwin_arches"; then darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` darwin_arch= func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" for darwin_arch in $darwin_arches ; do func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}" $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}" cd "unfat-$$/${darwin_base_archive}-${darwin_arch}" func_extract_an_archive "`pwd`" "${darwin_base_archive}" cd "$darwin_curdir" $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" done # $darwin_arches ## Okay now we've a bunch of thin objects, gotta fatten them up :) darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u` darwin_file= darwin_files= for darwin_file in $darwin_filelist; do darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP` $LIPO -create -output "$darwin_file" $darwin_files done # $darwin_filelist $RM -rf unfat-$$ cd "$darwin_orig_dir" else cd $darwin_orig_dir func_extract_an_archive "$my_xdir" "$my_xabs" fi # $darwin_arches } # !$opt_dry_run ;; *) func_extract_an_archive "$my_xdir" "$my_xabs" ;; esac my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP` done func_extract_archives_result="$my_oldobjs" } # func_emit_wrapper_part1 [arg=no] # # Emit the first part of a libtool wrapper script on stdout. # For more information, see the description associated with # func_emit_wrapper(), below. func_emit_wrapper_part1 () { func_emit_wrapper_part1_arg1=no if test -n "$1" ; then func_emit_wrapper_part1_arg1=$1 fi $ECHO "\ #! $SHELL # $output - temporary wrapper script for $objdir/$outputname # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # The $output program cannot be directly executed until all the libtool # libraries that it depends on are installed. # # This wrapper script should never be moved out of the build directory. # If it is, it will not operate correctly. # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. Xsed='${SED} -e 1s/^X//' sed_quote_subst='$sed_quote_subst' # Be Bourne compatible if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then emulate sh NULLCMD=: # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac fi BIN_SH=xpg4; export BIN_SH # for Tru64 DUALCASE=1; export DUALCASE # for MKS sh # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH relink_command=\"$relink_command\" # This environment variable determines our operation mode. if test \"\$libtool_install_magic\" = \"$magic\"; then # install mode needs the following variables: generated_by_libtool_version='$macro_version' notinst_deplibs='$notinst_deplibs' else # When we are sourced in execute mode, \$file and \$ECHO are already set. if test \"\$libtool_execute_magic\" != \"$magic\"; then ECHO=\"$qecho\" file=\"\$0\" # Make sure echo works. if test \"X\$1\" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then # Yippee, \$ECHO works! : else # Restart under the correct shell, and then maybe \$ECHO will work. exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"} fi fi\ " $ECHO "\ # Find the directory that this script lives in. thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\` test \"x\$thisdir\" = \"x\$file\" && thisdir=. # Follow symbolic links until we get to the real thisdir. file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\` while test -n \"\$file\"; do destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\` # If there was a directory component, then change thisdir. if test \"x\$destdir\" != \"x\$file\"; then case \"\$destdir\" in [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; *) thisdir=\"\$thisdir/\$destdir\" ;; esac fi file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\` file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\` done " } # end: func_emit_wrapper_part1 # func_emit_wrapper_part2 [arg=no] # # Emit the second part of a libtool wrapper script on stdout. # For more information, see the description associated with # func_emit_wrapper(), below. func_emit_wrapper_part2 () { func_emit_wrapper_part2_arg1=no if test -n "$1" ; then func_emit_wrapper_part2_arg1=$1 fi $ECHO "\ # Usually 'no', except on cygwin/mingw when embedded into # the cwrapper. WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1 if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then # special case for '.' if test \"\$thisdir\" = \".\"; then thisdir=\`pwd\` fi # remove .libs from thisdir case \"\$thisdir\" in *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;; $objdir ) thisdir=. ;; esac fi # Try to get the absolute directory name. absdir=\`cd \"\$thisdir\" && pwd\` test -n \"\$absdir\" && thisdir=\"\$absdir\" " if test "$fast_install" = yes; then $ECHO "\ program=lt-'$outputname'$exeext progdir=\"\$thisdir/$objdir\" if test ! -f \"\$progdir/\$program\" || { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\ test \"X\$file\" != \"X\$progdir/\$program\"; }; then file=\"\$\$-\$program\" if test ! -d \"\$progdir\"; then $MKDIR \"\$progdir\" else $RM \"\$progdir/\$file\" fi" $ECHO "\ # relink executable if necessary if test -n \"\$relink_command\"; then if relink_command_output=\`eval \$relink_command 2>&1\`; then : else $ECHO \"\$relink_command_output\" >&2 $RM \"\$progdir/\$file\" exit 1 fi fi $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || { $RM \"\$progdir/\$program\"; $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } $RM \"\$progdir/\$file\" fi" else $ECHO "\ program='$outputname' progdir=\"\$thisdir/$objdir\" " fi $ECHO "\ if test -f \"\$progdir/\$program\"; then" # Export our shlibpath_var if we have one. if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then $ECHO "\ # Add our own library path to $shlibpath_var $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" # Some systems cannot cope with colon-terminated $shlibpath_var # The second colon is a workaround for a bug in BeOS R4 sed $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\` export $shlibpath_var " fi # fixup the dll searchpath if we need to. if test -n "$dllsearchpath"; then $ECHO "\ # Add the dll search path components to the executable PATH PATH=$dllsearchpath:\$PATH " fi $ECHO "\ if test \"\$libtool_execute_magic\" != \"$magic\"; then # Run the actual program with our arguments. " case $host in # Backslashes separate directories on plain windows *-*-mingw | *-*-os2* | *-cegcc*) $ECHO "\ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} " ;; *) $ECHO "\ exec \"\$progdir/\$program\" \${1+\"\$@\"} " ;; esac $ECHO "\ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 exit 1 fi else # The program doesn't exist. \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2 \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 exit 1 fi fi\ " } # end: func_emit_wrapper_part2 # func_emit_wrapper [arg=no] # # Emit a libtool wrapper script on stdout. # Don't directly open a file because we may want to # incorporate the script contents within a cygwin/mingw # wrapper executable. Must ONLY be called from within # func_mode_link because it depends on a number of variables # set therein. # # ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR # variable will take. If 'yes', then the emitted script # will assume that the directory in which it is stored is # the $objdir directory. This is a cygwin/mingw-specific # behavior. func_emit_wrapper () { func_emit_wrapper_arg1=no if test -n "$1" ; then func_emit_wrapper_arg1=$1 fi # split this up so that func_emit_cwrapperexe_src # can call each part independently. func_emit_wrapper_part1 "${func_emit_wrapper_arg1}" func_emit_wrapper_part2 "${func_emit_wrapper_arg1}" } # func_to_host_path arg # # Convert paths to host format when used with build tools. # Intended for use with "native" mingw (where libtool itself # is running under the msys shell), or in the following cross- # build environments: # $build $host # mingw (msys) mingw [e.g. native] # cygwin mingw # *nix + wine mingw # where wine is equipped with the `winepath' executable. # In the native mingw case, the (msys) shell automatically # converts paths for any non-msys applications it launches, # but that facility isn't available from inside the cwrapper. # Similar accommodations are necessary for $host mingw and # $build cygwin. Calling this function does no harm for other # $host/$build combinations not listed above. # # ARG is the path (on $build) that should be converted to # the proper representation for $host. The result is stored # in $func_to_host_path_result. func_to_host_path () { func_to_host_path_result="$1" if test -n "$1" ; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' case $build in *mingw* ) # actually, msys # awkward: cmd appends spaces to result lt_sed_strip_trailing_spaces="s/[ ]*\$//" func_to_host_path_tmp1=`( cmd //c echo "$1" |\ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ $SED -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) func_to_host_path_tmp1=`cygpath -w "$1"` func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ $SED -e "$lt_sed_naive_backslashify"` ;; * ) # Unfortunately, winepath does not exit with a non-zero # error code, so we are forced to check the contents of # stdout. On the other hand, if the command is not # found, the shell will set an exit code of 127 and print # *an error message* to stdout. So we must check for both # error code of zero AND non-empty stdout, which explains # the odd construction: func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null` if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\ $SED -e "$lt_sed_naive_backslashify"` else # Allow warning below. func_to_host_path_result="" fi ;; esac if test -z "$func_to_host_path_result" ; then func_error "Could not determine host path corresponding to" func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback: func_to_host_path_result="$1" fi ;; esac fi } # end: func_to_host_path # func_to_host_pathlist arg # # Convert pathlists to host format when used with build tools. # See func_to_host_path(), above. This function supports the # following $build/$host combinations (but does no harm for # combinations not listed here): # $build $host # mingw (msys) mingw [e.g. native] # cygwin mingw # *nix + wine mingw # # Path separators are also converted from $build format to # $host format. If ARG begins or ends with a path separator # character, it is preserved (but converted to $host format) # on output. # # ARG is a pathlist (on $build) that should be converted to # the proper representation on $host. The result is stored # in $func_to_host_pathlist_result. func_to_host_pathlist () { func_to_host_pathlist_result="$1" if test -n "$1" ; then case $host in *mingw* ) lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' # Remove leading and trailing path separator characters from # ARG. msys behavior is inconsistent here, cygpath turns them # into '.;' and ';.', and winepath ignores them completely. func_to_host_pathlist_tmp2="$1" # Once set for this call, this variable should not be # reassigned. It is used in tha fallback case. func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\ $SED -e 's|^:*||' -e 's|:*$||'` case $build in *mingw* ) # Actually, msys. # Awkward: cmd appends spaces to result. lt_sed_strip_trailing_spaces="s/[ ]*\$//" func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""` func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ $SED -e "$lt_sed_naive_backslashify"` ;; *cygwin* ) func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"` func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\ $SED -e "$lt_sed_naive_backslashify"` ;; * ) # unfortunately, winepath doesn't convert pathlists func_to_host_pathlist_result="" func_to_host_pathlist_oldIFS=$IFS IFS=: for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do IFS=$func_to_host_pathlist_oldIFS if test -n "$func_to_host_pathlist_f" ; then func_to_host_path "$func_to_host_pathlist_f" if test -n "$func_to_host_path_result" ; then if test -z "$func_to_host_pathlist_result" ; then func_to_host_pathlist_result="$func_to_host_path_result" else func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result" fi fi fi IFS=: done IFS=$func_to_host_pathlist_oldIFS ;; esac if test -z "$func_to_host_pathlist_result" ; then func_error "Could not determine the host path(s) corresponding to" func_error " '$1'" func_error "Continuing, but uninstalled executables may not work." # Fallback. This may break if $1 contains DOS-style drive # specifications. The fix is not to complicate the expression # below, but for the user to provide a working wine installation # with winepath so that path translation in the cross-to-mingw # case works properly. lt_replace_pathsep_nix_to_dos="s|:|;|g" func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\ $SED -e "$lt_replace_pathsep_nix_to_dos"` fi # Now, add the leading and trailing path separators back case "$1" in :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result" ;; esac case "$1" in *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;" ;; esac ;; esac fi } # end: func_to_host_pathlist # func_emit_cwrapperexe_src # emit the source code for a wrapper executable on stdout # Must ONLY be called from within func_mode_link because # it depends on a number of variable set therein. func_emit_cwrapperexe_src () { cat < #include #ifdef _MSC_VER # include # include # include # define setmode _setmode #else # include # include # ifdef __CYGWIN__ # include # define HAVE_SETENV # ifdef __STRICT_ANSI__ char *realpath (const char *, char *); int putenv (char *); int setenv (const char *, const char *, int); # endif # endif #endif #include #include #include #include #include #include #include #include #if defined(PATH_MAX) # define LT_PATHMAX PATH_MAX #elif defined(MAXPATHLEN) # define LT_PATHMAX MAXPATHLEN #else # define LT_PATHMAX 1024 #endif #ifndef S_IXOTH # define S_IXOTH 0 #endif #ifndef S_IXGRP # define S_IXGRP 0 #endif #ifdef _MSC_VER # define S_IXUSR _S_IEXEC # define stat _stat # ifndef _INTPTR_T_DEFINED # define intptr_t int # endif #endif #ifndef DIR_SEPARATOR # define DIR_SEPARATOR '/' # define PATH_SEPARATOR ':' #endif #if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \ defined (__OS2__) # define HAVE_DOS_BASED_FILE_SYSTEM # define FOPEN_WB "wb" # ifndef DIR_SEPARATOR_2 # define DIR_SEPARATOR_2 '\\' # endif # ifndef PATH_SEPARATOR_2 # define PATH_SEPARATOR_2 ';' # endif #endif #ifndef DIR_SEPARATOR_2 # define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) #else /* DIR_SEPARATOR_2 */ # define IS_DIR_SEPARATOR(ch) \ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) #endif /* DIR_SEPARATOR_2 */ #ifndef PATH_SEPARATOR_2 # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) #else /* PATH_SEPARATOR_2 */ # define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) #endif /* PATH_SEPARATOR_2 */ #ifdef __CYGWIN__ # define FOPEN_WB "wb" #endif #ifndef FOPEN_WB # define FOPEN_WB "w" #endif #ifndef _O_BINARY # define _O_BINARY 0 #endif #define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) #define XFREE(stale) do { \ if (stale) { free ((void *) stale); stale = 0; } \ } while (0) #undef LTWRAPPER_DEBUGPRINTF #if defined DEBUGWRAPPER # define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args static void ltwrapper_debugprintf (const char *fmt, ...) { va_list args; va_start (args, fmt); (void) vfprintf (stderr, fmt, args); va_end (args); } #else # define LTWRAPPER_DEBUGPRINTF(args) #endif const char *program_name = NULL; void *xmalloc (size_t num); char *xstrdup (const char *string); const char *base_name (const char *name); char *find_executable (const char *wrapper); char *chase_symlinks (const char *pathspec); int make_executable (const char *path); int check_executable (const char *path); char *strendzap (char *str, const char *pat); void lt_fatal (const char *message, ...); void lt_setenv (const char *name, const char *value); char *lt_extend_str (const char *orig_value, const char *add, int to_end); void lt_opt_process_env_set (const char *arg); void lt_opt_process_env_prepend (const char *arg); void lt_opt_process_env_append (const char *arg); int lt_split_name_value (const char *arg, char** name, char** value); void lt_update_exe_path (const char *name, const char *value); void lt_update_lib_path (const char *name, const char *value); static const char *script_text_part1 = EOF func_emit_wrapper_part1 yes | $SED -e 's/\([\\"]\)/\\\1/g' \ -e 's/^/ "/' -e 's/$/\\n"/' echo ";" cat <"))); for (i = 0; i < newargc; i++) { LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : ""))); } EOF case $host_os in mingw*) cat <<"EOF" /* execv doesn't actually work on mingw as expected on unix */ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); if (rval == -1) { /* failed to start process */ LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno)); return 127; } return rval; EOF ;; *) cat <<"EOF" execv (lt_argv_zero, newargz); return rval; /* =127, but avoids unused variable warning */ EOF ;; esac cat <<"EOF" } void * xmalloc (size_t num) { void *p = (void *) malloc (num); if (!p) lt_fatal ("Memory exhausted"); return p; } char * xstrdup (const char *string) { return string ? strcpy ((char *) xmalloc (strlen (string) + 1), string) : NULL; } const char * base_name (const char *name) { const char *base; #if defined (HAVE_DOS_BASED_FILE_SYSTEM) /* Skip over the disk name in MSDOS pathnames. */ if (isalpha ((unsigned char) name[0]) && name[1] == ':') name += 2; #endif for (base = name; *name; name++) if (IS_DIR_SEPARATOR (*name)) base = name + 1; return base; } int check_executable (const char *path) { struct stat st; LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!")); if ((!path) || (!*path)) return 0; if ((stat (path, &st) >= 0) && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) return 1; else return 0; } int make_executable (const char *path) { int rval = 0; struct stat st; LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n", path ? (*path ? path : "EMPTY!") : "NULL!")); if ((!path) || (!*path)) return 0; if (stat (path, &st) >= 0) { rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); } return rval; } /* Searches for the full path of the wrapper. Returns newly allocated full path name if found, NULL otherwise Does not chase symlinks, even on platforms that support them. */ char * find_executable (const char *wrapper) { int has_slash = 0; const char *p; const char *p_next; /* static buffer for getcwd */ char tmp[LT_PATHMAX + 1]; int tmp_len; char *concat_name; LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n", wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!")); if ((wrapper == NULL) || (*wrapper == '\0')) return NULL; /* Absolute path? */ #if defined (HAVE_DOS_BASED_FILE_SYSTEM) if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } else { #endif if (IS_DIR_SEPARATOR (wrapper[0])) { concat_name = xstrdup (wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } #if defined (HAVE_DOS_BASED_FILE_SYSTEM) } #endif for (p = wrapper; *p; p++) if (*p == '/') { has_slash = 1; break; } if (!has_slash) { /* no slashes; search PATH */ const char *path = getenv ("PATH"); if (path != NULL) { for (p = path; *p; p = p_next) { const char *q; size_t p_len; for (q = p; *q; q++) if (IS_PATH_SEPARATOR (*q)) break; p_len = q - p; p_next = (*q == '\0' ? q : q + 1); if (p_len == 0) { /* empty path: current directory */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal ("getcwd failed"); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); } else { concat_name = XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, p, p_len); concat_name[p_len] = '/'; strcpy (concat_name + p_len + 1, wrapper); } if (check_executable (concat_name)) return concat_name; XFREE (concat_name); } } /* not found in PATH; assume curdir */ } /* Relative path | not found in path: prepend cwd */ if (getcwd (tmp, LT_PATHMAX) == NULL) lt_fatal ("getcwd failed"); tmp_len = strlen (tmp); concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); memcpy (concat_name, tmp, tmp_len); concat_name[tmp_len] = '/'; strcpy (concat_name + tmp_len + 1, wrapper); if (check_executable (concat_name)) return concat_name; XFREE (concat_name); return NULL; } char * chase_symlinks (const char *pathspec) { #ifndef S_ISLNK return xstrdup (pathspec); #else char buf[LT_PATHMAX]; struct stat s; char *tmp_pathspec = xstrdup (pathspec); char *p; int has_symlinks = 0; while (strlen (tmp_pathspec) && !has_symlinks) { LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n", tmp_pathspec)); if (lstat (tmp_pathspec, &s) == 0) { if (S_ISLNK (s.st_mode) != 0) { has_symlinks = 1; break; } /* search backwards for last DIR_SEPARATOR */ p = tmp_pathspec + strlen (tmp_pathspec) - 1; while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) p--; if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) { /* no more DIR_SEPARATORS left */ break; } *p = '\0'; } else { char *errstr = strerror (errno); lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr); } } XFREE (tmp_pathspec); if (!has_symlinks) { return xstrdup (pathspec); } tmp_pathspec = realpath (pathspec, buf); if (tmp_pathspec == 0) { lt_fatal ("Could not follow symlinks for %s", pathspec); } return xstrdup (tmp_pathspec); #endif } char * strendzap (char *str, const char *pat) { size_t len, patlen; assert (str != NULL); assert (pat != NULL); len = strlen (str); patlen = strlen (pat); if (patlen <= len) { str += len - patlen; if (strcmp (str, pat) == 0) *str = '\0'; } return str; } static void lt_error_core (int exit_status, const char *mode, const char *message, va_list ap) { fprintf (stderr, "%s: %s: ", program_name, mode); vfprintf (stderr, message, ap); fprintf (stderr, ".\n"); if (exit_status >= 0) exit (exit_status); } void lt_fatal (const char *message, ...) { va_list ap; va_start (ap, message); lt_error_core (EXIT_FAILURE, "FATAL", message, ap); va_end (ap); } void lt_setenv (const char *name, const char *value) { LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n", (name ? name : ""), (value ? value : ""))); { #ifdef HAVE_SETENV /* always make a copy, for consistency with !HAVE_SETENV */ char *str = xstrdup (value); setenv (name, str, 1); #else int len = strlen (name) + 1 + strlen (value) + 1; char *str = XMALLOC (char, len); sprintf (str, "%s=%s", name, value); if (putenv (str) != EXIT_SUCCESS) { XFREE (str); } #endif } } char * lt_extend_str (const char *orig_value, const char *add, int to_end) { char *new_value; if (orig_value && *orig_value) { int orig_value_len = strlen (orig_value); int add_len = strlen (add); new_value = XMALLOC (char, add_len + orig_value_len + 1); if (to_end) { strcpy (new_value, orig_value); strcpy (new_value + orig_value_len, add); } else { strcpy (new_value, add); strcpy (new_value + add_len, orig_value); } } else { new_value = xstrdup (add); } return new_value; } int lt_split_name_value (const char *arg, char** name, char** value) { const char *p; int len; if (!arg || !*arg) return 1; p = strchr (arg, (int)'='); if (!p) return 1; *value = xstrdup (++p); len = strlen (arg) - strlen (*value); *name = XMALLOC (char, len); strncpy (*name, arg, len-1); (*name)[len - 1] = '\0'; return 0; } void lt_opt_process_env_set (const char *arg) { char *name = NULL; char *value = NULL; if (lt_split_name_value (arg, &name, &value) != 0) { XFREE (name); XFREE (value); lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg); } lt_setenv (name, value); XFREE (name); XFREE (value); } void lt_opt_process_env_prepend (const char *arg) { char *name = NULL; char *value = NULL; char *new_value = NULL; if (lt_split_name_value (arg, &name, &value) != 0) { XFREE (name); XFREE (value); lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg); } new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); XFREE (name); XFREE (value); } void lt_opt_process_env_append (const char *arg) { char *name = NULL; char *value = NULL; char *new_value = NULL; if (lt_split_name_value (arg, &name, &value) != 0) { XFREE (name); XFREE (value); lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg); } new_value = lt_extend_str (getenv (name), value, 1); lt_setenv (name, new_value); XFREE (new_value); XFREE (name); XFREE (value); } void lt_update_exe_path (const char *name, const char *value) { LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n", (name ? name : ""), (value ? value : ""))); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); /* some systems can't cope with a ':'-terminated path #' */ int len = strlen (new_value); while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1])) { new_value[len-1] = '\0'; } lt_setenv (name, new_value); XFREE (new_value); } } void lt_update_lib_path (const char *name, const char *value) { LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n", (name ? name : ""), (value ? value : ""))); if (name && *name && value && *value) { char *new_value = lt_extend_str (getenv (name), value, 0); lt_setenv (name, new_value); XFREE (new_value); } } EOF } # end: func_emit_cwrapperexe_src # func_mode_link arg... func_mode_link () { $opt_debug case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) # It is impossible to link a dll without this setting, and # we shouldn't force the makefile maintainer to figure out # which system we are compiling for in order to pass an extra # flag for every libtool invocation. # allow_undefined=no # FIXME: Unfortunately, there are problems with the above when trying # to make a dll which has undefined symbols, in which case not # even a static library is built. For now, we need to specify # -no-undefined on the libtool link line when we can be certain # that all symbols are satisfied, otherwise we get a static library. allow_undefined=yes ;; *) allow_undefined=yes ;; esac libtool_args=$nonopt base_compile="$nonopt $@" compile_command=$nonopt finalize_command=$nonopt compile_rpath= finalize_rpath= compile_shlibpath= finalize_shlibpath= convenience= old_convenience= deplibs= old_deplibs= compiler_flags= linker_flags= dllsearchpath= lib_search_path=`pwd` inst_prefix_dir= new_inherited_linker_flags= avoid_version=no dlfiles= dlprefiles= dlself=no export_dynamic=no export_symbols= export_symbols_regex= generated= libobjs= ltlibs= module=no no_install=no objs= non_pic_objects= precious_files_regex= prefer_static_libs=no preload=no prev= prevarg= release= rpath= xrpath= perm_rpath= temp_rpath= thread_safe=no vinfo= vinfo_number=no weak_libs= single_module="${wl}-single_module" func_infer_tag $base_compile # We need to know -static, to get the right output filenames. for arg do case $arg in -shared) test "$build_libtool_libs" != yes && \ func_fatal_configuration "can not build a shared library" build_old_libs=no break ;; -all-static | -static | -static-libtool-libs) case $arg in -all-static) if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then func_warning "complete static linking is impossible in this configuration" fi if test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; -static) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=built ;; -static-libtool-libs) if test -z "$pic_flag" && test -n "$link_static_flag"; then dlopen_self=$dlopen_self_static fi prefer_static_libs=yes ;; esac build_libtool_libs=no build_old_libs=yes break ;; esac done # See if our shared archives depend on static archives. test -n "$old_archive_from_new_cmds" && build_old_libs=yes # Go through the arguments, transforming them on the way. while test "$#" -gt 0; do arg="$1" shift func_quote_for_eval "$arg" qarg=$func_quote_for_eval_unquoted_result func_append libtool_args " $func_quote_for_eval_result" # If the previous option needs an argument, assign it. if test -n "$prev"; then case $prev in output) func_append compile_command " @OUTPUT@" func_append finalize_command " @OUTPUT@" ;; esac case $prev in dlfiles|dlprefiles) if test "$preload" = no; then # Add the symbol object into the linking commands. func_append compile_command " @SYMFILE@" func_append finalize_command " @SYMFILE@" preload=yes fi case $arg in *.la | *.lo) ;; # We handle these cases below. force) if test "$dlself" = no; then dlself=needless export_dynamic=yes fi prev= continue ;; self) if test "$prev" = dlprefiles; then dlself=yes elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then dlself=yes else dlself=needless export_dynamic=yes fi prev= continue ;; *) if test "$prev" = dlfiles; then dlfiles="$dlfiles $arg" else dlprefiles="$dlprefiles $arg" fi prev= continue ;; esac ;; expsyms) export_symbols="$arg" test -f "$arg" \ || func_fatal_error "symbol file \`$arg' does not exist" prev= continue ;; expsyms_regex) export_symbols_regex="$arg" prev= continue ;; framework) case $host in *-*-darwin*) case "$deplibs " in *" $qarg.ltframework "*) ;; *) deplibs="$deplibs $qarg.ltframework" # this is fixed later ;; esac ;; esac prev= continue ;; inst_prefix) inst_prefix_dir="$arg" prev= continue ;; objectlist) if test -f "$arg"; then save_arg=$arg moreargs= for fil in `cat "$save_arg"` do # moreargs="$moreargs $fil" arg=$fil # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then dlfiles="$dlfiles $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. dlprefiles="$dlprefiles $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi done else func_fatal_error "link input file \`$arg' does not exist" fi arg=$save_arg prev= continue ;; precious_regex) precious_files_regex="$arg" prev= continue ;; release) release="-$arg" prev= continue ;; rpath | xrpath) # We need an absolute path. case $arg in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac if test "$prev" = rpath; then case "$rpath " in *" $arg "*) ;; *) rpath="$rpath $arg" ;; esac else case "$xrpath " in *" $arg "*) ;; *) xrpath="$xrpath $arg" ;; esac fi prev= continue ;; shrext) shrext_cmds="$arg" prev= continue ;; weak) weak_libs="$weak_libs $arg" prev= continue ;; xcclinker) linker_flags="$linker_flags $qarg" compiler_flags="$compiler_flags $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xcompiler) compiler_flags="$compiler_flags $qarg" prev= func_append compile_command " $qarg" func_append finalize_command " $qarg" continue ;; xlinker) linker_flags="$linker_flags $qarg" compiler_flags="$compiler_flags $wl$qarg" prev= func_append compile_command " $wl$qarg" func_append finalize_command " $wl$qarg" continue ;; *) eval "$prev=\"\$arg\"" prev= continue ;; esac fi # test -n "$prev" prevarg="$arg" case $arg in -all-static) if test -n "$link_static_flag"; then # See comment for -static flag below, for more details. func_append compile_command " $link_static_flag" func_append finalize_command " $link_static_flag" fi continue ;; -allow-undefined) # FIXME: remove this flag sometime in the future. func_fatal_error "\`-allow-undefined' must not be used because it is the default" ;; -avoid-version) avoid_version=yes continue ;; -dlopen) prev=dlfiles continue ;; -dlpreopen) prev=dlprefiles continue ;; -export-dynamic) export_dynamic=yes continue ;; -export-symbols | -export-symbols-regex) if test -n "$export_symbols" || test -n "$export_symbols_regex"; then func_fatal_error "more than one -exported-symbols argument is not allowed" fi if test "X$arg" = "X-export-symbols"; then prev=expsyms else prev=expsyms_regex fi continue ;; -framework) prev=framework continue ;; -inst-prefix-dir) prev=inst_prefix continue ;; # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* # so, if we see these flags be careful not to treat them like -L -L[A-Z][A-Z]*:*) case $with_gcc/$host in no/*-*-irix* | /*-*-irix*) func_append compile_command " $arg" func_append finalize_command " $arg" ;; esac continue ;; -L*) func_stripname '-L' '' "$arg" dir=$func_stripname_result if test -z "$dir"; then if test "$#" -gt 0; then func_fatal_error "require no space between \`-L' and \`$1'" else func_fatal_error "need path for \`-L' option" fi fi # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) absdir=`cd "$dir" && pwd` test -z "$absdir" && \ func_fatal_error "cannot determine absolute directory name of \`$dir'" dir="$absdir" ;; esac case "$deplibs " in *" -L$dir "*) ;; *) deplibs="$deplibs -L$dir" lib_search_path="$lib_search_path $dir" ;; esac case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$dir:"*) ;; ::) dllsearchpath=$dir;; *) dllsearchpath="$dllsearchpath:$dir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) dllsearchpath="$dllsearchpath:$testbindir";; esac ;; esac continue ;; -l*) if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*) # These systems don't actually have a C or math library (as such) continue ;; *-*-os2*) # These systems don't actually have a C library (as such) test "X$arg" = "X-lc" && continue ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. test "X$arg" = "X-lc" && continue ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C and math libraries are in the System framework deplibs="$deplibs System.ltframework" continue ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype test "X$arg" = "X-lc" && continue ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work test "X$arg" = "X-lc" && continue ;; esac elif test "X$arg" = "X-lc_r"; then case $host in *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc_r directly, use -pthread flag. continue ;; esac fi deplibs="$deplibs $arg" continue ;; -module) module=yes continue ;; # Tru64 UNIX uses -model [arg] to determine the layout of C++ # classes, name mangling, and exception handling. # Darwin uses the -arch flag to determine output architecture. -model|-arch|-isysroot) compiler_flags="$compiler_flags $arg" func_append compile_command " $arg" func_append finalize_command " $arg" prev=xcompiler continue ;; -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) compiler_flags="$compiler_flags $arg" func_append compile_command " $arg" func_append finalize_command " $arg" case "$new_inherited_linker_flags " in *" $arg "*) ;; * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;; esac continue ;; -multi_module) single_module="${wl}-multi_module" continue ;; -no-fast-install) fast_install=no continue ;; -no-install) case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) # The PATH hackery in wrapper scripts is required on Windows # and Darwin in order for the loader to find any dlls it needs. func_warning "\`-no-install' is ignored for $host" func_warning "assuming \`-no-fast-install' instead" fast_install=no ;; *) no_install=yes ;; esac continue ;; -no-undefined) allow_undefined=no continue ;; -objectlist) prev=objectlist continue ;; -o) prev=output ;; -precious-files-regex) prev=precious_regex continue ;; -release) prev=release continue ;; -rpath) prev=rpath continue ;; -R) prev=xrpath continue ;; -R*) func_stripname '-R' '' "$arg" dir=$func_stripname_result # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) ;; *) func_fatal_error "only absolute run-paths are allowed" ;; esac case "$xrpath " in *" $dir "*) ;; *) xrpath="$xrpath $dir" ;; esac continue ;; -shared) # The effects of -shared are defined in a previous loop. continue ;; -shrext) prev=shrext continue ;; -static | -static-libtool-libs) # The effects of -static are defined in a previous loop. # We used to do the same as -all-static on platforms that # didn't have a PIC flag, but the assumption that the effects # would be equivalent was wrong. It would break on at least # Digital Unix and AIX. continue ;; -thread-safe) thread_safe=yes continue ;; -version-info) prev=vinfo continue ;; -version-number) prev=vinfo vinfo_number=yes continue ;; -weak) prev=weak continue ;; -Wc,*) func_stripname '-Wc,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" arg="$arg $wl$func_quote_for_eval_result" compiler_flags="$compiler_flags $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Wl,*) func_stripname '-Wl,' '' "$arg" args=$func_stripname_result arg= save_ifs="$IFS"; IFS=',' for flag in $args; do IFS="$save_ifs" func_quote_for_eval "$flag" arg="$arg $wl$func_quote_for_eval_result" compiler_flags="$compiler_flags $wl$func_quote_for_eval_result" linker_flags="$linker_flags $func_quote_for_eval_result" done IFS="$save_ifs" func_stripname ' ' '' "$arg" arg=$func_stripname_result ;; -Xcompiler) prev=xcompiler continue ;; -Xlinker) prev=xlinker continue ;; -XCClinker) prev=xcclinker continue ;; # -msg_* for osf cc -msg_*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; # -64, -mips[0-9] enable 64-bit mode on the SGI compiler # -r[0-9][0-9]* specifies the processor on the SGI compiler # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler # +DA*, +DD* enable 64-bit mode on the HP compiler # -q* pass through compiler args for the IBM compiler # -m*, -t[45]*, -txscale* pass through architecture-specific # compiler args for GCC # -F/path gives path to uninstalled frameworks, gcc on darwin # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC # @file GCC response files -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" func_append compile_command " $arg" func_append finalize_command " $arg" compiler_flags="$compiler_flags $arg" continue ;; # Some other compiler flag. -* | +*) func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; *.$objext) # A standard object. objs="$objs $arg" ;; *.lo) # A libtool-controlled object. # Check to see that this really is a libtool object. if func_lalib_unsafe_p "$arg"; then pic_object= non_pic_object= # Read the .lo file func_source "$arg" if test -z "$pic_object" || test -z "$non_pic_object" || test "$pic_object" = none && test "$non_pic_object" = none; then func_fatal_error "cannot find name of object for \`$arg'" fi # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" if test "$pic_object" != none; then # Prepend the subdirectory the object is found in. pic_object="$xdir$pic_object" if test "$prev" = dlfiles; then if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then dlfiles="$dlfiles $pic_object" prev= continue else # If libtool objects are unsupported, then we need to preload. prev=dlprefiles fi fi # CHECK ME: I think I busted this. -Ossama if test "$prev" = dlprefiles; then # Preload the old-style object. dlprefiles="$dlprefiles $pic_object" prev= fi # A PIC object. func_append libobjs " $pic_object" arg="$pic_object" fi # Non-PIC object. if test "$non_pic_object" != none; then # Prepend the subdirectory the object is found in. non_pic_object="$xdir$non_pic_object" # A standard non-PIC object func_append non_pic_objects " $non_pic_object" if test -z "$pic_object" || test "$pic_object" = none ; then arg="$non_pic_object" fi else # If the PIC object exists, use it instead. # $xdir was prepended to $pic_object above. non_pic_object="$pic_object" func_append non_pic_objects " $non_pic_object" fi else # Only an error if not doing a dry-run. if $opt_dry_run; then # Extract subdirectory from the argument. func_dirname "$arg" "/" "" xdir="$func_dirname_result" func_lo2o "$arg" pic_object=$xdir$objdir/$func_lo2o_result non_pic_object=$xdir$func_lo2o_result func_append libobjs " $pic_object" func_append non_pic_objects " $non_pic_object" else func_fatal_error "\`$arg' is not a valid libtool object" fi fi ;; *.$libext) # An archive. deplibs="$deplibs $arg" old_deplibs="$old_deplibs $arg" continue ;; *.la) # A libtool-controlled library. if test "$prev" = dlfiles; then # This library was specified with -dlopen. dlfiles="$dlfiles $arg" prev= elif test "$prev" = dlprefiles; then # The library was specified with -dlpreopen. dlprefiles="$dlprefiles $arg" prev= else deplibs="$deplibs $arg" fi continue ;; # Some other compiler argument. *) # Unknown arguments in both finalize_command and compile_command need # to be aesthetically quoted because they are evaled later. func_quote_for_eval "$arg" arg="$func_quote_for_eval_result" ;; esac # arg # Now actually substitute the argument into the commands. if test -n "$arg"; then func_append compile_command " $arg" func_append finalize_command " $arg" fi done # argument parsing loop test -n "$prev" && \ func_fatal_help "the \`$prevarg' option requires an argument" if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then eval arg=\"$export_dynamic_flag_spec\" func_append compile_command " $arg" func_append finalize_command " $arg" fi oldlibs= # calculate the name of the file, without its directory func_basename "$output" outputname="$func_basename_result" libobjs_save="$libobjs" if test -n "$shlibpath_var"; then # get the directories listed in $shlibpath_var eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\` else shlib_search_path= fi eval sys_lib_search_path=\"$sys_lib_search_path_spec\" eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" func_dirname "$output" "/" "" output_objdir="$func_dirname_result$objdir" # Create the object directory. func_mkdir_p "$output_objdir" # Determine the type of output case $output in "") func_fatal_help "you must specify an output file" ;; *.$libext) linkmode=oldlib ;; *.lo | *.$objext) linkmode=obj ;; *.la) linkmode=lib ;; *) linkmode=prog ;; # Anything else should be a program. esac specialdeplibs= libs= # Find all interdependent deplibs by searching for libraries # that are linked more than once (e.g. -la -lb -la) for deplib in $deplibs; do if $opt_duplicate_deps ; then case "$libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi libs="$libs $deplib" done if test "$linkmode" = lib; then libs="$predeps $libs $compiler_lib_search_path $postdeps" # Compute libraries that are listed more than once in $predeps # $postdeps and mark them as special (i.e., whose duplicates are # not to be eliminated). pre_post_deps= if $opt_duplicate_compiler_generated_deps; then for pre_post_dep in $predeps $postdeps; do case "$pre_post_deps " in *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;; esac pre_post_deps="$pre_post_deps $pre_post_dep" done fi pre_post_deps= fi deplibs= newdependency_libs= newlib_search_path= need_relink=no # whether we're linking any uninstalled libtool libraries notinst_deplibs= # not-installed libtool libraries notinst_path= # paths that contain not-installed libtool libraries case $linkmode in lib) passes="conv dlpreopen link" for file in $dlfiles $dlprefiles; do case $file in *.la) ;; *) func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file" ;; esac done ;; prog) compile_deplibs= finalize_deplibs= alldeplibs=no newdlfiles= newdlprefiles= passes="conv scan dlopen dlpreopen link" ;; *) passes="conv" ;; esac for pass in $passes; do # The preopen pass in lib mode reverses $deplibs; put it back here # so that -L comes before libs that need it for instance... if test "$linkmode,$pass" = "lib,link"; then ## FIXME: Find the place where the list is rebuilt in the wrong ## order, and fix it there properly tmp_deplibs= for deplib in $deplibs; do tmp_deplibs="$deplib $tmp_deplibs" done deplibs="$tmp_deplibs" fi if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan"; then libs="$deplibs" deplibs= fi if test "$linkmode" = prog; then case $pass in dlopen) libs="$dlfiles" ;; dlpreopen) libs="$dlprefiles" ;; link) libs="$deplibs %DEPLIBS% $dependency_libs" ;; esac fi if test "$linkmode,$pass" = "lib,dlpreopen"; then # Collect and forward deplibs of preopened libtool libs for lib in $dlprefiles; do # Ignore non-libtool-libs dependency_libs= case $lib in *.la) func_source "$lib" ;; esac # Collect preopened libtool deplibs, except any this library # has declared as weak libs for deplib in $dependency_libs; do deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"` case " $weak_libs " in *" $deplib_base "*) ;; *) deplibs="$deplibs $deplib" ;; esac done done libs="$dlprefiles" fi if test "$pass" = dlopen; then # Collect dlpreopened libraries save_deplibs="$deplibs" deplibs= fi for deplib in $libs; do lib= found=no case $deplib in -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else compiler_flags="$compiler_flags $deplib" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;; esac fi fi continue ;; -l*) if test "$linkmode" != lib && test "$linkmode" != prog; then func_warning "\`-l' is ignored for archives/objects" continue fi func_stripname '-l' '' "$deplib" name=$func_stripname_result if test "$linkmode" = lib; then searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" else searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" fi for searchdir in $searchdirs; do for search_ext in .la $std_shrext .so .a; do # Search the libtool library lib="$searchdir/lib${name}${search_ext}" if test -f "$lib"; then if test "$search_ext" = ".la"; then found=yes else found=no fi break 2 fi done done if test "$found" != yes; then # deplib doesn't seem to be a libtool library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue else # deplib is a libtool library # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, # We need to do some special things here, and not later. if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $deplib "*) if func_lalib_p "$lib"; then library_names= old_library= func_source "$lib" for l in $old_library $library_names; do ll="$l" done if test "X$ll" = "X$old_library" ; then # only static version available found=no func_dirname "$lib" "" "." ladir="$func_dirname_result" lib=$ladir/$old_library if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs" fi continue fi fi ;; *) ;; esac fi fi ;; # -l *.ltframework) if test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else deplibs="$deplib $deplibs" if test "$linkmode" = lib ; then case "$new_inherited_linker_flags " in *" $deplib "*) ;; * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;; esac fi fi continue ;; -L*) case $linkmode in lib) deplibs="$deplib $deplibs" test "$pass" = conv && continue newdependency_libs="$deplib $newdependency_libs" func_stripname '-L' '' "$deplib" newlib_search_path="$newlib_search_path $func_stripname_result" ;; prog) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi if test "$pass" = scan; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi func_stripname '-L' '' "$deplib" newlib_search_path="$newlib_search_path $func_stripname_result" ;; *) func_warning "\`-L' is ignored for archives/objects" ;; esac # linkmode continue ;; # -L -R*) if test "$pass" = link; then func_stripname '-R' '' "$deplib" dir=$func_stripname_result # Make sure the xrpath contains only unique directories. case "$xrpath " in *" $dir "*) ;; *) xrpath="$xrpath $dir" ;; esac fi deplibs="$deplib $deplibs" continue ;; *.la) lib="$deplib" ;; *.$libext) if test "$pass" = conv; then deplibs="$deplib $deplibs" continue fi case $linkmode in lib) # Linking convenience modules into shared libraries is allowed, # but linking other static libraries is non-portable. case " $dlpreconveniencelibs " in *" $deplib "*) ;; *) valid_a_lib=no case $deplibs_check_method in match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \ | $EGREP "$match_pattern_regex" > /dev/null; then valid_a_lib=yes fi ;; pass_all) valid_a_lib=yes ;; esac if test "$valid_a_lib" != yes; then $ECHO $ECHO "*** Warning: Trying to link with static lib archive $deplib." $ECHO "*** I have the capability to make that library automatically link in when" $ECHO "*** you link to this library. But I can only do this if you have a" $ECHO "*** shared version of the library, which you do not appear to have" $ECHO "*** because the file extensions .$libext of this argument makes me believe" $ECHO "*** that it is just a static archive that I should not use here." else $ECHO $ECHO "*** Warning: Linking the shared library $output against the" $ECHO "*** static library $deplib is not portable!" deplibs="$deplib $deplibs" fi ;; esac continue ;; prog) if test "$pass" != link; then deplibs="$deplib $deplibs" else compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" fi continue ;; esac # linkmode ;; # *.$libext *.lo | *.$objext) if test "$pass" = conv; then deplibs="$deplib $deplibs" elif test "$linkmode" = prog; then if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlopen support or we're linking statically, # we need to preload. newdlprefiles="$newdlprefiles $deplib" compile_deplibs="$deplib $compile_deplibs" finalize_deplibs="$deplib $finalize_deplibs" else newdlfiles="$newdlfiles $deplib" fi fi continue ;; %DEPLIBS%) alldeplibs=yes continue ;; esac # case $deplib if test "$found" = yes || test -f "$lib"; then : else func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'" fi # Check to see that this really is a libtool archive. func_lalib_unsafe_p "$lib" \ || func_fatal_error "\`$lib' is not a valid libtool archive" func_dirname "$lib" "" "." ladir="$func_dirname_result" dlname= dlopen= dlpreopen= libdir= library_names= old_library= inherited_linker_flags= # If the library was installed with an old release of libtool, # it will not redefine variables installed, or shouldnotlink installed=yes shouldnotlink=no avoidtemprpath= # Read the .la file func_source "$lib" # Convert "-framework foo" to "foo.ltframework" if test -n "$inherited_linker_flags"; then tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'` for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do case " $new_inherited_linker_flags " in *" $tmp_inherited_linker_flag "*) ;; *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";; esac done fi dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` if test "$linkmode,$pass" = "lib,link" || test "$linkmode,$pass" = "prog,scan" || { test "$linkmode" != prog && test "$linkmode" != lib; }; then test -n "$dlopen" && dlfiles="$dlfiles $dlopen" test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen" fi if test "$pass" = conv; then # Only check for convenience libraries deplibs="$lib $deplibs" if test -z "$libdir"; then if test -z "$old_library"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # It is a libtool convenience library, so add in its objects. convenience="$convenience $ladir/$objdir/$old_library" old_convenience="$old_convenience $ladir/$objdir/$old_library" elif test "$linkmode" != prog && test "$linkmode" != lib; then func_fatal_error "\`$lib' is not a convenience library" fi tmp_libs= for deplib in $dependency_libs; do deplibs="$deplib $deplibs" if $opt_duplicate_deps ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done continue fi # $pass = conv # Get the name of the library we link against. linklib= for l in $old_library $library_names; do linklib="$l" done if test -z "$linklib"; then func_fatal_error "cannot find name of link library for \`$lib'" fi # This library was specified with -dlopen. if test "$pass" = dlopen; then if test -z "$libdir"; then func_fatal_error "cannot -dlopen a convenience library: \`$lib'" fi if test -z "$dlname" || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then # If there is no dlname, no dlopen support or we're linking # statically, we need to preload. We also need to preload any # dependent libraries so libltdl's deplib preloader doesn't # bomb out in the load deplibs phase. dlprefiles="$dlprefiles $lib $dependency_libs" else newdlfiles="$newdlfiles $lib" fi continue fi # $pass = dlopen # We need an absolute path. case $ladir in [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;; *) abs_ladir=`cd "$ladir" && pwd` if test -z "$abs_ladir"; then func_warning "cannot determine absolute directory name of \`$ladir'" func_warning "passing it literally to the linker, although it might fail" abs_ladir="$ladir" fi ;; esac func_basename "$lib" laname="$func_basename_result" # Find the relevant object directory and library name. if test "X$installed" = Xyes; then if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then func_warning "library \`$lib' was moved." dir="$ladir" absdir="$abs_ladir" libdir="$abs_ladir" else dir="$libdir" absdir="$libdir" fi test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes else if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then dir="$ladir" absdir="$abs_ladir" # Remove this search path later notinst_path="$notinst_path $abs_ladir" else dir="$ladir/$objdir" absdir="$abs_ladir/$objdir" # Remove this search path later notinst_path="$notinst_path $abs_ladir" fi fi # $installed = yes func_stripname 'lib' '.la' "$laname" name=$func_stripname_result # This library was specified with -dlpreopen. if test "$pass" = dlpreopen; then if test -z "$libdir" && test "$linkmode" = prog; then func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'" fi # Prefer using a static library (so that no silly _DYNAMIC symbols # are required to link). if test -n "$old_library"; then newdlprefiles="$newdlprefiles $dir/$old_library" # Keep a list of preopened convenience libraries to check # that they are being used correctly in the link pass. test -z "$libdir" && \ dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library" # Otherwise, use the dlname, so that lt_dlopen finds it. elif test -n "$dlname"; then newdlprefiles="$newdlprefiles $dir/$dlname" else newdlprefiles="$newdlprefiles $dir/$linklib" fi fi # $pass = dlpreopen if test -z "$libdir"; then # Link the convenience library if test "$linkmode" = lib; then deplibs="$dir/$old_library $deplibs" elif test "$linkmode,$pass" = "prog,link"; then compile_deplibs="$dir/$old_library $compile_deplibs" finalize_deplibs="$dir/$old_library $finalize_deplibs" else deplibs="$lib $deplibs" # used for prog,scan pass fi continue fi if test "$linkmode" = prog && test "$pass" != link; then newlib_search_path="$newlib_search_path $ladir" deplibs="$lib $deplibs" linkalldeplibs=no if test "$link_all_deplibs" != no || test -z "$library_names" || test "$build_libtool_libs" = no; then linkalldeplibs=yes fi tmp_libs= for deplib in $dependency_libs; do case $deplib in -L*) func_stripname '-L' '' "$deplib" newlib_search_path="$newlib_search_path $func_stripname_result" ;; esac # Need to link against all dependency_libs? if test "$linkalldeplibs" = yes; then deplibs="$deplib $deplibs" else # Need to hardcode shared library paths # or/and link against static libraries newdependency_libs="$deplib $newdependency_libs" fi if $opt_duplicate_deps ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done # for deplib continue fi # $linkmode = prog... if test "$linkmode,$pass" = "prog,link"; then if test -n "$library_names" && { { test "$prefer_static_libs" = no || test "$prefer_static_libs,$installed" = "built,yes"; } || test -z "$old_library"; }; then # We need to hardcode the library path if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then # Make sure the rpath contains only unique directories. case "$temp_rpath:" in *"$absdir:"*) ;; *) temp_rpath="$temp_rpath$absdir:" ;; esac fi # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) compile_rpath="$compile_rpath $absdir" esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" esac ;; esac fi # $linkmode,$pass = prog,link... if test "$alldeplibs" = yes && { test "$deplibs_check_method" = pass_all || { test "$build_libtool_libs" = yes && test -n "$library_names"; }; }; then # We only need to search for static libraries continue fi fi link_static=no # Whether the deplib will be linked statically use_static_libs=$prefer_static_libs if test "$use_static_libs" = built && test "$installed" = yes; then use_static_libs=no fi if test -n "$library_names" && { test "$use_static_libs" = no || test -z "$old_library"; }; then case $host in *cygwin* | *mingw* | *cegcc*) # No point in relinking DLLs because paths are not encoded notinst_deplibs="$notinst_deplibs $lib" need_relink=no ;; *) if test "$installed" = no; then notinst_deplibs="$notinst_deplibs $lib" need_relink=yes fi ;; esac # This is a shared library # Warn about portability, can't link against -module's on some # systems (darwin). Don't bleat about dlopened modules though! dlopenmodule="" for dlpremoduletest in $dlprefiles; do if test "X$dlpremoduletest" = "X$lib"; then dlopenmodule="$dlpremoduletest" break fi done if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then $ECHO if test "$linkmode" = prog; then $ECHO "*** Warning: Linking the executable $output against the loadable module" else $ECHO "*** Warning: Linking the shared library $output against the loadable module" fi $ECHO "*** $linklib is not portable!" fi if test "$linkmode" = lib && test "$hardcode_into_libs" = yes; then # Hardcode the library path. # Skip directories that are in the system default run-time # search path. case " $sys_lib_dlsearch_path " in *" $absdir "*) ;; *) case "$compile_rpath " in *" $absdir "*) ;; *) compile_rpath="$compile_rpath $absdir" esac ;; esac case " $sys_lib_dlsearch_path " in *" $libdir "*) ;; *) case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" esac ;; esac fi if test -n "$old_archive_from_expsyms_cmds"; then # figure out the soname set dummy $library_names shift realname="$1" shift libname=`eval "\\$ECHO \"$libname_spec\""` # use dlname if we got it. it's perfectly good, no? if test -n "$dlname"; then soname="$dlname" elif test -n "$soname_spec"; then # bleh windows case $host in *cygwin* | mingw* | *cegcc*) func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; esac eval soname=\"$soname_spec\" else soname="$realname" fi # Make a new name for the extract_expsyms_cmds to use soroot="$soname" func_basename "$soroot" soname="$func_basename_result" func_stripname 'lib' '.dll' "$soname" newlib=libimp-$func_stripname_result.a # If the library has no export list, then create one now if test -f "$output_objdir/$soname-def"; then : else func_verbose "extracting exported symbol list from \`$soname'" func_execute_cmds "$extract_expsyms_cmds" 'exit $?' fi # Create $newlib if test -f "$output_objdir/$newlib"; then :; else func_verbose "generating import library for \`$soname'" func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' fi # make sure the library variables are pointing to the new library dir=$output_objdir linklib=$newlib fi # test -n "$old_archive_from_expsyms_cmds" if test "$linkmode" = prog || test "$mode" != relink; then add_shlibpath= add_dir= add= lib_linked=yes case $hardcode_action in immediate | unsupported) if test "$hardcode_direct" = no; then add="$dir/$linklib" case $host in *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;; *-*-sysv4*uw2*) add_dir="-L$dir" ;; *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ *-*-unixware7*) add_dir="-L$dir" ;; *-*-darwin* ) # if the lib is a (non-dlopened) module then we can not # link against it, someone is ignoring the earlier warnings if /usr/bin/file -L $add 2> /dev/null | $GREP ": [^:]* bundle" >/dev/null ; then if test "X$dlopenmodule" != "X$lib"; then $ECHO "*** Warning: lib $linklib is a module, not a shared library" if test -z "$old_library" ; then $ECHO $ECHO "*** And there doesn't seem to be a static archive available" $ECHO "*** The link will probably fail, sorry" else add="$dir/$old_library" fi elif test -n "$old_library"; then add="$dir/$old_library" fi fi esac elif test "$hardcode_minus_L" = no; then case $host in *-*-sunos*) add_shlibpath="$dir" ;; esac add_dir="-L$dir" add="-l$name" elif test "$hardcode_shlibpath_var" = no; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; relink) if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$dir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$dir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) add_dir="$add_dir -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then add_shlibpath="$dir" add="-l$name" else lib_linked=no fi ;; *) lib_linked=no ;; esac if test "$lib_linked" != yes; then func_fatal_configuration "unsupported hardcode properties" fi if test -n "$add_shlibpath"; then case :$compile_shlibpath: in *":$add_shlibpath:"*) ;; *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;; esac fi if test "$linkmode" = prog; then test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" test -n "$add" && compile_deplibs="$add $compile_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" if test "$hardcode_direct" != yes && test "$hardcode_minus_L" != yes && test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; esac fi fi fi if test "$linkmode" = prog || test "$mode" = relink; then add_shlibpath= add_dir= add= # Finalize command for both is simple: just hardcode it. if test "$hardcode_direct" = yes && test "$hardcode_direct_absolute" = no; then add="$libdir/$linklib" elif test "$hardcode_minus_L" = yes; then add_dir="-L$libdir" add="-l$name" elif test "$hardcode_shlibpath_var" = yes; then case :$finalize_shlibpath: in *":$libdir:"*) ;; *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;; esac add="-l$name" elif test "$hardcode_automatic" = yes; then if test -n "$inst_prefix_dir" && test -f "$inst_prefix_dir$libdir/$linklib" ; then add="$inst_prefix_dir$libdir/$linklib" else add="$libdir/$linklib" fi else # We cannot seem to hardcode it, guess we'll fake it. add_dir="-L$libdir" # Try looking first in the location we're being installed to. if test -n "$inst_prefix_dir"; then case $libdir in [\\/]*) add_dir="$add_dir -L$inst_prefix_dir$libdir" ;; esac fi add="-l$name" fi if test "$linkmode" = prog; then test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" test -n "$add" && finalize_deplibs="$add $finalize_deplibs" else test -n "$add_dir" && deplibs="$add_dir $deplibs" test -n "$add" && deplibs="$add $deplibs" fi fi elif test "$linkmode" = prog; then # Here we assume that one of hardcode_direct or hardcode_minus_L # is not unsupported. This is valid on all known static and # shared platforms. if test "$hardcode_direct" != unsupported; then test -n "$old_library" && linklib="$old_library" compile_deplibs="$dir/$linklib $compile_deplibs" finalize_deplibs="$dir/$linklib $finalize_deplibs" else compile_deplibs="-l$name -L$dir $compile_deplibs" finalize_deplibs="-l$name -L$dir $finalize_deplibs" fi elif test "$build_libtool_libs" = yes; then # Not a shared library if test "$deplibs_check_method" != pass_all; then # We're trying link a shared library against a static one # but the system doesn't support it. # Just print a warning and add the library to dependency_libs so # that the program can be linked against the static library. $ECHO $ECHO "*** Warning: This system can not link to static lib archive $lib." $ECHO "*** I have the capability to make that library automatically link in when" $ECHO "*** you link to this library. But I can only do this if you have a" $ECHO "*** shared version of the library, which you do not appear to have." if test "$module" = yes; then $ECHO "*** But as you try to build a module library, libtool will still create " $ECHO "*** a static module, that should work as long as the dlopening application" $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime." if test -z "$global_symbol_pipe"; then $ECHO $ECHO "*** However, this would only work if libtool was able to extract symbol" $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" $ECHO "*** not find such a program. So, this module is probably useless." $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi else deplibs="$dir/$old_library $deplibs" link_static=yes fi fi # link shared/static library? if test "$linkmode" = lib; then if test -n "$dependency_libs" && { test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes || test "$link_static" = yes; }; then # Extract -R from dependency_libs temp_deplibs= for libdir in $dependency_libs; do case $libdir in -R*) func_stripname '-R' '' "$libdir" temp_xrpath=$func_stripname_result case " $xrpath " in *" $temp_xrpath "*) ;; *) xrpath="$xrpath $temp_xrpath";; esac;; *) temp_deplibs="$temp_deplibs $libdir";; esac done dependency_libs="$temp_deplibs" fi newlib_search_path="$newlib_search_path $absdir" # Link against this library test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs" # ... and its dependency_libs tmp_libs= for deplib in $dependency_libs; do newdependency_libs="$deplib $newdependency_libs" if $opt_duplicate_deps ; then case "$tmp_libs " in *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;; esac fi tmp_libs="$tmp_libs $deplib" done if test "$link_all_deplibs" != no; then # Add the search paths of all dependency libraries for deplib in $dependency_libs; do case $deplib in -L*) path="$deplib" ;; *.la) func_dirname "$deplib" "" "." dir="$func_dirname_result" # We need an absolute path. case $dir in [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;; *) absdir=`cd "$dir" && pwd` if test -z "$absdir"; then func_warning "cannot determine absolute directory name of \`$dir'" absdir="$dir" fi ;; esac if $GREP "^installed=no" $deplib > /dev/null; then case $host in *-*-darwin*) depdepl= eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` if test -n "$deplibrary_names" ; then for tmp in $deplibrary_names ; do depdepl=$tmp done if test -f "$absdir/$objdir/$depdepl" ; then depdepl="$absdir/$objdir/$depdepl" darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` if test -z "$darwin_install_name"; then darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` fi compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}" linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}" path= fi fi ;; *) path="-L$absdir/$objdir" ;; esac else eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" test "$absdir" != "$libdir" && \ func_warning "\`$deplib' seems to be moved" path="-L$absdir" fi ;; esac case " $deplibs " in *" $path "*) ;; *) deplibs="$path $deplibs" ;; esac done fi # link_all_deplibs != no fi # linkmode = lib done # for deplib in $libs if test "$pass" = link; then if test "$linkmode" = "prog"; then compile_deplibs="$new_inherited_linker_flags $compile_deplibs" finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" else compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` fi fi dependency_libs="$newdependency_libs" if test "$pass" = dlpreopen; then # Link the dlpreopened libraries before other libraries for deplib in $save_deplibs; do deplibs="$deplib $deplibs" done fi if test "$pass" != dlopen; then if test "$pass" != conv; then # Make sure lib_search_path contains only unique directories. lib_search_path= for dir in $newlib_search_path; do case "$lib_search_path " in *" $dir "*) ;; *) lib_search_path="$lib_search_path $dir" ;; esac done newlib_search_path= fi if test "$linkmode,$pass" != "prog,link"; then vars="deplibs" else vars="compile_deplibs finalize_deplibs" fi for var in $vars dependency_libs; do # Add libraries to $var in reverse order eval tmp_libs=\"\$$var\" new_libs= for deplib in $tmp_libs; do # FIXME: Pedantically, this is the right thing to do, so # that some nasty dependency loop isn't accidentally # broken: #new_libs="$deplib $new_libs" # Pragmatically, this seems to cause very few problems in # practice: case $deplib in -L*) new_libs="$deplib $new_libs" ;; -R*) ;; *) # And here is the reason: when a library appears more # than once as an explicit dependence of a library, or # is implicitly linked in more than once by the # compiler, it is considered special, and multiple # occurrences thereof are not removed. Compare this # with having the same library being listed as a # dependency of multiple other libraries: in this case, # we know (pedantically, we assume) the library does not # need to be listed more than once, so we keep only the # last copy. This is not always right, but it is rare # enough that we require users that really mean to play # such unportable linking tricks to link the library # using -Wl,-lname, so that libtool does not consider it # for duplicate removal. case " $specialdeplibs " in *" $deplib "*) new_libs="$deplib $new_libs" ;; *) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$deplib $new_libs" ;; esac ;; esac ;; esac done tmp_libs= for deplib in $new_libs; do case $deplib in -L*) case " $tmp_libs " in *" $deplib "*) ;; *) tmp_libs="$tmp_libs $deplib" ;; esac ;; *) tmp_libs="$tmp_libs $deplib" ;; esac done eval $var=\"$tmp_libs\" done # for var fi # Last step: remove runtime libs from dependency_libs # (they stay in deplibs) tmp_libs= for i in $dependency_libs ; do case " $predeps $postdeps $compiler_lib_search_path " in *" $i "*) i="" ;; esac if test -n "$i" ; then tmp_libs="$tmp_libs $i" fi done dependency_libs=$tmp_libs done # for pass if test "$linkmode" = prog; then dlfiles="$newdlfiles" fi if test "$linkmode" = prog || test "$linkmode" = lib; then dlprefiles="$newdlprefiles" fi case $linkmode in oldlib) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for archives" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for archives" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for archives" test -n "$xrpath" && \ func_warning "\`-R' is ignored for archives" test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for archives" test -n "$release" && \ func_warning "\`-release' is ignored for archives" test -n "$export_symbols$export_symbols_regex" && \ func_warning "\`-export-symbols' is ignored for archives" # Now set the variables for building old libraries. build_libtool_libs=no oldlibs="$output" objs="$objs$old_deplibs" ;; lib) # Make sure we only generate libraries of the form `libNAME.la'. case $outputname in lib*) func_stripname 'lib' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" ;; *) test "$module" = no && \ func_fatal_help "libtool library \`$output' must begin with \`lib'" if test "$need_lib_prefix" != no; then # Add the "lib" prefix for modules if required func_stripname '' '.la' "$outputname" name=$func_stripname_result eval shared_ext=\"$shrext_cmds\" eval libname=\"$libname_spec\" else func_stripname '' '.la' "$outputname" libname=$func_stripname_result fi ;; esac if test -n "$objs"; then if test "$deplibs_check_method" != pass_all; then func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs" else $ECHO $ECHO "*** Warning: Linking the shared library $output against the non-libtool" $ECHO "*** objects $objs is not portable!" libobjs="$libobjs $objs" fi fi test "$dlself" != no && \ func_warning "\`-dlopen self' is ignored for libtool libraries" set dummy $rpath shift test "$#" -gt 1 && \ func_warning "ignoring multiple \`-rpath's for a libtool library" install_libdir="$1" oldlibs= if test -z "$rpath"; then if test "$build_libtool_libs" = yes; then # Building a libtool convenience library. # Some compilers have problems with a `.al' extension so # convenience libraries should have the same extension an # archive normally would. oldlibs="$output_objdir/$libname.$libext $oldlibs" build_libtool_libs=convenience build_old_libs=yes fi test -n "$vinfo" && \ func_warning "\`-version-info/-version-number' is ignored for convenience libraries" test -n "$release" && \ func_warning "\`-release' is ignored for convenience libraries" else # Parse the version information argument. save_ifs="$IFS"; IFS=':' set dummy $vinfo 0 0 0 shift IFS="$save_ifs" test -n "$7" && \ func_fatal_help "too many parameters to \`-version-info'" # convert absolute version numbers to libtool ages # this retains compatibility with .la files and attempts # to make the code below a bit more comprehensible case $vinfo_number in yes) number_major="$1" number_minor="$2" number_revision="$3" # # There are really only two kinds -- those that # use the current revision as the major version # and those that subtract age and use age as # a minor version. But, then there is irix # which has an extra 1 added just for fun # case $version_type in darwin|linux|osf|windows|none) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_revision" ;; freebsd-aout|freebsd-elf|sunos) current="$number_major" revision="$number_minor" age="0" ;; irix|nonstopux) func_arith $number_major + $number_minor current=$func_arith_result age="$number_minor" revision="$number_minor" lt_irix_increment=no ;; esac ;; no) current="$1" revision="$2" age="$3" ;; esac # Check that each of the things are valid numbers. case $current in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "CURRENT \`$current' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $revision in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "REVISION \`$revision' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac case $age in 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; *) func_error "AGE \`$age' must be a nonnegative integer" func_fatal_error "\`$vinfo' is not valid version information" ;; esac if test "$age" -gt "$current"; then func_error "AGE \`$age' is greater than the current interface number \`$current'" func_fatal_error "\`$vinfo' is not valid version information" fi # Calculate the version variables. major= versuffix= verstring= case $version_type in none) ;; darwin) # Like Linux, but with the current version available in # verstring for coding it into the library header func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" # Darwin ld doesn't like 0 for these options... func_arith $current + 1 minor_current=$func_arith_result xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision" verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" ;; freebsd-aout) major=".$current" versuffix=".$current.$revision"; ;; freebsd-elf) major=".$current" versuffix=".$current" ;; irix | nonstopux) if test "X$lt_irix_increment" = "Xno"; then func_arith $current - $age else func_arith $current - $age + 1 fi major=$func_arith_result case $version_type in nonstopux) verstring_prefix=nonstopux ;; *) verstring_prefix=sgi ;; esac verstring="$verstring_prefix$major.$revision" # Add in all the interfaces that we are compatible with. loop=$revision while test "$loop" -ne 0; do func_arith $revision - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring_prefix$major.$iface:$verstring" done # Before this point, $major must not contain `.'. major=.$major versuffix="$major.$revision" ;; linux) func_arith $current - $age major=.$func_arith_result versuffix="$major.$age.$revision" ;; osf) func_arith $current - $age major=.$func_arith_result versuffix=".$current.$age.$revision" verstring="$current.$age.$revision" # Add in all the interfaces that we are compatible with. loop=$age while test "$loop" -ne 0; do func_arith $current - $loop iface=$func_arith_result func_arith $loop - 1 loop=$func_arith_result verstring="$verstring:${iface}.0" done # Make executables depend on our current version. verstring="$verstring:${current}.0" ;; qnx) major=".$current" versuffix=".$current" ;; sunos) major=".$current" versuffix=".$current.$revision" ;; windows) # Use '-' rather than '.', since we only want one # extension on DOS 8.3 filesystems. func_arith $current - $age major=$func_arith_result versuffix="-$major" ;; *) func_fatal_configuration "unknown library version type \`$version_type'" ;; esac # Clear the version info if we defaulted, and they specified a release. if test -z "$vinfo" && test -n "$release"; then major= case $version_type in darwin) # we can't check for "0.0" in archive_cmds due to quoting # problems, so we reset it completely verstring= ;; *) verstring="0.0" ;; esac if test "$need_version" = no; then versuffix= else versuffix=".0.0" fi fi # Remove version info from name if versioning should be avoided if test "$avoid_version" = yes && test "$need_version" = no; then major= versuffix= verstring="" fi # Check to see if the archive will have undefined symbols. if test "$allow_undefined" = yes; then if test "$allow_undefined_flag" = unsupported; then func_warning "undefined symbols not allowed in $host shared libraries" build_libtool_libs=no build_old_libs=yes fi else # Don't allow undefined symbols. allow_undefined_flag="$no_undefined_flag" fi fi func_generate_dlsyms "$libname" "$libname" "yes" libobjs="$libobjs $symfileobj" test "X$libobjs" = "X " && libobjs= if test "$mode" != relink; then # Remove our outputs, but don't remove object files since they # may have been created when compiling PIC objects. removelist= tempremovelist=`$ECHO "$output_objdir/*"` for p in $tempremovelist; do case $p in *.$objext | *.gcno) ;; $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*) if test "X$precious_files_regex" != "X"; then if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 then continue fi fi removelist="$removelist $p" ;; *) ;; esac done test -n "$removelist" && \ func_show_eval "${RM}r \$removelist" fi # Now set the variables for building old libraries. if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then oldlibs="$oldlibs $output_objdir/$libname.$libext" # Transform .lo files to .o files. oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP` fi # Eliminate all temporary directories. #for path in $notinst_path; do # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"` # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"` # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"` #done if test -n "$xrpath"; then # If the user specified any rpath flags, then add them. temp_xrpath= for libdir in $xrpath; do temp_xrpath="$temp_xrpath -R$libdir" case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" ;; esac done if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then dependency_libs="$temp_xrpath $dependency_libs" fi fi # Make sure dlfiles contains only unique files that won't be dlpreopened old_dlfiles="$dlfiles" dlfiles= for lib in $old_dlfiles; do case " $dlprefiles $dlfiles " in *" $lib "*) ;; *) dlfiles="$dlfiles $lib" ;; esac done # Make sure dlprefiles contains only unique files old_dlprefiles="$dlprefiles" dlprefiles= for lib in $old_dlprefiles; do case "$dlprefiles " in *" $lib "*) ;; *) dlprefiles="$dlprefiles $lib" ;; esac done if test "$build_libtool_libs" = yes; then if test -n "$rpath"; then case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*) # these systems don't actually have a c library (as such)! ;; *-*-rhapsody* | *-*-darwin1.[012]) # Rhapsody C library is in the System framework deplibs="$deplibs System.ltframework" ;; *-*-netbsd*) # Don't link with libc until the a.out ld.so is fixed. ;; *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) # Do not include libc due to us having libc/libc_r. ;; *-*-sco3.2v5* | *-*-sco5v6*) # Causes problems with __ctype ;; *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) # Compiler inserts libc in the correct place for threads to work ;; *) # Add libc to deplibs on all other systems if necessary. if test "$build_libtool_need_lc" = "yes"; then deplibs="$deplibs -lc" fi ;; esac fi # Transform deplibs into only deplibs that can be linked in shared. name_save=$name libname_save=$libname release_save=$release versuffix_save=$versuffix major_save=$major # I'm not sure if I'm treating the release correctly. I think # release should show up in the -l (ie -lgmp5) so we don't want to # add it in twice. Is that correct? release="" versuffix="" major="" newdeplibs= droppeddeps=no case $deplibs_check_method in pass_all) # Don't check for shared/static. Everything works. # This might be a little naive. We might want to check # whether the library exists or not. But this is on # osf3 & osf4 and I'm not really sure... Just # implementing what was already the behavior. newdeplibs=$deplibs ;; test_compile) # This code stresses the "libraries are programs" paradigm to its # limits. Maybe even breaks it. We compile a program, linking it # against the deplibs as a proxy for the library. Then we can check # whether they linked in statically or dynamically with ldd. $opt_dry_run || $RM conftest.c cat > conftest.c </dev/null` for potent_lib in $potential_libs; do # Follow soft links. if ls -lLd "$potent_lib" 2>/dev/null | $GREP " -> " >/dev/null; then continue fi # The statement above tries to avoid entering an # endless loop below, in case of cyclic links. # We might still enter an endless loop, since a link # loop can be closed while we follow links, # but so what? potlib="$potent_lib" while test -h "$potlib" 2>/dev/null; do potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'` case $potliblink in [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";; *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";; esac done if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | $SED -e 10q | $EGREP "$file_magic_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes $ECHO $ECHO "*** Warning: linker path does not have real file for library $a_deplib." $ECHO "*** I have the capability to make that library automatically link in when" $ECHO "*** you link to this library. But I can only do this if you have a" $ECHO "*** shared version of the library, which you do not appear to have" $ECHO "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for file magic test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a file magic. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. newdeplibs="$newdeplibs $a_deplib" ;; esac done # Gone through all deplibs. ;; match_pattern*) set dummy $deplibs_check_method; shift match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` for a_deplib in $deplibs; do case $a_deplib in -l*) func_stripname -l '' "$a_deplib" name=$func_stripname_result if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then case " $predeps $postdeps " in *" $a_deplib "*) newdeplibs="$newdeplibs $a_deplib" a_deplib="" ;; esac fi if test -n "$a_deplib" ; then libname=`eval "\\$ECHO \"$libname_spec\""` for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do potential_libs=`ls $i/$libname[.-]* 2>/dev/null` for potent_lib in $potential_libs; do potlib="$potent_lib" # see symlink-check above in file_magic test if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \ $EGREP "$match_pattern_regex" > /dev/null; then newdeplibs="$newdeplibs $a_deplib" a_deplib="" break 2 fi done done fi if test -n "$a_deplib" ; then droppeddeps=yes $ECHO $ECHO "*** Warning: linker path does not have real file for library $a_deplib." $ECHO "*** I have the capability to make that library automatically link in when" $ECHO "*** you link to this library. But I can only do this if you have a" $ECHO "*** shared version of the library, which you do not appear to have" $ECHO "*** because I did check the linker path looking for a file starting" if test -z "$potlib" ; then $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" else $ECHO "*** with $libname and none of the candidates passed a file format test" $ECHO "*** using a regex pattern. Last file checked: $potlib" fi fi ;; *) # Add a -L argument. newdeplibs="$newdeplibs $a_deplib" ;; esac done # Gone through all deplibs. ;; none | unknown | *) newdeplibs="" tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \ -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'` if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then for i in $predeps $postdeps ; do # can't use Xsed below, because $i might contain '/' tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"` done fi if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' | $GREP . >/dev/null; then $ECHO if test "X$deplibs_check_method" = "Xnone"; then $ECHO "*** Warning: inter-library dependencies are not supported in this platform." else $ECHO "*** Warning: inter-library dependencies are not known to be supported." fi $ECHO "*** All declared inter-library dependencies are being dropped." droppeddeps=yes fi ;; esac versuffix=$versuffix_save major=$major_save release=$release_save libname=$libname_save name=$name_save case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library with the System framework newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'` ;; esac if test "$droppeddeps" = yes; then if test "$module" = yes; then $ECHO $ECHO "*** Warning: libtool could not satisfy all declared inter-library" $ECHO "*** dependencies of module $libname. Therefore, libtool will create" $ECHO "*** a static module, that should work as long as the dlopening" $ECHO "*** application is linked with the -dlopen flag." if test -z "$global_symbol_pipe"; then $ECHO $ECHO "*** However, this would only work if libtool was able to extract symbol" $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could" $ECHO "*** not find such a program. So, this module is probably useless." $ECHO "*** \`nm' from GNU binutils and a full rebuild may help." fi if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi else $ECHO "*** The inter-library dependencies that have been dropped here will be" $ECHO "*** automatically added whenever a program is linked with this library" $ECHO "*** or is declared to -dlopen it." if test "$allow_undefined" = no; then $ECHO $ECHO "*** Since this library must not contain undefined symbols," $ECHO "*** because either the platform does not support them or" $ECHO "*** it was explicitly requested with -no-undefined," $ECHO "*** libtool will only create a static version of it." if test "$build_old_libs" = no; then oldlibs="$output_objdir/$libname.$libext" build_libtool_libs=module build_old_libs=yes else build_libtool_libs=no fi fi fi fi # Done checking deplibs! deplibs=$newdeplibs fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" case $host in *-*-darwin*) newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $deplibs " in *" -L$path/$objdir "*) new_libs="$new_libs -L$path/$objdir" ;; esac ;; esac done for deplib in $deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$new_libs $deplib" ;; esac ;; *) new_libs="$new_libs $deplib" ;; esac done deplibs="$new_libs" # All the library-specific variables (install_libdir is set above). library_names= old_library= dlname= # Test again, we may have decided not to build it any more if test "$build_libtool_libs" = yes; then if test "$hardcode_into_libs" = yes; then # Hardcode the library paths hardcode_libdirs= dep_rpath= rpath="$finalize_rpath" test "$mode" != relink && rpath="$compile_rpath$rpath" for libdir in $rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" dep_rpath="$dep_rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) perm_rpath="$perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" if test -n "$hardcode_libdir_flag_spec_ld"; then eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\" else eval dep_rpath=\"$hardcode_libdir_flag_spec\" fi fi if test -n "$runpath_var" && test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do rpath="$rpath$dir:" done eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" fi test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" fi shlibpath="$finalize_shlibpath" test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath" if test -n "$shlibpath"; then eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" fi # Get the real and link names of the library. eval shared_ext=\"$shrext_cmds\" eval library_names=\"$library_names_spec\" set dummy $library_names shift realname="$1" shift if test -n "$soname_spec"; then eval soname=\"$soname_spec\" else soname="$realname" fi if test -z "$dlname"; then dlname=$soname fi lib="$output_objdir/$realname" linknames= for link do linknames="$linknames $link" done # Use standard objects if they are pic test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` test "X$libobjs" = "X " && libobjs= delfiles= if test -n "$export_symbols" && test -n "$include_expsyms"; then $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" export_symbols="$output_objdir/$libname.uexp" delfiles="$delfiles $export_symbols" fi orig_export_symbols= case $host_os in cygwin* | mingw* | cegcc*) if test -n "$export_symbols" && test -z "$export_symbols_regex"; then # exporting using user supplied symfile if test "x`$SED 1q $export_symbols`" != xEXPORTS; then # and it's NOT already a .def file. Must figure out # which of the given symbols are data symbols and tag # them as such. So, trigger use of export_symbols_cmds. # export_symbols gets reassigned inside the "prepare # the list of exported symbols" if statement, so the # include_expsyms logic still works. orig_export_symbols="$export_symbols" export_symbols= always_export_symbols=yes fi fi ;; esac # Prepare the list of exported symbols if test -z "$export_symbols"; then if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols cmds=$export_symbols_cmds save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" func_len " $cmd" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then func_show_eval "$cmd" 'exit $?' skipped_export=false else # The command line is too long to execute in one step. func_verbose "using reloadable object file for export list..." skipped_export=: # Break out early, otherwise skipped_export may be # set to false by a later but shorter cmd. break fi done IFS="$save_ifs" if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi fi if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' fi if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter delfiles="$delfiles $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi tmp_deplibs= for test_deplib in $deplibs; do case " $convenience " in *" $test_deplib "*) ;; *) tmp_deplibs="$tmp_deplibs $test_deplib" ;; esac done deplibs="$tmp_deplibs" if test -n "$convenience"; then if test -n "$whole_archive_flag_spec" && test "$compiler_needs_object" = yes && test -z "$libobjs"; then # extract the archives, so we have objects to list. # TODO: could optimize this to just extract one archive. whole_archive_flag_spec= fi if test -n "$whole_archive_flag_spec"; then save_libobjs=$libobjs eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= else gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $convenience libobjs="$libobjs $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi fi if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then eval flag=\"$thread_safe_flag_spec\" linker_flags="$linker_flags $flag" fi # Make a backup of the uninstalled library when relinking if test "$mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? fi # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then eval test_cmds=\"$module_expsym_cmds\" cmds=$module_expsym_cmds else eval test_cmds=\"$module_cmds\" cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then eval test_cmds=\"$archive_expsym_cmds\" cmds=$archive_expsym_cmds else eval test_cmds=\"$archive_cmds\" cmds=$archive_cmds fi fi if test "X$skipped_export" != "X:" && func_len " $test_cmds" && len=$func_len_result && test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then : else # The command line is too long to link in one step, link piecewise # or, if using GNU ld and skipped_export is not :, use a linker # script. # Save the value of $output and $libobjs because we want to # use them later. If we have whole_archive_flag_spec, we # want to use save_libobjs as it was before # whole_archive_flag_spec was expanded, because we can't # assume the linker understands whole_archive_flag_spec. # This may have to be revisited, in case too many # convenience libraries get linked in and end up exceeding # the spec. if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then save_libobjs=$libobjs fi save_output=$output output_la=`$ECHO "X$output" | $Xsed -e "$basename"` # Clear the reloadable object creation command queue and # initialize k to one. test_cmds= concat_cmds= objlist= last_robj= k=1 if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then output=${output_objdir}/${output_la}.lnkscript func_verbose "creating GNU ld script: $output" $ECHO 'INPUT (' > $output for obj in $save_libobjs do $ECHO "$obj" >> $output done $ECHO ')' >> $output delfiles="$delfiles $output" elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then output=${output_objdir}/${output_la}.lnk func_verbose "creating linker input file list: $output" : > $output set x $save_libobjs shift firstobj= if test "$compiler_needs_object" = yes; then firstobj="$1 " shift fi for obj do $ECHO "$obj" >> $output done delfiles="$delfiles $output" output=$firstobj\"$file_list_spec$output\" else if test -n "$save_libobjs"; then func_verbose "creating reloadable object files..." output=$output_objdir/$output_la-${k}.$objext eval test_cmds=\"$reload_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 # Loop over the list of objects to be linked. for obj in $save_libobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result if test "X$objlist" = X || test "$len" -lt "$max_cmd_len"; then func_append objlist " $obj" else # The command $test_cmds is almost too long, add a # command to the queue. if test "$k" -eq 1 ; then # The first file doesn't have a previous command to add. eval concat_cmds=\"$reload_cmds $objlist $last_robj\" else # All subsequent reloadable object files will link in # the last one created. eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\" fi last_robj=$output_objdir/$output_la-${k}.$objext func_arith $k + 1 k=$func_arith_result output=$output_objdir/$output_la-${k}.$objext objlist=$obj func_len " $last_robj" func_arith $len0 + $func_len_result len=$func_arith_result fi done # Handle the remaining objects by creating one last # reloadable object file. All subsequent reloadable object # files will link in the last one created. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\" if test -n "$last_robj"; then eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\" fi delfiles="$delfiles $output" else output= fi if ${skipped_export-false}; then func_verbose "generating symbol list for \`$libname.la'" export_symbols="$output_objdir/$libname.exp" $opt_dry_run || $RM $export_symbols libobjs=$output # Append the command to create the export file. test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" if test -n "$last_robj"; then eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" fi fi test -n "$save_libobjs" && func_verbose "creating a temporary reloadable object file: $output" # Loop through the commands generated above and execute them. save_ifs="$IFS"; IFS='~' for cmd in $concat_cmds; do IFS="$save_ifs" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" if test -n "$export_symbols_regex" && ${skipped_export-false}; then func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' func_show_eval '$MV "${export_symbols}T" "$export_symbols"' fi fi if ${skipped_export-false}; then if test -n "$export_symbols" && test -n "$include_expsyms"; then tmp_export_symbols="$export_symbols" test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols" $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"' fi if test -n "$orig_export_symbols"; then # The given exports_symbols file has to be filtered, so filter it. func_verbose "filter symbol list for \`$libname.la' to tag DATA exports" # FIXME: $output_objdir/$libname.filter potentially contains lots of # 's' commands which not all seds can handle. GNU sed should be fine # though. Also, the filter scales superlinearly with the number of # global variables. join(1) would be nice here, but unfortunately # isn't a blessed tool. $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter delfiles="$delfiles $export_symbols $output_objdir/$libname.filter" export_symbols=$output_objdir/$libname.def $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols fi fi libobjs=$output # Restore the value of output. output=$save_output if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then eval libobjs=\"\$libobjs $whole_archive_flag_spec\" test "X$libobjs" = "X " && libobjs= fi # Expand the library linking commands again to reset the # value of $libobjs for piecewise linking. # Do each of the archive commands. if test "$module" = yes && test -n "$module_cmds" ; then if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then cmds=$module_expsym_cmds else cmds=$module_cmds fi else if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then cmds=$archive_expsym_cmds else cmds=$archive_cmds fi fi fi if test -n "$delfiles"; then # Append the command to remove temporary files to $cmds. eval cmds=\"\$cmds~\$RM $delfiles\" fi # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $dlprefiles libobjs="$libobjs $func_extract_archives_result" test "X$libobjs" = "X " && libobjs= fi save_ifs="$IFS"; IFS='~' for cmd in $cmds; do IFS="$save_ifs" eval cmd=\"$cmd\" $opt_silent || { func_quote_for_expand "$cmd" eval "func_echo $func_quote_for_expand_result" } $opt_dry_run || eval "$cmd" || { lt_exit=$? # Restore the uninstalled library and exit if test "$mode" = relink; then ( cd "$output_objdir" && \ $RM "${realname}T" && \ $MV "${realname}U" "$realname" ) fi exit $lt_exit } done IFS="$save_ifs" # Restore the uninstalled library and exit if test "$mode" = relink; then $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? if test -n "$convenience"; then if test -z "$whole_archive_flag_spec"; then func_show_eval '${RM}r "$gentop"' fi fi exit $EXIT_SUCCESS fi # Create links to the real library. for linkname in $linknames; do if test "$realname" != "$linkname"; then func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' fi done # If -module or -export-dynamic was specified, set the dlname. if test "$module" = yes || test "$export_dynamic" = yes; then # On all known operating systems, these are identical. dlname="$soname" fi fi ;; obj) if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then func_warning "\`-dlopen' is ignored for objects" fi case " $deplibs" in *\ -l* | *\ -L*) func_warning "\`-l' and \`-L' are ignored for objects" ;; esac test -n "$rpath" && \ func_warning "\`-rpath' is ignored for objects" test -n "$xrpath" && \ func_warning "\`-R' is ignored for objects" test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for objects" test -n "$release" && \ func_warning "\`-release' is ignored for objects" case $output in *.lo) test -n "$objs$old_deplibs" && \ func_fatal_error "cannot build library object \`$output' from non-libtool objects" libobj=$output func_lo2o "$libobj" obj=$func_lo2o_result ;; *) libobj= obj="$output" ;; esac # Delete the old objects. $opt_dry_run || $RM $obj $libobj # Objects from convenience libraries. This assumes # single-version convenience libraries. Whenever we create # different ones for PIC/non-PIC, this we'll have to duplicate # the extraction. reload_conv_objs= gentop= # reload_cmds runs $LD directly, so let us get rid of # -Wl from whole_archive_flag_spec and hope we can get by with # turning comma into space.. wl= if test -n "$convenience"; then if test -n "$whole_archive_flag_spec"; then eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'` else gentop="$output_objdir/${obj}x" generated="$generated $gentop" func_extract_archives $gentop $convenience reload_conv_objs="$reload_objs $func_extract_archives_result" fi fi # Create the old-style object. reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test output="$obj" func_execute_cmds "$reload_cmds" 'exit $?' # Exit if we aren't doing a library object file. if test -z "$libobj"; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS fi if test "$build_libtool_libs" != yes; then if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi # Create an invalid libtool object if no PIC, so that we don't # accidentally link it into a program. # $show "echo timestamp > $libobj" # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? exit $EXIT_SUCCESS fi if test -n "$pic_flag" || test "$pic_mode" != default; then # Only do commands if we really have different PIC objects. reload_objs="$libobjs $reload_conv_objs" output="$libobj" func_execute_cmds "$reload_cmds" 'exit $?' fi if test -n "$gentop"; then func_show_eval '${RM}r "$gentop"' fi exit $EXIT_SUCCESS ;; prog) case $host in *cygwin*) func_stripname '' '.exe' "$output" output=$func_stripname_result.exe;; esac test -n "$vinfo" && \ func_warning "\`-version-info' is ignored for programs" test -n "$release" && \ func_warning "\`-release' is ignored for programs" test "$preload" = yes \ && test "$dlopen_support" = unknown \ && test "$dlopen_self" = unknown \ && test "$dlopen_self_static" = unknown && \ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support." case $host in *-*-rhapsody* | *-*-darwin1.[012]) # On Rhapsody replace the C library is the System framework compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'` ;; esac case $host in *-*-darwin*) # Don't allow lazy linking, it breaks C++ global constructors # But is supposedly fixed on 10.4 or later (yay!). if test "$tagname" = CXX ; then case ${MACOSX_DEPLOYMENT_TARGET-10.0} in 10.[0123]) compile_command="$compile_command ${wl}-bind_at_load" finalize_command="$finalize_command ${wl}-bind_at_load" ;; esac fi # Time to change all our "foo.ltframework" stuff back to "-framework foo" compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'` ;; esac # move library search paths that coincide with paths to not yet # installed libraries to the beginning of the library search list new_libs= for path in $notinst_path; do case " $new_libs " in *" -L$path/$objdir "*) ;; *) case " $compile_deplibs " in *" -L$path/$objdir "*) new_libs="$new_libs -L$path/$objdir" ;; esac ;; esac done for deplib in $compile_deplibs; do case $deplib in -L*) case " $new_libs " in *" $deplib "*) ;; *) new_libs="$new_libs $deplib" ;; esac ;; *) new_libs="$new_libs $deplib" ;; esac done compile_deplibs="$new_libs" compile_command="$compile_command $compile_deplibs" finalize_command="$finalize_command $finalize_deplibs" if test -n "$rpath$xrpath"; then # If the user specified any rpath flags, then add them. for libdir in $rpath $xrpath; do # This is the magic to use -rpath. case "$finalize_rpath " in *" $libdir "*) ;; *) finalize_rpath="$finalize_rpath $libdir" ;; esac done fi # Now hardcode the library paths rpath= hardcode_libdirs= for libdir in $compile_rpath $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$perm_rpath " in *" $libdir "*) ;; *) perm_rpath="$perm_rpath $libdir" ;; esac fi case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'` case :$dllsearchpath: in *":$libdir:"*) ;; ::) dllsearchpath=$libdir;; *) dllsearchpath="$dllsearchpath:$libdir";; esac case :$dllsearchpath: in *":$testbindir:"*) ;; ::) dllsearchpath=$testbindir;; *) dllsearchpath="$dllsearchpath:$testbindir";; esac ;; esac done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi compile_rpath="$rpath" rpath= hardcode_libdirs= for libdir in $finalize_rpath; do if test -n "$hardcode_libdir_flag_spec"; then if test -n "$hardcode_libdir_separator"; then if test -z "$hardcode_libdirs"; then hardcode_libdirs="$libdir" else # Just accumulate the unique libdirs. case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) ;; *) hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir" ;; esac fi else eval flag=\"$hardcode_libdir_flag_spec\" rpath="$rpath $flag" fi elif test -n "$runpath_var"; then case "$finalize_perm_rpath " in *" $libdir "*) ;; *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;; esac fi done # Substitute the hardcoded libdirs into the rpath. if test -n "$hardcode_libdir_separator" && test -n "$hardcode_libdirs"; then libdir="$hardcode_libdirs" eval rpath=\" $hardcode_libdir_flag_spec\" fi finalize_rpath="$rpath" if test -n "$libobjs" && test "$build_old_libs" = yes; then # Transform all the library objects into standard objects. compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP` fi func_generate_dlsyms "$outputname" "@PROGRAM@" "no" # template prelinking step if test -n "$prelink_cmds"; then func_execute_cmds "$prelink_cmds" 'exit $?' fi wrappers_required=yes case $host in *cygwin* | *mingw* ) if test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; *cegcc) # Disable wrappers for cegcc, we are cross compiling anyway. wrappers_required=no ;; *) if test "$need_relink" = no || test "$build_libtool_libs" != yes; then wrappers_required=no fi ;; esac if test "$wrappers_required" = no; then # Replace the output file specification. compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` link_command="$compile_command$compile_rpath" # We have no uninstalled library dependencies, so finalize right now. exit_status=0 func_show_eval "$link_command" 'exit_status=$?' # Delete the generated files. if test -f "$output_objdir/${outputname}S.${objext}"; then func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"' fi exit $exit_status fi if test -n "$compile_shlibpath$finalize_shlibpath"; then compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" fi if test -n "$finalize_shlibpath"; then finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" fi compile_var= finalize_var= if test -n "$runpath_var"; then if test -n "$perm_rpath"; then # We should set the runpath_var. rpath= for dir in $perm_rpath; do rpath="$rpath$dir:" done compile_var="$runpath_var=\"$rpath\$$runpath_var\" " fi if test -n "$finalize_perm_rpath"; then # We should set the runpath_var. rpath= for dir in $finalize_perm_rpath; do rpath="$rpath$dir:" done finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " fi fi if test "$no_install" = yes; then # We don't need to create a wrapper script. link_command="$compile_var$compile_command$compile_rpath" # Replace the output file specification. link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'` # Delete the old output file. $opt_dry_run || $RM $output # Link the executable and exit func_show_eval "$link_command" 'exit $?' exit $EXIT_SUCCESS fi if test "$hardcode_action" = relink; then # Fast installation is not supported link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" func_warning "this platform does not like uninstalled shared libraries" func_warning "\`$output' will be relinked during installation" else if test "$fast_install" != no; then link_command="$finalize_var$compile_command$finalize_rpath" if test "$fast_install" = yes; then relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'` else # fast_install is set to needless relink_command= fi else link_command="$compile_var$compile_command$compile_rpath" relink_command="$finalize_var$finalize_command$finalize_rpath" fi fi # Replace the output file specification. link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` # Delete the old output files. $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname func_show_eval "$link_command" 'exit $?' # Now create the wrapper script. func_verbose "creating $output" # Quote the relink command for shipping. if test -n "$relink_command"; then # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done relink_command="(cd `pwd`; $relink_command)" relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` fi # Quote $ECHO for shipping. if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then case $progpath in [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";; *) qecho="$SHELL `pwd`/$progpath --fallback-echo";; esac qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"` else qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"` fi # Only actually do things if not in dry run mode. $opt_dry_run || { # win32 will think the script is a binary if it has # a .exe suffix, so we strip it off here. case $output in *.exe) func_stripname '' '.exe' "$output" output=$func_stripname_result ;; esac # test for cygwin because mv fails w/o .exe extensions case $host in *cygwin*) exeext=.exe func_stripname '' '.exe' "$outputname" outputname=$func_stripname_result ;; *) exeext= ;; esac case $host in *cygwin* | *mingw* ) func_dirname_and_basename "$output" "" "." output_name=$func_basename_result output_path=$func_dirname_result cwrappersource="$output_path/$objdir/lt-$output_name.c" cwrapper="$output_path/$output_name.exe" $RM $cwrappersource $cwrapper trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 func_emit_cwrapperexe_src > $cwrappersource # The wrapper executable is built using the $host compiler, # because it contains $host paths and files. If cross- # compiling, it, like the target executable, must be # executed on the $host or under an emulation environment. $opt_dry_run || { $LTCC $LTCFLAGS -o $cwrapper $cwrappersource $STRIP $cwrapper } # Now, create the wrapper script for func_source use: func_ltwrapper_scriptname $cwrapper $RM $func_ltwrapper_scriptname_result trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 $opt_dry_run || { # note: this script will not be executed, so do not chmod. if test "x$build" = "x$host" ; then $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result else func_emit_wrapper no > $func_ltwrapper_scriptname_result fi } ;; * ) $RM $output trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 func_emit_wrapper no > $output chmod +x $output ;; esac } exit $EXIT_SUCCESS ;; esac # See if we need to build an old-fashioned archive. for oldlib in $oldlibs; do if test "$build_libtool_libs" = convenience; then oldobjs="$libobjs_save $symfileobj" addlibs="$convenience" build_libtool_libs=no else if test "$build_libtool_libs" = module; then oldobjs="$libobjs_save" build_libtool_libs=no else oldobjs="$old_deplibs $non_pic_objects" if test "$preload" = yes && test -f "$symfileobj"; then oldobjs="$oldobjs $symfileobj" fi fi addlibs="$old_convenience" fi if test -n "$addlibs"; then gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $addlibs oldobjs="$oldobjs $func_extract_archives_result" fi # Do each command in the archive commands. if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then cmds=$old_archive_from_new_cmds else # Add any objects from preloaded convenience libraries if test -n "$dlprefiles"; then gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_extract_archives $gentop $dlprefiles oldobjs="$oldobjs $func_extract_archives_result" fi # POSIX demands no paths to be encoded in archives. We have # to avoid creating archives with duplicate basenames if we # might have to extract them afterwards, e.g., when creating a # static archive out of a convenience library, or when linking # the entirety of a libtool archive into another (currently # not supported by libtool). if (for obj in $oldobjs do func_basename "$obj" $ECHO "$func_basename_result" done | sort | sort -uc >/dev/null 2>&1); then : else $ECHO "copying selected object files to avoid basename conflicts..." gentop="$output_objdir/${outputname}x" generated="$generated $gentop" func_mkdir_p "$gentop" save_oldobjs=$oldobjs oldobjs= counter=1 for obj in $save_oldobjs do func_basename "$obj" objbase="$func_basename_result" case " $oldobjs " in " ") oldobjs=$obj ;; *[\ /]"$objbase "*) while :; do # Make sure we don't pick an alternate name that also # overlaps. newobj=lt$counter-$objbase func_arith $counter + 1 counter=$func_arith_result case " $oldobjs " in *[\ /]"$newobj "*) ;; *) if test ! -f "$gentop/$newobj"; then break; fi ;; esac done func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" oldobjs="$oldobjs $gentop/$newobj" ;; *) oldobjs="$oldobjs $obj" ;; esac done fi eval cmds=\"$old_archive_cmds\" func_len " $cmds" len=$func_len_result if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then cmds=$old_archive_cmds else # the command line is too long to link in one step, link in parts func_verbose "using piecewise archive linking..." save_RANLIB=$RANLIB RANLIB=: objlist= concat_cmds= save_oldobjs=$oldobjs oldobjs= # Is there a better way of finding the last object in the list? for obj in $save_oldobjs do last_oldobj=$obj done eval test_cmds=\"$old_archive_cmds\" func_len " $test_cmds" len0=$func_len_result len=$len0 for obj in $save_oldobjs do func_len " $obj" func_arith $len + $func_len_result len=$func_arith_result func_append objlist " $obj" if test "$len" -lt "$max_cmd_len"; then : else # the above command should be used before it gets too long oldobjs=$objlist if test "$obj" = "$last_oldobj" ; then RANLIB=$save_RANLIB fi test -z "$concat_cmds" || concat_cmds=$concat_cmds~ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\" objlist= len=$len0 fi done RANLIB=$save_RANLIB oldobjs=$objlist if test "X$oldobjs" = "X" ; then eval cmds=\"\$concat_cmds\" else eval cmds=\"\$concat_cmds~\$old_archive_cmds\" fi fi fi func_execute_cmds "$cmds" 'exit $?' done test -n "$generated" && \ func_show_eval "${RM}r$generated" # Now create the libtool archive. case $output in *.la) old_library= test "$build_old_libs" = yes && old_library="$libname.$libext" func_verbose "creating $output" # Preserve any variables that may affect compiler behavior for var in $variables_saved_for_relink; do if eval test -z \"\${$var+set}\"; then relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" elif eval var_value=\$$var; test -z "$var_value"; then relink_command="$var=; export $var; $relink_command" else func_quote_for_eval "$var_value" relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" fi done # Quote the link command for shipping. relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"` if test "$hardcode_automatic" = yes ; then relink_command= fi # Only create the output if not a dry run. $opt_dry_run || { for installed in no yes; do if test "$installed" = yes; then if test -z "$install_libdir"; then break fi output="$output_objdir/$outputname"i # Replace all uninstalled libtool libraries with the installed ones newdependency_libs= for deplib in $dependency_libs; do case $deplib in *.la) func_basename "$deplib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` test -z "$libdir" && \ func_fatal_error "\`$deplib' is not a valid libtool archive" newdependency_libs="$newdependency_libs $libdir/$name" ;; *) newdependency_libs="$newdependency_libs $deplib" ;; esac done dependency_libs="$newdependency_libs" newdlfiles= for lib in $dlfiles; do case $lib in *.la) func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" newdlfiles="$newdlfiles $libdir/$name" ;; *) newdlfiles="$newdlfiles $lib" ;; esac done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in *.la) # Only pass preopened files to the pseudo-archive (for # eventual linking with the app. that links it) if we # didn't already link the preopened objects directly into # the library: func_basename "$lib" name="$func_basename_result" eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib` test -z "$libdir" && \ func_fatal_error "\`$lib' is not a valid libtool archive" newdlprefiles="$newdlprefiles $libdir/$name" ;; esac done dlprefiles="$newdlprefiles" else newdlfiles= for lib in $dlfiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac newdlfiles="$newdlfiles $abs" done dlfiles="$newdlfiles" newdlprefiles= for lib in $dlprefiles; do case $lib in [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;; *) abs=`pwd`"/$lib" ;; esac newdlprefiles="$newdlprefiles $abs" done dlprefiles="$newdlprefiles" fi $RM $output # place dlname in correct position for cygwin tdlname=$dlname case $host,$output,$installed,$module,$dlname in *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;; esac $ECHO > $output "\ # $outputname - a libtool library file # Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION # # Please DO NOT delete this file! # It is necessary for linking the library. # The name that we can dlopen(3). dlname='$tdlname' # Names of this library. library_names='$library_names' # The name of the static archive. old_library='$old_library' # Linker flags that can not go in dependency_libs. inherited_linker_flags='$new_inherited_linker_flags' # Libraries that this one depends upon. dependency_libs='$dependency_libs' # Names of additional weak libraries provided by this library weak_library_names='$weak_libs' # Version information for $libname. current=$current age=$age revision=$revision # Is this an already installed library? installed=$installed # Should we warn about portability when linking against -modules? shouldnotlink=$module # Files to dlopen/dlpreopen dlopen='$dlfiles' dlpreopen='$dlprefiles' # Directory that this library needs to be installed in: libdir='$install_libdir'" if test "$installed" = no && test "$need_relink" = yes; then $ECHO >> $output "\ relink_command=\"$relink_command\"" fi done } # Do a symbolic link so that the libtool archive can be found in # LD_LIBRARY_PATH before the program is installed. func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' ;; esac exit $EXIT_SUCCESS } { test "$mode" = link || test "$mode" = relink; } && func_mode_link ${1+"$@"} # func_mode_uninstall arg... func_mode_uninstall () { $opt_debug RM="$nonopt" files= rmforce= exit_status=0 # This variable tells wrapper scripts just to set variables rather # than running their programs. libtool_install_magic="$magic" for arg do case $arg in -f) RM="$RM $arg"; rmforce=yes ;; -*) RM="$RM $arg" ;; *) files="$files $arg" ;; esac done test -z "$RM" && \ func_fatal_help "you must specify an RM program" rmdirs= origobjdir="$objdir" for file in $files; do func_dirname "$file" "" "." dir="$func_dirname_result" if test "X$dir" = X.; then objdir="$origobjdir" else objdir="$dir/$origobjdir" fi func_basename "$file" name="$func_basename_result" test "$mode" = uninstall && objdir="$dir" # Remember objdir for removal later, being careful to avoid duplicates if test "$mode" = clean; then case " $rmdirs " in *" $objdir "*) ;; *) rmdirs="$rmdirs $objdir" ;; esac fi # Don't error if the file doesn't exist and rm -f was used. if { test -L "$file"; } >/dev/null 2>&1 || { test -h "$file"; } >/dev/null 2>&1 || test -f "$file"; then : elif test -d "$file"; then exit_status=1 continue elif test "$rmforce" = yes; then continue fi rmfiles="$file" case $name in *.la) # Possibly a libtool archive, so verify it. if func_lalib_p "$file"; then func_source $dir/$name # Delete the libtool libraries and symlinks. for n in $library_names; do rmfiles="$rmfiles $objdir/$n" done test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library" case "$mode" in clean) case " $library_names " in # " " in the beginning catches empty $dlname *" $dlname "*) ;; *) rmfiles="$rmfiles $objdir/$dlname" ;; esac test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i" ;; uninstall) if test -n "$library_names"; then # Do each command in the postuninstall commands. func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi if test -n "$old_library"; then # Do each command in the old_postuninstall commands. func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1' fi # FIXME: should reinstall the best remaining shared library. ;; esac fi ;; *.lo) # Possibly a libtool object, so verify it. if func_lalib_p "$file"; then # Read the .lo file func_source $dir/$name # Add PIC object to the list of files to remove. if test -n "$pic_object" && test "$pic_object" != none; then rmfiles="$rmfiles $dir/$pic_object" fi # Add non-PIC object to the list of files to remove. if test -n "$non_pic_object" && test "$non_pic_object" != none; then rmfiles="$rmfiles $dir/$non_pic_object" fi fi ;; *) if test "$mode" = clean ; then noexename=$name case $file in *.exe) func_stripname '' '.exe' "$file" file=$func_stripname_result func_stripname '' '.exe' "$name" noexename=$func_stripname_result # $file with .exe has already been added to rmfiles, # add $file without .exe rmfiles="$rmfiles $file" ;; esac # Do a test to see if this is a libtool program. if func_ltwrapper_p "$file"; then if func_ltwrapper_executable_p "$file"; then func_ltwrapper_scriptname "$file" relink_command= func_source $func_ltwrapper_scriptname_result rmfiles="$rmfiles $func_ltwrapper_scriptname_result" else relink_command= func_source $dir/$noexename fi # note $name still contains .exe if it was in $file originally # as does the version of $file that was added into $rmfiles rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}" if test "$fast_install" = yes && test -n "$relink_command"; then rmfiles="$rmfiles $objdir/lt-$name" fi if test "X$noexename" != "X$name" ; then rmfiles="$rmfiles $objdir/lt-${noexename}.c" fi fi fi ;; esac func_show_eval "$RM $rmfiles" 'exit_status=1' done objdir="$origobjdir" # Try to remove the ${objdir}s in the directories where we deleted files for dir in $rmdirs; do if test -d "$dir"; then func_show_eval "rmdir $dir >/dev/null 2>&1" fi done exit $exit_status } { test "$mode" = uninstall || test "$mode" = clean; } && func_mode_uninstall ${1+"$@"} test -z "$mode" && { help="$generic_help" func_fatal_help "you must specify a MODE" } test -z "$exec_cmd" && \ func_fatal_help "invalid operation mode \`$mode'" if test -n "$exec_cmd"; then eval exec "$exec_cmd" exit $EXIT_FAILURE fi exit $exit_status # The TAGs below are defined such that we never get into a situation # in which we disable both kinds of libraries. Given conflicting # choices, we go for a static library, that is the most portable, # since we can't tell whether shared libraries were disabled because # the user asked for that or because the platform doesn't support # them. This is particularly important on AIX, because we don't # support having both static and shared libraries enabled at the same # time on that platform, so we default to a shared-only configuration. # If a disable-shared tag is given, we'll fallback to a static-only # configuration. But we'll never go from static-only to shared-only. # ### BEGIN LIBTOOL TAG CONFIG: disable-shared build_libtool_libs=no build_old_libs=yes # ### END LIBTOOL TAG CONFIG: disable-shared # ### BEGIN LIBTOOL TAG CONFIG: disable-static build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` # ### END LIBTOOL TAG CONFIG: disable-static # Local Variables: # mode:shell-script # sh-indentation:2 # End: # vi:sw=2 pam/build-aux/missing0000755000000000000000000002623313261244762012027 0ustar #! /bin/sh # Common stub for a few missing GNU programs while installing. scriptversion=2009-04-28.21; # UTC # Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006, # 2008, 2009 Free Software Foundation, Inc. # Originally by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. if test $# -eq 0; then echo 1>&2 "Try \`$0 --help' for more information" exit 1 fi run=: sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p' sed_minuso='s/.* -o \([^ ]*\).*/\1/p' # In the cases where this matters, `missing' is being run in the # srcdir already. if test -f configure.ac; then configure_ac=configure.ac else configure_ac=configure.in fi msg="missing on your system" case $1 in --run) # Try to run requested program, and just exit if it succeeds. run= shift "$@" && exit 0 # Exit code 63 means version mismatch. This often happens # when the user try to use an ancient version of a tool on # a file that requires a minimum version. In this case we # we should proceed has if the program had been absent, or # if --run hadn't been passed. if test $? = 63; then run=: msg="probably too old" fi ;; -h|--h|--he|--hel|--help) echo "\ $0 [OPTION]... PROGRAM [ARGUMENT]... Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an error status if there is no known handling for PROGRAM. Options: -h, --help display this help and exit -v, --version output version information and exit --run try to run the given command, and emulate it if it fails Supported PROGRAM values: aclocal touch file \`aclocal.m4' autoconf touch file \`configure' autoheader touch file \`config.h.in' autom4te touch the output file, or create a stub one automake touch all \`Makefile.in' files bison create \`y.tab.[ch]', if possible, from existing .[ch] flex create \`lex.yy.c', if possible, from existing .c help2man touch the output file lex create \`lex.yy.c', if possible, from existing .c makeinfo touch the output file tar try tar, gnutar, gtar, then tar without non-portable flags yacc create \`y.tab.[ch]', if possible, from existing .[ch] Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and \`g' are ignored when checking the name. Send bug reports to ." exit $? ;; -v|--v|--ve|--ver|--vers|--versi|--versio|--version) echo "missing $scriptversion (GNU Automake)" exit $? ;; -*) echo 1>&2 "$0: Unknown \`$1' option" echo 1>&2 "Try \`$0 --help' for more information" exit 1 ;; esac # normalize program name to check for. program=`echo "$1" | sed ' s/^gnu-//; t s/^gnu//; t s/^g//; t'` # Now exit if we have it, but it failed. Also exit now if we # don't have it and --version was passed (most likely to detect # the program). This is about non-GNU programs, so use $1 not # $program. case $1 in lex*|yacc*) # Not GNU programs, they don't have --version. ;; tar*) if test -n "$run"; then echo 1>&2 "ERROR: \`tar' requires --run" exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then exit 1 fi ;; *) if test -z "$run" && ($1 --version) > /dev/null 2>&1; then # We have it, but it failed. exit 1 elif test "x$2" = "x--version" || test "x$2" = "x--help"; then # Could not run --version or --help. This is probably someone # running `$TOOL --version' or `$TOOL --help' to check whether # $TOOL exists and not knowing $TOOL uses missing. exit 1 fi ;; esac # If it does not exist, or fails to run (possibly an outdated version), # try to emulate it. case $program in aclocal*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." touch aclocal.m4 ;; autoconf*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." touch configure ;; autoheader*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`acconfig.h' or \`${configure_ac}'. You might want to install the \`Autoconf' and \`GNU m4' packages. Grab them from any GNU archive site." files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}` test -z "$files" && files="config.h" touch_files= for f in $files; do case $f in *:*) touch_files="$touch_files "`echo "$f" | sed -e 's/^[^:]*://' -e 's/:.*//'`;; *) touch_files="$touch_files $f.in";; esac done touch $touch_files ;; automake*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'. You might want to install the \`Automake' and \`Perl' packages. Grab them from any GNU archive site." find . -type f -name Makefile.am -print | sed 's/\.am$/.in/' | while read f; do touch "$f"; done ;; autom4te*) echo 1>&2 "\ WARNING: \`$1' is needed, but is $msg. You might have modified some files without having the proper tools for further handling them. You can get \`$1' as part of \`Autoconf' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo "#! /bin/sh" echo "# Created by GNU Automake missing as a replacement of" echo "# $ $@" echo "exit 0" chmod +x $file exit 1 fi ;; bison*|yacc*) echo 1>&2 "\ WARNING: \`$1' $msg. You should only need it if you modified a \`.y' file. You may need the \`Bison' package in order for those modifications to take effect. You can get \`Bison' from any GNU archive site." rm -f y.tab.c y.tab.h if test $# -ne 1; then eval LASTARG="\${$#}" case $LASTARG in *.y) SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.c fi SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'` if test -f "$SRCFILE"; then cp "$SRCFILE" y.tab.h fi ;; esac fi if test ! -f y.tab.h; then echo >y.tab.h fi if test ! -f y.tab.c; then echo 'main() { return 0; }' >y.tab.c fi ;; lex*|flex*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.l' file. You may need the \`Flex' package in order for those modifications to take effect. You can get \`Flex' from any GNU archive site." rm -f lex.yy.c if test $# -ne 1; then eval LASTARG="\${$#}" case $LASTARG in *.l) SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'` if test -f "$SRCFILE"; then cp "$SRCFILE" lex.yy.c fi ;; esac fi if test ! -f lex.yy.c; then echo 'main() { return 0; }' >lex.yy.c fi ;; help2man*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a dependency of a manual page. You may need the \`Help2man' package in order for those modifications to take effect. You can get \`Help2man' from any GNU archive site." file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -f "$file"; then touch $file else test -z "$file" || exec >$file echo ".ab help2man is required to generate this page" exit $? fi ;; makeinfo*) echo 1>&2 "\ WARNING: \`$1' is $msg. You should only need it if you modified a \`.texi' or \`.texinfo' file, or any other file indirectly affecting the aspect of the manual. The spurious call might also be the consequence of using a buggy \`make' (AIX, DU, IRIX). You might want to install the \`Texinfo' package or the \`GNU make' package. Grab either from any GNU archive site." # The file to touch is that specified with -o ... file=`echo "$*" | sed -n "$sed_output"` test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"` if test -z "$file"; then # ... or it is the one specified with @setfilename ... infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` file=`sed -n ' /^@setfilename/{ s/.* \([^ ]*\) *$/\1/ p q }' $infile` # ... or it is derived from the source name (dir/f.texi becomes f.info) test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info fi # If the file does not exist, the user really needs makeinfo; # let's fail without touching anything. test -f $file || exit 1 touch $file ;; tar*) shift # We have already tried tar in the generic part. # Look for gnutar/gtar before invocation to avoid ugly error # messages. if (gnutar --version > /dev/null 2>&1); then gnutar "$@" && exit 0 fi if (gtar --version > /dev/null 2>&1); then gtar "$@" && exit 0 fi firstarg="$1" if shift; then case $firstarg in *o*) firstarg=`echo "$firstarg" | sed s/o//` tar "$firstarg" "$@" && exit 0 ;; esac case $firstarg in *h*) firstarg=`echo "$firstarg" | sed s/h//` tar "$firstarg" "$@" && exit 0 ;; esac fi echo 1>&2 "\ WARNING: I can't seem to be able to run \`tar' with the given arguments. You may want to install GNU tar or Free paxutils, or check the command line arguments." exit 1 ;; *) echo 1>&2 "\ WARNING: \`$1' is needed, and is $msg. You might have modified some files without having the proper tools for further handling them. Check the \`README' file, it often tells you about the needed prerequisites for installing this package. You may also peek at any GNU archive site, in case some other package would contain this missing \`$1' program." exit 1 ;; esac exit 0 # Local variables: # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: pam/build-aux/ylwrap0000755000000000000000000001404313261244762011670 0ustar #! /bin/sh # ylwrap - wrapper for lex/yacc invocations. scriptversion=2009-04-28.21; # UTC # Copyright (C) 1996, 1997, 1998, 1999, 2001, 2002, 2003, 2004, 2005, # 2007, 2009 Free Software Foundation, Inc. # # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2, or (at your option) # any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. # This file is maintained in Automake, please report # bugs to or send patches to # . case "$1" in '') echo "$0: No files given. Try \`$0 --help' for more information." 1>&2 exit 1 ;; --basedir) basedir=$2 shift 2 ;; -h|--h*) cat <<\EOF Usage: ylwrap [--help|--version] INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]... Wrapper for lex/yacc invocations, renaming files as desired. INPUT is the input file OUTPUT is one file PROG generates DESIRED is the file we actually want instead of OUTPUT PROGRAM is program to run ARGS are passed to PROG Any number of OUTPUT,DESIRED pairs may be used. Report bugs to . EOF exit $? ;; -v|--v*) echo "ylwrap $scriptversion" exit $? ;; esac # The input. input="$1" shift case "$input" in [\\/]* | ?:[\\/]*) # Absolute path; do nothing. ;; *) # Relative path. Make it absolute. input="`pwd`/$input" ;; esac pairlist= while test "$#" -ne 0; do if test "$1" = "--"; then shift break fi pairlist="$pairlist $1" shift done # The program to run. prog="$1" shift # Make any relative path in $prog absolute. case "$prog" in [\\/]* | ?:[\\/]*) ;; *[\\/]*) prog="`pwd`/$prog" ;; esac # FIXME: add hostname here for parallel makes that run commands on # other machines. But that might take us over the 14-char limit. dirname=ylwrap$$ trap "cd '`pwd`'; rm -rf $dirname > /dev/null 2>&1" 1 2 3 15 mkdir $dirname || exit 1 cd $dirname case $# in 0) "$prog" "$input" ;; *) "$prog" "$@" "$input" ;; esac ret=$? if test $ret -eq 0; then set X $pairlist shift first=yes # Since DOS filename conventions don't allow two dots, # the DOS version of Bison writes out y_tab.c instead of y.tab.c # and y_tab.h instead of y.tab.h. Test to see if this is the case. y_tab_nodot="no" if test -f y_tab.c || test -f y_tab.h; then y_tab_nodot="yes" fi # The directory holding the input. input_dir=`echo "$input" | sed -e 's,\([\\/]\)[^\\/]*$,\1,'` # Quote $INPUT_DIR so we can use it in a regexp. # FIXME: really we should care about more than `.' and `\'. input_rx=`echo "$input_dir" | sed 's,\\\\,\\\\\\\\,g;s,\\.,\\\\.,g'` while test "$#" -ne 0; do from="$1" # Handle y_tab.c and y_tab.h output by DOS if test $y_tab_nodot = "yes"; then if test $from = "y.tab.c"; then from="y_tab.c" else if test $from = "y.tab.h"; then from="y_tab.h" fi fi fi if test -f "$from"; then # If $2 is an absolute path name, then just use that, # otherwise prepend `../'. case "$2" in [\\/]* | ?:[\\/]*) target="$2";; *) target="../$2";; esac # We do not want to overwrite a header file if it hasn't # changed. This avoid useless recompilations. However the # parser itself (the first file) should always be updated, # because it is the destination of the .y.c rule in the # Makefile. Divert the output of all other files to a temporary # file so we can compare them to existing versions. if test $first = no; then realtarget="$target" target="tmp-`echo $target | sed s/.*[\\/]//g`" fi # Edit out `#line' or `#' directives. # # We don't want the resulting debug information to point at # an absolute srcdir; it is better for it to just mention the # .y file with no path. # # We want to use the real output file name, not yy.lex.c for # instance. # # We want the include guards to be adjusted too. FROM=`echo "$from" | sed \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'\ -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'` TARGET=`echo "$2" | sed \ -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'\ -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g'` sed -e "/^#/!b" -e "s,$input_rx,," -e "s,$from,$2," \ -e "s,$FROM,$TARGET," "$from" >"$target" || ret=$? # Check whether header files must be updated. if test $first = no; then if test -f "$realtarget" && cmp -s "$realtarget" "$target"; then echo "$2" is unchanged rm -f "$target" else echo updating "$2" mv -f "$target" "$realtarget" fi fi else # A missing file is only an error for the first file. This # is a blatant hack to let us support using "yacc -d". If -d # is not specified, we don't want an error when the header # file is "missing". if test $first = yes; then ret=1 fi fi shift shift first=no done else ret=$? fi # Remove the directory. cd .. rm -rf $dirname exit $ret # Local Variables: # mode: shell-script # sh-indentation: 2 # eval: (add-hook 'write-file-hooks 'time-stamp) # time-stamp-start: "scriptversion=" # time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-time-zone: "UTC" # time-stamp-end: "; # UTC" # End: pam/conf/0000755000000000000000000000000013261244762007455 5ustar pam/conf/Makefile.am0000644000000000000000000000012313261244762011505 0ustar SUBDIRS = pam_conv1 CLEANFILES = *~ EXTRA_DIST = install_conf md5itall pam.conf pam/conf/Makefile.in0000644000000000000000000004462013261244762011530 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = conf DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = pam_conv1 CLEANFILES = *~ EXTRA_DIST = install_conf md5itall pam.conf all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu conf/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/conf/install_conf0000755000000000000000000000124513261244762012060 0ustar #!/bin/sh CONFILE="$FAKEROOT"$CONFIGED/pam.conf IGNORE_AGE=./.ignore_age CONF=./pam.conf echo if [ -f "$IGNORE_AGE" ]; then echo "you don't want to be bothered with the age of your $CONFILE file" yes="n" elif [ ! -f "$CONFILE" ] || [ "$CONF" -nt "$CONFILE" ]; then if [ -f "$CONFILE" ]; then echo "\ An older Linux-PAM configuration file already exists ($CONFILE)" WRITE=overwrite fi echo -n "\ Do you wish to copy the $CONF file in this distribution to $CONFILE ? (y/n) [n] " read yes else yes=n fi if [ "$yes" = "y" ]; then echo " copying $CONF to $CONFILE" cp $CONF $CONFILE else touch "$IGNORE_AGE" echo " Skipping $CONF installation" fi echo exit 0 pam/conf/md5itall0000755000000000000000000000174113261244762011121 0ustar #!/bin/bash # # $Id$ # # Created by Andrew G. Morgan (morgan@parc.power.net) # MD5SUM=md5sum CHKFILE1=./.md5sum CHKFILE2=./.md5sum-new which $MD5SUM > /dev/null result=$? if [ -x "$MD5SUM" ] || [ $result -eq 0 ]; then rm -f $CHKFILE2 echo -n "computing md5 checksums." for x in `cat ../.filelist` ; do (cd ../.. ; $MD5SUM $x) >> $CHKFILE2 echo -n "." done echo if [ -f "$CHKFILE1" ]; then echo "\ ---> Note, since the last \`make check', the following file(s) have changed: ===========================================================================" diff $CHKFILE1 $CHKFILE2 if [ $? -eq 0 ]; then echo "\ --------------------------- Nothing has changed ---------------------------" fi echo "\ ===========================================================================" fi rm -f "$CHKFILE1" mv "$CHKFILE2" "$CHKFILE1" chmod 400 "$CHKFILE1" else echo "\ Please install \`$MD5SUM'. [It is used to check the integrity of this distribution] ---> no check done." fi pam/conf/pam.conf0000644000000000000000000001041413261244762011101 0ustar # ---------------------------------------------------------------------------# # /etc/pam.conf # # # # Last modified by Andrew G. Morgan # # ---------------------------------------------------------------------------# # $Id$ # ---------------------------------------------------------------------------# # serv. module ctrl module [path] ...[args..] # # name type flag # # ---------------------------------------------------------------------------# # # The PAM configuration file for the `chfn' service # chfn auth required pam_unix.so chfn account required pam_unix.so chfn password required pam_cracklib.so retry=3 chfn password required pam_unix.so shadow md5 use_authtok # # The PAM configuration file for the `chsh' service # chsh auth required pam_unix.so chsh account required pam_unix.so chsh password required pam_cracklib.so retry=3 chsh password required pam_unix.so shadow md5 use_authtok # # The PAM configuration file for the `ftp' service # ftp auth requisite pam_listfile.so \ item=user sense=deny file=/etc/ftpusers onerr=succeed ftp auth requisite pam_shells.so ftp auth required pam_unix.so ftp account required pam_unix.so # # The PAM configuration file for the `imap' service # imap auth required pam_unix.so imap account required pam_unix.so # # The PAM configuration file for the `login' service # login auth requisite pam_securetty.so login auth required pam_unix.so login auth optional pam_group.so login account requisite pam_time.so login account required pam_unix.so login password required pam_cracklib.so retry=3 login password required pam_unix.so shadow md5 use_authtok login session required pam_unix.so # # The PAM configuration file for the `netatalk' service # netatalk auth required pam_unix.so netatalk account required pam_unix.so # # The PAM configuration file for the `other' service # other auth required pam_deny.so other auth required pam_warn.so other account required pam_deny.so other password required pam_deny.so other password required pam_warn.so other session required pam_deny.so # # The PAM configuration file for the `passwd' service # passwd password requisite pam_cracklib.so retry=3 passwd password required pam_unix.so shadow md5 use_authtok # # The PAM configuration file for the `rexec' service # rexec auth requisite pam_securetty.so rexec auth requisite pam_nologin.so rexec auth sufficient pam_rhosts_auth.so rexec auth required pam_unix.so rexec account required pam_unix.so rexec session required pam_unix.so rexec session required pam_limits.so # # The PAM configuration file for the `rlogin' service # this application passes control to `login' if it fails # rlogin auth requisite pam_securetty.so rlogin auth requisite pam_nologin.so rlogin auth required pam_rhosts_auth.so rlogin account required pam_unix.so rlogin password required pam_cracklib.so retry=3 rlogin password required pam_unix.so shadow md5 use_authtok rlogin session required pam_unix.so rlogin session required pam_limits.so # # The PAM configuration file for the `rsh' service # rsh auth requisite pam_securetty.so rsh auth requisite pam_nologin.so rsh auth sufficient pam_rhosts_auth.so rsh auth required pam_unix.so rsh account required pam_unix.so rsh session required pam_unix.so rsh session required pam_limits.so # # The PAM configuration file for the `samba' service # samba auth required pam_unix.so samba account required pam_unix.so # # The PAM configuration file for the `su' service # su auth required pam_wheel.so su auth sufficient pam_rootok.so su auth required pam_unix.so su account required pam_unix.so su session required pam_unix.so # # The PAM configuration file for the `vlock' service # vlock auth required pam_unix.so # # The PAM configuration file for the `xdm' service # xdm auth required pam_unix.so xdm account required pam_unix.so # # The PAM configuration file for the `xlock' service # xlock auth required pam_unix.so pam/conf/pam_conv1/0000755000000000000000000000000013261244762011340 5ustar pam/conf/pam_conv1/Makefile.am0000644000000000000000000000036413261244762013377 0ustar # # Copyright (c) 2005 Thorsten Kukuk # CLEANFILES = *~ EXTRA_DIST = README AM_YFLAGS = -d BUILT_SOURCES = pam_conv_y.h noinst_PROGRAMS = pam_conv1 pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y pam_conv1_LDADD = @LEXLIB@ pam/conf/pam_conv1/Makefile.in0000644000000000000000000004174713261244762013422 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = pam_conv1$(EXEEXT) subdir = conf/pam_conv1 DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in \ pam_conv_l.c pam_conv_y.c pam_conv_y.h ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_pam_conv1_OBJECTS = pam_conv_l.$(OBJEXT) pam_conv_y.$(OBJEXT) pam_conv1_OBJECTS = $(am_pam_conv1_OBJECTS) pam_conv1_DEPENDENCIES = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS) LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) YLWRAP = $(top_srcdir)/build-aux/ylwrap YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) SOURCES = $(pam_conv1_SOURCES) DIST_SOURCES = $(pam_conv1_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ EXTRA_DIST = README AM_YFLAGS = -d BUILT_SOURCES = pam_conv_y.h pam_conv1_SOURCES = pam_conv_l.l pam_conv_y.y pam_conv1_LDADD = @LEXLIB@ all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .l .lo .o .obj .y $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu conf/pam_conv1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu conf/pam_conv1/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list pam_conv_y.h: pam_conv_y.c @if test ! -f $@; then \ rm -f pam_conv_y.c; \ $(MAKE) $(AM_MAKEFLAGS) pam_conv_y.c; \ else :; fi pam_conv1$(EXEEXT): $(pam_conv1_OBJECTS) $(pam_conv1_DEPENDENCIES) @rm -f pam_conv1$(EXEEXT) $(LINK) $(pam_conv1_OBJECTS) $(pam_conv1_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_conv_l.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_conv_y.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) .y.c: $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(PROGRAMS) installdirs: install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -rm -f pam_conv_l.c -rm -f pam_conv_y.c -rm -f pam_conv_y.h -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/conf/pam_conv1/README0000644000000000000000000000043213261244762012217 0ustar This directory contains a untility to convert pam.conf files to a pam.d/ tree. The conversion program takes pam.conf from the standard input and creates the pam.d/ directory in the current directory. The program will fail if ./pam.d/ already exists. Andrew Morgan, February 1997 pam/conf/pam_conv1/pam_conv_l.c0000644000000000000000000013012713261244762013625 0ustar #line 3 "pam_conv_l.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ #include #include #include #include /* end standard C headers. */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; #endif /* ! C99 */ /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #endif /* ! FLEXINT_H */ #ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ /* C99 requires __STDC__ to be defined as 1. */ #if defined (__STDC__) #define YY_USE_CONST #endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, (yytext_ptr) ) #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart (FILE *input_file ); void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); void yy_delete_buffer (YY_BUFFER_STATE b ); void yy_flush_buffer (YY_BUFFER_STATE b ); void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); void yypop_buffer_state (void ); static void yyensure_buffer_stack (void ); static void yy_load_buffer_state (void ); static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); #define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ typedef unsigned char YY_CHAR; FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; int yylineno = 1; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state (void ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); static int yy_get_next_buffer (void ); static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ yyleng = (size_t) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 6 #define YY_END_OF_BUFFER 7 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static yyconst flex_int16_t yy_accept[21] = { 0, 0, 0, 7, 3, 4, 5, 1, 3, 3, 3, 4, 1, 1, 1, 3, 2, 3, 1, 1, 0 } ; static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst flex_int32_t yy_meta[6] = { 0, 1, 2, 3, 1, 1 } ; static yyconst flex_int16_t yy_base[24] = { 0, 0, 0, 26, 20, 0, 27, 5, 10, 19, 20, 0, 0, 0, 15, 0, 27, 0, 0, 0, 27, 17, 6, 20 } ; static yyconst flex_int16_t yy_def[24] = { 0, 20, 1, 20, 21, 22, 20, 20, 20, 21, 8, 22, 7, 23, 20, 9, 20, 10, 7, 14, 0, 20, 20, 20 } ; static yyconst flex_int16_t yy_nxt[33] = { 0, 4, 5, 6, 7, 8, 12, 13, 11, 12, 14, 15, 9, 16, 15, 17, 18, 12, 9, 18, 19, 13, 13, 20, 10, 10, 20, 3, 20, 20, 20, 20, 20 } ; static yyconst flex_int16_t yy_chk[33] = { 0, 1, 1, 1, 1, 1, 7, 7, 22, 7, 7, 8, 8, 8, 8, 8, 14, 14, 21, 14, 14, 23, 23, 10, 9, 4, 3, 20, 20, 20, 20, 20, 20 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; extern int yy_flex_debug; int yy_flex_debug = 0; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "pam_conv_l.l" #line 3 "pam_conv_l.l" /* * $Id$ * * Copyright (c) Andrew G. Morgan 1997 * * This file is covered by the Linux-PAM License (which should be * distributed with this file.) */ static const char lexid[]= "$Id$\n" "Copyright (c) Andrew G. Morgan 1997 \n"; #ifdef HAVE_CONFIG_H # include #endif #include #include "pam_conv_y.h" extern int current_line; #line 483 "pam_conv_l.c" #define INITIAL 0 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ #include #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif static int yy_init_globals (void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy (void ); int yyget_debug (void ); void yyset_debug (int debug_flag ); YY_EXTRA_TYPE yyget_extra (void ); void yyset_extra (YY_EXTRA_TYPE user_defined ); FILE *yyget_in (void ); void yyset_in (FILE * in_str ); FILE *yyget_out (void ); void yyset_out (FILE * out_str ); int yyget_leng (void ); char *yyget_text (void ); int yyget_lineno (void ); void yyset_lineno (int line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap (void ); #else extern int yywrap (void ); #endif #endif static void yyunput (int c,char *buf_ptr ); #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void ); #else static int input (void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #define YY_READ_BUF_SIZE 8192 #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else \ { \ errno=0; \ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ } \ }\ \ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* end tables serialization structures and prototypes */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 extern int yylex (void); #define YY_DECL int yylex (void) #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ YY_USER_ACTION /** The main scanner function which does all the work. */ YY_DECL { register yy_state_type yy_current_state; register char *yy_cp, *yy_bp; register int yy_act; #line 27 "pam_conv_l.l" #line 668 "pam_conv_l.c" if ( !(yy_init) ) { (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! (yy_start) ) (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { yy_cp = (yy_c_buf_p); /* Support of yytext. */ *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 21 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 27 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = (yy_hold_char); yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP #line 29 "pam_conv_l.l" ; /* skip comments (sorry) */ YY_BREAK case 2: /* rule 2 can match eol */ YY_RULE_SETUP #line 31 "pam_conv_l.l" { ++current_line; } YY_BREAK case 3: YY_RULE_SETUP #line 35 "pam_conv_l.l" { return TOK; } YY_BREAK case 4: YY_RULE_SETUP #line 39 "pam_conv_l.l" ; /* Ignore */ YY_BREAK case YY_STATE_EOF(INITIAL): #line 41 "pam_conv_l.l" { return EOFILE; } YY_BREAK case 5: /* rule 5 can match eol */ YY_RULE_SETUP #line 45 "pam_conv_l.l" { ++current_line; return NL; } YY_BREAK case 6: YY_RULE_SETUP #line 50 "pam_conv_l.l" ECHO; YY_BREAK #line 796 "pam_conv_l.c" case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = (yy_c_buf_p); goto yy_find_action; } } else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { (yy_did_buffer_switch_on_eof) = 0; if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: (yy_c_buf_p) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer (void) { register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); } (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state (void) { register yy_state_type yy_current_state; register char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 21 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { register int yy_is_jam; register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 21 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 20); return yy_is_jam ? 0 : yy_current_state; } static void yyunput (int c, register char * yy_bp ) { register char *yy_cp; yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ *yy_cp = (yy_hold_char); if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ register int number_to_move = (yy_n_chars) + 2; register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; (yytext_ptr) = yy_bp; (yy_hold_char) = *yy_cp; (yy_c_buf_p) = yy_cp; } #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) #else static int input (void) #endif { int c; *(yy_c_buf_p) = (yy_hold_char); if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ *(yy_c_buf_p) = '\0'; else { /* need more input */ int offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart(yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( ) ) return EOF; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ *(yy_c_buf_p) = '\0'; /* preserve yytext */ (yy_hold_char) = *++(yy_c_buf_p); return c; } #endif /* ifndef YY_NO_INPUT */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * * @note This function does not reset the start condition to @c INITIAL . */ void yyrestart (FILE * input_file ) { if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_init_buffer(YY_CURRENT_BUFFER,input_file ); yy_load_buffer_state( ); } /** Switch to a different input buffer. * @param new_buffer The new input buffer. * */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) { /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ (yy_did_buffer_switch_on_eof) = 1; } static void yy_load_buffer_state (void) { (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; (yy_hold_char) = *(yy_c_buf_p); } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * * @return the allocated buffer state. */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer(b,file ); return b; } /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * */ void yy_delete_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree((void *) b->yy_ch_buf ); yyfree((void *) b ); } #ifndef __cplusplus extern int isatty (int ); #endif /* __cplusplus */ /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) { int oerrno = errno; yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * */ void yy_flush_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) { if (new_buffer == NULL) return; yyensure_buffer_stack(); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) (yy_buffer_stack_top)++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * */ void yypop_buffer_state (void) { if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; if ((yy_buffer_stack_top) > 0) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ static void yyensure_buffer_stack (void) { int num_to_alloc; if (!(yy_buffer_stack)) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; } if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ int grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; } } /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer(b ); return b; } /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) { return yy_scan_bytes(yystr,strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param bytes the byte buffer to scan * @param len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif static void yy_fatal_error (yyconst char* msg ) { (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ (yy_hold_char) = *(yy_c_buf_p); \ *(yy_c_buf_p) = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /** Get the current line number. * */ int yyget_lineno (void) { return yylineno; } /** Get the input stream. * */ FILE *yyget_in (void) { return yyin; } /** Get the output stream. * */ FILE *yyget_out (void) { return yyout; } /** Get the length of the current token. * */ int yyget_leng (void) { return yyleng; } /** Get the current token. * */ char *yyget_text (void) { return yytext; } /** Set the current line number. * @param line_number * */ void yyset_lineno (int line_number ) { yylineno = line_number; } /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. * * @see yy_switch_to_buffer */ void yyset_in (FILE * in_str ) { yyin = in_str ; } void yyset_out (FILE * out_str ) { yyout = out_str ; } int yyget_debug (void) { return yy_flex_debug; } void yyset_debug (int bdebug ) { yy_flex_debug = bdebug ; } static int yy_init_globals (void) { /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ (yy_buffer_stack) = 0; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; (yy_c_buf_p) = (char *) 0; (yy_init) = 0; (yy_start) = 0; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = (FILE *) 0; yyout = (FILE *) 0; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (void) { /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } /* Destroy the stack itself. */ yyfree((yy_buffer_stack) ); (yy_buffer_stack) = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( ); return 0; } /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s ) { register int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size ) { return (void *) malloc( size ); } void *yyrealloc (void * ptr, yy_size_t size ) { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); } void yyfree (void * ptr ) { free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" #line 50 "pam_conv_l.l" pam/conf/pam_conv1/pam_conv_l.l0000644000000000000000000000122413261244762013631 0ustar %{ /* * $Id$ * * Copyright (c) Andrew G. Morgan 1997 * * This file is covered by the Linux-PAM License (which should be * distributed with this file.) */ static const char lexid[]= "$Id$\n" "Copyright (c) Andrew G. Morgan 1997 \n"; #ifdef HAVE_CONFIG_H # include #endif #include #include "pam_conv_y.h" extern int current_line; %} %% "#"[^\n]* ; /* skip comments (sorry) */ "\\\n" { ++current_line; } ([^\n\t ]|[\\][^\n])+ { return TOK; } [ \t]+ ; /* Ignore */ <> { return EOFILE; } [\n] { ++current_line; return NL; } %% pam/conf/pam_conv1/pam_conv_y.c0000644000000000000000000012742713261244762013653 0ustar /* A Bison parser, made by GNU Bison 2.3. */ /* Skeleton implementation for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output. */ #define YYBISON 1 /* Bison version. */ #define YYBISON_VERSION "2.3" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 0 /* Using locations. */ #define YYLSP_NEEDED 0 /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { NL = 258, EOFILE = 259, TOK = 260 }; #endif /* Tokens. */ #define NL 258 #define EOFILE 259 #define TOK 260 /* Copy the first part of user declarations. */ #line 1 "pam_conv_y.y" /* * $Id$ * * Copyright (c) Andrew G. Morgan 1997 * * This file is covered by the Linux-PAM License (which should be * distributed with this file.) */ static const char bisonid[]= "$Id$\n" "Copyright (c) Andrew G. Morgan 1997-8 \n"; #ifdef HAVE_CONFIG_H # include #endif #include #include #include #include #include #include extern int yylex(void); int current_line=1; extern char *yytext; /* XXX - later we'll change this to be the specific conf file(s) */ #define newpamf stderr #define PAM_D "./pam.d" #define PAM_D_MODE 0755 #define PAM_D_MAGIC_HEADER \ "#%%PAM-1.0\n" \ "#[For version 1.0 syntax, the above header is optional]\n" #define PAM_D_FILE_FMT PAM_D "/%s" const char *old_to_new_ctrl_flag(const char *old); void yyerror(const char *format, ...); /* Enabling traces. */ #ifndef YYDEBUG # define YYDEBUG 0 #endif /* Enabling verbose error messages. */ #ifdef YYERROR_VERBOSE # undef YYERROR_VERBOSE # define YYERROR_VERBOSE 1 #else # define YYERROR_VERBOSE 0 #endif /* Enabling the token table. */ #ifndef YYTOKEN_TABLE # define YYTOKEN_TABLE 0 #endif #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE #line 47 "pam_conv_y.y" { int def; char *string; } /* Line 187 of yacc.c. */ #line 157 "pam_conv_y.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 #endif /* Copy the second part of user declarations. */ /* Line 216 of yacc.c. */ #line 170 "pam_conv_y.c" #ifdef short # undef short #endif #ifdef YYTYPE_UINT8 typedef YYTYPE_UINT8 yytype_uint8; #else typedef unsigned char yytype_uint8; #endif #ifdef YYTYPE_INT8 typedef YYTYPE_INT8 yytype_int8; #elif (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) typedef signed char yytype_int8; #else typedef short int yytype_int8; #endif #ifdef YYTYPE_UINT16 typedef YYTYPE_UINT16 yytype_uint16; #else typedef unsigned short int yytype_uint16; #endif #ifdef YYTYPE_INT16 typedef YYTYPE_INT16 yytype_int16; #else typedef short int yytype_int16; #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned int # endif #endif #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) #ifndef YY_ # if YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(msgid) dgettext ("bison-runtime", msgid) # endif # endif # ifndef YY_ # define YY_(msgid) msgid # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(e) ((void) (e)) #else # define YYUSE(e) /* empty */ #endif /* Identity function, used to suppress warnings about constant conditions. */ #ifndef lint # define YYID(n) (n) #else #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static int YYID (int i) #else static int YYID (i) int i; #endif { return i; } #endif #if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined _STDLIB_H \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* ! defined yyoverflow || YYERROR_VERBOSE */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yytype_int16 yyss; YYSTYPE yyvs; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else # define YYCOPY(To, From, Count) \ do \ { \ YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ while (YYID (0)) # endif # endif /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack) \ do \ { \ YYSIZE_T yynewbytes; \ YYCOPY (&yyptr->Stack, Stack, yysize); \ Stack = &yyptr->Stack; \ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ while (YYID (0)) #endif /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 13 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 6 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 6 /* YYNRULES -- Number of rules. */ #define YYNRULES 11 /* YYNRULES -- Number of states. */ #define YYNSTATES 17 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 #define YYMAXUTOK 260 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ static const yytype_uint8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5 }; #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ static const yytype_uint8 yyprhs[] = { 0, 0, 3, 4, 7, 10, 13, 20, 23, 24, 27, 29 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yytype_int8 yyrhs[] = { 7, 0, -1, -1, 7, 3, -1, 7, 8, -1, 7, 4, -1, 11, 11, 11, 10, 9, 3, -1, 1, 3, -1, -1, 9, 11, -1, 5, -1, 5, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { 0, 60, 60, 62, 63, 64, 70, 134, 140, 143, 159, 165 }; #endif #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "$end", "error", "$undefined", "NL", "EOFILE", "TOK", "$accept", "complete", "line", "tokenls", "path", "tok", 0 }; #endif # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ static const yytype_uint16 yytoknum[] = { 0, 256, 257, 258, 259, 260 }; # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint8 yyr1[] = { 0, 6, 7, 7, 7, 7, 8, 8, 9, 9, 10, 11 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 2, 2, 6, 2, 0, 2, 1, 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state STATE-NUM when YYTABLE doesn't specify something else to do. Zero means the default is an error. */ static const yytype_uint8 yydefact[] = { 2, 0, 1, 0, 3, 5, 11, 4, 0, 7, 0, 0, 10, 8, 0, 6, 9 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 1, 7, 14, 13, 8 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ #define YYPACT_NINF -9 static const yytype_int8 yypact[] = { -9, 4, -9, 7, -9, -9, -9, -9, 6, -9, 6, 8, -9, -9, -2, -9, -9 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -9, -9, -9, -9, -9, -8 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -1 static const yytype_uint8 yytable[] = { 10, 15, 11, 6, 2, 3, 16, 4, 5, 6, 9, 6, 0, 12 }; static const yytype_int8 yycheck[] = { 8, 3, 10, 5, 0, 1, 14, 3, 4, 5, 3, 5, -1, 5 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { 0, 7, 0, 1, 3, 4, 5, 8, 11, 3, 11, 11, 5, 10, 9, 3, 11 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) #define YYEOF 0 #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab /* Like YYERROR except do call yyerror. This remains here temporarily to ease the transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ #define YYFAIL goto yyerrlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY && yylen == 1) \ { \ yychar = (Token); \ yylval = (Value); \ yytoken = YYTRANSLATE (yychar); \ YYPOPSTACK (1); \ goto yybackup; \ } \ else \ { \ yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (YYID (0)) #define YYTERROR 1 #define YYERRCODE 256 /* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. If N is 0, then set CURRENT to the empty location which ends the previous symbol: RHS[0] (always defined). */ #define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT # define YYLLOC_DEFAULT(Current, Rhs, N) \ do \ if (YYID (N)) \ { \ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ } \ else \ { \ (Current).first_line = (Current).last_line = \ YYRHSLOC (Rhs, 0).last_line; \ (Current).first_column = (Current).last_column = \ YYRHSLOC (Rhs, 0).last_column; \ } \ while (YYID (0)) #endif /* YY_LOCATION_PRINT -- Print the location on the stream. This macro was not mandated originally: define only if we know we won't break user code: when these are the locations we know. */ #ifndef YY_LOCATION_PRINT # if YYLTYPE_IS_TRIVIAL # define YY_LOCATION_PRINT(File, Loc) \ fprintf (File, "%d.%d-%d.%d", \ (Loc).first_line, (Loc).first_column, \ (Loc).last_line, (Loc).last_column) # else # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif #endif /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM # define YYLEX yylex (YYLEX_PARAM) #else # define YYLEX yylex () #endif /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (YYID (0)) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (YYID (0)) /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) #else static void yy_symbol_value_print (yyoutput, yytype, yyvaluep) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; #endif { if (!yyvaluep) return; # ifdef YYPRINT if (yytype < YYNTOKENS) YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); # else YYUSE (yyoutput); # endif switch (yytype) { default: break; } } /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) #else static void yy_symbol_print (yyoutput, yytype, yyvaluep) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; #endif { if (yytype < YYNTOKENS) YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); yy_symbol_value_print (yyoutput, yytype, yyvaluep); YYFPRINTF (yyoutput, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) #else static void yy_stack_print (bottom, top) yytype_int16 *bottom; yytype_int16 *top; #endif { YYFPRINTF (stderr, "Stack now"); for (; bottom <= top; ++bottom) YYFPRINTF (stderr, " %d", *bottom); YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (YYID (0)) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_reduce_print (YYSTYPE *yyvsp, int yyrule) #else static void yy_reduce_print (yyvsp, yyrule) YYSTYPE *yyvsp; int yyrule; #endif { int yynrhs = yyr2[yyrule]; int yyi; unsigned long int yylno = yyrline[yyrule]; YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { fprintf (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], &(yyvsp[(yyi + 1) - (yynrhs)]) ); fprintf (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyvsp, Rule); \ } while (YYID (0)) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif #if YYERROR_VERBOSE # ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen strlen # else /* Return the length of YYSTR. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static YYSIZE_T yystrlen (const char *yystr) #else static YYSIZE_T yystrlen (yystr) const char *yystr; #endif { YYSIZE_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif # endif # ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) #else static char * yystpcpy (yydest, yysrc) char *yydest; const char *yysrc; #endif { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif # endif # ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYSIZE_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYSIZE_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; /* Fall through. */ default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (! yyres) return yystrlen (yystr); return yystpcpy (yyres, yystr) - yyres; } # endif /* Copy into YYRESULT an error message about the unexpected token YYCHAR while in state YYSTATE. Return the number of bytes copied, including the terminating null byte. If YYRESULT is null, do not copy anything; just return the number of bytes that would be copied. As a special case, return 0 if an ordinary "syntax error" message will do. Return YYSIZE_MAXIMUM if overflow occurs during size calculation. */ static YYSIZE_T yysyntax_error (char *yyresult, int yystate, int yychar) { int yyn = yypact[yystate]; if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) return 0; else { int yytype = YYTRANSLATE (yychar); YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); YYSIZE_T yysize = yysize0; YYSIZE_T yysize1; int yysize_overflow = 0; enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; int yyx; # if 0 /* This is so xgettext sees the translatable formats that are constructed on the fly. */ YY_("syntax error, unexpected %s"); YY_("syntax error, unexpected %s, expecting %s"); YY_("syntax error, unexpected %s, expecting %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); # endif char *yyfmt; char const *yyf; static char const yyunexpected[] = "syntax error, unexpected %s"; static char const yyexpecting[] = ", expecting %s"; static char const yyor[] = " or %s"; char yyformat[sizeof yyunexpected + sizeof yyexpecting - 1 + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) * (sizeof yyor - 1))]; char const *yyprefix = yyexpecting; /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yycount = 1; yyarg[0] = yytname[yytype]; yyfmt = yystpcpy (yyformat, yyunexpected); for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) { yycount = 1; yysize = yysize0; yyformat[sizeof yyunexpected - 1] = '\0'; break; } yyarg[yycount++] = yytname[yyx]; yysize1 = yysize + yytnamerr (0, yytname[yyx]); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; yyfmt = yystpcpy (yyfmt, yyprefix); yyprefix = yyor; } yyf = YY_(yyformat); yysize1 = yysize + yystrlen (yyf); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; if (yysize_overflow) return YYSIZE_MAXIMUM; if (yyresult) { /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ char *yyp = yyresult; int yyi = 0; while ((*yyp = *yyf) != '\0') { if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yyarg[yyi++]); yyf += 2; } else { yyp++; yyf++; } } } return yysize; } } #endif /* YYERROR_VERBOSE */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void yydestruct (yymsg, yytype, yyvaluep) const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif { YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); switch (yytype) { default: break; } } /* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM #if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); #else int yyparse (); #endif #else /* ! YYPARSE_PARAM */ #if defined __STDC__ || defined __cplusplus int yyparse (void); #else int yyparse (); #endif #endif /* ! YYPARSE_PARAM */ /* The look-ahead symbol. */ int yychar; /* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ int yynerrs; /*----------. | yyparse. | `----------*/ #ifdef YYPARSE_PARAM #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (void *YYPARSE_PARAM) #else int yyparse (YYPARSE_PARAM) void *YYPARSE_PARAM; #endif #else /* ! YYPARSE_PARAM */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (void) #else int yyparse () #endif #endif { int yystate; int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; #if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYSIZE_T yymsg_alloc = sizeof yymsgbuf; #endif /* Three stacks and their tools: `yyss': related to states, `yyvs': related to semantic values, `yyls': related to locations. Refer to the stacks thru separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* The state stack. */ yytype_int16 yyssa[YYINITDEPTH]; yytype_int16 *yyss = yyssa; yytype_int16 *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; YYSTYPE *yyvsp; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) YYSIZE_T yystacksize = YYINITDEPTH; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); yystate = 0; yyerrstatus = 0; yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ /* Initialize stack pointers. Waste one element of value and location stack so that they stay on the same level as the state stack. The wasted elements are never initialized. */ yyssp = yyss; yyvsp = yyvs; goto yysetstate; /*------------------------------------------------------------. | yynewstate -- Push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; yysetstate: *yyssp = yystate; if (yyss + yystacksize - 1 <= yyssp) { /* Get the current used size of the three stacks, in elements. */ YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE goto yyexhaustedlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif #endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YYDPRINTF ((stderr, "Stack size increased to %lu\n", (unsigned long int) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } YYDPRINTF ((stderr, "Entering state %d\n", yystate)); goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a look-ahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; /* Not known => get a look-ahead token if don't already have one. */ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); yychar = YYLEX; } if (yychar <= YYEOF) { yychar = yytoken = YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yyn == 0 || yyn == YYTABLE_NINF) goto yyerrlab; yyn = -yyn; goto yyreduce; } if (yyn == YYFINAL) YYACCEPT; /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the look-ahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the shifted token unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; yystate = yyn; *++yyvsp = yylval; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- Do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: `$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 5: #line 64 "pam_conv_y.y" { return 0; } break; case 6: #line 70 "pam_conv_y.y" { char *filename; FILE *conf; int i; /* make sure we have lower case */ for (i=0; (yyvsp[(1) - (6)].string)[i]; ++i) { (yyvsp[(1) - (6)].string)[i] = tolower((yyvsp[(1) - (6)].string)[i]); } /* $1 = service-name */ yyerror("Appending to " PAM_D "/%s", (yyvsp[(1) - (6)].string)); filename = malloc(strlen((yyvsp[(1) - (6)].string)) + sizeof(PAM_D) + 6); sprintf(filename, PAM_D_FILE_FMT, (yyvsp[(1) - (6)].string)); conf = fopen(filename, "r"); if (conf == NULL) { /* new file */ conf = fopen(filename, "w"); if (conf != NULL) { fprintf(conf, PAM_D_MAGIC_HEADER); fprintf(conf, "#\n" "# The PAM configuration file for the `%s' service\n" "#\n", (yyvsp[(1) - (6)].string)); } } else { fclose(conf); conf = fopen(filename, "a"); } if (conf == NULL) { yyerror("trouble opening %s - aborting", filename); exit(1); } free(filename); /* $2 = module-type */ fprintf(conf, "%-10s", (yyvsp[(2) - (6)].string)); free((yyvsp[(2) - (6)].string)); /* $3 = required etc. */ { const char *trans; trans = old_to_new_ctrl_flag((yyvsp[(3) - (6)].string)); free((yyvsp[(3) - (6)].string)); fprintf(conf, " %-10s", trans); } /* $4 = module-path */ fprintf(conf, " %s", (yyvsp[(4) - (6)].string)); free((yyvsp[(4) - (6)].string)); /* $5 = arguments */ if ((yyvsp[(5) - (6)].string) != NULL) { fprintf(conf, " \\\n\t\t%s", (yyvsp[(5) - (6)].string)); free((yyvsp[(5) - (6)].string)); } /* end line */ fprintf(conf, "\n"); fclose(conf); } break; case 7: #line 134 "pam_conv_y.y" { yyerror("malformed line"); } break; case 8: #line 140 "pam_conv_y.y" { (yyval.string)=NULL; } break; case 9: #line 143 "pam_conv_y.y" { int len; if ((yyvsp[(1) - (2)].string)) { len = strlen((yyvsp[(1) - (2)].string)) + strlen((yyvsp[(2) - (2)].string)) + 2; (yyval.string) = malloc(len); sprintf((yyval.string),"%s %s",(yyvsp[(1) - (2)].string),(yyvsp[(2) - (2)].string)); free((yyvsp[(1) - (2)].string)); free((yyvsp[(2) - (2)].string)); } else { (yyval.string) = (yyvsp[(2) - (2)].string); } } break; case 10: #line 159 "pam_conv_y.y" { /* XXX - this could be used to check if file present */ (yyval.string) = strdup(yytext); } break; case 11: #line 165 "pam_conv_y.y" { (yyval.string) = strdup(yytext); } break; /* Line 1267 of yacc.c. */ #line 1483 "pam_conv_y.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; /* Now `shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ yyn = yyr1[yyn]; yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; /*------------------------------------. | yyerrlab -- here on detecting error | `------------------------------------*/ yyerrlab: /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; #if ! YYERROR_VERBOSE yyerror (YY_("syntax error")); #else { YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) { YYSIZE_T yyalloc = 2 * yysize; if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) yyalloc = YYSTACK_ALLOC_MAXIMUM; if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = (char *) YYSTACK_ALLOC (yyalloc); if (yymsg) yymsg_alloc = yyalloc; else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; } } if (0 < yysize && yysize <= yymsg_alloc) { (void) yysyntax_error (yymsg, yystate, yychar); yyerror (yymsg); } else { yyerror (YY_("syntax error")); if (yysize != 0) goto yyexhaustedlab; } } #endif } if (yyerrstatus == 3) { /* If just tried and failed to reuse look-ahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; } } /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (/*CONSTCOND*/ 0) goto yyerrorlab; /* Do not reclaim the symbols of the rule which action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ for (;;) { yyn = yypact[yystate]; if (yyn != YYPACT_NINF) { yyn += YYTERROR; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yydestruct ("Error: popping", yystos[yystate], yyvsp); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } if (yyn == YYFINAL) YYACCEPT; *++yyvsp = yylval; /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #ifndef yyoverflow /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; /* Fall through. */ #endif yyreturn: if (yychar != YYEOF && yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); /* Do not reclaim the symbols of the rule which action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", yystos[*yyssp], yyvsp); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif #if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); #endif /* Make sure YYID is used. */ return YYID (yyresult); } #line 169 "pam_conv_y.y" const char *old_to_new_ctrl_flag(const char *old) { static const char *clist[] = { "requisite", "required", "sufficient", "optional", NULL, }; int i; for (i=0; clist[i]; ++i) { if (strcasecmp(clist[i], old) == 0) { break; } } return clist[i]; } void yyerror(const char *format, ...) { va_list args; fprintf(stderr, "line %d: ", current_line); va_start(args, format); vfprintf(stderr, format, args); va_end(args); fprintf(stderr, "\n"); } int main(void) { if (mkdir(PAM_D, PAM_D_MODE) != 0) { yyerror(PAM_D " already exists.. aborting"); exit(1); } yyparse(); exit(0); } pam/conf/pam_conv1/pam_conv_y.h0000644000000000000000000000435313261244762013650 0ustar /* A Bison parser, made by GNU Bison 2.3. */ /* Skeleton interface for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { NL = 258, EOFILE = 259, TOK = 260 }; #endif /* Tokens. */ #define NL 258 #define EOFILE 259 #define TOK 260 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE #line 47 "pam_conv_y.y" { int def; char *string; } /* Line 1489 of yacc.c. */ #line 64 "pam_conv_y.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 #endif extern YYSTYPE yylval; pam/conf/pam_conv1/pam_conv_y.y0000644000000000000000000000665213261244762013675 0ustar %{ /* * $Id$ * * Copyright (c) Andrew G. Morgan 1997 * * This file is covered by the Linux-PAM License (which should be * distributed with this file.) */ static const char bisonid[]= "$Id$\n" "Copyright (c) Andrew G. Morgan 1997-8 \n"; #ifdef HAVE_CONFIG_H # include #endif #include #include #include #include #include #include extern int yylex(void); int current_line=1; extern char *yytext; /* XXX - later we'll change this to be the specific conf file(s) */ #define newpamf stderr #define PAM_D "./pam.d" #define PAM_D_MODE 0755 #define PAM_D_MAGIC_HEADER \ "#%%PAM-1.0\n" \ "#[For version 1.0 syntax, the above header is optional]\n" #define PAM_D_FILE_FMT PAM_D "/%s" const char *old_to_new_ctrl_flag(const char *old); void yyerror(const char *format, ...); %} %union { int def; char *string; } %token NL EOFILE TOK %type tok path tokenls %start complete %% complete : | complete NL | complete line | complete EOFILE { return 0; } ; line : tok tok tok path tokenls NL { char *filename; FILE *conf; int i; /* make sure we have lower case */ for (i=0; $1[i]; ++i) { $1[i] = tolower($1[i]); } /* $1 = service-name */ yyerror("Appending to " PAM_D "/%s", $1); filename = malloc(strlen($1) + sizeof(PAM_D) + 6); sprintf(filename, PAM_D_FILE_FMT, $1); conf = fopen(filename, "r"); if (conf == NULL) { /* new file */ conf = fopen(filename, "w"); if (conf != NULL) { fprintf(conf, PAM_D_MAGIC_HEADER); fprintf(conf, "#\n" "# The PAM configuration file for the `%s' service\n" "#\n", $1); } } else { fclose(conf); conf = fopen(filename, "a"); } if (conf == NULL) { yyerror("trouble opening %s - aborting", filename); exit(1); } free(filename); /* $2 = module-type */ fprintf(conf, "%-10s", $2); free($2); /* $3 = required etc. */ { const char *trans; trans = old_to_new_ctrl_flag($3); free($3); fprintf(conf, " %-10s", trans); } /* $4 = module-path */ fprintf(conf, " %s", $4); free($4); /* $5 = arguments */ if ($5 != NULL) { fprintf(conf, " \\\n\t\t%s", $5); free($5); } /* end line */ fprintf(conf, "\n"); fclose(conf); } | error NL { yyerror("malformed line"); } ; tokenls : { $$=NULL; } | tokenls tok { int len; if ($1) { len = strlen($1) + strlen($2) + 2; $$ = malloc(len); sprintf($$,"%s %s",$1,$2); free($1); free($2); } else { $$ = $2; } } ; path : TOK { /* XXX - this could be used to check if file present */ $$ = strdup(yytext); } tok : TOK { $$ = strdup(yytext); } %% const char *old_to_new_ctrl_flag(const char *old) { static const char *clist[] = { "requisite", "required", "sufficient", "optional", NULL, }; int i; for (i=0; clist[i]; ++i) { if (strcasecmp(clist[i], old) == 0) { break; } } return clist[i]; } void yyerror(const char *format, ...) { va_list args; fprintf(stderr, "line %d: ", current_line); va_start(args, format); vfprintf(stderr, format, args); va_end(args); fprintf(stderr, "\n"); } int main(void) { if (mkdir(PAM_D, PAM_D_MODE) != 0) { yyerror(PAM_D " already exists.. aborting"); exit(1); } yyparse(); exit(0); } pam/config.h.in0000644000000000000000000002723013261244762010557 0ustar /* config.h.in. Generated from configure.in by autoheader. */ /* Define if building universal (internal helper macro) */ #undef AC_APPLE_UNIVERSAL_BUILD /* Define to 1 if translation of program messages to the user's native language is requested. */ #undef ENABLE_NLS /* Define to the type of elements in the array set by `getgroups'. Usually this is either `int' or `gid_t'. */ #undef GETGROUPS_T /* Define to 1 if struct audit_tty_status exists. */ #undef HAVE_AUDIT_TTY_STATUS /* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework. */ #undef HAVE_CFLOCALECOPYCURRENT /* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in the CoreFoundation framework. */ #undef HAVE_CFPREFERENCESCOPYAPPVALUE /* Define to 1 if you have the header file. */ #undef HAVE_CRACK_H /* Define to 1 if you have the `crypt_gensalt_r' function. */ #undef HAVE_CRYPT_GENSALT_R /* Define to 1 if you have the header file. */ #undef HAVE_CRYPT_H /* Define to 1 if you have the `crypt_r' function. */ #undef HAVE_CRYPT_R /* Define to 1 if you have the `dbm_store' function. */ #undef HAVE_DBM_STORE /* Define to 1 if you have the `db_create' function. */ #undef HAVE_DB_CREATE /* Define to 1 if you have the header file. */ #undef HAVE_DB_H /* Define if the GNU dcgettext() function is already present or preinstalled. */ #undef HAVE_DCGETTEXT /* Define to 1 if you have the declaration of `getrpcport', and to 0 if you don't. */ #undef HAVE_DECL_GETRPCPORT /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H /* Define to 1 if you have the header file. */ #undef HAVE_DLFCN_H /* Define to 1 if you have the `dngettext' function. */ #undef HAVE_DNGETTEXT /* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ #undef HAVE_DOPRNT /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Define to 1 if you have the `fseeko' function. */ #undef HAVE_FSEEKO /* Define to 1 if you have the `getdelim' function. */ #undef HAVE_GETDELIM /* Define to 1 if you have the `getdomainname' function. */ #undef HAVE_GETDOMAINNAME /* Define to 1 if you have the `getgrgid_r' function. */ #undef HAVE_GETGRGID_R /* Define to 1 if you have the `getgrnam_r' function. */ #undef HAVE_GETGRNAM_R /* Define to 1 if you have the `getgrouplist' function. */ #undef HAVE_GETGROUPLIST /* Define to 1 if you have the `gethostname' function. */ #undef HAVE_GETHOSTNAME /* Define to 1 if you have the `getline' function. */ #undef HAVE_GETLINE /* Define to 1 if you have the `getpwnam_r' function. */ #undef HAVE_GETPWNAM_R /* Define to 1 if you have the `getpwuid_r' function. */ #undef HAVE_GETPWUID_R /* Define to 1 if you have the `getseuser' function. */ #undef HAVE_GETSEUSER /* Define to 1 if you have the `getspnam_r' function. */ #undef HAVE_GETSPNAM_R /* Define if the GNU gettext() function is already present or preinstalled. */ #undef HAVE_GETTEXT /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the `getutent_r' function. */ #undef HAVE_GETUTENT_R /* Define if you have the iconv() function. */ #undef HAVE_ICONV /* Define to 1 if you have the `inet_ntop' function. */ #undef HAVE_INET_NTOP /* Define to 1 if you have the `inet_pton' function. */ #undef HAVE_INET_PTON /* Define to 1 if you have the header file. */ #undef HAVE_INITTYPES_H /* Define to 1 if you have the `innetgr' function. */ #undef HAVE_INNETGR /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Defined if the kernel key management facility is available */ #undef HAVE_KEY_MANAGEMENT /* Define to 1 if you have the header file. */ #undef HAVE_LASTLOG_H /* Define to 1 if you have the `lckpwdf' function. */ #undef HAVE_LCKPWDF /* Define to 1 if audit support should be compiled in. */ #undef HAVE_LIBAUDIT /* Define to 1 if you have cracklib. */ #undef HAVE_LIBCRACK /* Define to 1 if xcrypt support should be compiled in. */ #undef HAVE_LIBXCRYPT /* Define to 1 if you have the header file. */ #undef HAVE_LIMITS_H /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `mkdir' function. */ #undef HAVE_MKDIR /* Define to 1 if you have the header file. */ #undef HAVE_NDBM_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_NET_IF_H /* Define to 1 if you have the header file. */ #undef HAVE_PATHS_H /* Define to 1 if you have the header file. */ #undef HAVE_RPCSVC_YPCLNT_H /* Define to 1 if you have the header file. */ #undef HAVE_RPCSVC_YP_PROT_H /* Define to 1 if you have the header file. */ #undef HAVE_RPC_RPC_H /* Define to 1 if you have the `ruserok_af' function. */ #undef HAVE_RUSEROK_AF /* Define to 1 if you have the `select' function. */ #undef HAVE_SELECT /* Define to 1 if you have the `setkeycreatecon' function. */ #undef HAVE_SETKEYCREATECON /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strcspn' function. */ #undef HAVE_STRCSPN /* Define to 1 if you have the `strdup' function. */ #undef HAVE_STRDUP /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strspn' function. */ #undef HAVE_STRSPN /* Define to 1 if you have the `strstr' function. */ #undef HAVE_STRSTR /* Define to 1 if you have the `strtol' function. */ #undef HAVE_STRTOL /* Define to 1 if `log_passwd' is a member of `struct audit_tty_status'. */ #undef HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_DIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_FILE_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_FSUID_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_IOCTL_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define to 1 if you have the header file. */ #undef HAVE_TERMIO_H /* Define to 1 if you have the `uname' function. */ #undef HAVE_UNAME /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if you have the `unshare' function. */ #undef HAVE_UNSHARE /* Define to 1 if you have the header file. */ #undef HAVE_UTMPX_H /* Define to 1 if you have the header file. */ #undef HAVE_UTMP_H /* Define to 1 if you have the `vprintf' function. */ #undef HAVE_VPRINTF /* Define to 1 if you have the header file. */ #undef HAVE_XCRYPT_H /* Define to 1 if you have the `yperr_string' function. */ #undef HAVE_YPERR_STRING /* Define to 1 if you have the `yp_bind' function. */ #undef HAVE_YP_BIND /* Define to 1 if you have the `yp_get_default_domain' function. */ #undef HAVE_YP_GET_DEFAULT_DOMAIN /* Define to 1 if you have the `yp_master' function. */ #undef HAVE_YP_MASTER /* Define to 1 if you have the `yp_match' function. */ #undef HAVE_YP_MATCH /* Define to 1 if you have the `yp_unbind' function. */ #undef HAVE_YP_UNBIND /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR /* Define to 1 if your C compiler doesn't accept -c and -o together. */ #undef NO_MINUS_C_MINUS_O /* Name of package */ #undef PACKAGE /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* lots of stuff gets written to /var/run/pam-debug.log */ #undef PAM_DEBUG /* libpam should observe a global authentication lock */ #undef PAM_LOCKING /* Path where mails are stored */ #undef PAM_PATH_MAILDIR /* Random device path. */ #undef PAM_PATH_RANDOMDEV /* Additional path of xauth executable */ #undef PAM_PATH_XAUTH /* read both /etc/pam.d and /etc/pam.conf files */ #undef PAM_READ_BOTH_CONFS /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* Define to 1 if your declares `struct tm'. */ #undef TM_IN_SYS_TIME /* define if your compiler has __att ribute__ ((unused)) */ #undef UNUSED /* Define to 1 if the lckpwdf function should be used */ #undef USE_LCKPWDF /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # undef __EXTENSIONS__ #endif /* Version number of package */ #undef VERSION /* Defined if SE Linux support is compiled in */ #undef WITH_SELINUX /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD # if defined __BIG_ENDIAN__ # define WORDS_BIGENDIAN 1 # endif #else # ifndef WORDS_BIGENDIAN # undef WORDS_BIGENDIAN # endif #endif /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ #undef YYTEXT_POINTER /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES /* Define to 1 if on MINIX. */ #undef _MINIX /* Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found. */ #undef _PAM_ISA /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ #undef _POSIX_1_SOURCE /* Define to 1 if you need to in order for `stat' and other things to work. */ #undef _POSIX_SOURCE /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `int' if doesn't define. */ #undef gid_t /* Define to `long int' if does not define. */ #undef off_t /* Define to `int' if does not define. */ #undef pid_t /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `int' if doesn't define. */ #undef uid_t #ifdef ENABLE_NLS #include #define _(msgid) dgettext(PACKAGE, msgid) #define N_(msgid) msgid #else #define _(msgid) (msgid) #define N_(msgid) msgid #endif /* ENABLE_NLS */ pam/configure0000755000000000000000000214661413261244762010455 0ustar #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.65. # # # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, # 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV export CONFIG_SHELL exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"} fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error ERROR [LINENO LOG_FD] # --------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with status $?, using 1 if that was 0. as_fn_error () { as_status=$?; test $as_status -eq 0 && as_status=1 if test "$3"; then as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 fi $as_echo "$as_me: error: $1" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in #( -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" # Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} case X$lt_ECHO in X*--fallback-echo) # Remove one level of quotation (which was required for Make). ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','` ;; esac ECHO=${lt_ECHO-echo} if test "X$1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X$1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then # Yippee, $ECHO works! : else # Restart under the correct shell. exec $SHELL "$0" --no-reexec ${1+"$@"} fi if test "X$1" = X--fallback-echo; then # used as fallback echo shift cat <<_LT_EOF $* _LT_EOF exit 0 fi # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test -z "$lt_ECHO"; then if test "X${echo_test_string+set}" != Xset; then # find a string as large as possible, as long as the shell can cope with it for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... if { echo_test_string=`eval $cmd`; } 2>/dev/null && { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null then break fi done fi if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then : else # The Solaris, AIX, and Digital Unix default echo programs unquote # backslashes. This makes it impossible to quote backslashes using # echo "$something" | sed 's/\\/\\\\/g' # # So, first we look for a working echo in the user's PATH. lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for dir in $PATH /usr/ucb; do IFS="$lt_save_ifs" if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then ECHO="$dir/echo" break fi done IFS="$lt_save_ifs" if test "X$ECHO" = Xecho; then # We didn't find a better echo, so look for alternatives. if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # This shell has a builtin print -r that does the trick. ECHO='print -r' elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && test "X$CONFIG_SHELL" != X/bin/ksh; then # If we have ksh, try running configure again with it. ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} export ORIGINAL_CONFIG_SHELL CONFIG_SHELL=/bin/ksh export CONFIG_SHELL exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"} else # Try using printf. ECHO='printf %s\n' if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # Cool, printf works : elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL export CONFIG_SHELL SHELL="$CONFIG_SHELL" export SHELL ECHO="$CONFIG_SHELL $0 --fallback-echo" elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then ECHO="$CONFIG_SHELL $0 --fallback-echo" else # maybe with a smaller string... prev=: for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null then break fi prev="$cmd" done if test "$prev" != 'sed 50q "$0"'; then echo_test_string=`eval $prev` export echo_test_string exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"} else # Oops. We lost completely, so just stick with echo. ECHO=echo fi fi fi fi fi fi # Copy echo and quote the copy suitably for passing to libtool from # the Makefile, instead of quoting the original, which is used later. lt_ECHO=$ECHO if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo" fi test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME= PACKAGE_TARNAME= PACKAGE_VERSION= PACKAGE_STRING= PACKAGE_BUGREPORT= PACKAGE_URL= ac_unique_file="conf/pam_conv1/pam_conv_y.y" # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_default_prefix=/usr ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS HAVE_KEY_MANAGEMENT_FALSE HAVE_KEY_MANAGEMENT_TRUE HAVE_KEY_MANAGEMENT POSUB LTLIBINTL LIBINTL INTLLIBS LTLIBICONV LIBICONV INTL_MACOSX_LIBS MSGMERGE XGETTEXT_015 XGETTEXT GMSGFMT_015 MSGFMT_015 GMSGFMT MSGFMT USE_NLS ENABLE_GENERATE_PDF_FALSE ENABLE_GENERATE_PDF_TRUE ENABLE_REGENERATE_MAN_FALSE ENABLE_REGENERATE_MAN_TRUE FO2PDF BROWSER XMLCATALOG XML_CATALOG_FILE XMLLINT XSLTPROC HAVE_UNSHARE_FALSE HAVE_UNSHARE_TRUE LIBOBJS HAVE_LIBSELINUX_FALSE HAVE_LIBSELINUX_TRUE LIBSELINUX NIS_LIBS NIS_CFLAGS libtirpc_LIBS libtirpc_CFLAGS PKG_CONFIG HAVE_LIBDB_FALSE HAVE_LIBDB_TRUE LIBDB LIBCRYPT HAVE_AUDIT_TTY_STATUS_FALSE HAVE_AUDIT_TTY_STATUS_TRUE LIBAUDIT HAVE_LIBCRACK_FALSE HAVE_LIBCRACK_TRUE LIBCRACK LIBDL pam_xauth_path SCONFIGDIR SECUREDIR LIBPRELUDE_CONFIG_PREFIX LIBPRELUDE_PREFIX LIBPRELUDE_LIBS LIBPRELUDE_LDFLAGS LIBPRELUDE_PTHREAD_CFLAGS LIBPRELUDE_CFLAGS LIBPRELUDE_CONFIG PIE_LDFLAGS PIE_CFLAGS libc_cv_fpie HAVE_VERSIONING_FALSE HAVE_VERSIONING_TRUE BUILD_LDFLAGS BUILD_CFLAGS CC_FOR_BUILD pam_cv_ld_O1 pam_cv_ld_no_undefined pam_cv_ld_as_needed LEXLIB LEX_OUTPUT_ROOT LEX YFLAGS YACC STATIC_MODULES_FALSE STATIC_MODULES_TRUE CPP OTOOL64 OTOOL LIPO NMEDIT DSYMUTIL lt_ECHO RANLIB AR OBJDUMP LN_S NM ac_ct_DUMPBIN DUMPBIN LD FGREP EGREP GREP SED am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE AMDEPBACKSLASH AMDEP_FALSE AMDEP_TRUE am__quote am__include DEPDIR OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC host_os host_vendor host_cpu host build_os build_vendor build_cpu build LIBTOOL am__untar am__tar AMTAR am__leading_dot SET_MAKE AWK mkdir_p MKDIR_P INSTALL_STRIP_PROGRAM STRIP install_sh MAKEINFO AUTOHEADER AUTOMAKE AUTOCONF ACLOCAL VERSION PACKAGE CYGPATH_W am__isrc INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_static enable_shared with_pic enable_fast_install enable_dependency_tracking with_gnu_ld enable_libtool_lock enable_static_modules enable_largefile enable_pie enable_prelude with_libprelude_prefix enable_debug enable_securedir enable_isadir enable_sconfigdir enable_pamlocking enable_read_both_confs enable_lckpwdf with_mailspool with_xauth enable_cracklib enable_audit with_randomdev enable_db with_db_uniquename enable_nis enable_selinux enable_regenerate_docu with_xml_catalog enable_nls enable_rpath with_libiconv_prefix with_libintl_prefix ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP YACC YFLAGS PKG_CONFIG libtirpc_CFLAGS libtirpc_LIBS' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error "unrecognized option: \`$ac_option' Try \`$0 --help' for more information." ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures this package to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/PACKAGE] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF Program names: --program-prefix=PREFIX prepend PREFIX to installed program names --program-suffix=SUFFIX append SUFFIX to installed program names --program-transform-name=PROGRAM run sed PROGRAM on installed program names System types: --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --enable-static[=PKGS] build static libraries [default=no] --enable-shared[=PKGS] build shared libraries [default=yes] --enable-fast-install[=PKGS] optimize for fast installation [default=yes] --disable-dependency-tracking speeds up one-time build --enable-dependency-tracking do not reject slow dependency extractors --disable-libtool-lock avoid locking (might break parallel builds) --enable-static-modules do not make the modules dynamically loadable --disable-largefile omit support for large files --disable-pie disable position-independent executeables (PIE) --disable-prelude do not use prelude --enable-debug specify you are building with debugging on --enable-securedir=DIR path to location of PAMs [default=$libdir/security] --enable-isadir=DIR path to arch-specific module files [default=../../(basename of $libdir)/security] --enable-sconfigdir=DIR path to module conf files [default=$sysconfdir/security] --enable-pamlocking configure libpam to observe a global authentication lock --enable-read-both-confs read both /etc/pam.d and /etc/pam.conf files --disable-lckpwdf do not use the lckpwdf function --disable-cracklib do not use cracklib --disable-audit do not enable audit support --enable-db=(db|ndbm|yes|no) Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support. --disable-nis Disable building NIS/YP support in pam_unix and pam_access --disable-selinux do not use SELinux --disable-regenerate-docu Don't re-build documentation from XML sources --disable-nls do not use Native Language Support --disable-rpath do not hardcode runtime library paths Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-pic try to use only PIC/non-PIC objects [default=use both] --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-libprelude-prefix=PFX Prefix where libprelude is installed (optional) --with-mailspool path to mail spool directory default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail --with-xauth additional path to check for xauth when it is called from pam_xauth added to the default of /usr/X11R6/bin/xauth, /usr/bin/xauth, /usr/bin/X11/xauth --with-randomdev=(|yes|no) use specified random device instead of /dev/urandom or 'no' to disable --with-db-uniquename=extension Unique name for db libraries and functions. --with-xml-catalog=CATALOG path to xml catalog to use --with-gnu-ld assume the C compiler uses GNU ld default=no --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib --without-libiconv-prefix don't search for libiconv in includedir and libdir --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib --without-libintl-prefix don't search for libintl in includedir and libdir Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor YACC The `Yet Another C Compiler' implementation to use. Defaults to the first program found out of: `bison -y', `byacc', `yacc'. YFLAGS The list of arguments that will be passed by default to $YACC. This script will default YFLAGS to the empty string to avoid a default value of `-d' given by some make applications. PKG_CONFIG path to pkg-config utility libtirpc_CFLAGS C compiler flags for libtirpc, overriding pkg-config libtirpc_LIBS linker flags for libtirpc, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to the package provider. _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure generated by GNU Autoconf 2.65 Copyright (C) 2009 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || $as_test_x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_header_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } >/dev/null && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_func # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_header_mongrel # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_type # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including # INCLUDES, setting cache variable VAR accordingly. ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 $as_echo_n "checking for $2.$3... " >&6; } if { as_var=$4; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int main () { static $2 ac_aggr; if (sizeof ac_aggr.$3) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$4=yes" else eval "$4=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$4 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_member # ac_fn_c_check_decl LINENO SYMBOL VAR # ------------------------------------ # Tests whether SYMBOL is declared, setting cache variable VAR accordingly. ac_fn_c_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5 $as_echo_n "checking whether $2 is declared... " >&6; } if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { #ifndef $2 (void) $2; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;} } # ac_fn_c_check_decl cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was generated by GNU Autoconf 2.65. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo cat <<\_ASBOX ## ---------------- ## ## Cache variables. ## ## ---------------- ## _ASBOX echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo cat <<\_ASBOX ## ----------------- ## ## Output variables. ## ## ----------------- ## _ASBOX echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then cat <<\_ASBOX ## ------------------- ## ## File substitutions. ## ## ------------------- ## _ASBOX echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then cat <<\_ASBOX ## ----------- ## ## confdefs.h. ## ## ----------- ## _ASBOX echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then ac_site_file1=$CONFIG_SITE elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_aux_dir= for ac_dir in build-aux "$srcdir"/build-aux; do for ac_t in install-sh install.sh shtool; do if test -f "$ac_dir/$ac_t"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/$ac_t -c" break 2 fi done done if test -z "$ac_aux_dir"; then as_fn_error "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. am__api_version='1.11' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } # Just in case sleep 1 echo timestamp > conftest.file # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[\\\"\#\$\&\'\`$am_lf]*) as_fn_error "unsafe absolute working directory name" "$LINENO" 5;; esac case $srcdir in *[\\\"\#\$\&\'\`$am_lf\ \ ]*) as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;; esac # Do `set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$*" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi rm -f conftest.file if test "$*" != "X $srcdir/configure conftest.file" \ && test "$*" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". as_fn_error "ls -t appears to fail. Make sure there is not a broken alias in your environment" "$LINENO" 5 fi test "$2" = conftest.file ) then # Ok. : else as_fn_error "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } test "$program_prefix" != NONE && program_transform_name="s&^&$program_prefix&;$program_transform_name" # Use a double $ so make ignores it. test "$program_suffix" != NONE && program_transform_name="s&\$&$program_suffix&;$program_transform_name" # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` # expand $ac_aux_dir to an absolute path am_aux_dir=`cd $ac_aux_dir && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in *\ * | *\ *) MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; *) MISSING="\${SHELL} $am_aux_dir/missing" ;; esac fi # Use eval to expand $SHELL if eval "$MISSING --run true"; then am_missing_run="$MISSING --run " else am_missing_run= { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 $as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi # Installed binaries are usually stripped using `strip' when the user # run `make install-strip'. However `strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the `STRIP' environment variable to overrule this program. if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 $as_echo_n "checking for a thread-safe mkdir -p... " >&6; } if test -z "$MKDIR_P"; then if test "${ac_cv_path_mkdir+set}" = set; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( 'mkdir (GNU coreutils) '* | \ 'mkdir (coreutils) '* | \ 'mkdir (fileutils) '4.1*) ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext break 3;; esac done done done IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version if test "${ac_cv_path_mkdir+set}" = set; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a # value for MKDIR_P within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. MKDIR_P="$ac_install_sh -d" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 $as_echo "$MKDIR_P" >&6; } mkdir_p="$MKDIR_P" case $mkdir_p in [\\/$]* | ?:[\\/]*) ;; */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;; esac for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_AWK+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AWK="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 $as_echo "$AWK" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$AWK" && break done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." am__isrc=' -I$(srcdir)' # test to see if srcdir already configured if test -f $srcdir/config.status; then as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE="Linux-PAM" VERSION=1.1.8 cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF cat >>confdefs.h <<_ACEOF #define VERSION "$VERSION" _ACEOF # Some tools Automake needs. ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # We need awk for the "check" target. The system "awk" is bad on # some platforms. # Always define AMTAR for backward compatibility. AMTAR=${AMTAR-"${am_missing_run}tar"} am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -' case `pwd` in *\ * | *\ *) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 $as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac macro_version='2.2.6' macro_revision='1.3012' ltmain="$ac_aux_dir/ltmain.sh" # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 $as_echo_n "checking build system type... " >&6; } if test "${ac_cv_build+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_build_alias=$build_alias test "x$ac_build_alias" = x && ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` test "x$ac_build_alias" = x && as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5 ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 $as_echo "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error "invalid value of canonical build" "$LINENO" 5;; esac build=$ac_cv_build ac_save_IFS=$IFS; IFS='-' set x $ac_cv_build shift build_cpu=$1 build_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: build_os=$* IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 $as_echo_n "checking host system type... " >&6; } if test "${ac_cv_host+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 $as_echo "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error "invalid value of canonical host" "$LINENO" 5;; esac host=$ac_cv_host ac_save_IFS=$IFS; IFS='-' set x $ac_cv_host shift host_cpu=$1 host_vendor=$2 shift; shift # Remember, the first character of IFS is used to create $*, # except with old shells: host_os=$* IFS=$ac_save_IFS case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" am_make=${MAKE-make} cat > confinc << 'END' am__doit: @echo this is the am__doit target .PHONY: am__doit END # If we don't find an include directive, just comment out the code. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5 $as_echo_n "checking for style of include used by $am_make... " >&6; } am__include="#" am__quote= _am_result=none # First try GNU make style include. echo "include confinc" > confmf # Ignore all kinds of additional output from `make'. case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=include am__quote= _am_result=GNU ;; esac # Now try BSD make style include. if test "$am__include" = "#"; then echo '.include "confinc"' > confmf case `$am_make -s -f confmf 2> /dev/null` in #( *the\ am__doit\ target*) am__include=.include am__quote="\"" _am_result=BSD ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5 $as_echo "$_am_result" >&6; } rm -f confinc confmf # Check whether --enable-dependency-tracking was given. if test "${enable_dependency_tracking+set}" = set; then : enableval=$enable_dependency_tracking; fi if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' fi if test "x$enable_dependency_tracking" != xno; then AMDEP_TRUE= AMDEP_FALSE='#' else AMDEP_TRUE='#' AMDEP_FALSE= fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "no acceptable C compiler found in \$PATH See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { as_fn_set_status 77 as_fn_error "C compiler cannot create executables See \`config.log' for more details." "$LINENO" 5; }; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details." "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details." "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if test "${ac_cv_objext+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "cannot compute suffix of object files: cannot compile See \`config.log' for more details." "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 $as_echo_n "checking for a sed that does not truncate output... " >&6; } if test "${ac_cv_path_SED+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" done echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed { ac_script=; unset ac_script;} if test -z "$SED"; then ac_path_SED_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED case `"$ac_path_SED" --version 2>&1` in *GNU*) ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_SED_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_SED="$ac_path_SED" ac_path_SED_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_SED_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_SED"; then as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5 fi else ac_cv_path_SED=$SED fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 $as_echo "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if test "${ac_cv_path_GREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if test "${ac_cv_path_EGREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 $as_echo_n "checking for fgrep... " >&6; } if test "${ac_cv_path_FGREP+set}" = set; then : $as_echo_n "(cached) " >&6 else if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else if test -z "$FGREP"; then ac_path_FGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in fgrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP case `"$ac_path_FGREP" --version 2>&1` in *GNU*) ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_FGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_FGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_FGREP"; then as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_FGREP=$FGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 $as_echo "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 $as_echo_n "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | ?:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if test "${lt_cv_path_LD+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${lt_cv_prog_gnu_ld+set}" = set; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &5 $as_echo "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 $as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } if test "${lt_cv_path_NM+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 $as_echo "$lt_cv_path_NM" >&6; } if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. if test -n "$ac_tool_prefix"; then for ac_prog in "dumpbin -symbols" "link -dump -symbols" do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_DUMPBIN+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 $as_echo "$DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$DUMPBIN" && break done fi if test -z "$DUMPBIN"; then ac_ct_DUMPBIN=$DUMPBIN for ac_prog in "dumpbin -symbols" "link -dump -symbols" do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 $as_echo "$ac_ct_DUMPBIN" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_DUMPBIN" && break done if test "x$ac_ct_DUMPBIN" = x; then DUMPBIN=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN fi fi if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm { $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 $as_echo_n "checking the name lister ($NM) interface... " >&6; } if test "${lt_cv_nm_interface+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:4770: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 (eval echo "\"\$as_me:4773: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 (eval echo "\"\$as_me:4776: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 $as_echo "$lt_cv_nm_interface" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments { $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 $as_echo_n "checking the maximum length of command line arguments... " >&6; } if test "${lt_cv_sys_max_cmd_len+set}" = set; then : $as_echo_n "(cached) " >&6 else i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ = "XX$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac fi if test -n $lt_cv_sys_max_cmd_len ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 $as_echo "$lt_cv_sys_max_cmd_len" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 $as_echo "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len : ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5 $as_echo_n "checking whether the shell understands some XSI constructs... " >&6; } # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5 $as_echo "$xsi_shell" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5 $as_echo_n "checking whether the shell understands \"+=\"... " >&6; } lt_shell_append=no ( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5 $as_echo "$lt_shell_append" >&6; } if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 $as_echo_n "checking for $LD option to reload object files... " >&6; } if test "${lt_cv_ld_reload_flag+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_reload_flag='-r' fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 $as_echo "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; *) reload_flag=" $reload_flag" ;; esac reload_cmds='$LD$reload_flag -o $output$reload_objs' case $host_os in darwin*) if test "$GCC" = yes; then reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs' else reload_cmds='$LD$reload_flag -o $output$reload_objs' fi ;; esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_OBJDUMP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 $as_echo "$OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OBJDUMP="objdump" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 $as_echo "$ac_ct_OBJDUMP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then OBJDUMP="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP fi else OBJDUMP="$ac_cv_prog_OBJDUMP" fi test -z "$OBJDUMP" && OBJDUMP=objdump { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 $as_echo_n "checking how to recognize dependent libraries... " >&6; } if test "${lt_cv_deplibs_check_method+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' # Need to set the preceding variable on all platforms that support # interlibrary dependencies. # 'none' -- dependencies not supported. # `unknown' -- same as none, but documents that we really don't know. # 'pass_all' -- all dependencies passed with no checks. # 'test_compile' -- check by making test program. # 'file_magic [[regex]]' -- check by looking for files in library path # which responds to the $file_magic_cmd with a given extended regex. # If you have `file' or equivalent on your system and you're not sure # whether `pass_all' will *always* work, you probably want this one. case $host_os in aix[4-9]*) lt_cv_deplibs_check_method=pass_all ;; beos*) lt_cv_deplibs_check_method=pass_all ;; bsdi[45]*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' lt_cv_file_magic_cmd='/usr/bin/file -L' lt_cv_file_magic_test_file=/shlib/libc.so ;; cygwin*) # func_win32_libid is a shell function defined in ltmain.sh lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' ;; mingw* | pw32*) # Base MSYS/MinGW do not provide the 'file' command needed by # func_win32_libid shell function, so use a weaker test based on 'objdump', # unless we find 'file', for example because we are cross-compiling. if ( file / ) >/dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]' lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[3-9]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be Linux ELF. linux* | k*bsd*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 $as_echo "$lt_cv_deplibs_check_method" >&6; } file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. set dummy ${ac_tool_prefix}ar; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_AR+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_AR="${ac_tool_prefix}ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 $as_echo "$AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_AR"; then ac_ct_AR=$AR # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_AR+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_AR="ar" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 $as_echo "$ac_ct_AR" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_AR" = x; then AR="false" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR fi else AR="$ac_cv_prog_AR" fi test -z "$AR" && AR=ar test -z "$AR_FLAGS" && AR_FLAGS=cru if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 $as_echo "$STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_STRIP="strip" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 $as_echo "$ac_ct_STRIP" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP fi else STRIP="$ac_cv_prog_STRIP" fi test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_RANLIB+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 $as_echo "$RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_RANLIB="ranlib" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 $as_echo "$ac_ct_RANLIB" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then RANLIB=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB fi else RANLIB="$ac_cv_prog_RANLIB" fi test -z "$RANLIB" && RANLIB=: # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. { $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 $as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then : $as_echo_n "(cached) " >&6 else # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[BCDEGRST]' # Regexp to match symbols that can be accessed directly from C. sympat='\([_A-Za-z][_A-Za-z0-9]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[BCDT]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[ABCDGISTW]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[ABCDEGRST]' fi ;; irix* | nonstopux*) symcode='[BCDEGRST]' ;; osf*) symcode='[BCDEGQRST]' ;; solaris*) symcode='[BDRT]' ;; sco3.2v5*) symcode='[DT]' ;; sysv4.2uw2*) symcode='[DT]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[ABDT]' ;; sysv4) symcode='[DFNSTU]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[ABCDGIRSTW]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK '"\ " {last_section=section; section=\$ 3};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5 (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ const struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_save_LIBS="$LIBS" lt_save_CFLAGS="$CFLAGS" LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS="$lt_save_LIBS" CFLAGS="$lt_save_CFLAGS" else echo "cannot find nm_test_func in $nlist" >&5 fi else echo "cannot find nm_test_var in $nlist" >&5 fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 fi else echo "$progname: failed program was:" >&5 cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done fi if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 $as_echo "failed" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 $as_echo "ok" >&6; } fi # Check whether --enable-libtool-lock was given. if test "${enable_libtool_lock+set}" = set; then : enableval=$enable_libtool_lock; fi test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '#line 5982 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 $as_echo_n "checking whether the C compiler needs -belf... " >&6; } if test "${lt_cv_cc_needs_belf+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_cc_needs_belf=yes else lt_cv_cc_needs_belf=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 $as_echo "$lt_cv_cc_needs_belf" >&6; } if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; sparc*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) LD="${LD-ld} -m elf64_sparc" ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" case $host_os in rhapsody* | darwin*) if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_DSYMUTIL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 $as_echo "$DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 $as_echo "$ac_ct_DSYMUTIL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then DSYMUTIL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL fi else DSYMUTIL="$ac_cv_prog_DSYMUTIL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_NMEDIT+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 $as_echo "$NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_NMEDIT="nmedit" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 $as_echo "$ac_ct_NMEDIT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then NMEDIT=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT fi else NMEDIT="$ac_cv_prog_NMEDIT" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_LIPO+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 $as_echo "$LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_LIPO="lipo" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 $as_echo "$ac_ct_LIPO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then LIPO=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO fi else LIPO="$ac_cv_prog_LIPO" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_OTOOL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 $as_echo "$OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OTOOL="otool" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 $as_echo "$ac_ct_OTOOL" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then OTOOL=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL fi else OTOOL="$ac_cv_prog_OTOOL" fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_OTOOL64+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 $as_echo "$OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_OTOOL64="otool64" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 $as_echo "$ac_ct_OTOOL64" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then OTOOL64=":" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 fi else OTOOL64="$ac_cv_prog_OTOOL64" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 $as_echo_n "checking for -single_module linker flag... " >&6; } if test "${lt_cv_apple_cc_single_mod+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&5 $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&5 fi rm -rf libconftest.dylib* rm -f conftest.* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 $as_echo "$lt_cv_apple_cc_single_mod" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 $as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } if test "${lt_cv_ld_exported_symbols_list+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_cv_ld_exported_symbols_list=yes else lt_cv_ld_exported_symbols_list=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 $as_echo "$lt_cv_ld_exported_symbols_list" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[91]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[012]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if test "${ac_cv_prog_CPP+set}" = set; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details." "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if test "${ac_cv_header_stdc+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in dlfcn.h do : ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " if test "x$ac_cv_header_dlfcn_h" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DLFCN_H 1 _ACEOF fi done # Set options # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=no fi enable_dlopen=no enable_win32_dll=no # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi # Check whether --with-pic was given. if test "${with_pic+set}" = set; then : withval=$with_pic; pic_mode="$withval" else pic_mode=default fi test -z "$pic_mode" && pic_mode=default # Check whether --enable-fast-install was given. if test "${enable_fast_install+set}" = set; then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac else enable_fast_install=yes fi # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' test -z "$LN_S" && LN_S="ln -s" if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 $as_echo_n "checking for objdir... " >&6; } if test "${lt_cv_objdir+set}" = set; then : $as_echo_n "(cached) " >&6 else rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 $as_echo "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir cat >>confdefs.h <<_ACEOF #define LT_OBJDIR "$lt_cv_objdir/" _ACEOF case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='s/\(["`$\\]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\(["`\\]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o for cc_temp in $compiler""; do case $cc_temp in compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 $as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/${ac_tool_prefix}file; then lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 $as_echo_n "checking for file... " >&6; } if test "${lt_cv_path_MAGIC_CMD+set}" = set; then : $as_echo_n "(cached) " >&6 else case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/file; then lt_cv_path_MAGIC_CMD="$ac_dir/file" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac fi MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 $as_echo "$MAGIC_CMD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi else MAGIC_CMD=: fi fi fi ;; esac # Use C for the default configuration in the libtool script lt_save_CC="$CC" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o objext=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then lt_prog_compiler_no_builtin_flag= if test "$GCC" = yes; then lt_prog_compiler_no_builtin_flag=' -fno-builtin' { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 $as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-fno-rtti -fno-exceptions" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7511: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:7515: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_rtti_exceptions=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 $as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" else : fi fi lt_prog_compiler_wl= lt_prog_compiler_pic= lt_prog_compiler_static= { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 $as_echo_n "checking for $compiler option to produce PIC... " >&6; } if test "$GCC" = yes; then lt_prog_compiler_wl='-Wl,' lt_prog_compiler_static='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support lt_prog_compiler_pic='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries lt_prog_compiler_pic='-DDLL_EXPORT' ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files lt_prog_compiler_pic='-fno-common' ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) lt_prog_compiler_pic='-fPIC' ;; esac ;; interix[3-9]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. lt_prog_compiler_can_build_shared=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then lt_prog_compiler_pic=-Kconform_pic fi ;; *) lt_prog_compiler_pic='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) lt_prog_compiler_wl='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor lt_prog_compiler_static='-Bstatic' else lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). lt_prog_compiler_pic='-DDLL_EXPORT' ;; hpux9* | hpux10* | hpux11*) lt_prog_compiler_wl='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) lt_prog_compiler_pic='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? lt_prog_compiler_static='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) lt_prog_compiler_wl='-Wl,' # PIC (with -KPIC) is the default. lt_prog_compiler_static='-non_shared' ;; linux* | k*bsd*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fPIC' lt_prog_compiler_static='-static' ;; # Lahey Fortran 8.1. lf95*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='--shared' lt_prog_compiler_static='--static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-fpic' lt_prog_compiler_static='-Bstatic' ;; ccc*) lt_prog_compiler_wl='-Wl,' # All Alpha code is PIC. lt_prog_compiler_static='-non_shared' ;; xl*) # IBM XL C 8.0/Fortran 10.1 on PPC lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-qpic' lt_prog_compiler_static='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' lt_prog_compiler_wl='' ;; esac ;; esac ;; newsos6) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. lt_prog_compiler_pic='-fPIC -shared' ;; osf3* | osf4* | osf5*) lt_prog_compiler_wl='-Wl,' # All OSF/1 code is PIC. lt_prog_compiler_static='-non_shared' ;; rdos*) lt_prog_compiler_static='-non_shared' ;; solaris*) lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' case $cc_basename in f77* | f90* | f95*) lt_prog_compiler_wl='-Qoption ld ';; *) lt_prog_compiler_wl='-Wl,';; esac ;; sunos4*) lt_prog_compiler_wl='-Qoption ld ' lt_prog_compiler_pic='-PIC' lt_prog_compiler_static='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then lt_prog_compiler_pic='-Kconform_pic' lt_prog_compiler_static='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_pic='-KPIC' lt_prog_compiler_static='-Bstatic' ;; unicos*) lt_prog_compiler_wl='-Wl,' lt_prog_compiler_can_build_shared=no ;; uts4*) lt_prog_compiler_pic='-pic' lt_prog_compiler_static='-Bstatic' ;; *) lt_prog_compiler_can_build_shared=no ;; esac fi case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) lt_prog_compiler_pic= ;; *) lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5 $as_echo "$lt_prog_compiler_pic" >&6; } # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 $as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } if test "${lt_cv_prog_compiler_pic_works+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$lt_prog_compiler_pic -DPIC" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7850: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 echo "$as_me:7854: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_pic_works=yes fi fi $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 $as_echo "$lt_cv_prog_compiler_pic_works" >&6; } if test x"$lt_cv_prog_compiler_pic_works" = xyes; then case $lt_prog_compiler_pic in "" | " "*) ;; *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; esac else lt_prog_compiler_pic= lt_prog_compiler_can_build_shared=no fi fi # # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 $as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } if test "${lt_cv_prog_compiler_static_works+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_static_works=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $lt_tmp_static_flag" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&5 $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then lt_cv_prog_compiler_static_works=yes fi else lt_cv_prog_compiler_static_works=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 $as_echo "$lt_cv_prog_compiler_static_works" >&6; } if test x"$lt_cv_prog_compiler_static_works" = xyes; then : else lt_prog_compiler_static= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if test "${lt_cv_prog_compiler_c_o+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:7955: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:7959: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 $as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } if test "${lt_cv_prog_compiler_c_o+set}" = set; then : $as_echo_n "(cached) " >&6 else lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:8010: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 echo "$as_me:8014: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then lt_cv_prog_compiler_c_o=yes fi fi chmod u+w . 2>&5 $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links="nottested" if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 $as_echo_n "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 $as_echo "$hard_links" >&6; } if test "$hard_links" = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5 $as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;} need_locks=warn fi else need_locks=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 $as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= always_export_symbols=no archive_cmds= archive_expsym_cmds= compiler_needs_object=no enable_shared_with_static_runtimes=no export_dynamic_flag_spec= export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' hardcode_automatic=no hardcode_direct=no hardcode_direct_absolute=no hardcode_libdir_flag_spec= hardcode_libdir_flag_spec_ld= hardcode_libdir_separator= hardcode_minus_L=no hardcode_shlibpath_var=unsupported inherit_rpath=no link_all_deplibs=unknown module_cmds= module_expsym_cmds= old_archive_from_new_cmds= old_archive_from_expsyms_cmds= thread_safe_flag_spec= whole_archive_flag_spec= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list include_expsyms= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac ld_shlibs=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' export_dynamic_flag_spec='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else whole_archive_flag_spec= fi supports_anon_versioning=no case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[3-9]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then allow_undefined_flag=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else ld_shlibs=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, # as there is no search path for DLLs. hardcode_libdir_flag_spec='-L$libdir' allow_undefined_flag=unsupported always_export_symbols=no enable_shared_with_static_runtimes=yes export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else ld_shlibs=no fi ;; interix[3-9]*) hardcode_direct=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag= tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 whole_archive_flag_spec= tmp_sharedflag='--shared' ;; xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' compiler_needs_object=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' hardcode_libdir_flag_spec= hardcode_libdir_flag_spec_ld='-rpath $libdir' archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else ld_shlibs=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) ld_shlibs=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac ;; sunos4*) archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= hardcode_direct=yes hardcode_shlibpath_var=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else ld_shlibs=no fi ;; esac if test "$ld_shlibs" = no; then runpath_var= hardcode_libdir_flag_spec= export_dynamic_flag_spec= whole_archive_flag_spec= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) allow_undefined_flag=unsupported always_export_symbols=yes archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. hardcode_minus_L=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. hardcode_direct=unsupported fi ;; aix[4-9]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. archive_cmds='' hardcode_direct=yes hardcode_direct_absolute=yes hardcode_libdir_separator=':' link_all_deplibs=yes file_list_spec='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[012]|aix4.[012].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 hardcode_direct=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking hardcode_minus_L=yes hardcode_libdir_flag_spec='-L$libdir' hardcode_libdir_separator= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi export_dynamic_flag_spec='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. always_export_symbols=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. allow_undefined_flag='-berok' # Determine the default libpath from the value encoded in an # empty executable. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' allow_undefined_flag="-z nodefs" archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. no_undefined_flag=' ${wl}-bernotok' allow_undefined_flag=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives whole_archive_flag_spec='$convenience' archive_cmds_need_lc=yes # This is similar to how AIX traditionally builds its shared libraries. archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' archive_expsym_cmds='' ;; m68k) archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes ;; esac ;; bsdi[45]*) export_dynamic_flag_spec=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. hardcode_libdir_flag_spec=' ' allow_undefined_flag=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. old_archive_from_new_cmds='true' # FIXME: Should let the user specify the lib program. old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' fix_srcfile_path='`cygpath -w "$srcfile"`' enable_shared_with_static_runtimes=yes ;; darwin* | rhapsody*) archive_cmds_need_lc=no hardcode_direct=no hardcode_automatic=yes hardcode_shlibpath_var=unsupported whole_archive_flag_spec='' link_all_deplibs=yes allow_undefined_flag="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=echo archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" else ld_shlibs=no fi ;; dgux*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; freebsd1*) ld_shlibs=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; hpux9*) if test "$GCC" = yes; then archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: hardcode_direct=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes export_dynamic_flag_spec='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_flag_spec_ld='+b $libdir' hardcode_libdir_separator=: hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' hardcode_libdir_separator=: case $host_cpu in hppa*64*|ia64*) hardcode_direct=no hardcode_shlibpath_var=no ;; *) hardcode_direct=yes hardcode_direct_absolute=yes export_dynamic_flag_spec='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. hardcode_minus_L=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo(void) {} _ACEOF if ac_fn_c_try_link "$LINENO"; then : archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS="$save_LDFLAGS" else archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: inherit_rpath=yes link_all_deplibs=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi hardcode_libdir_flag_spec='-R$libdir' hardcode_direct=yes hardcode_shlibpath_var=no ;; newsos6) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: hardcode_shlibpath_var=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then hardcode_direct=yes hardcode_shlibpath_var=no hardcode_direct_absolute=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' export_dynamic_flag_spec='${wl}-E' else case $host_os in openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-R$libdir' ;; *) archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' hardcode_libdir_flag_spec='${wl}-rpath,$libdir' ;; esac fi else ld_shlibs=no fi ;; os2*) hardcode_libdir_flag_spec='-L$libdir' hardcode_minus_L=yes allow_undefined_flag=unsupported archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' fi archive_cmds_need_lc='no' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' hardcode_libdir_separator=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' else allow_undefined_flag=' -expect_unresolved \*' archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly hardcode_libdir_flag_spec='-rpath $libdir' fi archive_cmds_need_lc='no' hardcode_libdir_separator=: ;; solaris*) no_undefined_flag=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi hardcode_libdir_flag_spec='-R$libdir' hardcode_shlibpath_var=no case $host_os in solaris2.[0-5] | solaris2.[0-5].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else whole_archive_flag_spec='-z allextract$convenience -z defaultextract' fi ;; esac link_all_deplibs=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi hardcode_libdir_flag_spec='-L$libdir' hardcode_direct=yes hardcode_minus_L=yes hardcode_shlibpath_var=no ;; sysv4) case $host_vendor in sni) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' reload_cmds='$CC -r -o $output$reload_objs' hardcode_direct=no ;; motorola) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_direct=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' hardcode_shlibpath_var=no ;; sysv4.3*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no export_dynamic_flag_spec='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_shlibpath_var=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes ld_shlibs=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) no_undefined_flag='${wl}-z,text' archive_cmds_need_lc=no hardcode_shlibpath_var=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. no_undefined_flag='${wl}-z,text' allow_undefined_flag='${wl}-z,nodefs' archive_cmds_need_lc=no hardcode_shlibpath_var=no hardcode_libdir_flag_spec='${wl}-R,$libdir' hardcode_libdir_separator=':' link_all_deplibs=yes export_dynamic_flag_spec='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' hardcode_libdir_flag_spec='-L$libdir' hardcode_shlibpath_var=no ;; *) ld_shlibs=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) export_dynamic_flag_spec='${wl}-Blargedynsym' ;; esac fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 $as_echo "$ld_shlibs" >&6; } test "$ld_shlibs" = no && can_build_shared=no with_gnu_ld=$with_gnu_ld # # Do we need to explicitly link libc? # case "x$archive_cmds_need_lc" in x|xyes) # Assume -lc should be added archive_cmds_need_lc=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $archive_cmds in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 $as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$lt_prog_compiler_wl pic_flag=$lt_prog_compiler_pic compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$allow_undefined_flag allow_undefined_flag= if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then archive_cmds_need_lc=no else archive_cmds_need_lc=yes fi allow_undefined_flag=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5 $as_echo "$archive_cmds_need_lc" >&6; } ;; esac fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 $as_echo_n "checking dynamic linker characteristics... " >&6; } if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` else lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[lt_foo]++; } if (lt_freq[lt_foo] == 1) { print lt_foo; } }'` sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[4-9]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[01] | aix4.[01].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[45]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[123]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[01]* | freebsdelf3.[01]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[3-9]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : shlibpath_overrides_runpath=yes fi fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[89] | openbsd2.[89].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 $as_echo "$dynamic_linker" >&6; } test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 $as_echo_n "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || test "X$hardcode_automatic" = "Xyes" ; then # We can hardcode non-existent directories. if test "$hardcode_direct" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no && test "$hardcode_minus_L" != no; then # Linking always hardcodes the temporary library directory. hardcode_action=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. hardcode_action=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. hardcode_action=unsupported fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 $as_echo "$hardcode_action" >&6; } if test "$hardcode_action" = relink || test "$inherit_rpath" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes fi ;; *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" if test "x$ac_cv_func_shl_load" = x""yes; then : lt_cv_dlopen="shl_load" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 $as_echo_n "checking for shl_load in -ldld... " >&6; } if test "${ac_cv_lib_dld_shl_load+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char shl_load (); int main () { return shl_load (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_shl_load=yes else ac_cv_lib_dld_shl_load=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 $as_echo "$ac_cv_lib_dld_shl_load" >&6; } if test "x$ac_cv_lib_dld_shl_load" = x""yes; then : lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld" else ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" if test "x$ac_cv_func_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 $as_echo_n "checking for dlopen in -lsvld... " >&6; } if test "${ac_cv_lib_svld_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_svld_dlopen=yes else ac_cv_lib_svld_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 $as_echo "$ac_cv_lib_svld_dlopen" >&6; } if test "x$ac_cv_lib_svld_dlopen" = x""yes; then : lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld" else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 $as_echo_n "checking for dld_link in -ldld... " >&6; } if test "${ac_cv_lib_dld_dld_link+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dld_link (); int main () { return dld_link (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dld_dld_link=yes else ac_cv_lib_dld_dld_link=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 $as_echo "$ac_cv_lib_dld_dld_link" >&6; } if test "x$ac_cv_lib_dld_dld_link" = x""yes; then : lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld" fi fi fi fi fi fi ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 $as_echo_n "checking whether a program can dlopen itself... " >&6; } if test "${lt_cv_dlopen_self+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line 10377 "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; esac else : # compilation failed lt_cv_dlopen_self=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 $as_echo "$lt_cv_dlopen_self" >&6; } if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 $as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } if test "${lt_cv_dlopen_self_static+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : lt_cv_dlopen_self_static=cross else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF #line 10473 "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); return status; } _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; esac else : # compilation failed lt_cv_dlopen_self_static=no fi fi rm -fr conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 $as_echo "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi striplib= old_striplib= { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 $as_echo_n "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ;; *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ;; esac fi # Report which library types will actually be built { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 $as_echo_n "checking if libtool supports shared libraries... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 $as_echo "$can_build_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 $as_echo_n "checking whether to build shared libraries... " >&6; } test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[4-9]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 $as_echo "$enable_shared" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 $as_echo_n "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 $as_echo "$enable_static" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu CC="$lt_save_CC" ac_config_commands="$ac_config_commands libtool" # Only expand once: ac_config_headers="$ac_config_headers config.h" test "${prefix}" = "NONE" && prefix="/usr" if test ${prefix} = '/usr' then if test ${sysconfdir} = '${prefix}/etc' then sysconfdir="/etc" fi if test ${libdir} = '${exec_prefix}/lib' then case "`uname -m`" in x86_64|ppc64|s390x|sparc64) libdir="/lib64" ;; *) libdir="/lib" ;; esac fi if test ${sbindir} = '${exec_prefix}/sbin' then sbindir="/sbin" fi if test ${mandir} = '${prefix}/man' then mandir='${prefix}/share/man' fi if test ${includedir} = '${prefix}/include' then includedir="${prefix}/include/security" fi if test ${localstatedir} = '${prefix}/var' then localstatedir="/var" fi fi # Check whether --enable-static-modules was given. if test "${enable_static_modules+set}" = set; then : enableval=$enable_static_modules; STATIC_MODULES=$enableval else STATIC_MODULES=no fi if test "$STATIC_MODULES" != "no" ; then CFLAGS="$CFLAGS -DPAM_STATIC" # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=yes fi # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=no fi else # per default don't build static libraries # Check whether --enable-static was given. if test "${enable_static+set}" = set; then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac else enable_static=no fi # Check whether --enable-shared was given. if test "${enable_shared+set}" = set; then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac else enable_shared=yes fi fi if test "$STATIC_MODULES" != "no"; then STATIC_MODULES_TRUE= STATIC_MODULES_FALSE='#' else STATIC_MODULES_TRUE='#' STATIC_MODULES_FALSE= fi ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" if test "x$ac_cv_header_minix_config_h" = x""yes; then : MINIX=yes else MINIX= fi if test "$MINIX" = yes; then $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h $as_echo "#define _MINIX 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 $as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } if test "${ac_cv_safe_to_define___extensions__+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 $ac_includes_default int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_safe_to_define___extensions__=yes else ac_cv_safe_to_define___extensions__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } test $ac_cv_safe_to_define___extensions__ = yes && $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h $as_echo "#define _ALL_SOURCE 1" >>confdefs.h $as_echo "#define _GNU_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_ac_ct_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error "no acceptable C compiler found in \$PATH See \`config.log' for more details." "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if test "${ac_cv_c_compiler_gnu+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if test "${ac_cv_prog_cc_g+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if test "${ac_cv_prog_cc_c89+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 $as_echo_n "checking dependency style of $depcc... " >&6; } if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named `D' -- because `-MD' means `put the output # in D'. mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_CC_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` fi am__universal=false case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with # Solaris 8's {/usr,}/bin/sh. touch sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with `-c' and `-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle `-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # after this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvisualcpp | msvcmsys) # This compiler won't grok `-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_CC_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_CC_dependencies_compiler_type=none fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 $as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if test "x$enable_dependency_tracking" != xno \ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then am__fastdepCC_TRUE= am__fastdepCC_FALSE='#' else am__fastdepCC_TRUE='#' am__fastdepCC_FALSE= fi for ac_prog in 'bison -y' byacc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_YACC+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_YACC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi YACC=$ac_cv_prog_YACC if test -n "$YACC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 $as_echo "$YACC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$YACC" && break done test -n "$YACC" || YACC="yacc" for ac_prog in flex lex do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_LEX+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$LEX"; then ac_cv_prog_LEX="$LEX" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_LEX="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi LEX=$ac_cv_prog_LEX if test -n "$LEX"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LEX" >&5 $as_echo "$LEX" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$LEX" && break done test -n "$LEX" || LEX=":" if test "x$LEX" != "x:"; then cat >conftest.l <<_ACEOF %% a { ECHO; } b { REJECT; } c { yymore (); } d { yyless (1); } e { yyless (input () != 0); } f { unput (yytext[0]); } . { BEGIN INITIAL; } %% #ifdef YYTEXT_POINTER extern char *yytext; #endif int main (void) { return ! yylex () + ! yywrap (); } _ACEOF { { ac_try="$LEX conftest.l" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$LEX conftest.l") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex output file root" >&5 $as_echo_n "checking lex output file root... " >&6; } if test "${ac_cv_prog_lex_root+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -f lex.yy.c; then ac_cv_prog_lex_root=lex.yy elif test -f lexyy.c; then ac_cv_prog_lex_root=lexyy else as_fn_error "cannot find output from $LEX; giving up" "$LINENO" 5 fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_root" >&5 $as_echo "$ac_cv_prog_lex_root" >&6; } LEX_OUTPUT_ROOT=$ac_cv_prog_lex_root if test -z "${LEXLIB+set}"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking lex library" >&5 $as_echo_n "checking lex library... " >&6; } if test "${ac_cv_lib_lex+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_save_LIBS=$LIBS ac_cv_lib_lex='none needed' for ac_lib in '' -lfl -ll; do LIBS="$ac_lib $ac_save_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ `cat $LEX_OUTPUT_ROOT.c` _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_lex=$ac_lib fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext test "$ac_cv_lib_lex" != 'none needed' && break done LIBS=$ac_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lex" >&5 $as_echo "$ac_cv_lib_lex" >&6; } test "$ac_cv_lib_lex" != 'none needed' && LEXLIB=$ac_cv_lib_lex fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether yytext is a pointer" >&5 $as_echo_n "checking whether yytext is a pointer... " >&6; } if test "${ac_cv_prog_lex_yytext_pointer+set}" = set; then : $as_echo_n "(cached) " >&6 else # POSIX says lex can declare yytext either as a pointer or an array; the # default is implementation-dependent. Figure out which it is, since # not all implementations provide the %pointer and %array declarations. ac_cv_prog_lex_yytext_pointer=no ac_save_LIBS=$LIBS LIBS="$LEXLIB $ac_save_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define YYTEXT_POINTER 1 `cat $LEX_OUTPUT_ROOT.c` _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_prog_lex_yytext_pointer=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_lex_yytext_pointer" >&5 $as_echo "$ac_cv_prog_lex_yytext_pointer" >&6; } if test $ac_cv_prog_lex_yytext_pointer = yes; then $as_echo "#define YYTEXT_POINTER 1" >>confdefs.h fi rm -f conftest.l $LEX_OUTPUT_ROOT.c fi if test "$LEX" = :; then LEX=${am_missing_run}flex fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi if test "x$CC" != xcc; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 $as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 $as_echo_n "checking whether cc understands -c and -o together... " >&6; } fi set dummy $CC; ac_cc=`$as_echo "$2" | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF # Make sure it works both with $CC and with simple cc. # We do the test twice because some compilers refuse to overwrite an # existing .o file with -o, though they will create one. ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then eval ac_cv_prog_cc_${ac_cc}_c_o=yes if test "x$CC" != xcc; then # Test first that cc exists at all. if { ac_try='cc -c conftest.$ac_ext >&5' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' rm -f conftest2.* if { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -f conftest2.$ac_objext && { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # cc works too. : else # cc exists but doesn't like -o. eval ac_cv_prog_cc_${ac_cc}_c_o=no fi fi fi else eval ac_cv_prog_cc_${ac_cc}_c_o=no fi rm -f core conftest* fi if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h fi # FIXME: we rely on the cache variable name because # there is no other way. set dummy $CC am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o if test "$am_t" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports --as-needed" >&5 $as_echo_n "checking whether ld supports --as-needed... " >&6; } if test "${pam_cv_ld_as_needed+set}" = set; then : $as_echo_n "(cached) " >&6 else cat > conftest.c <&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; } then pam_cv_ld_as_needed=yes LDFLAGS="$LDFLAGS -Wl,--as-needed" else pam_cv_ld_as_needed=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pam_cv_ld_as_needed" >&5 $as_echo "$pam_cv_ld_as_needed" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports --no-undefined" >&5 $as_echo_n "checking whether ld supports --no-undefined... " >&6; } if test "${pam_cv_ld_no_undefined+set}" = set; then : $as_echo_n "(cached) " >&6 else cat > conftest.c <&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; } then pam_cv_ld_no_undefined=yes LDFLAGS="$LDFLAGS -Wl,--no-undefined" else pam_cv_ld_no_undefined=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pam_cv_ld_no_undefined" >&5 $as_echo "$pam_cv_ld_no_undefined" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ld supports -O1" >&5 $as_echo_n "checking whether ld supports -O1... " >&6; } if test "${pam_cv_ld_O1+set}" = set; then : $as_echo_n "(cached) " >&6 else cat > conftest.c <&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; } then pam_cv_ld_O1=yes LDFLAGS="$LDFLAGS -Wl,-O1" else pam_cv_ld_O1=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pam_cv_ld_O1" >&5 $as_echo "$pam_cv_ld_O1" >&6; } # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 $as_echo_n "checking for special C compiler options needed for large files... " >&6; } if test "${ac_cv_sys_largefile_CC+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext CC="$CC -n32" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 $as_echo "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } if test "${ac_cv_sys_file_offset_bits+set}" = set; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=64; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 $as_echo "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } if test "${ac_cv_sys_large_files+set}" = set; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 $as_echo "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF ;; esac rm -rf conftest* fi fi if eval "test x$GCC = xyes -a $CC != icc"; then for flag in \ -W \ -Wall \ -Wbad-function-cast \ -Wcast-align \ -Wcast-qual \ -Wmissing-declarations \ -Wmissing-prototypes \ -Wpointer-arith \ -Wreturn-type \ -Wstrict-prototypes \ -Wwrite-strings \ -Winline \ -Wshadow do case "$CFLAGS" in "$flag" | "$flag "* | *" $flag" | *" $flag "* ) : ;; *) CFLAGS="$CFLAGS $flag" ;; esac done fi if eval "test x$CC = xicc"; then for flag in \ -Wall \ -Wmissing-prototypes \ -Wpointer-arith \ -Wreturn-type \ -Wstrict-prototypes \ -Wwrite-strings \ -Wshadow \ -Wp64 \ -Wdeprecated \ -Wuninitialized \ -Wmain do case "$CFLAGS" in "$flag" | "$flag "* | *" $flag" | *" $flag "* ) : ;; *) CFLAGS="$CFLAGS $flag" ;; esac done fi if test "x${CC_FOR_BUILD+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then for ac_prog in gcc cc do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_prog_CC_FOR_BUILD+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -n "$CC_FOR_BUILD"; then ac_cv_prog_CC_FOR_BUILD="$CC_FOR_BUILD" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_prog_CC_FOR_BUILD="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC_FOR_BUILD=$ac_cv_prog_CC_FOR_BUILD if test -n "$CC_FOR_BUILD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 $as_echo "$CC_FOR_BUILD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC_FOR_BUILD" && break done else CC_FOR_BUILD=${CC} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CC_FOR_BUILD" >&5 $as_echo_n "checking for CC_FOR_BUILD... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC_FOR_BUILD" >&5 $as_echo "$CC_FOR_BUILD" >&6; } if test "x${BUILD_CFLAGS+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then BUILD_CFLAGS= else BUILD_CFLAGS=${CFLAGS} fi fi if test "x${BUILD_LDFLAGS+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then BUILD_LDFLAGS= else BUILD_LDFLAGS=${LDFLAGS} fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __attribute__" >&5 $as_echo_n "checking for __attribute__... " >&6; } if test "${ac_cv___attribute__+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include static void foo (void) __attribute__ ((unused)); static void foo (void) { exit(1); } int main () { exit (0); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv___attribute__=yes else ac_cv___attribute__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test "$ac_cv___attribute__" = "yes"; then $as_echo "#define UNUSED __attribute__ ((unused))" >>confdefs.h else $as_echo "#define UNUSED /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv___attribute__" >&5 $as_echo "$ac_cv___attribute__" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for .symver assembler directive" >&5 $as_echo_n "checking for .symver assembler directive... " >&6; } if test "${libc_cv_asm_symver_directive+set}" = set; then : $as_echo_n "(cached) " >&6 else cat > conftest.s <&5 2>&5; then libc_cv_asm_symver_directive=yes else libc_cv_asm_symver_directive=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_asm_symver_directive" >&5 $as_echo "$libc_cv_asm_symver_directive" >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld --version-script" >&5 $as_echo_n "checking for ld --version-script... " >&6; } if test "${libc_cv_ld_version_script_option+set}" = set; then : $as_echo_n "(cached) " >&6 else if test $libc_cv_asm_symver_directive = yes; then cat > conftest.s < conftest.map <&5 2>&5; then if { ac_try='${CC-cc} $CFLAGS $LDFLAGS -shared -o conftest.so conftest.o -nostartfiles -nostdlib -Wl,--version-script,conftest.map 1>&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then libc_cv_ld_version_script_option=yes else libc_cv_ld_version_script_option=no fi else libc_cv_ld_version_script_option=no fi else libc_cv_ld_version_script_option=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_ld_version_script_option" >&5 $as_echo "$libc_cv_ld_version_script_option" >&6; } if test "$libc_cv_ld_version_script_option" = "yes"; then HAVE_VERSIONING_TRUE= HAVE_VERSIONING_FALSE='#' else HAVE_VERSIONING_TRUE='#' HAVE_VERSIONING_FALSE= fi # Check whether --enable-pie was given. if test "${enable_pie+set}" = set; then : enableval=$enable_pie; USE_PIE=$enableval else USE_PIE=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fpie" >&5 $as_echo_n "checking for -fpie... " >&6; } if test "${libc_cv_fpie+set}" = set; then : $as_echo_n "(cached) " >&6 else cat > conftest.c <&5 (eval $ac_try) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; } then libc_cv_fpie=yes PIE_CFLAGS="-fpie" PIE_LDFLAGS="-pie" else libc_cv_fpie=no PIE_CFLAGS="" PIE_LDFLAGS="" fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_fpie" >&5 $as_echo "$libc_cv_fpie" >&6; } # Check whether --enable-prelude was given. if test "${enable_prelude+set}" = set; then : enableval=$enable_prelude; WITH_PRELUDE=$enableval else WITH_PRELUDE=yes fi if test "$WITH_PRELUDE" == "yes" ; then # Check whether --with-libprelude-prefix was given. if test "${with_libprelude_prefix+set}" = set; then : withval=$with_libprelude_prefix; libprelude_config_prefix="$withval" else libprelude_config_prefix="" fi if test x$libprelude_config_prefix != x ; then if test x${LIBPRELUDE_CONFIG+set} != xset ; then LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config fi fi # Extract the first word of "libprelude-config", so it can be a program name with args. set dummy libprelude-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_LIBPRELUDE_CONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $LIBPRELUDE_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_LIBPRELUDE_CONFIG="$LIBPRELUDE_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_LIBPRELUDE_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_LIBPRELUDE_CONFIG" && ac_cv_path_LIBPRELUDE_CONFIG="no" ;; esac fi LIBPRELUDE_CONFIG=$ac_cv_path_LIBPRELUDE_CONFIG if test -n "$LIBPRELUDE_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPRELUDE_CONFIG" >&5 $as_echo "$LIBPRELUDE_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi min_libprelude_version=0.9.0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libprelude - version >= $min_libprelude_version" >&5 $as_echo_n "checking for libprelude - version >= $min_libprelude_version... " >&6; } no_libprelude="" if test "$LIBPRELUDE_CONFIG" = "no" ; then no_libprelude=yes else LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` ac_save_CFLAGS="$CFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" rm -f conf.libpreludetest if test "$cross_compiling" = yes; then : echo $ac_n "cross compiling; assumed OK... $ac_c" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { system ("touch conf.libpreludetest"); if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) { printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", "$libprelude_config_version", prelude_check_version(NULL) ); printf("*** was found! If libprelude-config was correct, then it is best\n"); printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); printf("*** before re-running configure\n"); } else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) { printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); printf("*** library (version %s)\n", prelude_check_version(NULL) ); } else { if ( prelude_check_version( "$min_libprelude_version" ) ) { return 0; } else { printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", prelude_check_version(NULL) ); printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", "$min_libprelude_version" ); printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); printf("*** \n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else no_libprelude=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" LDFLAGS="$ac_save_LDFLAGS" fi if test "x$no_libprelude" = x ; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } : else if test -f conf.libpreludetest ; then : else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "$LIBPRELUDE_CONFIG" = "no" ; then echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" echo "*** full path to libprelude-config." else if test -f conf.libpreludetest ; then : else echo "*** Could not run libprelude test program, checking why..." CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { return !!prelude_check_version(NULL); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" echo "***" else echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" LIBS="$ac_save_LIBS" fi fi LIBPRELUDE_CFLAGS="" LIBPRELUDE_LDFLAGS="" LIBPRELUDE_LIBS="" : fi rm -f conf.libpreludetest if test "$LIBPRELUDE_CONFIG" != "no" ; then LIBPRELUDE_CFLAGS="$LIBPRELUDE_CFLAGS -DPRELUDE=1" fi fi # Check whether --enable-debug was given. if test "${enable_debug+set}" = set; then : enableval=$enable_debug; fi if test x"$enable_debug" = x"yes" ; then $as_echo "#define PAM_DEBUG /**/" >>confdefs.h fi # Check whether --enable-securedir was given. if test "${enable_securedir+set}" = set; then : enableval=$enable_securedir; SECUREDIR=$enableval else SECUREDIR=$libdir/security fi # Check whether --enable-isadir was given. if test "${enable_isadir+set}" = set; then : enableval=$enable_isadir; ISA=$enableval else ISA=../../`basename $libdir`/security fi unset mylibdirbase cat >>confdefs.h <<_ACEOF #define _PAM_ISA "$ISA" _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: Defining \$ISA to \"$ISA\"" >&5 $as_echo "Defining \$ISA to \"$ISA\"" >&6; } # Check whether --enable-sconfigdir was given. if test "${enable_sconfigdir+set}" = set; then : enableval=$enable_sconfigdir; SCONFIGDIR=$enableval else SCONFIGDIR=$sysconfdir/security fi # Check whether --enable-pamlocking was given. if test "${enable_pamlocking+set}" = set; then : enableval=$enable_pamlocking; fi if test x"$enable_pamlocking" = "xyes"; then $as_echo "#define PAM_LOCKING /**/" >>confdefs.h fi # Check whether --enable-read-both-confs was given. if test "${enable_read_both_confs+set}" = set; then : enableval=$enable_read_both_confs; fi if test x"$enable_read_both_confs" = "xyes"; then $as_echo "#define PAM_READ_BOTH_CONFS /**/" >>confdefs.h fi # Check whether --enable-lckpwdf was given. if test "${enable_lckpwdf+set}" = set; then : enableval=$enable_lckpwdf; WITH_LCKPWDF=$enableval else WITH_LCKPWDF=yes fi if test "$WITH_LCKPWDF" == "yes" ; then $as_echo "#define USE_LCKPWDF 1" >>confdefs.h fi for ac_header in paths.h do : ac_fn_c_check_header_mongrel "$LINENO" "paths.h" "ac_cv_header_paths_h" "$ac_includes_default" if test "x$ac_cv_header_paths_h" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_PATHS_H 1 _ACEOF fi done # Check whether --with-mailspool was given. if test "${with_mailspool+set}" = set; then : withval=$with_mailspool; with_mailspool=${withval} fi if test x$with_mailspool != x ; then pam_mail_spool="\"$with_mailspool\"" else if test "$cross_compiling" = yes; then : pam_mail_spool="\"/var/spool/mail\"" else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main() { #ifdef _PATH_MAILDIR exit(0); #else exit(1); #endif } _ACEOF if ac_fn_c_try_run "$LINENO"; then : pam_mail_spool="_PATH_MAILDIR" else pam_mail_spool="\"/var/spool/mail\"" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi cat >>confdefs.h <<_ACEOF #define PAM_PATH_MAILDIR $pam_mail_spool _ACEOF # Check whether --with-xauth was given. if test "${with_xauth+set}" = set; then : withval=$with_xauth; pam_xauth_path=${withval} fi if test x$with_xauth == x ; then # Extract the first word of "xauth", so it can be a program name with args. set dummy xauth; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_pam_xauth_path+set}" = set; then : $as_echo_n "(cached) " >&6 else case $pam_xauth_path in [\\/]* | ?:[\\/]*) ac_cv_path_pam_xauth_path="$pam_xauth_path" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_pam_xauth_path="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi pam_xauth_path=$ac_cv_path_pam_xauth_path if test -n "$pam_xauth_path"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $pam_xauth_path" >&5 $as_echo "$pam_xauth_path" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x$pam_xauth_path == x/usr/X11R6/bin/xauth ; then unset pam_xauth_path fi fi if test x$pam_xauth_path != x ; then cat >>confdefs.h <<_ACEOF #define PAM_PATH_XAUTH "$pam_xauth_path" _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 $as_echo_n "checking for dlopen in -ldl... " >&6; } if test "${ac_cv_lib_dl_dlopen+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dlopen (); int main () { return dlopen (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_dl_dlopen=yes else ac_cv_lib_dl_dlopen=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 $as_echo "$ac_cv_lib_dl_dlopen" >&6; } if test "x$ac_cv_lib_dl_dlopen" = x""yes; then : LIBDL="-ldl" else LIBDL="" fi # Check for cracklib # Check whether --enable-cracklib was given. if test "${enable_cracklib+set}" = set; then : enableval=$enable_cracklib; WITH_CRACKLIB=$enableval else WITH_CRACKLIB=yes fi if test x"$WITH_CRACKLIB" != xno ; then for ac_header in crack.h do : ac_fn_c_check_header_mongrel "$LINENO" "crack.h" "ac_cv_header_crack_h" "$ac_includes_default" if test "x$ac_cv_header_crack_h" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_CRACK_H 1 _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: checking for FascistCheck in -lcrack" >&5 $as_echo_n "checking for FascistCheck in -lcrack... " >&6; } if test "${ac_cv_lib_crack_FascistCheck+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lcrack $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char FascistCheck (); int main () { return FascistCheck (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_crack_FascistCheck=yes else ac_cv_lib_crack_FascistCheck=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crack_FascistCheck" >&5 $as_echo "$ac_cv_lib_crack_FascistCheck" >&6; } if test "x$ac_cv_lib_crack_FascistCheck" = x""yes; then : LIBCRACK="-lcrack" else LIBCRACK="" fi fi done else LIBCRACK="" fi if test -n "$LIBCRACK"; then $as_echo "#define HAVE_LIBCRACK 1" >>confdefs.h fi if test -n "$LIBCRACK"; then HAVE_LIBCRACK_TRUE= HAVE_LIBCRACK_FALSE='#' else HAVE_LIBCRACK_TRUE='#' HAVE_LIBCRACK_FALSE= fi # Check whether --enable-audit was given. if test "${enable_audit+set}" = set; then : enableval=$enable_audit; WITH_LIBAUDIT=$enableval else WITH_LIBAUDIT=yes fi if test x"$WITH_LIBAUDIT" != xno ; then ac_fn_c_check_header_mongrel "$LINENO" "libaudit.h" "ac_cv_header_libaudit_h" "$ac_includes_default" if test "x$ac_cv_header_libaudit_h" = x""yes; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for audit_log_acct_message in -laudit" >&5 $as_echo_n "checking for audit_log_acct_message in -laudit... " >&6; } if test "${ac_cv_lib_audit_audit_log_acct_message+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-laudit $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char audit_log_acct_message (); int main () { return audit_log_acct_message (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_audit_audit_log_acct_message=yes else ac_cv_lib_audit_audit_log_acct_message=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_audit_audit_log_acct_message" >&5 $as_echo "$ac_cv_lib_audit_audit_log_acct_message" >&6; } if test "x$ac_cv_lib_audit_audit_log_acct_message" = x""yes; then : LIBAUDIT=-laudit else LIBAUDIT="" fi ac_fn_c_check_type "$LINENO" "struct audit_tty_status" "ac_cv_type_struct_audit_tty_status" "#include " if test "x$ac_cv_type_struct_audit_tty_status" = x""yes; then : HAVE_AUDIT_TTY_STATUS=yes else HAVE_AUDIT_TTY_STATUS="" fi fi if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then $as_echo "#define HAVE_LIBAUDIT 1" >>confdefs.h fi if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then $as_echo "#define HAVE_AUDIT_TTY_STATUS 1" >>confdefs.h ac_fn_c_check_member "$LINENO" "struct audit_tty_status" "log_passwd" "ac_cv_member_struct_audit_tty_status_log_passwd" "#include " if test "x$ac_cv_member_struct_audit_tty_status_log_passwd" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRUCT_AUDIT_TTY_STATUS_LOG_PASSWD 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: audit_tty_status.log_passwd is not available. The log_passwd option is disabled." >&5 $as_echo "$as_me: WARNING: audit_tty_status.log_passwd is not available. The log_passwd option is disabled." >&2;} fi fi else LIBAUDIT="" fi if test "x$HAVE_AUDIT_TTY_STATUS" = xyes; then HAVE_AUDIT_TTY_STATUS_TRUE= HAVE_AUDIT_TTY_STATUS_FALSE='#' else HAVE_AUDIT_TTY_STATUS_TRUE='#' HAVE_AUDIT_TTY_STATUS_FALSE= fi for ac_header in xcrypt.h crypt.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_header_xcrypt_h" = "xyes"; then : crypt_libs="xcrypt crypt" else crypt_libs="crypt" fi BACKUP_LIBS=$LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing crypt" >&5 $as_echo_n "checking for library containing crypt... " >&6; } if test "${ac_cv_search_crypt+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char crypt (); int main () { return crypt (); ; return 0; } _ACEOF for ac_lib in '' $crypt_libs; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_crypt=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if test "${ac_cv_search_crypt+set}" = set; then : break fi done if test "${ac_cv_search_crypt+set}" = set; then : else ac_cv_search_crypt=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_crypt" >&5 $as_echo "$ac_cv_search_crypt" >&6; } ac_res=$ac_cv_search_crypt if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" LIBCRYPT="-l$ac_lib" else LIBCRYPT="" fi for ac_func in crypt_r crypt_gensalt_r do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done LIBS=$BACKUP_LIBS if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then $as_echo "#define HAVE_LIBXCRYPT 1" >>confdefs.h fi # Check whether --with-randomdev was given. if test "${with_randomdev+set}" = set; then : withval=$with_randomdev; opt_randomdev=$withval fi if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then opt_randomdev="/dev/urandom" elif test "$opt_randomdev" = no; then opt_randomdev= fi if test -n "$opt_randomdev"; then cat >>confdefs.h <<_ACEOF #define PAM_PATH_RANDOMDEV "$opt_randomdev" _ACEOF fi # Check whether --enable-db was given. if test "${enable_db+set}" = set; then : enableval=$enable_db; WITH_DB=$enableval else WITH_DB=yes fi # Check whether --with-db-uniquename was given. if test "${with_db_uniquename+set}" = set; then : withval=$with_db_uniquename; fi if test x"$WITH_DB" != xno ; then if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then old_libs=$LIBS LIBS="$LIBS -ldb$with_db_uniquename" for ac_func in db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF LIBDB="-ldb$with_db_uniquename"; break fi done LIBS=$old_libs fi if test -z "$LIBDB" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dbm_store in -lndbm" >&5 $as_echo_n "checking for dbm_store in -lndbm... " >&6; } if test "${ac_cv_lib_ndbm_dbm_store+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lndbm $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char dbm_store (); int main () { return dbm_store (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_ndbm_dbm_store=yes else ac_cv_lib_ndbm_dbm_store=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ndbm_dbm_store" >&5 $as_echo "$ac_cv_lib_ndbm_dbm_store" >&6; } if test "x$ac_cv_lib_ndbm_dbm_store" = x""yes; then : LIBDB="-lndbm" else LIBDB="" fi if test ! -z "$LIBDB" ; then for ac_header in ndbm.h do : ac_fn_c_check_header_mongrel "$LINENO" "ndbm.h" "ac_cv_header_ndbm_h" "$ac_includes_default" if test "x$ac_cv_header_ndbm_h" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_NDBM_H 1 _ACEOF fi done fi else for ac_header in db.h do : ac_fn_c_check_header_mongrel "$LINENO" "db.h" "ac_cv_header_db_h" "$ac_includes_default" if test "x$ac_cv_header_db_h" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DB_H 1 _ACEOF fi done fi fi if test ! -z "$LIBDB"; then HAVE_LIBDB_TRUE= HAVE_LIBDB_FALSE='#' else HAVE_LIBDB_TRUE='#' HAVE_LIBDB_FALSE= fi # Check whether --enable-nis was given. if test "${enable_nis+set}" = set; then : enableval=$enable_nis; fi if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_PKG_CONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi PKG_CONFIG=$ac_cv_path_PKG_CONFIG if test -n "$PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 $as_echo "$PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_path_PKG_CONFIG"; then ac_pt_PKG_CONFIG=$PKG_CONFIG # Extract the first word of "pkg-config", so it can be a program name with args. set dummy pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $ac_pt_PKG_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG if test -n "$ac_pt_PKG_CONFIG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 $as_echo "$ac_pt_PKG_CONFIG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_pt_PKG_CONFIG" = x; then PKG_CONFIG="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac PKG_CONFIG=$ac_pt_PKG_CONFIG fi else PKG_CONFIG="$ac_cv_path_PKG_CONFIG" fi fi if test -n "$PKG_CONFIG"; then _pkg_min_version=0.9.0 { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 $as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } PKG_CONFIG="" fi fi if test "x$enable_nis" != "xno"; then : CFLAGS=$old_CFLAGS LIBS=$old_LIBS pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libtirpc" >&5 $as_echo_n "checking for libtirpc... " >&6; } if test -n "$libtirpc_CFLAGS"; then pkg_cv_libtirpc_CFLAGS="$libtirpc_CFLAGS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtirpc\""; } >&5 ($PKG_CONFIG --exists --print-errors "libtirpc") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_libtirpc_CFLAGS=`$PKG_CONFIG --cflags "libtirpc" 2>/dev/null` else pkg_failed=yes fi else pkg_failed=untried fi if test -n "$libtirpc_LIBS"; then pkg_cv_libtirpc_LIBS="$libtirpc_LIBS" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtirpc\""; } >&5 ($PKG_CONFIG --exists --print-errors "libtirpc") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then pkg_cv_libtirpc_LIBS=`$PKG_CONFIG --libs "libtirpc" 2>/dev/null` else pkg_failed=yes fi else pkg_failed=untried fi if test $pkg_failed = yes; then if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi if test $_pkg_short_errors_supported = yes; then libtirpc_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libtirpc" 2>&1` else libtirpc_PKG_ERRORS=`$PKG_CONFIG --print-errors "libtirpc" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$libtirpc_PKG_ERRORS" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } :; elif test $pkg_failed = untried; then :; else libtirpc_CFLAGS=$pkg_cv_libtirpc_CFLAGS libtirpc_LIBS=$pkg_cv_libtirpc_LIBS { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } CFLAGS="$CFLAGS $libtirpc_CFLAGS" LIBS="$LIBS $libtirpc_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing yp_get_default_domain" >&5 $as_echo_n "checking for library containing yp_get_default_domain... " >&6; } if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char yp_get_default_domain (); int main () { return yp_get_default_domain (); ; return 0; } _ACEOF for ac_lib in '' nsl; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_yp_get_default_domain=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : break fi done if test "${ac_cv_search_yp_get_default_domain+set}" = set; then : else ac_cv_search_yp_get_default_domain=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yp_get_default_domain" >&5 $as_echo "$ac_cv_search_yp_get_default_domain" >&6; } ac_res=$ac_cv_search_yp_get_default_domain if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi for ac_func in yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_decl "$LINENO" "getrpcport" "ac_cv_have_decl_getrpcport" " #if HAVE_RPC_RPC_H # include #endif " if test "x$ac_cv_have_decl_getrpcport" = x""yes; then : ac_have_decl=1 else ac_have_decl=0 fi cat >>confdefs.h <<_ACEOF #define HAVE_DECL_GETRPCPORT $ac_have_decl _ACEOF NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" NIS_LIBS="${LIBS%${old_LIBS}}" CFLAGS="$old_CFLAGS" LIBS="$old_LIBS" fi # Check whether --enable-selinux was given. if test "${enable_selinux+set}" = set; then : enableval=$enable_selinux; WITH_SELINUX=$enableval else WITH_SELINUX=yes fi if test "$WITH_SELINUX" == "yes" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getfilecon in -lselinux" >&5 $as_echo_n "checking for getfilecon in -lselinux... " >&6; } if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getfilecon (); int main () { return getfilecon (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_selinux_getfilecon=yes else ac_cv_lib_selinux_getfilecon=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_getfilecon" >&5 $as_echo "$ac_cv_lib_selinux_getfilecon" >&6; } if test "x$ac_cv_lib_selinux_getfilecon" = x""yes; then : LIBSELINUX="-lselinux" else LIBSELINUX="" fi else LIBSELINUX="" fi if test ! -z "$LIBSELINUX"; then HAVE_LIBSELINUX_TRUE= HAVE_LIBSELINUX_FALSE='#' else HAVE_LIBSELINUX_TRUE='#' HAVE_LIBSELINUX_FALSE= fi if test ! -z "$LIBSELINUX" ; then $as_echo "#define WITH_SELINUX 1" >>confdefs.h BACKUP_LIBS=$LIBS LIBS="$LIBS $LIBSELINUX" for ac_func in setkeycreatecon do : ac_fn_c_check_func "$LINENO" "setkeycreatecon" "ac_cv_func_setkeycreatecon" if test "x$ac_cv_func_setkeycreatecon" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SETKEYCREATECON 1 _ACEOF fi done for ac_func in getseuser do : ac_fn_c_check_func "$LINENO" "getseuser" "ac_cv_func_getseuser" if test "x$ac_cv_func_getseuser" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_GETSEUSER 1 _ACEOF fi done LIBS=$BACKUP_LIBS fi ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$as_ac_Header=yes" else eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$as_ac_Header { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if test "${ac_cv_search_opendir+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if test "${ac_cv_search_opendir+set}" = set; then : break fi done if test "${ac_cv_search_opendir+set}" = set; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if test "${ac_cv_search_opendir+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if test "${ac_cv_search_opendir+set}" = set; then : break fi done if test "${ac_cv_search_opendir+set}" = set; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if test "${ac_cv_header_stdc+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 $as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } if test "${ac_cv_header_sys_wait_h+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_sys_wait_h=yes else ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 $as_echo "$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then $as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h fi for ac_header in fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in lastlog.h utmp.h utmpx.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" eval as_val=\$$as_ac_Header if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 $as_echo_n "checking whether byte ordering is bigendian... " >&6; } if test "${ac_cv_c_bigendian+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __APPLE_CC__ not a universal capable compiler #endif typedef int dummy; _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # Check for potential -arch flags. It is not universal unless # there are at least two -arch flags with different values. ac_arch= ac_prev= for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do if test -n "$ac_prev"; then case $ac_word in i?86 | x86_64 | ppc | ppc64) if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then ac_arch=$ac_word else ac_cv_c_bigendian=universal break fi ;; esac ac_prev= elif test "x$ac_word" = "x-arch"; then ac_prev=arch fi done fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ && LITTLE_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { #if BYTE_ORDER != BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) bogus endian macros #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : # It does; now see whether it defined to _BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { #ifndef _BIG_ENDIAN not big endian #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_bigendian=yes else ac_cv_c_bigendian=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. if test "$cross_compiling" = yes; then : # Try to guess by grepping values from an object file. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; int use_ascii (int i) { return ascii_mm[i] + ascii_ii[i]; } short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; } extern int foo; int main () { return use_ascii (foo) == use_ebcdic (foo); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then if test "$ac_cv_c_bigendian" = unknown; then ac_cv_c_bigendian=no else # finding both strings is unlikely to happen, but who knows? ac_cv_c_bigendian=unknown fi fi fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* Are we little or big endian? From Harbison&Steele. */ union { long int l; char c[sizeof (long int)]; } u; u.l = 1; return u.c[sizeof (long int) - 1] == 1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_c_bigendian=no else ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 $as_echo "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) as_fn_error "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if test "${ac_cv_c_const+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { /* FIXME: Include the comments suggested by Paul. */ #ifndef __cplusplus /* Ultrix mips cc rejects this. */ typedef int charset[2]; const charset cs; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this. */ char *t; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; }; struct s *b; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if test "${ac_cv_type_uid_t+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" if test "x$ac_cv_type_off_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define off_t long int _ACEOF fi ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = x""yes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if test "${ac_cv_header_time+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 $as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } if test "${ac_cv_struct_tm+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { struct tm tm; int *p = &tm.tm_sec; return !p; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_tm=time.h else ac_cv_struct_tm=sys/time.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 $as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then $as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 $as_echo_n "checking type of array argument to getgroups... " >&6; } if test "${ac_cv_type_getgroups+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_type_getgroups=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Mike Rendell for this test. */ $ac_includes_default #define NGID 256 #undef MAX #define MAX(x, y) ((x) > (y) ? (x) : (y)) int main () { gid_t gidset[NGID]; int i, n; union { gid_t gval; long int lval; } val; val.lval = -1; for (i = 0; i < NGID; i++) gidset[i] = val.gval; n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, gidset); /* Exit non-zero if getgroups seems to require an array of ints. This happens when gid_t is short int but getgroups modifies an array of ints. */ return n > 0 && gidset[n] != val.gval; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $ac_cv_type_getgroups = cross; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 $as_echo "$ac_cv_type_getgroups" >&6; } cat >>confdefs.h <<_ACEOF #define GETGROUPS_T $ac_cv_type_getgroups _ACEOF if test $ac_cv_c_compiler_gnu = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 $as_echo_n "checking whether $CC needs -traditional... " >&6; } if test "${ac_cv_prog_gcc_traditional+set}" = set; then : $as_echo_n "(cached) " >&6 else ac_pattern="Autoconf.*'x'" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TIOCGETP _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes else ac_cv_prog_gcc_traditional=no fi rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TCGETA _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 $as_echo "$ac_cv_prog_gcc_traditional" >&6; } if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working memcmp" >&5 $as_echo_n "checking for working memcmp... " >&6; } if test "${ac_cv_func_memcmp_working+set}" = set; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_memcmp_working=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* Some versions of memcmp are not 8-bit clean. */ char c0 = '\100', c1 = '\200', c2 = '\201'; if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0) return 1; /* The Next x86 OpenStep bug shows up only when comparing 16 bytes or more and with at least one buffer not starting on a 4-byte boundary. William Lewis provided this test program. */ { char foo[21]; char bar[21]; int i; for (i = 0; i < 4; i++) { char *a = foo + i; char *b = bar + i; strcpy (a, "--------01111111"); strcpy (b, "--------10000000"); if (memcmp (a, b, 16) >= 0) return 1; } return 0; } ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_memcmp_working=yes else ac_cv_func_memcmp_working=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_memcmp_working" >&5 $as_echo "$ac_cv_func_memcmp_working" >&6; } test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in *" memcmp.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS memcmp.$ac_objext" ;; esac for ac_func in vprintf do : ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf" if test "x$ac_cv_func_vprintf" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VPRINTF 1 _ACEOF ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt" if test "x$ac_cv_func__doprnt" = x""yes; then : $as_echo "#define HAVE_DOPRNT 1" >>confdefs.h fi fi done for ac_func in fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in strcspn strdup strspn strstr strtol uname do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in getgrouplist getline getdelim do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in inet_ntop inet_pton innetgr ruserok_af do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" eval as_val=\$$as_ac_var if test "x$as_val" = x""yes; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in unshare do : ac_fn_c_check_func "$LINENO" "unshare" "ac_cv_func_unshare" if test "x$ac_cv_func_unshare" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNSHARE 1 _ACEOF UNSHARE=yes else UNSHARE=no fi done if test "$UNSHARE" = yes; then HAVE_UNSHARE_TRUE= HAVE_UNSHARE_FALSE='#' else HAVE_UNSHARE_TRUE='#' HAVE_UNSHARE_FALSE= fi # Check whether --enable-regenerate-docu was given. if test "${enable_regenerate_docu+set}" = set; then : enableval=$enable_regenerate_docu; enable_docu=$enableval else enable_docu=yes fi # Extract the first word of "xsltproc", so it can be a program name with args. set dummy xsltproc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_XSLTPROC+set}" = set; then : $as_echo_n "(cached) " >&6 else case $XSLTPROC in [\\/]* | ?:[\\/]*) ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi XSLTPROC=$ac_cv_path_XSLTPROC if test -n "$XSLTPROC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5 $as_echo "$XSLTPROC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test -z "$XSLTPROC"; then enable_docu=no fi # Extract the first word of "xmllint", so it can be a program name with args. set dummy xmllint; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_XMLLINT+set}" = set; then : $as_echo_n "(cached) " >&6 else case $XMLLINT in [\\/]* | ?:[\\/]*) ac_cv_path_XMLLINT="$XMLLINT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_XMLLINT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_XMLLINT" && ac_cv_path_XMLLINT="/bin/true" ;; esac fi XMLLINT=$ac_cv_path_XMLLINT if test -n "$XMLLINT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLLINT" >&5 $as_echo "$XMLLINT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # check for the presence of the XML catalog # Check whether --with-xml-catalog was given. if test "${with_xml_catalog+set}" = set; then : withval=$with_xml_catalog; else with_xml_catalog=/etc/xml/catalog fi jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for XML catalog ($XML_CATALOG_FILE)" >&5 $as_echo_n "checking for XML catalog ($XML_CATALOG_FILE)... " >&6; } if test -f "$XML_CATALOG_FILE"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else jh_found_xmlcatalog=false { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } fi # check for the xmlcatalog program # Extract the first word of "xmlcatalog", so it can be a program name with args. set dummy xmlcatalog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_XMLCATALOG+set}" = set; then : $as_echo_n "(cached) " >&6 else case $XMLCATALOG in [\\/]* | ?:[\\/]*) ac_cv_path_XMLCATALOG="$XMLCATALOG" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_XMLCATALOG="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_XMLCATALOG" && ac_cv_path_XMLCATALOG="no" ;; esac fi XMLCATALOG=$ac_cv_path_XMLCATALOG if test -n "$XMLCATALOG"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLCATALOG" >&5 $as_echo "$XMLCATALOG" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then : else : fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DocBook XML DTD V4.4 in XML catalog" >&5 $as_echo_n "checking for DocBook XML DTD V4.4 in XML catalog... " >&6; } if $jh_found_xmlcatalog && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XMLCATALOG --noout \"\$XML_CATALOG_FILE\" \"-//OASIS//DTD DocBook XML V4.4//EN\" >&2"; } >&5 ($XMLCATALOG --noout "$XML_CATALOG_FILE" "-//OASIS//DTD DocBook XML V4.4//EN" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } enable_docu=no fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DocBook XSL Stylesheets in XML catalog" >&5 $as_echo_n "checking for DocBook XSL Stylesheets in XML catalog... " >&6; } if $jh_found_xmlcatalog && \ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$XMLCATALOG --noout \"\$XML_CATALOG_FILE\" \"http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl\" >&2"; } >&5 ($XMLCATALOG --noout "$XML_CATALOG_FILE" "http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl" >&2) 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 $as_echo "found" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 $as_echo "not found" >&6; } enable_docu=no fi # Extract the first word of "w3m", so it can be a program name with args. set dummy w3m; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_BROWSER+set}" = set; then : $as_echo_n "(cached) " >&6 else case $BROWSER in [\\/]* | ?:[\\/]*) ac_cv_path_BROWSER="$BROWSER" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_BROWSER="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi BROWSER=$ac_cv_path_BROWSER if test -n "$BROWSER"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BROWSER" >&5 $as_echo "$BROWSER" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test ! -z "$BROWSER"; then BROWSER="$BROWSER -T text/html -dump" else enable_docu=no fi # Extract the first word of "fop", so it can be a program name with args. set dummy fop; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_FO2PDF+set}" = set; then : $as_echo_n "(cached) " >&6 else case $FO2PDF in [\\/]* | ?:[\\/]*) ac_cv_path_FO2PDF="$FO2PDF" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_FO2PDF="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi FO2PDF=$ac_cv_path_FO2PDF if test -n "$FO2PDF"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FO2PDF" >&5 $as_echo "$FO2PDF" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test x$enable_docu != xno; then ENABLE_REGENERATE_MAN_TRUE= ENABLE_REGENERATE_MAN_FALSE='#' else ENABLE_REGENERATE_MAN_TRUE='#' ENABLE_REGENERATE_MAN_FALSE= fi if test ! -z "$FO2PDF"; then ENABLE_GENERATE_PDF_TRUE= ENABLE_GENERATE_PDF_FALSE='#' else ENABLE_GENERATE_PDF_TRUE='#' ENABLE_GENERATE_PDF_FALSE= fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 $as_echo_n "checking whether NLS is requested... " >&6; } # Check whether --enable-nls was given. if test "${enable_nls+set}" = set; then : enableval=$enable_nls; USE_NLS=$enableval else USE_NLS=yes fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgfmt", so it can be a program name with args. set dummy msgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_MSGFMT+set}" = set; then : $as_echo_n "(cached) " >&6 else case "$MSGFMT" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" ;; esac fi MSGFMT="$ac_cv_path_MSGFMT" if test "$MSGFMT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 $as_echo "$MSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "gmsgfmt", so it can be a program name with args. set dummy gmsgfmt; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_GMSGFMT+set}" = set; then : $as_echo_n "(cached) " >&6 else case $GMSGFMT in [\\/]* | ?:[\\/]*) ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" ;; esac fi GMSGFMT=$ac_cv_path_GMSGFMT if test -n "$GMSGFMT"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 $as_echo "$GMSGFMT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "xgettext", so it can be a program name with args. set dummy xgettext; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_XGETTEXT+set}" = set; then : $as_echo_n "(cached) " >&6 else case "$XGETTEXT" in [\\/]* | ?:[\\/]*) ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" ;; esac fi XGETTEXT="$ac_cv_path_XGETTEXT" if test "$XGETTEXT" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 $as_echo "$XGETTEXT" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi rm -f messages.po case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "msgmerge", so it can be a program name with args. set dummy msgmerge; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if test "${ac_cv_path_MSGMERGE+set}" = set; then : $as_echo_n "(cached) " >&6 else case "$MSGMERGE" in [\\/]* | ?:[\\/]*) ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&5 if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" ;; esac fi MSGMERGE="$ac_cv_path_MSGMERGE" if test "$MSGMERGE" != ":"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 $as_echo "$MSGMERGE" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$localedir" || localedir='${datadir}/locale' ac_config_commands="$ac_config_commands po-directories" if test "X$prefix" = "XNONE"; then acl_final_prefix="$ac_default_prefix" else acl_final_prefix="$prefix" fi if test "X$exec_prefix" = "XNONE"; then acl_final_exec_prefix='${prefix}' else acl_final_exec_prefix="$exec_prefix" fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" prefix="$acl_save_prefix" # Check whether --with-gnu-ld was given. if test "${with_gnu_ld+set}" = set; then : withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes else with_gnu_ld=no fi # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5 $as_echo_n "checking for ld used by GCC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [\\/]* | [A-Za-z]:[\\/]*) re_direlt='/[^/][^/]*/\.\./' # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 $as_echo_n "checking for GNU ld... " >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 $as_echo_n "checking for non-GNU ld... " >&6; } fi if test "${acl_cv_path_LD+set}" = set; then : $as_echo_n "(cached) " >&6 else if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then acl_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in *GNU* | *'with BFD'*) test "$with_gnu_ld" != no && break ;; *) test "$with_gnu_ld" != yes && break ;; esac fi done IFS="$ac_save_ifs" else acl_cv_path_LD="$LD" # Let the user override the test with a path. fi fi LD="$acl_cv_path_LD" if test -n "$LD"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 $as_echo "$LD" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 $as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } if test "${acl_cv_prog_gnu_ld+set}" = set; then : $as_echo_n "(cached) " >&6 else # I'd rather use --version here, but apparently some GNU ld's only accept -v. case `$LD -v 2>&1 &5 $as_echo "$acl_cv_prog_gnu_ld" >&6; } with_gnu_ld=$acl_cv_prog_gnu_ld { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 $as_echo_n "checking for shared library run path origin... " >&6; } if test "${acl_cv_rpath+set}" = set; then : $as_echo_n "(cached) " >&6 else CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh . ./conftest.sh rm -f ./conftest.sh acl_cv_rpath=done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 $as_echo "$acl_cv_rpath" >&6; } wl="$acl_cv_wl" libext="$acl_cv_libext" shlibext="$acl_cv_shlibext" hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" hardcode_direct="$acl_cv_hardcode_direct" hardcode_minus_L="$acl_cv_hardcode_minus_L" # Check whether --enable-rpath was given. if test "${enable_rpath+set}" = set; then : enableval=$enable_rpath; : else enable_rpath=yes fi acl_libdirstem=lib searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` if test -n "$searchpath"; then acl_save_IFS="${IFS= }"; IFS=":" for searchdir in $searchpath; do if test -d "$searchdir"; then case "$searchdir" in */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; *) searchdir=`cd "$searchdir" && pwd` case "$searchdir" in */lib64 ) acl_libdirstem=lib64 ;; esac ;; esac fi done IFS="$acl_save_IFS" fi use_additional=yes acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" # Check whether --with-libiconv-prefix was given. if test "${with_libiconv_prefix+set}" = set; then : withval=$with_libiconv_prefix; if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" else additional_includedir="$withval/include" additional_libdir="$withval/$acl_libdirstem" fi fi fi LIBICONV= LTLIBICONV= INCICONV= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='iconv ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" else : fi else found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$hardcode_direct" = yes; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else haveit= for x in $LDFLAGS $LIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" else LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" else LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INCICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" fi fi fi fi fi if test -n "$found_la"; then save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then haveit= if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIBICONV; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" ;; esac done fi else LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" else for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then for found_dir in $ltrpathdirs; do LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" done fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5 $as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; } if test "${gt_cv_func_CFPreferencesCopyAppValue+set}" = set; then : $as_echo_n "(cached) " >&6 else gt_save_LIBS="$LIBS" LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { CFPreferencesCopyAppValue(NULL, NULL) ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_CFPreferencesCopyAppValue=yes else gt_cv_func_CFPreferencesCopyAppValue=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$gt_save_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5 $as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; } if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then $as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5 $as_echo_n "checking for CFLocaleCopyCurrent... " >&6; } if test "${gt_cv_func_CFLocaleCopyCurrent+set}" = set; then : $as_echo_n "(cached) " >&6 else gt_save_LIBS="$LIBS" LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { CFLocaleCopyCurrent(); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_CFLocaleCopyCurrent=yes else gt_cv_func_CFLocaleCopyCurrent=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$gt_save_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5 $as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; } if test $gt_cv_func_CFLocaleCopyCurrent = yes; then $as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h fi INTL_MACOSX_LIBS= if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" fi LIBINTL= LTLIBINTL= POSUB= if test "$USE_NLS" = "yes"; then gt_use_preinstalled_gnugettext=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 $as_echo_n "checking for GNU gettext in libc... " >&6; } if test "${gt_cv_func_gnugettext1_libc+set}" = set; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern int *_nl_domain_bindings; int main () { bindtextdomain ("", ""); return * gettext ("") + _nl_msg_cat_cntr + *_nl_domain_bindings ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_gnugettext1_libc=yes else gt_cv_func_gnugettext1_libc=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext1_libc" >&5 $as_echo "$gt_cv_func_gnugettext1_libc" >&6; } if test "$gt_cv_func_gnugettext1_libc" != "yes"; then am_save_CPPFLAGS="$CPPFLAGS" for element in $INCICONV; do haveit= for x in $CPPFLAGS; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 $as_echo_n "checking for iconv... " >&6; } if test "${am_cv_func_iconv+set}" = set; then : $as_echo_n "(cached) " >&6 else am_cv_func_iconv="no, consider installing GNU libiconv" am_cv_lib_iconv=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_func_iconv=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "$am_cv_func_iconv" != yes; then am_save_LIBS="$LIBS" LIBS="$LIBS $LIBICONV" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : am_cv_lib_iconv=yes am_cv_func_iconv=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS="$am_save_LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 $as_echo "$am_cv_func_iconv" >&6; } if test "$am_cv_func_iconv" = yes; then $as_echo "#define HAVE_ICONV 1" >>confdefs.h fi if test "$am_cv_lib_iconv" = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 $as_echo_n "checking how to link with libiconv... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 $as_echo "$LIBICONV" >&6; } else CPPFLAGS="$am_save_CPPFLAGS" LIBICONV= LTLIBICONV= fi use_additional=yes acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" # Check whether --with-libintl-prefix was given. if test "${with_libintl_prefix+set}" = set; then : withval=$with_libintl_prefix; if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" else additional_includedir="$withval/include" additional_libdir="$withval/$acl_libdirstem" fi fi fi LIBINTL= LTLIBINTL= INCINTL= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='intl ' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" else : fi else found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi if test "$hardcode_direct" = yes; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else haveit= for x in $LDFLAGS $LIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" else LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" else LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" fi fi additional_includedir= case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INCINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" fi fi fi fi fi if test -n "$found_la"; then save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then haveit= if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIBINTL; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" ;; esac done fi else LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" else for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then for found_dir in $ltrpathdirs; do LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" done fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 $as_echo_n "checking for GNU gettext in libintl... " >&6; } if test "${gt_cv_func_gnugettext1_libintl+set}" = set; then : $as_echo_n "(cached) " >&6 else gt_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $INCINTL" gt_save_LIBS="$LIBS" LIBS="$LIBS $LIBINTL" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (const char *); int main () { bindtextdomain ("", ""); return * gettext ("") + _nl_msg_cat_cntr + *_nl_expand_alias ("") ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : gt_cv_func_gnugettext1_libintl=yes else gt_cv_func_gnugettext1_libintl=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext if test "$gt_cv_func_gnugettext1_libintl" != yes && test -n "$LIBICONV"; then LIBS="$LIBS $LIBICONV" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (const char *); int main () { bindtextdomain ("", ""); return * gettext ("") + _nl_msg_cat_cntr + *_nl_expand_alias ("") ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : LIBINTL="$LIBINTL $LIBICONV" LTLIBINTL="$LTLIBINTL $LTLIBICONV" gt_cv_func_gnugettext1_libintl=yes fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi CPPFLAGS="$gt_save_CPPFLAGS" LIBS="$gt_save_LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_gnugettext1_libintl" >&5 $as_echo "$gt_cv_func_gnugettext1_libintl" >&6; } fi if test "$gt_cv_func_gnugettext1_libc" = "yes" \ || { test "$gt_cv_func_gnugettext1_libintl" = "yes" \ && test "$PACKAGE" != gettext-runtime \ && test "$PACKAGE" != gettext-tools; }; then gt_use_preinstalled_gnugettext=yes else LIBINTL= LTLIBINTL= INCINTL= fi if test -n "$INTL_MACOSX_LIBS"; then if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" fi fi if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then $as_echo "#define ENABLE_NLS 1" >>confdefs.h else USE_NLS=no fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 $as_echo_n "checking whether to use NLS... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 $as_echo "$USE_NLS" >&6; } if test "$USE_NLS" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 $as_echo_n "checking where the gettext function comes from... " >&6; } if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext1_libintl" = "yes"; then gt_source="external libintl" else gt_source="libc" fi else gt_source="included intl directory" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 $as_echo "$gt_source" >&6; } fi if test "$USE_NLS" = "yes"; then if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext1_libintl" = "yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 $as_echo_n "checking how to link with libintl... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 $as_echo "$LIBINTL" >&6; } for element in $INCINTL; do haveit= for x in $CPPFLAGS; do acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" eval x=\"$x\" exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" fi done fi $as_echo "#define HAVE_GETTEXT 1" >>confdefs.h $as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h fi POSUB=po fi INTLLIBS="$LIBINTL" for ac_func in dngettext do : ac_fn_c_check_func "$LINENO" "dngettext" "ac_cv_func_dngettext" if test "x$ac_cv_func_dngettext" = x""yes; then : cat >>confdefs.h <<_ACEOF #define HAVE_DNGETTEXT 1 _ACEOF fi done ac_fn_c_check_decl "$LINENO" "__NR_keyctl" "ac_cv_have_decl___NR_keyctl" "#include " if test "x$ac_cv_have_decl___NR_keyctl" = x""yes; then : have_key_syscalls=1 else have_key_syscalls=0 fi ac_fn_c_check_decl "$LINENO" "ENOKEY" "ac_cv_have_decl_ENOKEY" "#include " if test "x$ac_cv_have_decl_ENOKEY" = x""yes; then : have_key_errors=1 else have_key_errors=0 fi HAVE_KEY_MANAGEMENT=0 if test $have_key_syscalls$have_key_errors = 11 then HAVE_KEY_MANAGEMENT=1 fi if test $HAVE_KEY_MANAGEMENT = 1; then $as_echo "#define HAVE_KEY_MANAGEMENT 1" >>confdefs.h fi HAVE_KEY_MANAGEMENT=$HAVE_KEY_MANAGEMENT if test "$have_key_syscalls" = 1; then HAVE_KEY_MANAGEMENT_TRUE= HAVE_KEY_MANAGEMENT_FALSE='#' else HAVE_KEY_MANAGEMENT_TRUE='#' HAVE_KEY_MANAGEMENT_FALSE= fi ac_config_files="$ac_config_files Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile po/Makefile.in modules/Makefile modules/pam_access/Makefile modules/pam_cracklib/Makefile modules/pam_debug/Makefile modules/pam_deny/Makefile modules/pam_echo/Makefile modules/pam_env/Makefile modules/pam_faildelay/Makefile modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile modules/pam_ftp/Makefile modules/pam_group/Makefile modules/pam_issue/Makefile modules/pam_keyinit/Makefile modules/pam_lastlog/Makefile modules/pam_limits/Makefile modules/pam_listfile/Makefile modules/pam_localuser/Makefile modules/pam_loginuid/Makefile modules/pam_mail/Makefile modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile modules/pam_namespace/Makefile modules/pam_nologin/Makefile modules/pam_permit/Makefile modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile modules/pam_rootok/Makefile modules/pam_exec/Makefile modules/pam_securetty/Makefile modules/pam_selinux/Makefile modules/pam_sepermit/Makefile modules/pam_shells/Makefile modules/pam_stress/Makefile modules/pam_succeed_if/Makefile modules/pam_tally/Makefile modules/pam_tally2/Makefile modules/pam_time/Makefile modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile modules/pam_umask/Makefile modules/pam_unix/Makefile modules/pam_userdb/Makefile modules/pam_warn/Makefile modules/pam_wheel/Makefile modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile doc/man/Makefile doc/sag/Makefile doc/adg/Makefile doc/mwg/Makefile examples/Makefile tests/Makefile xtests/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then test "x$cache_file" != "x/dev/null" && { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} cat confcache >$cache_file else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' else am__EXEEXT_TRUE='#' am__EXEEXT_FALSE= fi if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then as_fn_error "conditional \"AMDEP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${STATIC_MODULES_TRUE}" && test -z "${STATIC_MODULES_FALSE}"; then as_fn_error "conditional \"STATIC_MODULES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then as_fn_error "conditional \"am__fastdepCC\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_VERSIONING_TRUE}" && test -z "${HAVE_VERSIONING_FALSE}"; then as_fn_error "conditional \"HAVE_VERSIONING\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_LIBCRACK_TRUE}" && test -z "${HAVE_LIBCRACK_FALSE}"; then as_fn_error "conditional \"HAVE_LIBCRACK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_AUDIT_TTY_STATUS_TRUE}" && test -z "${HAVE_AUDIT_TTY_STATUS_FALSE}"; then as_fn_error "conditional \"HAVE_AUDIT_TTY_STATUS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_LIBDB_TRUE}" && test -z "${HAVE_LIBDB_FALSE}"; then as_fn_error "conditional \"HAVE_LIBDB\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_LIBSELINUX_TRUE}" && test -z "${HAVE_LIBSELINUX_FALSE}"; then as_fn_error "conditional \"HAVE_LIBSELINUX\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_UNSHARE_TRUE}" && test -z "${HAVE_UNSHARE_FALSE}"; then as_fn_error "conditional \"HAVE_UNSHARE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_REGENERATE_MAN_TRUE}" && test -z "${ENABLE_REGENERATE_MAN_FALSE}"; then as_fn_error "conditional \"ENABLE_REGENERATE_MAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_GENERATE_PDF_TRUE}" && test -z "${ENABLE_GENERATE_PDF_FALSE}"; then as_fn_error "conditional \"ENABLE_GENERATE_PDF\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_KEY_MANAGEMENT_TRUE}" && test -z "${HAVE_KEY_MANAGEMENT_FALSE}"; then as_fn_error "conditional \"HAVE_KEY_MANAGEMENT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi : ${CONFIG_STATUS=./config.status} ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error ERROR [LINENO LOG_FD] # --------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with status $?, using 1 if that was 0. as_fn_error () { as_status=$?; test $as_status -eq 0 && as_status=1 if test "$3"; then as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3 fi $as_echo "$as_me: error: $1" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -p'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -p' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -p' fi else as_ln_s='cp -p' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi if test -x / >/dev/null 2>&1; then as_test_x='test -x' else if ls -dL / >/dev/null 2>&1; then as_ls_L_option=L else as_ls_L_option= fi as_test_x=' eval sh -c '\'' if test -d "$1"; then test -d "$1/."; else case $1 in #( -*)set "./$1";; esac; case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #(( ???[sx]*):;;*)false;;esac;fi '\'' sh ' fi as_executable_p=$as_test_x # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by $as_me, which was generated by GNU Autoconf 2.65. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" config_commands="$ac_config_commands" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Configuration commands: $config_commands Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ config.status configured by $0, generated by GNU Autoconf 2.65, with options \\"\$ac_cs_config\\" Copyright (C) 2009 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' INSTALL='$INSTALL' MKDIR_P='$MKDIR_P' AWK='$AWK' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # # INIT-COMMANDS # AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir" # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`' macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`' enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`' enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`' pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`' enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`' host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`' host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`' host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`' build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`' build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`' build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`' SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`' Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`' GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`' EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`' FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`' LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`' NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`' LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`' max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`' ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`' exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`' lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`' lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`' lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`' reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`' reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`' OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`' deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`' file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`' AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`' AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`' STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`' RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`' old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`' CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`' CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`' compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`' GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`' lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`' objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`' SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`' ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`' MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`' lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`' lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`' lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`' lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`' lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`' need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`' DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`' NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`' LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`' OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`' OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`' libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`' shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`' extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`' archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`' enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`' export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`' old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`' old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`' archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`' archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`' module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`' module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`' with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`' allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`' no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`' hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`' hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`' hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`' hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`' hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`' hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`' hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`' hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`' inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`' link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`' fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`' always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`' export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`' exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`' include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`' prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`' file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`' variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`' need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`' need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`' version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`' runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`' shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`' shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`' libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`' library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`' soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`' postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`' finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`' finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`' hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`' sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`' sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`' hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`' enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`' enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`' enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`' old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`' striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`' LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # Quote evaled strings. for var in SED \ GREP \ EGREP \ FGREP \ LD \ NM \ LN_S \ lt_SP2NL \ lt_NL2SP \ reload_flag \ OBJDUMP \ deplibs_check_method \ file_magic_cmd \ AR \ AR_FLAGS \ STRIP \ RANLIB \ CC \ CFLAGS \ compiler \ lt_cv_sys_global_symbol_pipe \ lt_cv_sys_global_symbol_to_cdecl \ lt_cv_sys_global_symbol_to_c_name_address \ lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ SHELL \ ECHO \ lt_prog_compiler_no_builtin_flag \ lt_prog_compiler_wl \ lt_prog_compiler_pic \ lt_prog_compiler_static \ lt_cv_prog_compiler_c_o \ need_locks \ DSYMUTIL \ NMEDIT \ LIPO \ OTOOL \ OTOOL64 \ shrext_cmds \ export_dynamic_flag_spec \ whole_archive_flag_spec \ compiler_needs_object \ with_gnu_ld \ allow_undefined_flag \ no_undefined_flag \ hardcode_libdir_flag_spec \ hardcode_libdir_flag_spec_ld \ hardcode_libdir_separator \ fix_srcfile_path \ exclude_expsyms \ include_expsyms \ file_list_spec \ variables_saved_for_relink \ libname_spec \ library_names_spec \ soname_spec \ finish_eval \ old_striplib \ striplib; do case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in reload_cmds \ old_postinstall_cmds \ old_postuninstall_cmds \ old_archive_cmds \ extract_expsyms_cmds \ old_archive_from_new_cmds \ old_archive_from_expsyms_cmds \ archive_cmds \ archive_expsym_cmds \ module_cmds \ module_expsym_cmds \ export_symbols_cmds \ prelink_cmds \ postinstall_cmds \ postuninstall_cmds \ finish_cmds \ sys_lib_search_path_spec \ sys_lib_dlsearch_path_spec; do case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in *[\\\\\\\`\\"\\\$]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Fix-up fallback echo if it was mangled by the above quoting rules. case \$lt_ECHO in *'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\` ;; esac ac_aux_dir='$ac_aux_dir' xsi_shell='$xsi_shell' lt_shell_append='$lt_shell_append' # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile' # Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "libpam/Makefile") CONFIG_FILES="$CONFIG_FILES libpam/Makefile" ;; "libpamc/Makefile") CONFIG_FILES="$CONFIG_FILES libpamc/Makefile" ;; "libpamc/test/Makefile") CONFIG_FILES="$CONFIG_FILES libpamc/test/Makefile" ;; "libpam_misc/Makefile") CONFIG_FILES="$CONFIG_FILES libpam_misc/Makefile" ;; "conf/Makefile") CONFIG_FILES="$CONFIG_FILES conf/Makefile" ;; "conf/pam_conv1/Makefile") CONFIG_FILES="$CONFIG_FILES conf/pam_conv1/Makefile" ;; "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; "modules/Makefile") CONFIG_FILES="$CONFIG_FILES modules/Makefile" ;; "modules/pam_access/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_access/Makefile" ;; "modules/pam_cracklib/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_cracklib/Makefile" ;; "modules/pam_debug/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_debug/Makefile" ;; "modules/pam_deny/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_deny/Makefile" ;; "modules/pam_echo/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_echo/Makefile" ;; "modules/pam_env/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_env/Makefile" ;; "modules/pam_faildelay/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_faildelay/Makefile" ;; "modules/pam_filter/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_filter/Makefile" ;; "modules/pam_filter/upperLOWER/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_filter/upperLOWER/Makefile" ;; "modules/pam_ftp/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_ftp/Makefile" ;; "modules/pam_group/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_group/Makefile" ;; "modules/pam_issue/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_issue/Makefile" ;; "modules/pam_keyinit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_keyinit/Makefile" ;; "modules/pam_lastlog/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_lastlog/Makefile" ;; "modules/pam_limits/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_limits/Makefile" ;; "modules/pam_listfile/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_listfile/Makefile" ;; "modules/pam_localuser/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_localuser/Makefile" ;; "modules/pam_loginuid/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_loginuid/Makefile" ;; "modules/pam_mail/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_mail/Makefile" ;; "modules/pam_mkhomedir/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_mkhomedir/Makefile" ;; "modules/pam_motd/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_motd/Makefile" ;; "modules/pam_namespace/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_namespace/Makefile" ;; "modules/pam_nologin/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_nologin/Makefile" ;; "modules/pam_permit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_permit/Makefile" ;; "modules/pam_pwhistory/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_pwhistory/Makefile" ;; "modules/pam_rhosts/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_rhosts/Makefile" ;; "modules/pam_rootok/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_rootok/Makefile" ;; "modules/pam_exec/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_exec/Makefile" ;; "modules/pam_securetty/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_securetty/Makefile" ;; "modules/pam_selinux/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_selinux/Makefile" ;; "modules/pam_sepermit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_sepermit/Makefile" ;; "modules/pam_shells/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_shells/Makefile" ;; "modules/pam_stress/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_stress/Makefile" ;; "modules/pam_succeed_if/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_succeed_if/Makefile" ;; "modules/pam_tally/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_tally/Makefile" ;; "modules/pam_tally2/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_tally2/Makefile" ;; "modules/pam_time/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_time/Makefile" ;; "modules/pam_timestamp/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_timestamp/Makefile" ;; "modules/pam_tty_audit/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_tty_audit/Makefile" ;; "modules/pam_umask/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_umask/Makefile" ;; "modules/pam_unix/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_unix/Makefile" ;; "modules/pam_userdb/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_userdb/Makefile" ;; "modules/pam_warn/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_warn/Makefile" ;; "modules/pam_wheel/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_wheel/Makefile" ;; "modules/pam_xauth/Makefile") CONFIG_FILES="$CONFIG_FILES modules/pam_xauth/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/specs/Makefile") CONFIG_FILES="$CONFIG_FILES doc/specs/Makefile" ;; "doc/man/Makefile") CONFIG_FILES="$CONFIG_FILES doc/man/Makefile" ;; "doc/sag/Makefile") CONFIG_FILES="$CONFIG_FILES doc/sag/Makefile" ;; "doc/adg/Makefile") CONFIG_FILES="$CONFIG_FILES doc/adg/Makefile" ;; "doc/mwg/Makefile") CONFIG_FILES="$CONFIG_FILES doc/mwg/Makefile" ;; "examples/Makefile") CONFIG_FILES="$CONFIG_FILES examples/Makefile" ;; "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; "xtests/Makefile") CONFIG_FILES="$CONFIG_FILES xtests/Makefile" ;; *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= trap 'exit_status=$? { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5 # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \ || as_fn_error "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove $(srcdir), # ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=/{ s/:*\$(srcdir):*/:/ s/:*\${srcdir}:*/:/ s/:*@srcdir@:*/:/ s/^\([^=]*=[ ]*\):*/\1/ s/:*$// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_t=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_t"; then break elif $ac_last_try; then as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$tmp/stdin" \ || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # case $INSTALL in [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; esac ac_MKDIR_P=$MKDIR_P case $MKDIR_P in [\\/$]* | ?:[\\/]* ) ;; */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; esac _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t s&@INSTALL@&$ac_INSTALL&;t t s&@MKDIR_P@&$ac_MKDIR_P&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \ || as_fn_error "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined." >&2;} rm -f "$tmp/stdin" case $ac_file in -) cat "$tmp/out" && rm -f "$tmp/out";; *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";; esac \ || as_fn_error "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" } >"$tmp/config.h" \ || as_fn_error "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$tmp/config.h" "$ac_file" \ || as_fn_error "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error "could not create -" "$LINENO" 5 fi # Compute "$ac_file"'s index in $config_headers. _am_arg="$ac_file" _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'`/stamp-h$_am_stamp_count ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; esac case $ac_file$ac_mode in "depfiles":C) test x"$AMDEP_TRUE" != x"" || { # Autoconf 2.62 quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. case $CONFIG_FILES in *\'*) eval set x "$CONFIG_FILES" ;; *) set x $CONFIG_FILES ;; esac shift for mf do # Strip MF so we end up with the name of the file. mf=`echo "$mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile or not. # We used to match only the files named `Makefile.in', but # some people rename them; so instead we look at the file content. # Grep'ing the first line is not enough: some people post-process # each Makefile.in and add a new line on top of each file to say so. # Grep'ing the whole file is not good either: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then dirpart=`$as_dirname -- "$mf" || $as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$mf" : 'X\(//\)[^/]' \| \ X"$mf" : 'X\(//\)$' \| \ X"$mf" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` else continue fi # Extract the definition of DEPDIR, am__include, and am__quote # from the Makefile without running `make'. DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"` test -z "$DEPDIR" && continue am__include=`sed -n 's/^am__include = //p' < "$mf"` test -z "am__include" && continue am__quote=`sed -n 's/^am__quote = //p' < "$mf"` # When using ansi2knr, U may be empty or an underscore; expand it U=`sed -n 's/^U = //p' < "$mf"` # Find all dependency output files, they are included files with # $(DEPDIR) in their names. We invoke sed twice because it is the # simplest approach to changing $(DEPDIR) to its actual value in the # expansion. for file in `sed -n " s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do # Make sure the directory exists. test -f "$dirpart/$file" && continue fdir=`$as_dirname -- "$file" || $as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$file" : 'X\(//\)[^/]' \| \ X"$file" : 'X\(//\)$' \| \ X"$file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir=$dirpart/$fdir; as_fn_mkdir_p # echo "creating $dirpart/$file" echo '# dummy' > "$dirpart/$file" done done } ;; "libtool":C) # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # The names of the tagged configurations supported by this script. available_tags="" # ### BEGIN LIBTOOL CONFIG # Which release of libtool.m4 was used? macro_version=$macro_version macro_revision=$macro_revision # Whether or not to build static libraries. build_old_libs=$enable_static # Whether or not to build shared libraries. build_libtool_libs=$enable_shared # What type of objects to build. pic_mode=$pic_mode # Whether or not to optimize for fast installation. fast_install=$enable_fast_install # The host system. host_alias=$host_alias host=$host host_os=$host_os # The build system. build_alias=$build_alias build=$build build_os=$build_os # A sed program that does not truncate output. SED=$lt_SED # Sed that helps us avoid accidentally triggering echo(1) options like -n. Xsed="\$SED -e 1s/^X//" # A grep program that handles long lines. GREP=$lt_GREP # An ERE matcher. EGREP=$lt_EGREP # A literal string matcher. FGREP=$lt_FGREP # A BSD- or MS-compatible name lister. NM=$lt_NM # Whether we need soft or hard links. LN_S=$lt_LN_S # What is the maximum length of a command? max_cmd_len=$max_cmd_len # Object file suffix (normally "o"). objext=$ac_objext # Executable file suffix (normally ""). exeext=$exeext # whether the shell understands "unset". lt_unset=$lt_unset # turn spaces into newlines. SP2NL=$lt_lt_SP2NL # turn newlines into spaces. NL2SP=$lt_lt_NL2SP # How to create reloadable object files. reload_flag=$lt_reload_flag reload_cmds=$lt_reload_cmds # An object symbol dumper. OBJDUMP=$lt_OBJDUMP # Method to check whether dependent libraries are shared objects. deplibs_check_method=$lt_deplibs_check_method # Command to use when deplibs_check_method == "file_magic". file_magic_cmd=$lt_file_magic_cmd # The archiver. AR=$lt_AR AR_FLAGS=$lt_AR_FLAGS # A symbol stripping program. STRIP=$lt_STRIP # Commands used to install an old-style archive. RANLIB=$lt_RANLIB old_postinstall_cmds=$lt_old_postinstall_cmds old_postuninstall_cmds=$lt_old_postuninstall_cmds # A C compiler. LTCC=$lt_CC # LTCC compiler flags. LTCFLAGS=$lt_CFLAGS # Take the output of nm and produce a listing of raw symbols and C names. global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe # Transform the output of nm in a proper C declaration. global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl # Transform the output of nm in a C name address pair. global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address # Transform the output of nm in a C name address pair when lib prefix is needed. global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix # The name of the directory that contains temporary libtool files. objdir=$objdir # Shell to use when invoking shell scripts. SHELL=$lt_SHELL # An echo program that does not interpret backslashes. ECHO=$lt_ECHO # Used to examine libraries when file_magic_cmd begins with "file". MAGIC_CMD=$MAGIC_CMD # Must we lock files when doing compilation? need_locks=$lt_need_locks # Tool to manipulate archived DWARF debug symbol files on Mac OS X. DSYMUTIL=$lt_DSYMUTIL # Tool to change global to local symbols on Mac OS X. NMEDIT=$lt_NMEDIT # Tool to manipulate fat objects and archives on Mac OS X. LIPO=$lt_LIPO # ldd/readelf like tool for Mach-O binaries on Mac OS X. OTOOL=$lt_OTOOL # ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. OTOOL64=$lt_OTOOL64 # Old archive suffix (normally "a"). libext=$libext # Shared library suffix (normally ".so"). shrext_cmds=$lt_shrext_cmds # The commands to extract the exported symbol list from a shared archive. extract_expsyms_cmds=$lt_extract_expsyms_cmds # Variables whose values should be saved in libtool wrapper scripts and # restored at link time. variables_saved_for_relink=$lt_variables_saved_for_relink # Do we need the "lib" prefix for modules? need_lib_prefix=$need_lib_prefix # Do we need a version for libraries? need_version=$need_version # Library versioning type. version_type=$version_type # Shared library runtime path variable. runpath_var=$runpath_var # Shared library path variable. shlibpath_var=$shlibpath_var # Is shlibpath searched before the hard-coded library search path? shlibpath_overrides_runpath=$shlibpath_overrides_runpath # Format of library name prefix. libname_spec=$lt_libname_spec # List of archive names. First name is the real one, the rest are links. # The last name is the one that the linker finds with -lNAME library_names_spec=$lt_library_names_spec # The coded name of the library, if different from the real name. soname_spec=$lt_soname_spec # Command to use after installation of a shared archive. postinstall_cmds=$lt_postinstall_cmds # Command to use after uninstallation of a shared archive. postuninstall_cmds=$lt_postuninstall_cmds # Commands used to finish a libtool library installation in a directory. finish_cmds=$lt_finish_cmds # As "finish_cmds", except a single script fragment to be evaled but # not shown. finish_eval=$lt_finish_eval # Whether we should hardcode library paths into libraries. hardcode_into_libs=$hardcode_into_libs # Compile-time system search path for libraries. sys_lib_search_path_spec=$lt_sys_lib_search_path_spec # Run-time system search path for libraries. sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec # Whether dlopen is supported. dlopen_support=$enable_dlopen # Whether dlopen of programs is supported. dlopen_self=$enable_dlopen_self # Whether dlopen of statically linked programs is supported. dlopen_self_static=$enable_dlopen_self_static # Commands to strip libraries. old_striplib=$lt_old_striplib striplib=$lt_striplib # The linker used to build libraries. LD=$lt_LD # Commands used to build an old-style archive. old_archive_cmds=$lt_old_archive_cmds # A language specific compiler. CC=$lt_compiler # Is the compiler the GNU compiler? with_gcc=$GCC # Compiler flag to turn off builtin functions. no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag # How to pass a linker flag through the compiler. wl=$lt_lt_prog_compiler_wl # Additional compiler flags for building library objects. pic_flag=$lt_lt_prog_compiler_pic # Compiler flag to prevent dynamic linking. link_static_flag=$lt_lt_prog_compiler_static # Does compiler simultaneously support -c and -o options? compiler_c_o=$lt_lt_cv_prog_compiler_c_o # Whether or not to add -lc for building shared libraries. build_libtool_need_lc=$archive_cmds_need_lc # Whether or not to disallow shared libs when runtime libs are static. allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes # Compiler flag to allow reflexive dlopens. export_dynamic_flag_spec=$lt_export_dynamic_flag_spec # Compiler flag to generate shared objects directly from archives. whole_archive_flag_spec=$lt_whole_archive_flag_spec # Whether the compiler copes with passing no objects directly. compiler_needs_object=$lt_compiler_needs_object # Create an old-style archive from a shared archive. old_archive_from_new_cmds=$lt_old_archive_from_new_cmds # Create a temporary old-style archive to link instead of a shared archive. old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds # Commands used to build a shared archive. archive_cmds=$lt_archive_cmds archive_expsym_cmds=$lt_archive_expsym_cmds # Commands used to build a loadable module if different from building # a shared archive. module_cmds=$lt_module_cmds module_expsym_cmds=$lt_module_expsym_cmds # Whether we are building with GNU ld or not. with_gnu_ld=$lt_with_gnu_ld # Flag that allows shared libraries with undefined symbols to be built. allow_undefined_flag=$lt_allow_undefined_flag # Flag that enforces no undefined symbols. no_undefined_flag=$lt_no_undefined_flag # Flag to hardcode \$libdir into a binary during linking. # This must work even if \$libdir does not exist hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec # If ld is used when linking, flag to hardcode \$libdir into a binary # during linking. This must work even if \$libdir does not exist. hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld # Whether we need a single "-rpath" flag with a separated argument. hardcode_libdir_separator=$lt_hardcode_libdir_separator # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary. hardcode_direct=$hardcode_direct # Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes # DIR into the resulting binary and the resulting library dependency is # "absolute",i.e impossible to change by setting \${shlibpath_var} if the # library is relocated. hardcode_direct_absolute=$hardcode_direct_absolute # Set to "yes" if using the -LDIR flag during linking hardcodes DIR # into the resulting binary. hardcode_minus_L=$hardcode_minus_L # Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR # into the resulting binary. hardcode_shlibpath_var=$hardcode_shlibpath_var # Set to "yes" if building a shared library automatically hardcodes DIR # into the library and all subsequent libraries and executables linked # against it. hardcode_automatic=$hardcode_automatic # Set to yes if linker adds runtime paths of dependent libraries # to runtime path list. inherit_rpath=$inherit_rpath # Whether libtool must link a program against all its dependency libraries. link_all_deplibs=$link_all_deplibs # Fix the shell variable \$srcfile for the compiler. fix_srcfile_path=$lt_fix_srcfile_path # Set to "yes" if exported symbols are required. always_export_symbols=$always_export_symbols # The commands to list exported symbols. export_symbols_cmds=$lt_export_symbols_cmds # Symbols that should not be listed in the preloaded symbols. exclude_expsyms=$lt_exclude_expsyms # Symbols that must always be exported. include_expsyms=$lt_include_expsyms # Commands necessary for linking programs (against libraries) with templates. prelink_cmds=$lt_prelink_cmds # Specify filename containing input files. file_list_spec=$lt_file_list_spec # How to hardcode a shared library path into an executable. hardcode_action=$hardcode_action # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac ltmain="$ac_aux_dir/ltmain.sh" # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) case $xsi_shell in yes) cat << \_LT_EOF >> "$cfgfile" # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac } # func_basename file func_basename () { func_basename_result="${1##*/}" } # func_dirname_and_basename file append nondir_replacement # perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # Implementation must be kept synchronized with func_dirname # and func_basename. For efficiency, we do not delegate to # those functions but instead duplicate the functionality here. func_dirname_and_basename () { case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac func_basename_result="${1##*/}" } # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). func_stripname () { # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary parameter first. func_stripname_result=${3} func_stripname_result=${func_stripname_result#"${1}"} func_stripname_result=${func_stripname_result%"${2}"} } # func_opt_split func_opt_split () { func_opt_split_opt=${1%%=*} func_opt_split_arg=${1#*=} } # func_lo2o object func_lo2o () { case ${1} in *.lo) func_lo2o_result=${1%.lo}.${objext} ;; *) func_lo2o_result=${1} ;; esac } # func_xform libobj-or-source func_xform () { func_xform_result=${1%.*}.lo } # func_arith arithmetic-term... func_arith () { func_arith_result=$(( $* )) } # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=${#1} } _LT_EOF ;; *) # Bourne compatible functions. cat << \_LT_EOF >> "$cfgfile" # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { # Extract subdirectory from the argument. func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi } # func_basename file func_basename () { func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` } # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # func_strip_suffix prefix name func_stripname () { case ${2} in .*) func_stripname_result=`$ECHO "X${3}" \ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "X${3}" \ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; esac } # sed scripts: my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q' my_sed_long_arg='1s/^-[^=]*=//' # func_opt_split func_opt_split () { func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` } # func_lo2o object func_lo2o () { func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` } # func_xform libobj-or-source func_xform () { func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'` } # func_arith arithmetic-term... func_arith () { func_arith_result=`expr "$@"` } # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` } _LT_EOF esac case $lt_shell_append in yes) cat << \_LT_EOF >> "$cfgfile" # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "$1+=\$2" } _LT_EOF ;; *) cat << \_LT_EOF >> "$cfgfile" # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "$1=\$$1\$2" } _LT_EOF ;; esac sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ;; "po-directories":C) for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Treat a directory as a PO directory if and only if it has a # POTFILES.in file. This allows packages to have multiple PO # directories under different names or in different locations. if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assigment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assigment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit $? fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi pam/configure.in0000644000000000000000000004645213261244762011054 0ustar dnl Process this file with autoconf to produce a configure script. AC_INIT AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y]) AC_CONFIG_AUX_DIR([build-aux]) AM_INIT_AUTOMAKE("Linux-PAM", 1.1.8) LT_INIT([disable-static]) AC_PREREQ([2.61]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_HOST AC_SUBST(PACKAGE) AC_SUBST(VERSION) dnl dnl By default, everything under PAM is installed below /usr. dnl AC_PREFIX_DEFAULT(/usr) dnl and some hacks to use /etc and /lib test "${prefix}" = "NONE" && prefix="/usr" if test ${prefix} = '/usr' then dnl If we use /usr as prefix, use /etc for config files if test ${sysconfdir} = '${prefix}/etc' then sysconfdir="/etc" fi if test ${libdir} = '${exec_prefix}/lib' then case "`uname -m`" in x86_64|ppc64|s390x|sparc64) libdir="/lib64" ;; *) libdir="/lib" ;; esac fi if test ${sbindir} = '${exec_prefix}/sbin' then sbindir="/sbin" fi dnl If we use /usr as prefix, use /usr/share/man for manual pages if test ${mandir} = '${prefix}/man' then mandir='${prefix}/share/man' fi dnl Add security to include directory if test ${includedir} = '${prefix}/include' then includedir="${prefix}/include/security" fi dnl Add /var directory if test ${localstatedir} = '${prefix}/var' then localstatedir="/var" fi fi dnl dnl check if we should link everything static into libpam dnl AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules], [do not make the modules dynamically loadable]), STATIC_MODULES=$enableval,STATIC_MODULES=no) if test "$STATIC_MODULES" != "no" ; then CFLAGS="$CFLAGS -DPAM_STATIC" AC_ENABLE_STATIC([yes]) AC_ENABLE_SHARED([no]) else # per default don't build static libraries AC_ENABLE_STATIC([no]) AC_ENABLE_SHARED([yes]) fi AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) dnl Checks for programs. AC_USE_SYSTEM_EXTENSIONS AC_PROG_CC AC_PROG_YACC AM_PROG_LEX AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET AM_PROG_CC_C_O PAM_LD_AS_NEEDED PAM_LD_NO_UNDEFINED PAM_LD_O1 dnl Largefile support AC_SYS_LARGEFILE dnl icc claims to be GCC compatible, but use other flags for warnings if eval "test x$GCC = xyes -a $CC != icc"; then for flag in \ -W \ -Wall \ -Wbad-function-cast \ -Wcast-align \ -Wcast-qual \ -Wmissing-declarations \ -Wmissing-prototypes \ -Wpointer-arith \ -Wreturn-type \ -Wstrict-prototypes \ -Wwrite-strings \ -Winline \ -Wshadow do JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ]) done fi dnl icc has special warning flags if eval "test x$CC = xicc"; then for flag in \ -Wall \ -Wmissing-prototypes \ -Wpointer-arith \ -Wreturn-type \ -Wstrict-prototypes \ -Wwrite-strings \ -Wshadow \ -Wp64 \ -Wdeprecated \ -Wuninitialized \ -Wmain do JAPHAR_GREP_CFLAGS($flag, [ CFLAGS="$CFLAGS $flag" ]) done fi if test "x${CC_FOR_BUILD+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then AC_CHECK_PROGS(CC_FOR_BUILD, gcc cc) else CC_FOR_BUILD=${CC} fi fi AC_MSG_CHECKING([for CC_FOR_BUILD]) AC_MSG_RESULT([$CC_FOR_BUILD]) AC_SUBST(CC_FOR_BUILD) if test "x${BUILD_CFLAGS+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then BUILD_CFLAGS= else BUILD_CFLAGS=${CFLAGS} fi fi AC_SUBST(BUILD_CFLAGS) if test "x${BUILD_LDFLAGS+set}" != "xset" ; then if test "x$cross_compiling" = "xyes" ; then BUILD_LDFLAGS= else BUILD_LDFLAGS=${LDFLAGS} fi fi AC_SUBST(BUILD_LDFLAGS) AC_C___ATTRIBUTE__ dnl dnl Check if --version-script is supported by ld dnl AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive, [cat > conftest.s <&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then libc_cv_asm_symver_directive=yes else libc_cv_asm_symver_directive=no fi rm -f conftest*]) AC_CACHE_CHECK(for ld --version-script, libc_cv_ld_version_script_option, [dnl if test $libc_cv_asm_symver_directive = yes; then cat > conftest.s < conftest.map <&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared -o conftest.so conftest.o -nostartfiles -nostdlib -Wl,--version-script,conftest.map 1>&AS_MESSAGE_LOG_FD]); then libc_cv_ld_version_script_option=yes else libc_cv_ld_version_script_option=no fi else libc_cv_ld_version_script_option=no fi else libc_cv_ld_version_script_option=no fi rm -f conftest*]) AM_CONDITIONAL([HAVE_VERSIONING], [test "$libc_cv_ld_version_script_option" = "yes"]) dnl dnl check for -fPIE/-pie support dnl dnl icc handles -fpie as -fp without error, so blacklist icc dnl AC_ARG_ENABLE(pie,AS_HELP_STRING([--disable-pie], [disable position-independent executeables (PIE)]), USE_PIE=$enableval, USE_PIE=yes) AC_CACHE_CHECK(for -fpie, libc_cv_fpie, [dnl cat > conftest.c <&AS_MESSAGE_LOG_FD]) then libc_cv_fpie=yes PIE_CFLAGS="-fpie" PIE_LDFLAGS="-pie" else libc_cv_fpie=no PIE_CFLAGS="" PIE_LDFLAGS="" fi rm -f conftest*]) AC_SUBST(libc_cv_fpie) AC_SUBST(PIE_CFLAGS) AC_SUBST(PIE_LDFLAGS) dnl dnl options and defaults dnl AC_ARG_ENABLE([prelude], AS_HELP_STRING([--disable-prelude],[do not use prelude]), WITH_PRELUDE=$enableval, WITH_PRELUDE=yes) if test "$WITH_PRELUDE" == "yes" ; then AM_PATH_LIBPRELUDE([0.9.0]) if test "$LIBPRELUDE_CONFIG" != "no" ; then LIBPRELUDE_CFLAGS="$LIBPRELUDE_CFLAGS -DPRELUDE=1" fi fi dnl lots of debugging information goes to /var/run/pam-debug.log AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug],[specify you are building with debugging on])) if test x"$enable_debug" = x"yes" ; then AC_DEFINE([PAM_DEBUG],, [lots of stuff gets written to /var/run/pam-debug.log]) fi AC_ARG_ENABLE(securedir, AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]), SECUREDIR=$enableval, SECUREDIR=$libdir/security) AC_SUBST(SECUREDIR) AC_ARG_ENABLE([isadir], AS_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]), ISA=$enableval, ISA=../../`basename $libdir`/security) unset mylibdirbase AC_DEFINE_UNQUOTED(_PAM_ISA,"$ISA",[Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found.]) AC_MSG_RESULT([Defining \$ISA to "$ISA"]) AC_ARG_ENABLE(sconfigdir, AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]), SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security) AC_SUBST(SCONFIGDIR) AC_ARG_ENABLE(pamlocking, AS_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock])) if test x"$enable_pamlocking" = "xyes"; then AC_DEFINE([PAM_LOCKING],, [libpam should observe a global authentication lock]) fi AC_ARG_ENABLE(read-both-confs, AS_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files])) if test x"$enable_read_both_confs" = "xyes"; then AC_DEFINE([PAM_READ_BOTH_CONFS],, [read both /etc/pam.d and /etc/pam.conf files]) fi AC_ARG_ENABLE([lckpwdf], AS_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]), WITH_LCKPWDF=$enableval, WITH_LCKPWDF=yes) if test "$WITH_LCKPWDF" == "yes" ; then AC_DEFINE([USE_LCKPWDF], 1, [Define to 1 if the lckpwdf function should be used]) fi AC_CHECK_HEADERS(paths.h) AC_ARG_WITH(mailspool, [ --with-mailspool path to mail spool directory [default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]], with_mailspool=${withval}) if test x$with_mailspool != x ; then pam_mail_spool="\"$with_mailspool\"" else AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include int main() { #ifdef _PATH_MAILDIR exit(0); #else exit(1); #endif }]])],[pam_mail_spool="_PATH_MAILDIR"],[pam_mail_spool="\"/var/spool/mail\""],[pam_mail_spool="\"/var/spool/mail\""]) fi AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool, [Path where mails are stored]) AC_ARG_WITH(xauth, [ --with-xauth additional path to check for xauth when it is called from pam_xauth [added to the default of /usr/X11R6/bin/xauth, /usr/bin/xauth, /usr/bin/X11/xauth]], pam_xauth_path=${withval}) if test x$with_xauth == x ; then AC_PATH_PROG(pam_xauth_path, xauth) dnl There is no sense in adding the first default path if test x$pam_xauth_path == x/usr/X11R6/bin/xauth ; then unset pam_xauth_path fi fi if test x$pam_xauth_path != x ; then AC_DEFINE_UNQUOTED(PAM_PATH_XAUTH, "$pam_xauth_path", [Additional path of xauth executable]) fi dnl Checks for the existence of libdl - on BSD and Tru64 its part of libc AC_CHECK_LIB([dl], [dlopen], LIBDL="-ldl", LIBDL="") AC_SUBST(LIBDL) # Check for cracklib AC_ARG_ENABLE([cracklib], AS_HELP_STRING([--disable-cracklib],[do not use cracklib]), WITH_CRACKLIB=$enableval, WITH_CRACKLIB=yes) if test x"$WITH_CRACKLIB" != xno ; then AC_CHECK_HEADERS([crack.h], AC_CHECK_LIB([crack], [FascistCheck], LIBCRACK="-lcrack", LIBCRACK="")) else LIBCRACK="" fi if test -n "$LIBCRACK"; then AC_DEFINE([HAVE_LIBCRACK], [1], [Define to 1 if you have cracklib.]) fi AC_SUBST(LIBCRACK) AM_CONDITIONAL([HAVE_LIBCRACK], [test -n "$LIBCRACK"]) dnl Look for Linux Auditing library - see documentation AC_ARG_ENABLE([audit], AS_HELP_STRING([--disable-audit],[do not enable audit support]), WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes) if test x"$WITH_LIBAUDIT" != xno ; then AC_CHECK_HEADER([libaudit.h], [AC_CHECK_LIB(audit, audit_log_acct_message, LIBAUDIT=-laudit, LIBAUDIT="") AC_CHECK_TYPE([struct audit_tty_status], [HAVE_AUDIT_TTY_STATUS=yes], [HAVE_AUDIT_TTY_STATUS=""], [#include ])] ) if test ! -z "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.]) fi if test ! -z "$HAVE_AUDIT_TTY_STATUS" ; then AC_DEFINE([HAVE_AUDIT_TTY_STATUS], 1, [Define to 1 if struct audit_tty_status exists.]) AC_CHECK_MEMBERS([struct audit_tty_status.log_passwd], [], AC_MSG_WARN([audit_tty_status.log_passwd is not available. The log_passwd option is disabled.]), [[#include ]]) fi else LIBAUDIT="" fi AC_SUBST(LIBAUDIT) AM_CONDITIONAL([HAVE_AUDIT_TTY_STATUS], [test "x$HAVE_AUDIT_TTY_STATUS" = xyes]) AC_CHECK_HEADERS(xcrypt.h crypt.h) AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"], [crypt_libs="xcrypt crypt"], [crypt_libs="crypt"]) BACKUP_LIBS=$LIBS AC_SEARCH_LIBS([crypt],[$crypt_libs], LIBCRYPT="-l$ac_lib", LIBCRYPT="") AC_CHECK_FUNCS(crypt_r crypt_gensalt_r) LIBS=$BACKUP_LIBS AC_SUBST(LIBCRYPT) if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.]) fi AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval) if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then opt_randomdev="/dev/urandom" elif test "$opt_randomdev" = no; then opt_randomdev= fi if test -n "$opt_randomdev"; then AC_DEFINE_UNQUOTED(PAM_PATH_RANDOMDEV, "$opt_randomdev", [Random device path.]) fi dnl check for libdb or libndbm as fallback. Some libndbm compat dnl libraries are unuseable, so try libdb first. AC_ARG_ENABLE([db], AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]), WITH_DB=$enableval, WITH_DB=yes) AC_ARG_WITH([db-uniquename], AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.])) if test x"$WITH_DB" != xno ; then if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then old_libs=$LIBS LIBS="$LIBS -ldb$with_db_uniquename" AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store], [LIBDB="-ldb$with_db_uniquename"; break]) LIBS=$old_libs fi if test -z "$LIBDB" ; then AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="") if test ! -z "$LIBDB" ; then AC_CHECK_HEADERS(ndbm.h) fi else AC_CHECK_HEADERS(db.h) fi fi AC_SUBST(LIBDB) AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) AC_ARG_ENABLE([nis], AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix and pam_access])) AS_IF([test "x$enable_nis" != "xno"], [ CFLAGS=$old_CFLAGS LIBS=$old_LIBS dnl if there's libtirpc available, prefer that over the system dnl implementation. PKG_CHECK_MODULES([libtirpc], [libtirpc], [ CFLAGS="$CFLAGS $libtirpc_CFLAGS" LIBS="$LIBS $libtirpc_LIBS" ], [:;]) AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h]) AC_CHECK_DECLS([getrpcport], , , [ #if HAVE_RPC_RPC_H # include #endif ]) NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" NIS_LIBS="${LIBS%${old_LIBS}}" CFLAGS="$old_CFLAGS" LIBS="$old_LIBS" ]) AC_SUBST([NIS_CFLAGS]) AC_SUBST([NIS_LIBS]) AC_ARG_ENABLE([selinux], AS_HELP_STRING([--disable-selinux],[do not use SELinux]), WITH_SELINUX=$enableval, WITH_SELINUX=yes) if test "$WITH_SELINUX" == "yes" ; then AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="") else LIBSELINUX="" fi AC_SUBST(LIBSELINUX) AM_CONDITIONAL([HAVE_LIBSELINUX], [test ! -z "$LIBSELINUX"]) if test ! -z "$LIBSELINUX" ; then AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in]) BACKUP_LIBS=$LIBS LIBS="$LIBS $LIBSELINUX" AC_CHECK_FUNCS(setkeycreatecon) AC_CHECK_FUNCS(getseuser) LIBS=$BACKUP_LIBS fi dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h) dnl For module/pam_lastlog AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_BIGENDIAN AC_C_CONST AC_TYPE_UID_T AC_TYPE_OFF_T AC_TYPE_PID_T AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM dnl Checks for library functions. AC_TYPE_GETGROUPS AC_PROG_GCC_TRADITIONAL AC_FUNC_MEMCMP AC_FUNC_VPRINTF AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select) AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname) AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r) AC_CHECK_FUNCS(getgrouplist getline getdelim) AC_CHECK_FUNCS(inet_ntop inet_pton innetgr ruserok_af) AC_CHECK_FUNCS(unshare, [UNSHARE=yes], [UNSHARE=no]) AM_CONDITIONAL([HAVE_UNSHARE], [test "$UNSHARE" = yes]) AC_ARG_ENABLE([regenerate-docu], AS_HELP_STRING([--disable-regenerate-docu],[Don't re-build documentation from XML sources]), [enable_docu=$enableval], [enable_docu=yes]) dnl dnl Check for xsltproc dnl AC_PATH_PROG([XSLTPROC], [xsltproc]) if test -z "$XSLTPROC"; then enable_docu=no fi AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true]) dnl check for DocBook DTD and stylesheets in the local catalog. JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN], [DocBook XML DTD V4.4], [], enable_docu=no) JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl], [DocBook XSL Stylesheets], [], enable_docu=no) AC_PATH_PROG([BROWSER], [w3m]) if test ! -z "$BROWSER"; then BROWSER="$BROWSER -T text/html -dump" else enable_docu=no fi AC_PATH_PROG([FO2PDF], [fop]) AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_docu != xno) AM_CONDITIONAL(ENABLE_GENERATE_PDF, test ! -z "$FO2PDF") AM_GNU_GETTEXT_VERSION([0.15]) AM_GNU_GETTEXT([external]) AC_CHECK_FUNCS(dngettext) AH_BOTTOM([#ifdef ENABLE_NLS #include #define _(msgid) dgettext(PACKAGE, msgid) #define N_(msgid) msgid #else #define _(msgid) (msgid) #define N_(msgid) msgid #endif /* ENABLE_NLS */]) dnl dnl Check for the availability of the kernel key management facility dnl - The pam_keyinit module only requires the syscalls, not the error codes dnl AC_CHECK_DECL(__NR_keyctl, [have_key_syscalls=1],[have_key_syscalls=0],[#include ]) AC_CHECK_DECL(ENOKEY, [have_key_errors=1],[have_key_errors=0],[#include ]) HAVE_KEY_MANAGEMENT=0 if test $have_key_syscalls$have_key_errors = 11 then HAVE_KEY_MANAGEMENT=1 fi if test $HAVE_KEY_MANAGEMENT = 1; then AC_DEFINE([HAVE_KEY_MANAGEMENT], 1, [Defined if the kernel key management facility is available]) fi AC_SUBST([HAVE_KEY_MANAGEMENT], $HAVE_KEY_MANAGEMENT) AM_CONDITIONAL([HAVE_KEY_MANAGEMENT], [test "$have_key_syscalls" = 1]) dnl Files to be created from when we run configure AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \ po/Makefile.in \ modules/Makefile \ modules/pam_access/Makefile modules/pam_cracklib/Makefile \ modules/pam_debug/Makefile modules/pam_deny/Makefile \ modules/pam_echo/Makefile modules/pam_env/Makefile \ modules/pam_faildelay/Makefile \ modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ modules/pam_ftp/Makefile modules/pam_group/Makefile \ modules/pam_issue/Makefile modules/pam_keyinit/Makefile \ modules/pam_lastlog/Makefile modules/pam_limits/Makefile \ modules/pam_listfile/Makefile modules/pam_localuser/Makefile \ modules/pam_loginuid/Makefile modules/pam_mail/Makefile \ modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \ modules/pam_namespace/Makefile \ modules/pam_nologin/Makefile modules/pam_permit/Makefile \ modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \ modules/pam_rootok/Makefile modules/pam_exec/Makefile \ modules/pam_securetty/Makefile modules/pam_selinux/Makefile \ modules/pam_sepermit/Makefile \ modules/pam_shells/Makefile modules/pam_stress/Makefile \ modules/pam_succeed_if/Makefile modules/pam_tally/Makefile \ modules/pam_tally2/Makefile modules/pam_time/Makefile \ modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \ modules/pam_umask/Makefile \ modules/pam_unix/Makefile modules/pam_userdb/Makefile \ modules/pam_warn/Makefile modules/pam_wheel/Makefile \ modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \ doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \ doc/mwg/Makefile examples/Makefile tests/Makefile \ xtests/Makefile]) AC_OUTPUT pam/debian/0000755000000000000000000000000013261413076007746 5ustar pam/debian/NEWS0000644000000000000000000000763113261244762010460 0ustar pam (1.1.2-1) unstable; urgency=low * Name of option for minimum Unix password length has changed The Debian-specific 'min=n' option to pam_unix for specifying minimum lengths for new passwords has been replaced by a new upstream option called 'minlen=n'. If you are using 'min=n' in /etc/pam.d/common-password, this will be migrated to the new option name for you on upgrade. If you have configured pam_unix password changing elsewhere on your system, such as in a PAM profile under /usr/share/pam-configs or in other files in /etc/pam.d, you will need to update them by hand for this change. -- Steve Langasek Tue, 31 Aug 2010 23:09:30 -0700 pam (1.1.0-3) unstable; urgency=low * pam_rhosts_auth module obsolete, symlink removed The pam_rhosts_auth module was dropped upstream prior to the lenny release and a compatibility symlink provided in the libpam-modules package, pointing at the new (and not 100% compatible) pam_rhosts module. This symlink has now been dropped. If you still have references to pam_rhosts_auth in your /etc/pam.d/* config files, you will need to fix these, since they no longer work. For information on using pam_rhosts, see the pam_rhosts(8) manpage. -- Steve Langasek Wed, 02 Sep 2009 16:17:16 -0700 pam (1.1.0-1) unstable; urgency=low * pam_cracklib no longer checks for reuse of old passwords The pam_cracklib module no longer checks /etc/security/opasswd to see if the proposed password is one that was previously used. This functionality has been split out into a new module, pam_pwhistory. The pam_unix module still does its own check of /etc/security/opasswd, so if you are using this module you should not need to change anything. * Change in handling of /etc/shadow fields The Debian PAM package included a patch to treat a value of 0 in certain fields in /etc/shadow as the same as an empty field. This patch has been dropped, since it caused the behavior of pam_unix to differ from both that of PAM upstream and that of the shadow package. The main consequences of this change are that: - a "0" in the sp_expire field will be treated as a date of Jan 1, 1970 instead of a "never expires" value, so users with this set will be unable to log in - a "0" in the sp_inact field will indicate that the user should not be allowed to change an expired password at all, instead of being allowed to change an expired at any time after the expiry. See Debian bug #308229 for more information about this change. -- Steve Langasek Tue, 25 Aug 2009 00:13:57 -0700 pam (0.99.7.1-5) unstable; urgency=low * Default Unix minimum password length has changed Previous versions of pam_unix on Debian had a built-in minimum password length of 1 character, and a minimum password length configured in /etc/pam.d/common-password of 4 characters. This differed from the upstream default of 6 characters. This has been changed, so the default /etc/pam.d/common-password no longer overrides the compile-time default and the compile-time default has been raised to 6 characters. If you are using pam_unix but are not using the default /etc/pam.d/common-password file, it is recommended that you drop any min= options to pam_unix from your config unless you have stronger local password requirements that the upstream default. The password length 'max' option has also been deprecated in this version because it was never written to work as suggested in the documentation. If you are using pam_unix but are not using the default /etc/pam.d/common-password file, you should remove any old max= options to pam_unix from your config as this option will be considered an error in future versions of pam. -- Steve Langasek Sat, 01 Sep 2007 21:27:11 -0700 pam/debian/README.debian0000644000000000000000000000105013261244762012047 0ustar PAM for Debian -------------- PAM (Pluggable Authentication Modules) provides system administrators with a powerful method of controlling system access and methods of authentication. The documentation for PAM is packaged in the "libpam-doc" package. The "Linux-PAM System Administrator's Guide" covers configuring PAM, what modules are available etc. The documentation also includes "The Linux-PAM Application Developers' Guide" and "The Linux-PAM Module Writers' Guide". The Debian default configuration is to emulate the old UNIX authentication. pam/debian/README.source0000644000000000000000000000050213261244762012126 0ustar This package uses quilt to manage all modifications to the upstream source. Changes are stored in the source package as diffs in debian/patches-applied and applied during the build. Please see: /usr/share/doc/quilt/README.source for more information on how to apply the patches, modify patches, or remove a patch. pam/debian/TODO0000644000000000000000000000055513261244762010447 0ustar - make pam_unix.so modules have some means of allowing other than root to auth users via unix_chkpwd (maybe unix_chkpwd needs a secure conf file?) - Put in some of the Hurd related fixes - Build-Depend-Indep on fop and install PDF docs, and add them to doc-base. This depends on fop being patched to build using Java in main so it can move out of contrib. pam/debian/changelog0000644000000000000000000065776613261413076011653 0ustar pam (1.1.8-3.6ubuntu2) bionic; urgency=medium * pam-auth-update: Add support for --enable option which is useful for enabling non-default configs without asking the admin. (LP: #1192719) -- Timo Aaltonen Thu, 05 Apr 2018 15:27:42 +0300 pam (1.1.8-3.6ubuntu1) bionic; urgency=medium * Merge with Debian unstable. - Fixes unescaped brace in pam_getenv regex. LP: #1538284. - Fixes pam_namespace defaults for compatibility with dash. LP: #1081323. * Remaining changes: - debian/control: have libpam-modules recommend update-motd package - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - pam-configs/mkhomedir: Added a config for pam_mkhomedir, disabled by default. - don't notify about xdm restarts during a release-upgrade - debian/patches-applied/cve-2015-3238.patch: removed manpage changes so they don't get regenerated during build and cause a multiarch installation issue. * Dropped changes, included in Debian: - Build-depend on libfl-dev. - debian/patches-applied/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. * Fix references to /var/run in update-motd.5. LP: #1571864 * Fix service restart handling to integrate with systemd instead of upstart. -- Steve Langasek Thu, 26 Oct 2017 23:23:18 -0700 pam (1.1.8-3.6) unstable; urgency=medium * Non-maintainer upload. * cve-2015-3238.patch: Add the changes in the generated pam_exec.8 and pam_unix.8 in addition to (and after) the changes to the source .xml files. This avoids unwanted rebuilds that can cause problems due to differing files on different architectures of the Multi-Arch: same libpam-modules. (Closes: #851545) -- Adrian Bunk Sat, 27 May 2017 18:44:02 +0300 pam (1.1.8-3.5) unstable; urgency=medium * Non-maintainer upload. * Build-Depend on libfl-dev:native as well, for cross builds. Re-closes: #846459 * Fix "Unescaped left brace in regex" with Perl 5.22. Closes: #810873 -- Adam Borowski Fri, 30 Dec 2016 14:37:29 +0100 pam (1.1.8-3.4) unstable; urgency=medium * Non-maintainer upload. * Add libfl-dev to Build-Depends, fixing FTBFS. Closes: #846459 * Move xsl stuff to Build-Depends from -Indep to fix misbuilt manpages. Closes: #812566 -- Adam Borowski Sun, 18 Dec 2016 01:03:58 +0100 pam (1.1.8-3.3) unstable; urgency=low * Non-maintainer upload. [ Steve Langasek ] * Updated Swedish translation to correct a typo, thanks to Anders Jonsson and Martin Bagge. Closes: #743875 * Updated Turkish translation, thanks to Mert Dirik . (closes: #756756) * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. Thanks to Robie Basak for the patch. Closes: #783105. * Acknowledge security NMU. * pam-auth-update: don't mishandle trailing whitespace in profiles. LP: #1487103. [ Laurent Bigonville ] * debian/control: Fix Vcs-* and Homepage fields (Closes: #752343) * debian/watch: Update watch file and point it to http://www.linux-pam.org * debian/patches-applied/pam_namespace_fix_bashism.patch: Fix bashism in namespace.init script (Closes: #624842) * debian/control: Build-depends against debhelper (>= 9) to match the defined debhelper compatibility * Rename the cve-2011-4708.patch to cve-2010-4708.patch to match reality, thanks to Jakub Wilk for noticing (Closes: #761594) * debian/control: Bump Standards-Version to 3.9.8 (no further changes) * debian/libpam-doc.doc-base.applications-guide: Fix spelling * debian/libpam0g-dev.examples: Do not use shell brace expansion * debian/patches-applied/pam-loginuid-in-containers: Updated with the version from Ubuntu, this should fix logins in containers (Closes: #726661) * debian/patches-applied/update-motd: Updated with the version from Ubuntu: use /run/motd.dynamic instead of /var/run/motd, nothing in the archive uses the later (Closes: #743286) * debian/patches-applied/make_documentation_reproducible.patch: Make the build reproducible, removes differences when building with different locale values (Closes: #792127) -- Laurent Bigonville Wed, 18 May 2016 02:04:29 +0200 pam (1.1.8-3.2ubuntu3) artful; urgency=medium * No-change rebuild to pick up -fPIE compiler default in static libraries -- Steve Langasek Fri, 21 Apr 2017 20:53:23 +0000 pam (1.1.8-3.2ubuntu2) xenial; urgency=medium * debian/patches-applied/cve-2015-3238.patch: removed manpage changes so they don't get regenerated during build and cause a multiarch installation issue. (LP: #1558114) -- Marc Deslauriers Wed, 16 Mar 2016 13:34:02 -0400 pam (1.1.8-3.2ubuntu1) xenial; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file - debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - debian/patches-applied/extrausers.patch: Ship pre-generated man page - debian/patches-applied/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. - debian/control: have libpam-modules recommend update-motd package -- Marc Deslauriers Wed, 16 Mar 2016 09:50:51 -0400 pam (1.1.8-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix CVE-2015-3238: DoS/user enumeration due to blocking pipe in pam_unix module (Closes: #789986) -- Tianon Gravi Wed, 06 Jan 2016 15:53:31 -0800 pam (1.1.8-3.1ubuntu3) vivid; urgency=medium * d/applied-patches/pam-limits-nofile-fd-setsize-cap: cap the default soft nofile limit read from pid 1 to FD_SETSIZE. -- Robie Basak Wed, 22 Apr 2015 08:55:24 +0000 pam (1.1.8-3.1ubuntu2) vivid; urgency=medium * debian/control: - have libpam-modules recommend update-motd package + while libpam-modules provides pam_motd, which does dynamically generate the motd from /etc/update-motd.d on login, hundreds of users have asked in the past few years how they might "force" a MOTD update; this is provided by /usr/sbin/update-motd in the tiny update-motd package (already in main); recommend this package -- Dustin Kirkland Tue, 11 Nov 2014 12:49:14 -0600 pam (1.1.8-3.1ubuntu1) vivid; urgency=low * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file - debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c - debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ - debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin - debian/rules: Make pam_extrausers_chkpwd sguid shadow - debian/patches-applied/extrausers.patch: Ship pre-generated man page -- Michael Vogt Mon, 27 Oct 2014 09:57:52 +0100 pam (1.1.8-3.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix CVE-2013-7041: case-insensitive comparison used for verifying passwords in the pam_userdb module (closes: #731368). * Fix CVE-2014-2583: multiple directory traversal issues in the pam_timestamp module (closes: 757555) -- Michael Gilbert Sat, 09 Aug 2014 09:50:42 +0000 pam (1.1.8-3ubuntu4) utopic; urgency=medium * No-change rebuild to get debug symbols on all architectures. -- Brian Murray Tue, 21 Oct 2014 12:32:23 -0700 pam (1.1.8-3ubuntu3) utopic; urgency=medium * debian/patches-applied/extrausers.patch: - Ship pre-generated man page -- Michael Terry Tue, 22 Jul 2014 14:13:31 -0400 pam (1.1.8-3ubuntu2) utopic; urgency=medium * debian/patches-applied/extrausers.patch: Add a pam_extrausers module that is basically just a copy of pam_unix but looks at /var/lib/extrausers/{group,passwd,shadow} instead of /etc/ * debian/libpam-modules-bin.install: install the helper binaries for pam_extrausers to /sbin * debian/rules: Make pam_extrausers_chkpwd sguid shadow -- Michael Terry Fri, 18 Jul 2014 14:52:08 -0400 pam (1.1.8-3ubuntu1) utopic; urgency=medium [ Stéphane Graber ] * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file - debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c [ Timo Aaltonen ] * pam-configs/mkhomedir: Added a config for pam_mkhomedir, disabled by default. (LP: #557013) -- Stéphane Graber Fri, 02 May 2014 14:59:10 -0400 pam (1.1.8-3) unstable; urgency=low * debian/rules: On hurd, link libpam explicitly with -lpthread since glibc will not dynamically switch between the libc stubs and the libpthread implementations on this architecture. Thanks to Samuel Thibault for the patch. Closes: #743891. -- Steve Langasek Mon, 07 Apr 2014 17:49:38 -0700 pam (1.1.8-2) unstable; urgency=medium * Mark the libaudit-dev build-dependency linux-any, since it's not available on non-Linux archs. Closes: #737035. -- Steve Langasek Thu, 13 Feb 2014 15:02:00 -0800 pam (1.1.8-1ubuntu2) trusty; urgency=medium * debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Update patch with follow-up changes to loginuid.c -- Stéphane Graber Fri, 31 Jan 2014 22:11:02 +0000 pam (1.1.8-1ubuntu1) trusty; urgency=medium * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. * debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: include patch to autogenerated manpage file -- Steve Langasek Thu, 16 Jan 2014 02:40:41 +0000 pam (1.1.8-1) unstable; urgency=medium * New upstream release. - includes upstream changes to pam_exec. Closes: #670147. - adds support for newer hashing algorithms to pam_userdb. Closes: #671740. - fixes handling of 'quiet' argument to pam_listfile, to match the documentation. Closes: #592219. - fixes handling of @users@@hosts netgroup syntax in access.conf. Closes: #681223. - fixes installation of the /etc/security/namespace.d directory. Closes: #710998. - 027_pam_limits_better_init_allow_explicit_root: support for reading /proc/1/limits is upstream, this patch now only handles the policy of resetting limits by default and not applying glob limits to root. - debian/patches/fix-manpage-crud: drop, manpages now being generated upstream with a newer, fixed xsltproc. - debian/patches/pam_env-fix-overflow.patch, pam_env-fix-dos.patch, glibc-2_16-compilation-fix.patch, sys-types-include.patch: drop, included upstream. * Add build-dependency on pkg-config. * Ensure autogenerated files are after source files in all relevant patches, so that regenerating documentation doesn't cause build skew. * Drop the --disable-regenerate-docu argument, restoring the HTML manuals to the libpam-doc package. Closes: #700485. * No need to override dh_compress in debian/rules, it already handles .html files correctly. * debian/libpam-cracklib.prerm: use $DPKG_MAINTSCRIPT_PACKAGE_COUNT to avoid prematurely removing the PAM config when the package is installed for multiple architectures. Closes: #647428. -- Steve Langasek Thu, 16 Jan 2014 00:38:42 +0000 pam (1.1.3-11ubuntu1) trusty; urgency=medium * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. * Dropped changes, merged in Debian: - Disable libaudit for stage1 bootstrap. -- Steve Langasek Mon, 13 Jan 2014 21:41:05 -0800 pam (1.1.3-11) unstable; urgency=low [ Wookey ] * Disable libaudit for stage1 bootstrap. [ Steve Langasek ] * debian/patches-applied/pam-loginuid-in-containers: pam_loginuid: Ignore failure in user namespaces. * Use [linux-any] in build-deps, instead of hard-coding a list of non-Linux archs. Closes: #634516. -- Steve Langasek Tue, 14 Jan 2014 03:33:31 +0000 pam (1.1.3-10ubuntu1) trusty; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix's explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. - Disable libaudit for stage1 bootstrap. - Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. -- Steve Langasek Sun, 20 Oct 2013 18:21:34 -0700 pam (1.1.3-10) unstable; urgency=low * Fix pam-auth-update handling of trailing blank lines in the fields of profiles. LP: #1160288. * Reintroduce libaudit support now that libaudit has been multiarched. Closes: #699159. -- Steve Langasek Sun, 20 Oct 2013 15:30:46 -0700 pam (1.1.3-9) unstable; urgency=low * Revert libaudit support for now, because libaudit isn't multiarched yet in unstable so this regresses cross-installability. Reopens bug #699159. * Add an or'ed dependency on cdebconf, which also implements the xloadtemplatefile extension that prevents us from depending on just 'debconf-2.0'. Thanks to Régis Boudin for the info. Closes: #677278. -- Steve Langasek Tue, 12 Feb 2013 23:06:30 +0000 pam (1.1.3-8ubuntu3) saucy; urgency=low * Adjust debian/patches-applied/update-motd to write to /run/motd.dynamic, as sysvinit/ssh/login in Debian have been changed to use this file and no longer links /etc/motd to /var/run/motd. -- Steve Langasek Sat, 18 May 2013 00:07:43 -0500 pam (1.1.3-8ubuntu2) raring; urgency=low * Disable libaudit for stage1 bootstrap (LP: #1126404) -- Wookey Fri, 15 Feb 2013 12:45:27 +0000 pam (1.1.3-8ubuntu1) raring; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. - Add /usr/local/games to PATH. LP: #110287. -- Steve Langasek Mon, 11 Feb 2013 22:08:44 -0800 pam (1.1.3-8) unstable; urgency=low * Confirm NMU for bug #611136; thanks to Michael Gilbert. - As a side effect, there will no longer be errors from reading the .pam_environment twice since we are now reading it 0 times. LP: #955032. * Adjust the pam_env documentation to match the module behavior resulting from the previous security upload. Closes: #693995. * debian/rules: never regenerate manpages at build time; this may cause build skew that breaks the world in a multiarch context. LP: #1095887. * debian/patches-applied/glibc-2_16-compilation-fix.patch: fix missing include causing build failure with eglibc 2.16. Thanks to Daniel Schepler . Closes: #693450. * Ditch autoconf patch in favor of a build-dependency on dh-autoreconf, which will let us keep up-to-date with newer autotools. In the present instance, this gets us aarch64 support. * Install pam_timestamp_check - and while we're at it, move the manpage to the correct binary package. Closes: #648695. * Update lintian overrides to suppress some noise about hardening and manpages. * Enable audit support, by popular demand. This should have no major impact unless you're also running auditd; but I reserve the right to disable this again in the event that this causes a performance hit or breaks upgrades (since the dependency is pulled into libpam, not just into pam_tty_audit). Closes: #699159, LP: #937005. -- Steve Langasek Tue, 12 Feb 2013 05:36:29 +0000 pam (1.1.3-7.1) unstable; urgency=low * Non-maintainer upload. * Fix cve-2010-4708: user-configurable .pam_environment allows administrator-level changes without root access (closes: #611136). -- Michael Gilbert Sun, 29 Apr 2012 02:23:26 -0400 pam (1.1.3-7ubuntu3) quantal; urgency=low [ Nathan Williams ] * Add /usr/local/games to PATH. LP: #110287. -- Steve Langasek Tue, 03 Jul 2012 06:55:25 +0000 pam (1.1.3-7ubuntu2) precise; urgency=low * No-change rebuild with gzip 1.4-1ubuntu2 to get multiarch-clean compression of manpages. LP: #871083. -- Steve Langasek Wed, 08 Feb 2012 17:15:39 -0800 pam (1.1.3-7ubuntu1) precise; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - Build-depend on libfl-dev in addition to flex, for cross-building support. -- Steve Langasek Sat, 28 Jan 2012 11:36:07 -0800 pam (1.1.3-7) unstable; urgency=low * Updated debconf translations: - Danish, thanks to Joe Dalton (closes: #648382) - French, thanks to Jean-Baka Domelevo Entfellner (closes: #649850) - Dutch, thanks to Jeroen Schot (closes: #650755) - Russian, thanks to Yuri Kozlov (closes: #650867) - Portuguese, thanks to Pedro Ribeiro (closes: #652493) - German, thanks to Sven Joachim (closes: #653407) - Spanish, thanks to Javier Fernandez-Sanguino Peña (closes: #654043) - Bulgarian, thanks to Damyan Ivanov (closes: #656518) - Slovak, thanks to Ivan Masár (closes: #656521) - Japanese, thanks to Kenshi Muto (closes: #656834) - Polish, thanks to MichaÅ‚ KuÅ‚ach (closes: #657476) - Catalan, thanks to Innocent De Marchi (closes: #657489) - Czech, thanks to Miroslav Kure (closes: #657578) - Swedish, thanks to Martin Bagge (closes: #651349) -- Steve Langasek Sat, 28 Jan 2012 10:57:49 -0800 pam (1.1.3-6ubuntu1) precise; urgency=low * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. * Dropped changes, included in Debian: - debian/patches-applied/update-motd: set a sane umask before calling run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. - debian/patches-applied/update-motd: new module option for pam_motd, 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. - debian/libpam0g.postinst: drop kdm from the list of services to restart. * Build-depend on libfl-dev in addition to flex, for cross-building support. -- Steve Langasek Mon, 07 Nov 2011 21:15:00 -0800 pam (1.1.3-6) unstable; urgency=low * debian/patches-applied/hurd_no_setfsuid: we don't want to check all setre*id() calls; we know that there are situations where some of these may fail but we don't care. As long as the last setre*id() call in each set succeeds, that's the state we mean to be in. * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer keeps libpam loaded persistently at runtime, so it's not necessary to force a kdm restart on ABI bump. Which is good, since restarting kdm now seems to also log users out of running sessions, which we rather want to avoid. Closes: #632673, LP: #744944. * debian/patches-applied/update-motd: set a sane umask before calling run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. LP: #871943. * debian/patches-applied/update-motd: new module option for pam_motd, 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. LP: #805423. * debian/libpam0g.templates, debian/libpam0g.postinst: add a new question, libraries/restart-without-asking, that allows admins to accept the service restarts once for all so that they don't have to repeatedly say "ok". LP: #745004. * debian/libpam-runtime.templates, debian/local/pam-auth-update: add a new 'title' template, so pam-auth-update doesn't give a blank title when called outside of a maintainer script. LP: #882794. -- Steve Langasek Sun, 06 Nov 2011 19:43:14 -0800 pam (1.1.3-5ubuntu2) precise; urgency=low * Rebuild with dpkg 1.16.1.1ubuntu2 to restore large file support. -- Colin Watson Tue, 01 Nov 2011 16:59:55 -0400 pam (1.1.3-5ubuntu1) precise; urgency=low * Merge from Debian unstable. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/libpam0g.postinst: drop kdm from the list of services to restart. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. (Closes: #583958) * Dropped changes, included in Debian: - debian/patches-applied/CVE-2011-3148.patch - debian/patches-applied/CVE-2011-3149.patch - debian/patches-applied/update-motd: updated to use clean environment and absolute paths in modules/pam_motd/pam_motd.c. * debian/libpam0g.postinst: the init script for 'samba' is now named 'smbd' in Ubuntu, so fix the restart handling. * debian/patches-applied/update-motd: set a sane umask before calling run-parts, and restore the old mask afterwards, so /run/motd gets consistent permissions. LP: #871943. * debian/patches-applied/update-motd: new module option for pam_motd, 'noupdate', which suppresses the call to run-parts /etc/update-motd.d. LP: #805423. -- Steve Langasek Sun, 30 Oct 2011 09:45:00 -0600 pam (1.1.3-5) unstable; urgency=low [ Kees Cook ] * debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch: use setresgid() to wipe out saved-gid just in case. * debian/patches-applied/008_modules_pam_limits_chroot: - fix off-by-one when parsing configuration file. - when using chroot, chdir() to root to lose links to old tree. * debian/patches-applied/022_pam_unix_group_time_miscfixes, debian/patches-applied/026_pam_unix_passwd_unknown_user, debian/patches-applied/054_pam_security_abstract_securetty_handling: improve descriptions. * debian/patches-applied/{007_modules_pam_unix,055_pam_unix_nullok_secure}: drop unneeded no-op change to reduce delta from upstream. * debian/patches-applied/hurd_no_setfsuid: check all set*id() calls. * debian/patches-applied/update-motd: correctly clear environment when building motd. * debian/patches-applied/pam_env-fix-overflow.patch: fix stack overflow in environment file parsing (CVE-2011-3148). * debian/patches-applied/pam_env-fix-dos.patch: fix DoS in environment file parsing (CVE-2011-3149). -- Steve Langasek Thu, 27 Oct 2011 21:33:57 -0700 pam (1.1.3-4) unstable; urgency=low * Make sure shared library links are also installed to the multiarch directory, not just the .a files; otherwise the static libs get found first by the linker. Thanks to Russ Allbery for catching this. Closes: #642952. -- Steve Langasek Sun, 25 Sep 2011 22:33:55 +0000 pam (1.1.3-3) unstable; urgency=low * Look for /etc/init.d/postgresql, not /etc/init.d/postgresql-8.{2,3}, for service restarts; the latter are obsolete since squeeze. Closes: #631511. * Move debian/libpam0g-dev.install to debian/libpam0g-dev.install.in and substitute the multiarch path at build time, so our .a files go to the multiarch dir instead of to /usr/lib. Thanks to Riku Voipio for pointing out the bug. * debian/control: adjust the package descriptions, as the current ones use some awkward language that's gone unnoticed for a long time. Thanks to Martin Eberhard Schauer for pointing this out. Closes: #633863. * Build-depend on debhelper 8.9.4 and bump debian/compat to 9 for dpkg-buildflags integration, and drop manual setting of -g -O options in CFLAGS now that we can let dh do it for us * Don't set --sbindir when calling configure; upstream takes care of this for us -- Steve Langasek Sat, 24 Sep 2011 20:08:56 +0000 pam (1.1.3-2ubuntu2.1) oneiric-security; urgency=low * SECURITY UPDATE: possible code execution via incorrect environment file parsing (LP: #874469) - debian/patches-applied/CVE-2011-3148.patch: correctly count leading whitespace when parsing environment file in modules/pam_env/pam_env.c. - CVE-2011-3148 * SECURITY UPDATE: denial of service via overflowed environment variable expansion (LP: #874565) - debian/patches-applied/CVE-2011-3149.patch: when overflowing, exit with PAM_BUF_ERR in modules/pam_env/pam_env.c. - CVE-2011-3149 * SECURITY UPDATE: code execution via incorrect environment cleaning - debian/patches-applied/update-motd: updated to use clean environment and absolute paths in modules/pam_motd/pam_motd.c. - CVE-2011-XXXX -- Marc Deslauriers Tue, 18 Oct 2011 09:33:47 -0400 pam (1.1.3-2ubuntu1) oneiric; urgency=low * Merge with Debian to get bug fix for unknown kernel rlimits. Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/libpam0g.postinst: drop kdm from the list of services to restart. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. - debian/local/pam-auth-update: Add the new md5sums for pam_umask addition. - add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. (Closes: #583958) * Dropped changes: - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: no need to bump the hard limit for number of file descriptors any more since we read kernel limits directly now. -- Kees Cook Thu, 18 Aug 2011 16:41:18 -0500 pam (1.1.3-2) unstable; urgency=low [ Kees Cook ] * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: - only report about unknown kernel rlimits when "debug" is set (Closes: 625226, LP: #794531). [ Steve Langasek ] * Build for multiarch. Closes: #463420. * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: don't reset the process niceness for root; since it's root, they can still renice to a lower nice level if they need to and changing the nice level by default is unexpected behavior. Closes: #594377. -- Steve Langasek Tue, 21 Jun 2011 11:41:12 -0700 pam (1.1.3-1ubuntu3) oneiric; urgency=low [ Steve Langasek ] * debian/patches/pam_motd-legal-notice: use pam_modutil_gain/drop_priv common helper functions, instead of hand-rolled uid-setting code. [ Martin Pitt ] * debian/local/common-session{,-noninteractive}: Enable pam_umask by default, now that the umask setting is gone from /etc/profile. (LP: #253096, UbuntuSpec:umask-to-0002) * debian/local/pam-auth-update: Add the new md5sum of above files. * Add debian/patches-applied/pam_umask_usergroups_from_login.defs.patch: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. (Closes: #583958) -- Martin Pitt Fri, 24 Jun 2011 11:07:57 +0200 pam (1.1.3-1ubuntu2) oneiric; urgency=low * debian/patches-applied/update-motd-manpage-ref: refresh patch to apply cleanly against new upstream. -- Steve Langasek Sat, 04 Jun 2011 14:20:17 -0700 pam (1.1.3-1ubuntu1) oneiric; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: bump the hard limit for number of file descriptors, to keep pace with the changes in the kernel. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/libpam0g.postinst: drop kdm from the list of services to restart. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - New patch, lib_security_multiarch_compat, which lets us reuse the upstream --enable-isadir functionality to support a true path for module lookups; this way we don't have to force a hard transition to multiarch, but can support resolving modules in both the multiarch and non-multiarch directories. - build for multiarch, splitting our executables out of libpam-modules into a new package, libpam-modules-bin, so that modules can be co-installable between architectures. * Dropped changes: - bumping the service restart version in libpam0g.postinst to ensure servers don't fail to find the pam modules in the new paths; the min version requirement upstream is higher than this now. -- Steve Langasek Sat, 04 Jun 2011 14:04:19 -0700 pam (1.1.3-1) unstable; urgency=low * New upstream release. - Fixes CVE-2010-3853, executing namespace.init with an insecure environment set by the caller. Closes: #608273. - Fixes CVE-2010-3316 CVE-2010-3430 CVE-2010-3431 CVE-2010-3435. Closes: #599832. * Port hurd_no_setfsuid patch to new pam_modutil_{drop,restore}_priv interface; now possibly upstreamable * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: set a better default RLIMIT_MEMLOCK value for BSD kernels. Thanks to Petr Salinger for the fix. Closes: #602902. * bump the minimum version check in maintainer scripts for the restart handling. -- Steve Langasek Sat, 04 Jun 2011 03:10:50 -0700 pam (1.1.2-3ubuntu1) oneiric; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: bump the hard limit for number of file descriptors, to keep pace with the changes in the kernel. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) - debian/libpam0g.postinst: drop kdm from the list of services to restart. - debian/libpam0g.postinst: check if gdm is actually running before trying to reload it. - New patch, lib_security_multiarch_compat, which lets us reuse the upstream --enable-isadir functionality to support a true path for module lookups; this way we don't have to force a hard transition to multiarch, but can support resolving modules in both the multiarch and non-multiarch directories. - build for multiarch, splitting our executables out of libpam-modules into a new package, libpam-modules-bin, so that modules can be co-installable between architectures. - bumping the service restart version in libpam0g.postinst to ensure servers don't fail to find the pam modules in the new paths. * bump debhelper build-dep for final multiarch support. -- Steve Langasek Fri, 20 May 2011 12:53:24 -0700 pam (1.1.2-3) unstable; urgency=low [ Kees Cook ] * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults from the kernel (via /proc/1/limits), instead of continuing to hardcode the settings internally. Fall back to internal defaults when the kernel rlimits are not found. Closes: #620302. (LP: #746655, #391761) * Updated debconf translations: - Vietnamese, thanks to Clytie Siddall (closes: #601197) - Dutch, thanks to Eric Spreen (closes: #605592) - Danish, thanks to Joe Dalton (closes: #606739) - Catalan, thanks to Innocent De Marchi (closes: #622786) -- Steve Langasek Sun, 01 May 2011 01:49:11 -0700 pam (1.1.2-2ubuntu8) natty; urgency=low * Check if gdm is actually running before trying to reload it. (LP: #745532) -- Stéphane Graber Mon, 11 Apr 2011 21:57:36 -0400 pam (1.1.2-2ubuntu7) natty; urgency=low * debian/patches-applied/027_pam_limits_better_init_allow_explicit_root: bump the hard limit for number of file descriptors, to keep pace with the changes in the kernel. Fortunately this shadowing should all go away next cycle when we can start to grab defaults directly from /proc. LP: #663090 -- Steve Langasek Tue, 05 Apr 2011 13:02:02 -0700 pam (1.1.2-2ubuntu6) natty; urgency=low * debian/libpam0g.postinst: according to Kubuntu developers, kdm no longer keeps libpam loaded persistently at runtime, so it's not necessary to force a kdm restart on ABI bump. Which is good, since restarting kdm now seems to also log users out of running sessions, which we rather want to avoid. LP: #744944. -- Steve Langasek Tue, 29 Mar 2011 13:16:26 -0700 pam (1.1.2-2ubuntu5) natty; urgency=low * Force a service restart on upgrade to the new libpam0g, to ensure servers don't fail to find the pam modules in the new paths. * libpam-modules should also Pre-Depend: on the multiarch-aware libpam0g, for the same reason. -- Steve Langasek Tue, 22 Mar 2011 02:19:51 -0700 pam (1.1.2-2ubuntu4) natty; urgency=low * Build for multiarch; FFe LP: #733501. * Split our executables out of libpam-modules into a new package, libpam-modules-bin, so that modules can be co-installable between architectures. * New patch, lib_security_multiarch_compat, which lets us reuse the upstream --enable-isadir functionality to support a true path for module lookups; this way we don't have to force a hard transition to multiarch, but can support resolving modules in both the multiarch and non-multiarch directories. * Build-Depend on the multiarchified debhelper. * Add Pre-Depends: ${misc:Pre-Depends} for multiarch-support. -- Steve Langasek Fri, 18 Mar 2011 00:12:26 -0700 pam (1.1.2-2ubuntu3) natty; urgency=low * Er, but let's get this patch applying cleanly. -- Steve Langasek Mon, 21 Feb 2011 16:10:11 -0800 pam (1.1.2-2ubuntu2) natty; urgency=low * debian/patches/update-motd-manpage-ref: patch the manpage too, not just the xml source. -- Steve Langasek Mon, 21 Feb 2011 15:47:27 -0800 pam (1.1.2-2ubuntu1) natty; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) -- Steve Langasek Thu, 17 Feb 2011 16:15:47 -0800 pam (1.1.2-2) unstable; urgency=low * debian/patches-applied/hurd_no_setfsuid: handle some new calls to setfsuid in pam_xauth that I overlooked, so that the build works again on non-Linux. Closes: #613630. -- Steve Langasek Wed, 16 Feb 2011 09:27:11 -0800 pam (1.1.2-1) unstable; urgency=low * New upstream release. - Add support for NSS groups to pam_group. Closes: #589019, LP: #297408. - Support cross-building the package. Thanks to Neil Williams for the patch. Closes: #284854. * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit interface. Closes: #579402. * Drop patches conditional_module,_conditional_man and mkhomedir_linking.patch, which are included upstream. * debian/patches/hurd_no_setfsuid: pam_env and pam_mail now also use setfsuid, so patch them to be likewise Hurd-safe. * Update debian/source.lintian-overrides to clean up some spurious warnings. * debian/libpam-modules.postinst: if any 'min=n' options are found in /etc/pam.d/common-password, convert them on upgrade to 'minlen=n' for compatibility with upstream. * debian/NEWS: document the disappearance of 'min=n', in case users have encoded this option elsewhere outside of /etc/pam.d/common-password. * debian/patches/007_modules_pam_unix: drop compatibility handling of 'max=' no-op; use of this option will now log an error, as warned three years ago. * Bump Standards-Version to 3.9.1. * Add lintian overrides for a few more spurious warnings. * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris for the patch. Closes: #594123. * debian/libpam-runtime.{postinst,templates}: since 1.1.2-1 is targeted for post-squeeze, we don't need to support upgrades from 1.0.1-6 to 1.0.1-10 anymore. Drop the debconf error note about having configured your system with a lack of authentication, so that translators don't spend any more time on it. * Updated debconf translations: - Swedish, thanks to Martin Bagge (closes: #575875) -- Steve Langasek Tue, 15 Feb 2011 23:21:41 -0800 pam (1.1.1-7) UNRELEASED; urgency=low * Updated debconf translations: - Italian, thanks to Nicole B. (closes: #602112) -- Steve Langasek Wed, 17 Nov 2010 16:53:46 -0800 pam (1.1.1-6.1ubuntu1) natty; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) * Dropped changes: - libpam-modules depend on base-files (>= 5.0.0ubuntu6): 5.0.0ubuntu20 is in 10.04 LTS and this is an essential package, so no more need for the versioned dependency. -- Steve Langasek Tue, 15 Feb 2011 23:36:47 -0800 pam (1.1.1-6.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - Czech (Miroslav Kure). Closes: #598329 - Slovak (Ivan Masár). Closes: #600164 - Japanese (Kenshi Muto). Closes: #600247 - Finnish (Esko Arajärvi). Closes: #600641 -- Christian Perrier Tue, 19 Oct 2010 07:30:49 +0200 pam (1.1.1-6) unstable; urgency=low * Updated debconf translations: - Swedish, thanks to Martin Bagge (closes: #575875) -- Steve Langasek Sun, 05 Sep 2010 23:36:35 -0700 pam (1.1.1-5) unstable; urgency=low * debian/rules: pass getconf LFS_CFLAGS so that we get a 64-bit rlimit interface. Closes: #579402. * Update debian/source.lintian-overrides to clean up some spurious warnings. * Bump Standards-Version to 3.9.1. * Add lintian overrides for a few more spurious warnings. * debian/patches-applied/no_PATH_MAX_on_hurd: define PATH_MAX for compatibility when it's not already set. Closes: #552043. * debian/local/pam-auth-update: Don't try to pass embedded newlines to debconf; backslash-escape them instead and use CAPB escape. * debian/local/pam-auth-update: sort additional module options before writing them out, so that we don't wind up with a different config file on every invocation. Thanks to Jim Paris for the patch. Closes: #594123. -- Steve Langasek Sun, 05 Sep 2010 12:42:34 -0700 pam (1.1.1-4ubuntu2) maverick-security; urgency=low * SECURITY UPDATE: root privilege escalation via symlink following. - debian/patches-applied/pam_motd-legal-notice: drop privs for work. - CVE-2010-0832 -- Kees Cook Mon, 25 Oct 2010 06:40:32 -0700 pam (1.1.1-4ubuntu1) maverick; urgency=low * Merge from Debian unstable, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation. - debian/patches/update-motd-manpage-ref: add a reference in pam_motd(8) to update-motd(5) -- Steve Langasek Mon, 16 Aug 2010 19:12:35 -0700 pam (1.1.1-4) unstable; urgency=low * debian/patches/conditional_module,_conditional_man: if we don't have the libraries required for building pam_tty_audit, we shouldn't install the manpage either. LP: #588547. * Updated debconf translations: - Portuguese, thanks to Eder L. Marques (closes: #581746) - Spanish, thanks to Javier Fernandez-Sanguino Peña (closes: #592172) - Galician, thanks to Jorge Barreiro (closes: #592808) * Don't pass --version-script options when linking executables, only when linking libraries. Thanks to Julien Cristau for the fix. Closes: #582362. -- Steve Langasek Sun, 15 Aug 2010 21:53:46 -0700 pam (1.1.1-3ubuntu2) maverick; urgency=low * Trigger a rebuild, applying changes from 1.1.1-2ubuntu2 which were previously not committed to bzr -- Dustin Kirkland Thu, 13 May 2010 10:04:23 +0200 pam (1.1.1-3ubuntu1) maverick; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. * Dropped changes: - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade - upgrades to maverick are only supported from lucid, so this delta can be dropped. - debian/patches-applied/ubuntu-no-error-if-missingok: 'missingok' option is obsoleted by 10.04 LTS and no longer needs to be supported for upgrades. -- Steve Langasek Thu, 13 May 2010 00:39:44 +0200 pam (1.1.1-3) unstable; urgency=low * pam-auth-update: fix a bug in our handling of module options when the module name contains digits, caused by a buggy regexp. :/ Partially addresses LP #369575. * Install /sbin/pam_tally2 in the libpam-modules package; thanks to Olivier BONHOMME for reporting. Closes: #554010. -- Steve Langasek Sun, 25 Apr 2010 05:53:44 -0700 pam (1.1.1-2ubuntu2) lucid; urgency=low * debian/update-motd.5, debian/libpam-modules.manpages: add a manpage for update-motd, with some best practices and notes of explanation, LP: #562566 * debian/patches/update-motd-manpage-ref: add a reference in pam_mod(8) to update-motd(5), LP: #552175 -- Dustin Kirkland Tue, 13 Apr 2010 16:58:12 -0500 pam (1.1.1-2ubuntu1) lucid; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. -- Steve Langasek Thu, 18 Feb 2010 12:04:18 +0000 pam (1.1.1-2) unstable; urgency=low * Document the new symbols added in 1.1.1 in debian/libpam0g.symbols, and raise the minimum version for the service restarting code. Closes: #568480. -- Steve Langasek Wed, 17 Feb 2010 23:21:23 -0800 pam (1.1.1-1ubuntu1) lucid; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. -- Steve Langasek Mon, 01 Feb 2010 09:55:02 -0800 pam (1.1.1-1) unstable; urgency=low * New upstream version. - restore proper netgroup handling in pam_access. Closes: #567385, LP: #513955. * Drop patches pam.d-manpage-section, namespace_with_awk_not_gawk, and pam_securetty_tty_check_before_user_check, which are included upstream. * debian/patches/026_pam_unix_passwd_unknown_user: don't return PAM_USER_UNKNOWN on password change of a user that has no shadow entry, upstream now implements auto-creating the shadow entry in this case. * Updated debconf translations: - French, thanks to Jean-Baka Domelevo Entfellner (closes: #547039) - Bulgarian, thanks to Damyan Ivanov (closes: #562835) * debian/patches/sys-types-include.patch: fix pam_modutil.h so that it can be included directly, without having to include sys/types.h first. Closes: #556203. * Add postgresql-8.3 to the list of services in need of restart on upgrade. Closes: #563674. * And drop postgresql-{7.4,8.1} from the list, neither of which is present in stable. * debian/patches/007_modules_pam_unix: recognize that *all* of the password hashes other than traditional crypt handle passwords >8 chars in length. LP: #356766. -- Steve Langasek Mon, 01 Feb 2010 02:04:33 -0800 pam (1.1.0-4ubuntu3) lucid; urgency=low * Brown paper bag: remove the right patch from the series file. -- Steve Langasek Thu, 10 Dec 2009 23:09:03 -0800 pam (1.1.0-4ubuntu2) lucid; urgency=low * "Rebase" Ubuntu patches to apply them last in the series. * Drop patch ubuntu-regression_fix_securetty, superseded by the more precise fix in pam_securetty_tty_check_before_user_check. -- Steve Langasek Thu, 10 Dec 2009 22:52:20 -0800 pam (1.1.0-4ubuntu1) lucid; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. -- Steve Langasek Thu, 05 Nov 2009 21:33:15 -0800 pam (1.1.0-4) unstable; urgency=low * debian/patches/pam_securetty_tty_check_before_user_check: new patch, to make pam_securetty always return success on a secure tty regardless of what username was passed. Thanks to Nicolas François for the patch. Closes: #537848 * debian/local/pam-auth-update: only reset the seen flag on the template when there's new information; this avoids reprompting users for the same information on upgrade, regardless of the debconf priority used. Closes: #544805. * libpam0g no longer depends on libpam-runtime; packages that use /etc/pam.d/common-* must depend directly on libpam-runtime, and most do (including the Essential: yes ones), so let's break this circular dependency. Closes: #545086, LP: #424566. -- Steve Langasek Mon, 14 Sep 2009 18:47:25 -0700 pam (1.1.0-3) unstable; urgency=low * Bump debian/compat to 7, so we can use sane contents in debian/*.install * Switch all packages over to dh_install * Rename debian/*.lintian to debian/*.lintian-overrides and use dh_lintian * Move installation logic out of debian/rules into individual .install files * Drop superfluous options to dh_installchangelogs, dh_shlibdeps * Use debian/clean instead of rm -f'ing files in debian/rules clean target * Drop ./configure options that are no-ops * Drop the /lib/security/pam_unix_*.so symlinks, which have been deprecated now for 10 years and are not used at all if pam-auth-update is in play. * Drop the pam_rhosts_auth.so symlink as well, and document in NEWS.Debian that this is now obsolete. * Drop stale content from README.debian: some of this should have been in NEWS.Debian instead (but is so old it's not worth putting it there now), some of it is obsolete by the change in package VCS. * Convert debian/rules to debhelper 7 and add versioned build-dependencies on debhelper and quilt to suit. * Drop CFLAGS that we don't need anymore (-fPIC, -D_REENTRANT, -D_GNU_SOURCE). * Explicitly add -O0 to CFLAGS when noopt is set. * debian/patches/autoconf.patch: pull ltmain.sh in, to fix some spurious library linkage in the modules. * Move pam_cracklib manpage to the libpam-cracklib package, and add the requisite Replaces * Drop dh_makeshlibs -V; everything from lenny on should use the .symbols file instead, making the shlibs redundant so we don't need to care what version gets listed there. -- Steve Langasek Mon, 07 Sep 2009 18:47:45 -0700 pam (1.1.0-2ubuntu1) karmic; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. * Changes merged in Debian: - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. -- Steve Langasek Fri, 04 Sep 2009 01:11:48 -0700 pam (1.1.0-2) unstable; urgency=low [ Steve Langasek ] * debian/patches/pam_unix_dont_trust_chkpwd_caller.patch: fix this patch to call setregid() instead of always returning an error on username mismatch in unix_chkpwd, needed in the SELinux case and in some corner cases with the broken_shadow option. Thanks to Michael Spang for the analysis. Closes: #543589. * fix the PAM mini-policy to not tell app maintainers that they don't need to depend on libpam-modules if they reference modules from there. * make libpam-runtime depend on libpam-modules (>= 1.0.1-6) - nothing else guarantees that we have pam_unix available for use by pam-auth-update. * Use /bin/sh instead of /bin/bash for libpam0g.postinst, since we've confirmed there are no longer any bashisms there. Closes: #519973. * Clean up the libpam0g postinst a bit; invoke-rc.d has been a guaranteed interface for two stable release cycles now * debian/patches/namespace_with_awk_not_gawk: fix the sample namespace.init script's dependency on non-POSIX features of gawk, since we don't use gawk by default. Closes: #518908. * Updated debconf translations: - German, thanks to Sven Joachim (closes: #544464) [ Kees Cook ] * debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. -- Steve Langasek Mon, 31 Aug 2009 14:21:27 -0700 pam (1.1.0-1ubuntu1) karmic; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. - debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. * Dropped changes, superseded upstream: - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. -- Steve Langasek Wed, 26 Aug 2009 00:40:14 -0700 pam (1.1.0-1) unstable; urgency=low * New upstream version. - pam_access no longer does DNS lookups when we know we're comparing with a tty name or a service name. Closes: #376209. - fixes for manpage spelling. Closes: #488690. - fix evaluation of or'ed list of users in time.conf and group.conf. Closes: #326407, #514423. * Drop patches pam_unix_thread-safe_save_old_password.patch, pam_env_ignore_garbage.patch, dont_freeze_password_chain, pam_1.0.4_mindays, pam_mail-fix-quiet, pam_unix-chkpwd-wait, and cve-2009-0887-libpam-pam_misc.patch, which are included upstream. * Trim pam.d-manpage-section patch, which was mostly but not completely applied upstream. * Update debian/libpam0g.symbols for new extension. * Bump the shlibs version as well, for our dpkg-shlibdeps fallback. * And bump the version checks in the libpam-modules {pre,post}inst, so that the necessary services get restarted for any modules that need the new symbols. * Add /sbin/mkhomedir_helper to libpam-modules. * Document that pam_cracklib no longer checks /etc/security/opasswd. Closes: #263767. * debian/patches/007_modules_pam_unix: drop divergence from upstream that treats "0" as a special value in various fields in /etc/shadow, and document this in debian/NEWS. Thanks to Nicolas François for the detailed analysis. Closes: #308229. * Updated debconf translations: - French, thanks to Jean-Baka Domelevo Entfellner (closes: #521266) * Build with LDFLAGS=-Wl,-z,defs to guard against the possibility of any undefined symbols (due to typos or otherwise) at build time. Closes: #102311. * On upgrade from versions before 1.1.0-1, if /etc/pam.d/common-session-noninteractive has not been created (because the user declined use of pam-auth-update), create it by copying /etc/pam.d/common-session. Closes: #543401. * debian/patches/fix-man-crud: new patch, fix "undefined macro" errors in manpages caused by oddities of toolchain used when generating them upstream. -- Steve Langasek Tue, 25 Aug 2009 20:35:26 -0700 pam (1.0.1-11ubuntu1) karmic; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. * debian/local/pam-auth-update: prune some more md5sums from intrepid pre-release versions, reducing the Ubuntu delta some * debian/local/common-{auth,account,password}.md5sums: include the Ubuntu-specific intrepid,jaunty md5sums for use during the common-session-noninteractive upgrade. -- Steve Langasek Sun, 23 Aug 2009 20:14:58 -0700 pam (1.0.1-11) unstable; urgency=low * debian/libpam-runtime.postinst: bump the --force version check to 1.0.1-11, to allow for a new common-session-noninteractive config file; and include md5sum checking logic that will work the same with old unmanaged and new managed /etc/pam.d/common-* files. * debian/local/common-{auth,account,session,password}.md5sums: document the known md5sums for the new managed files. * debian/local/common-session-noninteractive{,.md5sums}, debian/local/pam-auth-update: split out a session-noninteractive include file, so that we can at last distinguish between interactive and non-interactive PAM sessions at a policy level. Closes: #169930, LP: #287715. * debian/local/pam-auth-update: prune md5sums for unsupported upgrade paths (intrepid pre-release -> karmic/squeeze) * Clean up the PAM mini-policy, which hasn't been touched in a number of years and was looking a bit crufty * debian/libpam-runtime.templates: correctly tag the URL as a non-translatable string. * Updated debconf translations: - Swedish, thanks to Martin Bagge (closes: #541399) - Portuguese, thanks to Américo Monteiro (closes: #541108) - Russian, thanks to Yuri Kozlov (closes: #541094) -- Steve Langasek Sun, 23 Aug 2009 18:07:11 -0700 pam (1.0.1-10ubuntu1) karmic; urgency=low * Merge from Debian, remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. - Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. - debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. -- Steve Langasek Fri, 07 Aug 2009 09:50:02 +0100 pam (1.0.1-10) unstable; urgency=high [ Steve Langasek ] * Updated debconf translations: - Finnish, thanks to Esko Arajärvi (closes: #520785) - Russian, thanks to Yuri Kozlov (closes: #521874) - German, thanks to Sven Joachim (closes: #521530) - Basque, thanks to Piarres Beobide (closes: #524285) * When no profiles are chosen in pam-auth-update, throw an error message and prompt again instead of letting the user end up with an insecure system. This introduces a new debconf template. Closes: #519927, LP: #410171. [ Kees Cook ] * Add debian/patches/pam_1.0.4_mindays: backport upstream 1.0.4 fixes for MINDAYS-Field regression (closes: #514437). * debian/control: add missing misc:Depends for packages that need it. [ Sam Hartman ] * Remove conflicts information for transitions prior to woody release * Fix lintian overrides for libpam-runtime * Overrides for lintian finding quilt patches * pam_mail-fix-quiet: patch from Andreas Henriksson applied upstream to fix quiet option of pam_mail, Closes: #439268 [ Dustin Kirkland ] * debian/patches/update-motd: run the update-motd scripts in pam_motd; render update-motd obsolete, LP: #399071 [ Sam Hartman ] * cve-2009-0887-libpam-pam_misc.patch: avoid integer signedness problem (CVE-2009-0887) (Closes: #520115) -- Steve Langasek Thu, 06 Aug 2009 17:54:32 +0100 pam (1.0.1-9ubuntu3) karmic; urgency=low * Make libpam-modules depend on base-files (>= 5.0.0ubuntu6), to ensure run-parts does the right thing in /etc/update-motd.d. -- Steve Langasek Wed, 15 Jul 2009 23:55:50 -0700 pam (1.0.1-9ubuntu2) karmic; urgency=low [ Dustin Kirkland ] * debian/patches/update-motd: run the update-motd scripts in pam_motd; render update-motd obsolete, LP: #399071 * debian/patches-applied/pam_motd-legal-notice: display the contents of /etc/legal once, then set a flag in the user's homedir to prevent showing it again. -- Steve Langasek Wed, 15 Jul 2009 20:41:52 -0700 pam (1.0.1-9ubuntu1) jaunty; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. -- Steve Langasek Fri, 20 Mar 2009 19:12:10 -0700 pam (1.0.1-9) unstable; urgency=low * Move the pam module packages to section 'admin'. * 027_pam_limits_better_init_allow_explicit_root: defaults need to be declared as LIMITS_DEF_DEFAULT instead of LIMITS_DEF_ALL, otherwise global limits will fail to be applied. LP: #314222. -- Steve Langasek Fri, 20 Mar 2009 19:48:47 -0700 pam (1.0.1-8) unstable; urgency=low * Updated debconf translations: - Bulgarian, thanks to Damyan Ivanov (closes: #518121) - Spanish, thanks to Javier Fernandez-Sanguino Peña (closes: #518214) - Swedish, thanks to Martin Bagge (closes: #518324) - Vietnamese, thanks to Clytie Siddall (closes: #518329) - Japanese, thanks to Kenshi Muto (closes: #518335) - Slovak, thanks to Ivan Masár (closes: #518341) - Czech, thanks to Miroslav Kure (closes: #518992) - Portuguese, thanks to Américo Monteiro (closes: #519204) - Galician, thanks to Marce Villarino (closes: #519447) - Romanian, thanks to Eddy PetriÈ™or (closes: #520552) * 027_pam_limits_better_init_allow_explicit_root: set the RLIMIT_MEMLOCK limit correctly to match the kernel default, which is not RLIM_INFINITY. Closes: #472629. -- Steve Langasek Fri, 20 Mar 2009 18:15:07 -0700 pam (1.0.1-7ubuntu1) jaunty; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. * Dropped changes, merged in Debian: - debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. - New patch dont_freeze_password_chain, cherry-picked from upstream: don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. - debian/patches/027_pam_limits_better_init_allow_explicit_root: Add documentation to the patch showing how to set limits for root. * Bump the libpam-cracklib dependency on libpam-runtime to 1.0.1-6, reducing the delta with Debian. * Drop upgrade handling code from libpam-runtime.postinst that's only needed when upgrading from 1.0.1-2ubuntu1, a superseded intrepid pre-release version of the package. * pam-auth-update: swap out known md5sums from intrepid pre-release versions with the md5sums from the released intrepid version * pam-auth-update: drop some md5sums that will only be seen on upgrade from pre-intrepid versions; skipping over the 8.10 final release is not supported, and upgrading via 8.10 means those config files will be replaced so the old md5sums will never be seen again. -- Steve Langasek Tue, 03 Mar 2009 17:34:19 -0800 pam (1.0.1-7) unstable; urgency=low * 027_pam_limits_better_init_allow_explicit_root: - fix the patch so that our limit resets are actually *applied*, which has apparently been broken for who knows how long! - shadow the finite kernel defaults for RLIMIT_SIGPENDING and RLIMIT_MSGQUEUE as well, so that the preceding change doesn't suddenly expose systems to DoS or other issues. - include documentation in the patch, giving examples of how to set limits for root. Thanks to Jonathan Marsden. * pam-auth-update: swap out known md5sums from intrepid pre-release versions with the md5sums from the released intrepid version * pam-auth-update: set the umask, so we don't accidentally mark /etc/pam.d/common-* unreadable. Thanks to Martin Krafft for catching. Closes: #518042. -- Steve Langasek Tue, 03 Mar 2009 17:18:42 -0800 pam (1.0.1-6) unstable; urgency=low * Updated debconf translations: - Vietnamese, thanks to Clytie Siddall * New patch dont_freeze_password_chain, cherry-picked from upstream: don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. * debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. -- Steve Langasek Sat, 28 Feb 2009 13:36:57 -0800 pam (1.0.1-5ubuntu2) jaunty; urgency=low * New patch dont_freeze_password_chain, cherry-picked from upstream: don't always follow the same path through the password stack on the PAM_UPDATE_AUTHTOK pass as was used in the PAM_PRELIM_CHECK pass; this Linux-PAM deviation from the original PAM spec causes a number of problems, in particular causing wrong return values when using the refactored pam-auth-update stack. LP: #303515, #305882. -- Steve Langasek Fri, 27 Feb 2009 16:20:24 -0800 pam (1.0.1-5ubuntu1) jaunty; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. * Bump the version numbers referenced in the config files, again, as pam has revved in Debian and moved the bar. * pam-auth-update: If /var/lib/pam/seen is absent, treat this the same as a present but empty file; thanks to Greg Price for the patch. LP: #294513. * pam-auth-update: Ignore removed profiles when detecting an empty set of currently-enabled modules. Thanks to Greg Price for this as well. * debian/control: libpam-runtime needs a versioned dependency on debconf, because it uses the x_loadtemplatefile extension that's not supported by debconf versions before hardy. LP: #295135. * pam-auth-update: trim leading whitespace from multiline fields when parsing PAM profiles. LP: #295441. * pam-auth-update: factor out the duplicate code used for returning the lines for a given module [ Jonathan Marsden ] * debian/patches/027_pam_limits_better_init_allow_explicit_root: Add to patch, documenting how to set limits for root user. Include an example. Alters limits.conf, limits.conf.5.xml, and limits.conf.5 . (LP: #65244) -- Steve Langasek Thu, 08 Jan 2009 20:26:25 +0000 pam (1.0.1-5) unstable; urgency=low * Build-conflict with libxcrypt-dev, which otherwise pulls libxcrypt in as a dependency of libpam-modules if it's installed during the build. Thanks to Larry Doolittle for catching. * Don't refer to gnome-screensaver in the debconf template; it isn't actually affected by the libpam symbol issue because it forks a separate process to display the screensaver dialog. * Have libpam-modules Pre-Depend on ${misc:Depends}, so that we can warn users about needing to disable xscreensaver and xlockmore before libpam-modules is unpacked. Closes: #502140, LP: #256238. * Updated debconf translations for the new template: - Italian, thanks to David Paleino - Simplified Chinese, thanks to Deng Xiyue (closes: #510371) - Portuguese, thanks to Américo Monteiro - Swedish, thanks to Martin Bagge (closes: #510379) - Japanese, thanks to Kenshi Muto (closes: #510380) - Finnish, thanks to Esko Arajärvi (closes: #510382) - Spanish, thanks to Javier Fernandez-Sanguino Peña (closes: #510389) - Galician, thanks to Marce Villarino - Slovak, thanks to helix84 (closes: #510412) - Bulgarian, thanks to Damyan Ivanov - Czech, thanks to Miroslav Kure < (closes: #510608) - French, thanks to Steve Petruzzello - German, thanks to Sven Joachim (closes: #510617) - Basque, thanks to Piarres Beobide (closes: #510699) - Russian, thanks to Yuri Kozlov (closes: #510701) - Turkish, thanks to Mert Dirik (closes: #510707) -- Steve Langasek Tue, 06 Jan 2009 00:05:13 -0800 pam (1.0.1-4ubuntu5.4) jaunty; urgency=low * No-change upload to jaunty to fix publication on armel. -- Colin Watson Tue, 18 Nov 2008 14:09:00 +0000 pam (1.0.1-4ubuntu5.3) intrepid-updates; urgency=low * No-change upload of 1.0.1-4ubuntu5.1 to -updates. -proposed package was copied while some ports were not built yet. -- Martin Pitt Tue, 11 Nov 2008 14:50:12 +0100 pam (1.0.1-4ubuntu5.2) intrepid-proposed; urgency=low * No-change rebuild because the archive admin (me) copied the package to jaunty too soon. -- Steve Langasek Wed, 05 Nov 2008 20:28:11 +0000 pam (1.0.1-4ubuntu5.1) intrepid-proposed; urgency=low * Allow passwords to change on expired accounts, by passing new_authtok_reqd return codes immediately (LP: #291091). -- Kees Cook Wed, 05 Nov 2008 09:31:45 -0800 pam (1.0.1-4ubuntu5) intrepid; urgency=low * debian/libpam0g.postinst: change 'cupsys' to 'cups' in the list of default desktop services that are ignored in deciding whether to prompt for service restarts on upgrade. Partially addresses LP #278117. * debian/libpam0g.postinst: also filter out samba, which may be installed on the desktop to enable filesharing. * debian/libpam-cracklib.prerm, debian/libpam-runtime.prerm: add the ubiquitous debhelper tokens (currently a no-op) * pam-auth-update: Use -Initial only for the first profile, even when there's no explicit -Initial config for that first profile * fix common-session/common-password to use the same overall stack structure as auth/account, so that we get the correct behavior when all password modules fail. LP: #272232. -- Steve Langasek Wed, 15 Oct 2008 18:11:13 -0700 pam (1.0.1-4ubuntu4) intrepid; urgency=low * Fix a bug in the parser that caused spewing of errors when there were more lines in the config file following the managed block. LP: #270328. -- Steve Langasek Tue, 23 Sep 2008 06:34:56 +0000 pam (1.0.1-4ubuntu3) intrepid; urgency=low * Fix up the code that saves state to /var/lib/pam, so that it matches what's expected by the code which later compares the saved and active profiles in the case that there are both primary and additional modules present. -- Steve Langasek Tue, 16 Sep 2008 06:49:56 +0000 pam (1.0.1-4ubuntu2) intrepid; urgency=low * Brown paper bag bug: fix a missing comma in pam-auth-update. -- Steve Langasek Sat, 13 Sep 2008 08:55:32 +0000 pam (1.0.1-4ubuntu1) intrepid; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. - debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. * Bump the version numbers referenced in the config files, again, as pam has revved in Debian and moved the bar. * debian/pam-config/*: refine the password profiles to use a 'primary' block, to better parallel the auth structure. * Drop '-Final' from the field names in /usr/share/pam-configs, supporting these field names for backwards compatibility only * Bump the dependency version requirement to 1.0.1-4ubuntu1 for the above change -- Steve Langasek Sat, 13 Sep 2008 08:55:19 +0000 pam (1.0.1-4) unstable; urgency=high * High-urgency upload for RC bugfix. [ Julien Cristau ] * pam_unix-chkpwd-wait: don't assume that the unix_chkpwd process exits normally; if it was killed by a signal, we don't want to accept the password. Closes: #495879. [ Steve Langasek ] * 007_modules_pam_unix: update the manpage at the same time as the xml source (grr, autogenerated files in source packages). Closes: #495804. * 055_pam_unix_nullok_secure: also don't call the helper at all from _unix_blankpasswd when we can detect that null passwords are disallowed, to avoid causing spammy logs on successful authentications. Closes: #496620. * debian/rules: call chgrp *before* calling chmod, lest the sgid bit on unix_chkpwd be cleared during the build when using -rsudo. Closes: #496983. -- Steve Langasek Thu, 28 Aug 2008 22:59:23 -0700 pam (1.0.1-3ubuntu5) intrepid; urgency=low [ Steve Langasek ] * Never remove the .pam-old files; just avoid creating them if --force isn't set. * Add a manpage for pam-auth-update. * Automatically upgrade the boilerplate for /etc/pam.d/common-* if we detect that they have not been locally modified. [ Kees Cook ] * debian/local/common-password, debian/pam-configs/unix: switch from "md5" to "sha512" as password crypt default. -- Steve Langasek Tue, 26 Aug 2008 06:33:07 +0000 pam (1.0.1-3ubuntu4) intrepid; urgency=low * If two profiles have the same Priority, sort by the profile name to ensure a complete sort so we can filter out all the duplicates from the list and not write out broken configs. LP: #260371. -- Steve Langasek Fri, 22 Aug 2008 17:33:14 +0000 pam (1.0.1-3ubuntu3) intrepid; urgency=low * s/pam-auth-config/pam-auth-update/ in the source, I can't seem to get this name consistent to save my life - I'm starting to think I named it wrong... * Fix the regex used when suppressing jump counts when reading the saved config, so that we don't clobber module options with numbers in them. * If the target doesn't already exist, don't try to copy it. * Filter the config list to exclude configs that no longer exist. LP: #260122. * Avoid unnecessary sort/grep in the case where we already have a sorted list. * Implement pam-auth-update --remove, for use in package prerms when called with "remove". -- Steve Langasek Thu, 21 Aug 2008 15:38:37 -0700 pam (1.0.1-3ubuntu2) intrepid; urgency=high * debian/local/common-session: the session stack needs to be handled the same way as the password stack, with the possibility of zero primary modules; required to fix build failures on the Ubuntu buildds due to su not being able to open sessions by default. LP: #259867. * debian/libpam-runtime.postinst: when upgrading from the broken 1.0.1-2ubuntu1 version, manually edit /etc/pam.d/common-session to recover. -- Steve Langasek Wed, 20 Aug 2008 13:27:10 -0700 pam (1.0.1-3ubuntu1) intrepid; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. - debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. * Remove spurious 'conflict' with a non-existent module, which was added just as an example -- Steve Langasek Wed, 20 Aug 2008 11:58:35 -0700 pam (1.0.1-3) unstable; urgency=high * 055_pam_unix_nullok_secure: don't call _pammodutil_tty_secure with a NULL tty argument, since this will cause our helper to segfault instead of returning a useful value. Thanks to Troy Davis for the report. Closes: #495806. -- Steve Langasek Wed, 20 Aug 2008 11:55:47 -0700 pam (1.0.1-2ubuntu1) intrepid; urgency=low * Merge from Debian unstable * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam-runtime.postinst, debian/local/common-{auth,password}{,.md5sums}: Use the new 'missingok' option by default for pam_smbpass in case libpam-smbpass is not installed (LP: #216990); must use "requisite" rather than "required" to prevent "pam_smbpass migrate" from firing in the event of an auth failure; md5sums updated accordingly. - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - Change Vcs-Bzr to point at the Ubuntu branch. * debian/local/pam-auth-update (et al): new interface for managing /etc/pam.d/common-*, using drop-in config snippets provided by module packages. -- Steve Langasek Wed, 20 Aug 2008 09:17:28 +0000 pam (1.0.1-2) unstable; urgency=low * 007_modules_pam_unix: update the documentation to correctly document the default minimum password length is 6, not 1. * Look for cups instead of cupsys as an init script name when restarting services; thanks to Stephen Olander-Waters for pointing this out. Closes: #492977. * Update the Debian PAM mini-policy to remove references to the long-obsolete pam_pwdb, and clarify the relationship between pam_stack and @include. * Drop various bits of unused cruft from the debian/ directory. * Drop libpam-runtime.preinst, only used for upgrades from woody to sarge to deal with modified conffiles. * Build-Conflict with libdb4.2-dev, which satisfies the libdb-dev build-dependency but causes pam_userdb to be silently omitted. Closes: #493574. * 054_pam_security_abstract_securetty_handling: move the warning log about an insecure tty back to pam_securetty proper; we don't want to generate log messages every time pam_unix is called as non-root. Closes: #493283. As a side-effect, pam_unix no longer logs any warnings about NULL password + insecure tty, but I don't think this is critical. -- Steve Langasek Fri, 08 Aug 2008 10:47:26 -0700 pam (1.0.1-1ubuntu1) intrepid; urgency=low * Merge from Debian unstable * Dropped changes: - Linux-PAM/modules/pam_selinux/pam_selinux.8: Ubuntu pam_selinux manpage is 2 years newer than Debian's, contains a number of character escaping fixes plus content updates - debian/patches-applied/ubuntu-pam_selinux_seusers: patch pam_selinux to correctly support seusers (backported from changes in PAM 0.99.8). - debian/rules: install unix_chkpwd setgid shadow instead of setuid root. The nis package handles overriding this as necessary. - debian/patches-applied/ubuntu-rlimit_nice_correction: Bound RLIMIT_NICE from below as well as from above. Fix off-by-one error when converting RLIMIT_NICE to the range of values used by the kernel. * Remaining changes: - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. (should send to Debian). - debian/libpam-runtime.postinst, debian/local/common-{auth,password}{,.md5sums}: Use the new 'missingok' option by default for pam_smbpass in case libpam-smbpass is not installed (LP: #216990); must use "requisite" rather than "required" to prevent "pam_smbpass migrate" from firing in the event of an auth failure; md5sums updated accordingly. - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running. - debian/patches-applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-regression_fix_securetty: prompt for password on bad username. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) * Refresh patch ubuntu-no-error-if-missingok for the new upstream version. * Change Vcs-Bzr to point at the new Ubuntu branch. -- Steve Langasek Mon, 28 Jul 2008 20:58:26 +0000 pam (1.0.1-1) unstable; urgency=low * New upstream version. - pam_limits: bound RLIMIT_NICE from below. Closes: #403718. - pam_mail: set the MAIL variable even when .hushlogin is set. Closes: #421010. - new minclass option introduced for pam_cracklib. Closes: #454237. - fix a failure to check the string length when matching usernames in pam_group. Closes: #444427. - fix setting shell security context in pam_selinux. Closes: #451722. - use --disable-audit, to avoid libaudit being linked in accidentally - pam_unix now supports SHA-256 and SHA-512 password hashes. Closes: #484249, LP: #245786. - pam_rhosts_auth is dropped upstream (closes: #382987); add a compat symlink to pam_rhosts to support upgrades for a release, and give a warning in NEWS.Debian. - new symbol in libpam.so.0, pam_modutil_audit_write; shlibs bump, and do another round of service restarts on upgrade. - pam_unix helper is now called whenever an unprivileged process tries and fails to query a user's account status. Closes: #367834. * Drop patches 006_docs_cleanup, 015_hurd_portability, 019_pam_listfile_quiet, 024_debian_cracklib_dict_path, 038_support_hurd, 043_pam_unix_unknown_user_not_alert, 046_pam_group_example, no_pthread_mutexes, limits_wrong_strncpy, misc_conv_allow_sigint.patch, pam_tally_audit.patch, 057_pam_unix_passwd_OOM_check, and 065_pam_unix_cracklib_disable which have been merged upstream. * Patch 022_pam_unix_group_time_miscfixes: partially merged upstream; now is really just "pam_group_miscfixes". * Patch 007_modules_pam_unix partially superseded upstream; stripping hpux-style expiry information off of password fields is now supported. * New patch pam_unix_thread-safe_save_old_password.patch, to make sure all our getpwnam() use in pam_unix is thread-safe (fixes an upstream regression) * New patch pam_unix_fix_sgid_shadow_auth.patch, fixing an upstream regression which prevents sgid shadow apps from being able to authenticate any more because the module forces use of the helper and the helper won't allow authentication of arbitrary users. This change does mean we're going to be noisier for the time being in an SELinux environment, which should be addressed but is not a regression on Debian. * New patch pam_unix_dont_trust_chkpwd_caller.patch, rolling back an upstream change that causes unix_chkpwd to assume that setuid(getuid()) is sufficient to drop permissions and attempt any authentication on behalf of the user. * The password-changing helper functionality for SELinux systems has been split out into a separate unix_update binary, so at long last we can change unix_chkpwd to be sgid shadow instead of suid root. Closes: #155583. - Update the lintian override to match. * Install the new unix_update helper into libpam-modules. * Use a pristine upstream tarball instead of repacking; requires various changes to debian/rules and debhelper files. * Replace the Vcs-Svn field with a Vcs-Bzr field; jumping ship from svn, and how! * Debconf translations: - Romanian, thanks to Igor Stirbu (closes: #491821) * Add libpam0g.symbols, for finer-grained package dependencies with dpkg-gensymbols. * Fix debian/copyright to list the known copyright holders * Fix up the doc-base sections for the libpam-doc documentation, "Apps" should not be part of the section name * Also fix up whitespace issues in the doc-base abstracts * Fix a typo in the libpam0g-dev description. * 027_pam_limits_better_init_allow_explicit_root: RLIM_INFINITY is also invalid for RLIMIT_NOFILE, so when resetting the limits for a new session, use the kernel default of 1024 instead. Closes: #404836. * Create /etc/environment on initial install of libpam-modules (or on upgrade from an old version), to quell warnings in the logs about it being missing. Closes: #442049. * 026_pam_unix_passwd_unknown_user: drop a redundant, and broken, check for the NSS source of our user; this was preventing password changes for NIS users, which otherwise should have worked. Closes: #203222, LP: #9224. * New patch do_not_check_nis_accidentally: respect the 'nis' option (set or unset) when looking up the user's password entry for password changes. Thanks to Quentin Godfroy for the patch. Closes: #469635. * Drop patch 049_pam_unix_sane_locking, which upon review is not needed; it reduces the length of time we hold the lock, but at the expense of being able to enforce minimum times between password changes. * debian/watch: upstream has hit 1.0, so we're no longer in a "pre" directory. Fix up the regex for uscan. * Fix the libpam0g-dev examples directory to not include a gratuitous .cvsignore file. * New patch, pam.d-manpage-section, to fix the manpage references to point to section 5 instead of section 8. * Update patch PAM-manpage-section to fix the references to pam(7) from other manpages. Closes: #470137. * Add debian/README.source documenting that this package uses quilt. * Bump Standards-Version to 3.8.0. * Fix a bug in the uid-restoring code in the hurd_no_setfsuid patch; thanks to Tomas Mraz for indirectly bringing this to my attention -- Steve Langasek Mon, 28 Jul 2008 13:56:26 -0700 pam (0.99.7.1-7) unstable; urgency=medium * Medium-urgency upload for RC bugfix * Debconf translations: - Italian, thanks to David Paleino (closes: #483913) - Slovak, thanks to Ivan Masár (closes: #488908) - Turkish, thanks to Mert Dirik (closes: #490880) - Basque, thanks to Piarres Beobide (closes: #473975) * Drop the 'XS' from Vcs-Svn/Vcs-Browser, since these are now officially recognized fields. * Add a Homepage field. Closes: #473338. * Drop -DCRACKLIB_DICTS from CFLAGS, since the referenced define is no longer provided by cracklib2-dev 2.8 and above. This requires a build-dependency on the corresponding version of libcrack2-dev. Closes: #490236. -- Steve Langasek Mon, 21 Jul 2008 11:49:59 -0700 pam (0.99.7.1-6ubuntu2) intrepid; urgency=low * debian/libpam-modules.postinst: revert addition of ~/bin to the end of the default PATH set in /etc/environment as it was pointed out by Colin Watson that getenv() does not properly expand '~' -- Jamie Strandboge Tue, 24 Jun 2008 06:29:40 -0400 pam (0.99.7.1-6ubuntu1) intrepid; urgency=low * Merge from debian unstable * Dropped changes: - Linux-PAM/modules/pam_limits/README, Linux-PAM/modules/pam_selinux/README: Ubuntu versions had some insignificant character differences, dropping in favor of Debian versions; pam_selinux documentation has dropped "multiple", and added "select_context", and "use_current_range" as options. - debian/control, debian/local/common-session{,md5sums}: use libpam-foreground for session management. - Build using db4.5 instead of db4.6. * Remaining changes: - Linux-PAM/modules/pam_selinux/pam_selinux.8: Ubuntu pam_selinux manpage is 2 years newer than Debian's, contains a number of character escaping fixes plus content updates; (should send to Debian). - debian/control: Maintainer updated. - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf; add ~/bin to PATH (LP: #64064); (should send to Debian). - debian/libpam-runtime.postinst, debian/local/common-{auth,password}{,.md5sums}: Use the new 'missingok' option by default for pam_smbpass in case libpam-smbpass is not installed (LP: #216990); must use "requisite" rather than "required" to prevent "pam_smbpass migrate" from firing in the event of an auth failure; md5sums updated accordingly. - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running (LP: #141309). - debian/applied/series: Ubuntu patches are as below ... - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. - debian/patches-applied/ubuntu-pam_selinux_seusers: patch pam_selinux to correctly support seusers (backported from changes in PAM 0.99.8). Without this patch login will not get correct security context when using libselinux >= 1.27.2 (LP: #187822). - debian/patches-applied/ubuntu-regression_fix_securetty: securetty's earlier behavior would correctly prompt for password on bad usernames (LP: #139075). - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. Bound RLIMIT_NICE from below as well as from above. Fix off-by-one error when converting RLIMIT_NICE to the range of values used by the kernel. - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - debian/rules: install unix_chkpwd setgid shadow instead of setuid root. The nis package handles overriding this as necessary. * Alphabetized this merge changelog entry by filename (easier reading against Ubuntu patch). -- Dustin Kirkland Fri, 20 Jun 2008 10:32:00 -0500 pam (0.99.7.1-6) unstable; urgency=low * Debconf translations: - Updated Vietnamese, thanks to Clytie Siddall (closes: #444437) - Updated Spanish, thanks to Javier Fernández-Sanguino Peña (closes: #444479) - Updated German, thanks to Sven Joachim (closes: #444566) - Galician, thanks to Jacobo Tarrio (closes: #444758) - Updated Czech, thanks to Miroslav Kure (closes: #445022) - French, thanks to Cyril Brulebois (closes: #445869) - Japanese, thanks to Kenshi Muto (closes: #446584) - Dutch, thanks to Bart Cornelis (closes: #448930) - Basque, thanks to Piarres Beobide (closes: #457042) - Updated Finnish, thanks to Esko Arajärvi (closes: #458264) - Swedish, thanks to Christer Andersson (closes: #457674) * Make sure the "audit" option is specified in octal instead of in decimal, so that it doesn't randomly set other options. Thanks to Corey Wright for the catch. Closes: #446327. -- Steve Langasek Sun, 16 Mar 2008 02:06:28 -0700 pam (0.99.7.1-5ubuntu8) intrepid; urgency=low * debian/libpam-modules.postinst: Add ~/bin to the end of the default PATH set in /etc/environment (LP: #64064). -- Dustin Kirkland Thu, 19 Jun 2008 12:52:48 -0500 pam (0.99.7.1-5ubuntu7) intrepid; urgency=low * debian/patches-applied/ubuntu-no-error-if-missingok: add a new, magic module option 'missingok' which will suppress logging of errors by libpam if the module is not found. * debian/local/common-{auth,password}, debian/libpam-runtime.postinst: Use the new 'missingok' option by default for pam_smbpass, to correct the problem of very loud logging introduced in the previous upload when libpam-smbpass is not installed. LP: #216990. -- Steve Langasek Tue, 22 Apr 2008 18:53:37 +0000 pam (0.99.7.1-5ubuntu6) hardy; urgency=low * debian/local/common-{auth,password}, debian/libpam-runtime.postinst: Add pam_smbpass as an optional module in the stack, to keep NTLM passwords (for filesharing) in sync with the main system passwords on a best-effort basis. LP: #208419. -- Steve Langasek Tue, 08 Apr 2008 18:21:40 +0000 pam (0.99.7.1-5ubuntu5) hardy; urgency=low * debian/local/common-session: Drop libpam-foreground. It's gone for good, and we do not want this in the PAM config for new installations, since it just spams syslog with error messages. (LP: #198714) -- Martin Pitt Tue, 11 Mar 2008 11:22:11 +0100 pam (0.99.7.1-5ubuntu4) hardy; urgency=low * ubuntu-pam_selinux_seusers: patch pam_selinux to correctly support seusers (backported from changes in PAM 0.99.8). Without this patch login will not get correct security context when using libselinux >= 1.27.2 (LP: #187822). -- Caleb Case Wed, 30 Jan 2008 06:39:48 -0500 pam (0.99.7.1-5ubuntu3) hardy; urgency=low * Temporarily reenable libpam-foreground in common-session again, until dbus' at_console policy works with ConsoleKit. -- Martin Pitt Thu, 29 Nov 2007 15:17:54 +0100 pam (0.99.7.1-5ubuntu2) hardy; urgency=low * debian/local/common-session{,.md5sums}, debian/control: Drop libpam-foreground, superseded by ConsoleKit integration into hal. * debian/control: Build against libdb4.6 again. This drops this Debian delta and 4.6 is our target version in Hardy. -- Martin Pitt Thu, 22 Nov 2007 18:56:47 +0100 pam (0.99.7.1-5ubuntu1) gutsy; urgency=low * Resynchronise with Debian. Remaining changes: - debian/control, debian/local/common-session{,md5sums}: use libpam-foreground for session management. - debian/rules: install unix_chkpwd setgid shadow instead of setuid root. The nis package handles overriding this as necessary. - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. Bound RLIMIT_NICE from below as well as from above. Fix off-by-one error when converting RLIMIT_NICE to the range of values used by the kernel. (Originally patch 101; converted to quilt.) - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) - debian/patches-applied/ubuntu-regression_fix_securetty: securetty's earlier behavior would correctly prompt for password on bad usernames (LP: #139075). - Build using db4.5 instead of db4.6. - debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running (LP: #141309). * debian/libpam0g.postinst: don't display a debconf warning about display managers that need restarting when update-manager is running, instead signal to update-notifier if a reboot is required. -- Steve Langasek Fri, 28 Sep 2007 23:45:24 -0700 pam (0.99.7.1-5) unstable; urgency=low * More lintian overrides, related to debconf prompting in the postinst * Debconf translations: - Brazilian Portuguese, thanks to Eder L. Marques (closes: #440385) - Russian, thanks to Yuri Kozlov (closes: #440390, #440953, #444039) - Bulgarian, thanks to Damyan Ivanov (closes: #441863) - Finnish, thanks to Esko Arajärvi (closes: #443720) - Simplified Chinese, thanks to Ming Hua (closes: #443924) - Updated Portuguese, thanks to Américo Monteiro - Updated Vietnamese, thanks to Clytie Siddall (closes: #440800) - Updated German, thanks to Sven Joachim - Updated Spanish, thanks to Javier Fernández-Sanguino Peña - Updated Czech, thanks to Miroslav Kure (closes: #441325) * Further cleanups of 007_modules_pam_unix -- don't use a global variable for pass_min_len, don't gratuitously move the length checking into the "obscure" checks, and internationalize the error strings. * Stop overriding the built-in default minimum password length in /etc/pam.d/common-password, and also drop the "max" option which has now been obsoleted. * Fix up the comments in /etc/pam.d/common-password to make it clear that the options are specific to pam_unix. Closes: #414559. * Patch 038: fix another thinko in the getline handling. Closes: #442276. * If there are active X logins, don't restart kdm, wdm, and xdm by default; instead, display a debconf error if they haven't been restarted. Closes: #441843. * Drop the local patch for Linux capabilities in pam_limits; Linux capabilities are not generally useful in a PAM context, and the PAM capabilities patch has been broken through much of its life. Closes: #440130. * -Wl,-z,defs was never enabled correctly, drop it since upstream is already using -no-undefined * Pass --build and --host args to ./configure as necessary, for cross-building support. -- Steve Langasek Fri, 28 Sep 2007 00:17:00 -0700 pam (0.99.7.1-4ubuntu4) gutsy; urgency=low * debian/libpam0g.postinst: call "reload" for all display managers (LP: #139065). * debian/libpam0g.postinst: only ask questions during update-manager when there are non-default services running (LP: #141309). -- Kees Cook Mon, 24 Sep 2007 15:01:29 -0700 pam (0.99.7.1-4ubuntu3) gutsy; urgency=low * ubuntu-regression_fix_securetty: securetty's earlier behavior would correctly prompt for password on bad usernames (LP: #139075). -- Kees Cook Wed, 12 Sep 2007 15:20:09 -0700 pam (0.99.7.1-4ubuntu2) gutsy; urgency=low * Build using db4.5 (instead of db4.6). One db4.x version less on the CD. -- Matthias Klose Wed, 12 Sep 2007 17:44:25 +0200 pam (0.99.7.1-4ubuntu1) gutsy; urgency=low * Resynchronise with Debian (LP: #43169, #14505, #80431). Remaining changes: - debian/control, debian/local/common-session{,md5sums}: use libpam-foreground for session management. - debian/rules: install unix_chkpwd setgid shadow instead of setuid root. The nis package handles overriding this as necessary. - debian/libpam-modules.postinst: Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. - debian/patches-applied/ubuntu-fix_standard_types: Use standard u_int8_t type rather than __u8. - debian/patches-applied/ubuntu-rlimit_nice_correction: Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. Bound RLIMIT_NICE from below as well as from above. Fix off-by-one error when converting RLIMIT_NICE to the range of values used by the kernel. (Originally patch 101; converted to quilt.) - debian/patches-applied/ubuntu-user_defined_environment: Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. (Originally patch 100; converted to quilt.) * Dropped: - debian/rules: bashism fixes (merged upstream). - debian/control: Conflict on ancient nis (expired with Breezy). - debian/libpam-runtime.postinst: check for ancient pam (expired with Breezy). -- Kees Cook Wed, 05 Sep 2007 15:18:36 -0700 pam (0.99.7.1-4) unstable; urgency=low * libpam0g.postinst, libpam0g.templates: gdm doesn't need to be restarted to fix the library skew, only reloaded; special-case this daemon in the postinst and remove the mention of it from the debconf template, also tightening the language of the debconf template in the process. Closes: #440074. * Add courier-authdaemon to the list of services that need to be restarted; thanks to Micah Anderson for reporting. * New patch pam_env_ignore_garbage.patch: fix pam_env to really skip over garbage lines in /etc/environment and log an error, instead of failing with an obscure error; and ignore any PAM_BAD_ITEM values returned by pam_putenv(), since this is the expected error return when trying to delete a non-existent var. Closes: #439984. * Yet another thinko in hurd_no_setfsuid and in 029_pam_limits_capabilities; this code should really be Hurd-safe at last... * getline() returns -1 on EOF, not 0; check this appropriately, to fix an infinite loop in pam_rhosts_auth. Thanks to Stephan Springl for the fix. Closes: #440019. * Use ${misc:Depends} for libpam0g, so we get a proper dependency on debconf. * 019_pam_listfile_quiet: per discussion with upstream, don't suppress errors about missing files or files with wrong permissions; these are real errors that should not be buried. * Drop the remainder of 061_pam_issue_double_free, not required for the original bugfix. * Drop patch 064_pam_unix_cracklib_dictpath, which is not needed now that we define CRACKLIB_DICTS in debian/rules. * Drop patch 063_paswd_segv, superseded by a different upstream fix * Split 047_pam_limits_chroot_string_value up between 008_modules_pam_limits_chroot and 029_pam_limits_capabilites * Updates to patch 007_modules_pam_unix: restore the same built-in min password len of 6 that upstream uses; fix a typo panlindrome -> palindrome. * The 'max=' option was never intended to be used to limit maximum password length for users, only to declare what the number of significant characters /is/ for a password. But we don't need a config option to tell us that, we know the answer based on which crypt type we're using, so drop this as a config file option. Closes: #389197. * Debconf translations: - Spanish, thanks to Javier Fernández-Sanguino Peña - Vietnamese, thanks to Clytie Siddall - German, thanks to Sven Joachim (closes: #440355) - Czech, thanks to Miroslav Kure (closes: #440362) - Portuguese, thanks to Américo Monteiro (closes: #440368) -- Steve Langasek Fri, 31 Aug 2007 17:11:05 -0700 pam (0.99.7.1-3) unstable; urgency=low * New patch limits_wrong_strncpy: fix unnecessary manipulations of string buffers, including an illegal use of strncpy(). Thanks to Paul Hampson for reporting. Closes: #331278. * New patch misc_conv_allow_sigint.patch: allow SIGINT to be handled by the application, instead of blocking it when misc_conv is in use and preventing users from being able to ^C at any PAM prompt. Closes: #1708. * 024_debian_cracklib_dict_path: default to NULL instead of a specific dictionary path when none is defined for consistency with the new upstream version of cracklib, and define our path in debian/rules. * 055_pam_unix_nullok_secure: document the pam_unix "nullok_secure" option, a prereq for forwarding this patch upstream. Closes: #325974. * Create /etc/security/opasswd on new installs or on upgrades from 0.99.7.1-2 or below, so that users that enable the remember= option to pam_unix aren't left unable to change passwords. Closes: #95324. * Fix a couple of thinkos in hurd_no_setfsuid, that were preventing the code from compiling on the Hurd still. Thanks to Michael Banck for the catch. * Fix a memory leak in the pam_limits capabilities patch: always cap_free() the cap_t before returning from pam_sm_open_session(). Closes: #153157. * libpam0g.postinst, libpam0g.templates: on upgrades from versions prior to 0.99.7.1-3, restart known PAM-using services so that they get the new libpam symbols, since otherwise the newer PAM modules will fail to load. Postinst taken from libssl0.9.8; thanks to Christoph Martin for the fine example! Closes: #439835. * Build-depend on po-debconf to support l10n of the debconf questions from the above. -- Steve Langasek Tue, 28 Aug 2007 06:33:33 -0700 pam (0.99.7.1-2) unstable; urgency=low * New upstream release; thanks to Roger Leigh and Jan Christoph Nordholz for their extensive work in helping to prepare for this update in Debian. Closes: #360460. - now uses autoconf for library detection, so SELinux should not be unconditionally enabled on non-Linux archs. Closes: #333141. - pam_mail notice handling has been completely reworked, so there should no longer be missing spaces in the messages. Closes: #119689. - with libtool and autoconf, now behaves "sensibly" on unknown platforms. Closes: #165067. - the source now builds without warnings. Closes: #212165. - uses automake instead of hand-rolled makefiles with indentation bugs. Closes: #241661, #328084. - pam_mkhomedir now creates directories recursively as needed. Closes: #178225. - pam_listfile now supports being used as a session module too. Closes: #416665. - misspelled pam_userdb log message has been corrected. Closes: #305058. - the current pam_strerror manpage no longer mentions "Unknown Linux-PAM error". Closes: #220157. - the text documentation no longer uses ANSI bold sequences. Closes: #181451. - pam_localuser now supports being used as a session module. Closes: #412484. - package no longer fails to build with dash as /bin/sh. Closes: #331208. - All modules should now be documented in the system administrator guide. Closes: #350620. - pam_userdb now logs an error instead of segfaulting when no db= option is provided. Closes: #436005. - pam_time now warns on a missing tty instead of erroring out, making it possible to use the module with non-console services. Closes: #127931. - upstream changelog is now 'ChangeLog' instead of 'CHANGELOG'; install accordingly - bump the shlibs - the 'test.c' example no longer exists - add /usr/share/locale to libpam-runtime. - CVE-2005-2977: only uid=0 is allowed to invoke unix_chkpwd with an arbitrary username, and then only when SELinux is active. Closes: #336344. * Mark myself as primary maintainer as previously discussed with Sam, and add Roger as an uploader. * Refactor to use quilt. * Update to Standards-Version 3.7.2. * Drop unnecessary build-dependency on patch, which is build-essential (and no longer invoked directly). * Drop patches 002_debian_no_ldconfig_call, 010_pam_cplusplus, 018_man_fixes, 030_makefile_link_against_libpam, 037_pam_issue_ttyname_can_be_null, 044_configure_supports_bsd, 050_configure_in_gnu and 052_pam_unix_no_openlog, which have been superseded upstream. * Drop patches 005_pam_limits_099_6, 012_pam_group_less_restrictive_charset, 023_pam_env_limits_miscfixes, 048_pam_group_colon_valid_char, 058_pam_env_enable, 059_pam_userdb_segv, 060_pam_tally_segv and 062_c++_safe_headers, which have been integrated upstream. * Patch 057: SELinux support is merged upstream, leaving only an unrelated OOM check for pam_unix_passwd. Rename as 057_pam_unix_passwd_OOM_check. * Patches 006, 008, 036: update for the switch from SGML to XML. * Patch 007: update for the switch from SGML to XML; drop some log messages that were already added upstream; update for the pam_modutil changes; tighten the flag handling of the 'obscure' option; drop bogus check in unix_chkpwd for null passwords. Also fix a grammar error along the way. Closes: #362855. * Patch 024: CRACKLIB_DICTPATH is no longer set in configure.in, so patch pam_cracklib.c instead to use the default dictpath already available from crack.h; and patch configure.in to use AC_CHECK_HEADERS instead of AC_CHECK_HEADER, so crack.h is actually included. Also remove unnecessary string copies, which break on the Hurd due to PATH_MAX. * Patch 038: partially merged/superseded upstream; also add new Hurd fix for pam_xauth. * Patch 061: partially merged upstream * Use ${binary:Version} instead of ${Source-Version} in debian/control. * Remove empty maintainer scripts debian/libpam0g-dev.{postinst,prerm}, debian/libpam0g.{postinst,prerm}, and debian/libpam-modules.{postinst,prerm}; debhelper can autogenerate these just fine without our help. * Build-Depend on xsltproc, libxml2-utils, docbook-xml, docbook-xsl and w3m instead of on linuxdoc-tools, linuxdoc-tools-latex, tetex-extra, groff, and opensp. * Also build-depend on flex for libfl.a. * Updates for documentation handling: - move debian/local/pam-*-guide to debian/libpam-doc.doc-base.foo-guide, and invoke dh_installdocs instead of installing these by hand. - drop libpam-doc.{postinst,prerm}, which are no longer needed. - add an install target to debian/rules, and have binary-indep depend on it instead of trying to install doc files individually from the source tree - consequently, drop libpam-doc.dirs as well which is no longer needed and no longer accurate - add debian/libpam-doc.install for moving the docs to the right place, and also replace libpam-runtime.files with libpam-runtime.install; for the moment this means we're using both dh_movefiles and dh_install... - libpam0g.docs: install the Debian-PAM-MiniPolicy from here, further cleaning up debian/rules * Drop debian/libpam0g.links, no longer needed because upstream now has a working install target which creates the library symlinks * Add libpam-modules.links: create pam_unix_{acct,auth,passwd,session}.so symlinks by hand, no longer provided upstream. * debian/patches-applied/PAM-manpage-section: "PAM" is not a daemon, manpage belongs in section 7, not in section 8. * Actually ship the pam, pam.conf, and pam.d manpages in libpam-runtime. * debian/patches-applied/autoconf.patch: move all changes to autotools generated files into a single patch at the end of the stack. - don't touch configure in debian/rules, the quilt patch takes care of this for us. * New patch 064_pam_unix_cracklib_dictpath: correctly define CRACKLIB_DICTS, since this is not defined by configure. Thanks to Jan Christoph Nordholz. * New patch 065_pam_unix_cracklib_disable: Debian-specific patch to disable cracklib support in pam_unix. Thanks to Christoph Nordholz. * debian/rules: - Rename OS_CFLAGS to CFLAGS. - kill off references to unused variables - make binary-arch also depend on the install target, and streamline the rules - fix up the clean target to not ignore errors; thanks to Roger Leigh - drop the local module_check target in favor of using -Wl,-z,defs in LDFLAGS to enforce correct linkage of all objects at build time * Drop debian/local/unix_chkpwd.8 in favor of the upstream manpage. * libpam-modules.files: /usr/sbin/pam_tally has moved to /sbin/pam_tally for consistency. * Update to debhelper V5. * Don't ship Makefiles as part of the libpam0g-dev examples. * libpam-modules.manpages, libpam-runtime.manpages, libpam0g-dev.manpages: put all the manpages in the correct packages. Closes: #411812, #62193, #313486, #300773, #330545, #184270. * Drop libpam{0g,0g-dev,-modules,-runtime}.dirs, not needed for anything because we aren't trying to ship empty directories in the packages * Build-Conflict with fop, to avoid unreproducible builds of pdf documentation from a tool in contrib. * libpam-cracklib should depend on a real wordlist package, per policy; use wamerican as the default. * Drop local/pam-undocumented.7 from the package, since we no longer have a reason to ship it * Add lintian overrides for known false-positives * Conflicts/Replaces/Provides libpam-umask, now included upstream. Closes: #436222. * Upstream no longer marks unix_chkpwd suid-root for us, so set the perms by hand in debian/rules. In the process, unix_chkpwd is now writable by the owner, as expected by policy. Closes: #368100. * Migrate from db4.3 to db4.6; once again, no administrator action should be needed for upgrading on-disk database formats. Closes: #354309. * Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control; thanks to Laurent Bigonville for the hint. Closes: #439038. * Add a watch file for use with uscan; thanks to Laurent Bigonville for this patch as well. Closes: #439040. * Rewrite of 031_pam_include, fixing a memory leak and letting us drop patch 056_no_label_at_end; thanks to Jan Christoph Nordholz for this much-improved version! * New patch no_pthread_mutexes: don't use pthread mutexes in pam_modutil functions, they're not needed because pam handles themselves should not be used concurrently by multiple threads and using pthreads causes problems for portable linking. * New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around using setreuid instead. -- Steve Langasek Sun, 26 Aug 2007 19:15:09 -0700 pam (0.79-4ubuntu2) feisty; urgency=low * Remove /usr/bin/X11 from default PATH (new installs only). -- Colin Watson Wed, 20 Dec 2006 16:14:37 +0000 pam (0.79-4ubuntu1) feisty; urgency=low * Resynchronise with Debian. Remaining changes: - Patch 100 (renumbered from 060): Look at ~/.pam_environment too, with the same format as /etc/security/pam_env.conf. - Patch 101 (renumbered from 061): Explicitly initialise RLIMIT_NICE rather than relying on the kernel limits. Bound RLIMIT_NICE from below as well as from above. Fix off-by-one error when converting RLIMIT_NICE to the range of values used by the kernel. - Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf. - debian/rules: Fix a bashism. - Install unix_chkpwd setgid shadow instead of setuid root. The nis package handles overriding this as necessary. - Use pam_foreground in the default session. - Linux-PAM/libpamc/test/regress/test.libpamc.c: Use standard u_int8_t type rather than __u8. -- Colin Watson Tue, 19 Dec 2006 10:32:47 +0000 pam (0.79-4) unstable; urgency=medium * Medium-urgency upload; at least one RC bugfix, but also a significant number of changes, hence not urgency=high. * Move libpam-modules and libpam0g to Section: libs and libpam-runtime to section: admin, to match the overrides in the archive. * Move old changelog entries (well, entry) that don't follow the current format to debian/changelog.old, since there's no way to figure out a timestamp for an 8-year-old upload, and this is the most effective way to clear a glut of lintian warnings. * Fix the formatting of the libpam-cracklib package description. * Patch 010: remove parts of the patch that aren't necessary for C++ compatibility. * Patch 060: fix a segfault in pam_tally caused by misuse of pam_get_data(); already fixed upstream. Closes: #335273. * Patch 061: fix a double free in pam_issue, caused by overuse (and misuse) of strdup (similar to patch 059). Already fixed upstream. Closes: #327272. * Don't build-depend on libselinux1-dev and libcap-dev on kfreebsd archs. Closes: #352329. * Patch 005: sync pam_limits with upstream: - support "-" (unlimited) for all limit types except process priority. - support the additional aliases "-1", "unlimited", and "infinity" for clearing the limits; closes: #122400, #149027. - restrict the range of process priority, login count, and system login count settings to (INT_MIN,INT_MAX) (heh). - special-case RLIM_INFINITY when applying multipliers to values from the config. - document maxsyslogins in the default limits.conf; closes: #149883. - use the current process priority as a default instead of resetting to 0; closes: #241663. - add support for (and document) new RLIMIT_NICE and RLIMIT_RTPRIO settings in Linux 2.6.12 and above; closes: #313542, #313588. - allow imposing limits on uid=0. * Patch 027: only set RLIM_INFINITY as the default for the limits where we know this is sensible, so that recompiling in an environment with new limits doesn't create a security hole -- as happened with RLIMIT_NICE and RLIMIT_RTPRIO! Thanks to Ville Hallik for the initial patch. Closes: #388431. * Patch 029, 047: Fix up the broken pam_limits capabilities patch so it actually works -- which may well be a first... Closes: #318452. -- Steve Langasek Mon, 23 Oct 2006 05:36:08 -0700 pam (0.79-3.2) unstable; urgency=low * Non-maintainer upload to fix important bug, that makes passwd segfault when CTRL-D is pressed at the password prompt. Applied the patch provided by Dann Frazier. (Closes: #360657) -- Margarita Manterola Sat, 5 Aug 2006 02:11:22 -0300 pam (0.79-3.1ubuntu1) edgy; urgency=low * Resynchronise with Debian. -- Colin Watson Thu, 29 Jun 2006 17:27:34 +0100 pam (0.79-3.1) unstable; urgency=low * Non-maintainer upload. * Linux-PAM/libpamc/include/security/pam_client.h, Linux-PAM/libpamc/pamc_converse.c: Apply patch from latest upstream version to remove redefinition of internal glibc/libstdc++ types. Closes: #344447. -- Roger Leigh Sun, 5 Feb 2006 21:46:59 +0000 pam (0.79-3ubuntu14) dapper; urgency=low * debian/patches-applied/061_pam_rlimits_nice_rtprio: Protect use of RLIMIT_NICE in init_limits() with an #ifdef. -- Colin Watson Fri, 12 May 2006 17:42:40 +0100 pam (0.79-3ubuntu13) dapper; urgency=low * debian/patches-applied/061_pam_rlimits_nice_rtprio: Set soft and hard nice limits to 20 (= userland nice value 0) rather than unlimited by default. Correct off-by-one error (the same error as in Linux 2.6.12, but fixed in 2.6.13) in user<->kernel translation of nice limit. -- Colin Watson Thu, 11 May 2006 11:29:58 +0100 pam (0.79-3ubuntu12) dapper; urgency=low * debian/control: Add libpam-foreground dependency to libpam-runtime, since the default /etc/pam.d/common-session refers to it. Closes: LP#35142 -- Martin Pitt Mon, 10 Apr 2006 14:42:40 +0200 pam (0.79-3ubuntu11) dapper; urgency=low [ Dana Olson ] * debian/patches-applied/061_pam_rlimits_nice_rtprio: removed glibc workaround now that glibc is aware of rlimits. [ Martin Pitt ] * debian/rules: Fix bashisms. -- Martin Pitt Thu, 6 Apr 2006 15:03:37 +0200 pam (0.79-3ubuntu10) dapper; urgency=low * debian/patches-applied/061_pam_rlimits_nice_rtprio: Support "nice" and "rtprio" rlimits, new in Linux 2.6.12. Backported from upstream thanks to Dana Olson and others (closes: Malone #17348). -- Colin Watson Thu, 23 Feb 2006 16:22:12 +0000 pam (0.79-3ubuntu9) dapper; urgency=low * Fix operator precedence in libpam-modules.postinst. -- Colin Watson Thu, 16 Feb 2006 15:23:04 +0000 pam (0.79-3ubuntu8) dapper; urgency=low * Make pam_env be quiet if it can't find the user's configuration file, since it's optional. -- Tollef Fog Heen Sat, 4 Feb 2006 16:44:12 +0100 pam (0.79-3ubuntu7) dapper; urgency=low * Add the PATH on initial install for real this time. -- Tollef Fog Heen Thu, 2 Feb 2006 20:33:42 +0100 pam (0.79-3ubuntu6) dapper; urgency=low * Changes from Roger Leigh: * Linux-PAM/libpamc/include/security/pam_client.h, Linux-PAM/libpamc/pamc_converse.c: Apply patch from latest upstream version to remove redefinition of internal glibc/libstdc++ types. Closes: #344447. * Linux-PAM/libpamc/test/regress/test.libpamc.c: Also switch to standard types; not taken from upstream. -- Reinhard Tartler Wed, 1 Feb 2006 13:14:24 +0000 pam (0.79-3ubuntu5) dapper; urgency=low * Add pam_foreground to /etc/pam.d/common-session -- Matthew Garrett Tue, 24 Jan 2006 02:26:19 +0000 pam (0.79-3ubuntu4) dapper; urgency=low * Add PATH on initial install, too. -- Tollef Fog Heen Mon, 23 Jan 2006 15:55:40 +0100 pam (0.79-3ubuntu3) dapper; urgency=low * Add PATH to /etc/environment if it's not present there or in /etc/security/pam_env.conf and we are upgrading from a version which didn't add it. -- Tollef Fog Heen Tue, 17 Jan 2006 15:54:01 +0100 pam (0.79-3ubuntu2) dapper; urgency=low * Look at ~/.pam_environment too. Same format as /etc/security/pam_env.conf. The patch is recorded as patches-applied/060_pam_env_per_user -- Tollef Fog Heen Tue, 17 Jan 2006 15:32:55 +0100 pam (0.79-3ubuntu1) dapper; urgency=low * Resynchronise with Debian. -- Colin Watson Mon, 21 Nov 2005 12:15:44 +0000 pam (0.79-3) unstable; urgency=low * Patch 059 - Fix a segfault in pam_userdb when the new "crypt=" option is unset, as will be the case for all existing users; already fixed upstream. Closes: #330829. - Fix a memory leak in the same code due to gratuitous strdup()s. * Further regression in pam_env: don't treat a missing /etc/environment as a fatal error, either. Amend patch 058 accordingly. Closes: #330852. -- Steve Langasek Fri, 30 Sep 2005 01:17:53 -0700 pam (0.79-2) unstable; urgency=low The ".c.o: rm -rf $@" release * Fix debian/rules so that make clean doesn't remove ./configure when the timestamp on configure.in is newer (!). * Switch pam_userdb from db3 to db4.3, which according to the libdb maintainers should require no manual intervention for upgrading on-disk database formats. Closes: #165068. * Patch 058: yes, of course we want to read /etc/environment by default. Grr! Revert upstream change which disables this for no apparent reason (closes: #330458). * Tweak selinux rootok code to use the version of the function call that doesn't pollute namespace -- Steve Langasek Tue, 27 Sep 2005 02:44:36 -0700 pam (0.79-1) unstable; urgency=low * New upstream version (closes: #284954, #300775). - includes some fixes for typos (closes: #319026). - pam_unix should now be LSB 3.0-compliant (closes: #323982). - fixes segfaults in libpam on config file syntax errors (closes: #330097). * Drop patches 000_bootstrap, 004_libpam_makefile_static_works, 011_pam_access, 013_pam_filter_termio_to_termios, 017_misc_fixes, 025_pam_group_conffile_name, 028_pam_mail_delete_only_when_set, 033_use_gcc_not_ld, 034_pam_dispatch_ignore_PAM_IGNORE, 035_pam_unix_security, 039_pam_mkhomedir_no_maxpathlen_required, 041_call_bootstrap, 042_pam_mkhomedir_dest_not_source_for_errors, 051_32_bit_pam_lastlog_ll_time, and 053_pam_unix_user_known_returns_user_unknown which have been integrated upstream. * Merge one last bit of patch 053 into patch 043, where it should have been in the first place * Patch 057: SELinux support: - add support to pam_unix for copying SELinux security contexts when writing out new passwd/shadow files and creating lockfiles - support calling unix_chkpwd if opening /etc/shadow fails due to SELinux permissions - allow unix_chkpwd to authenticate for any user when in an SELinux context (hurray!); we depend on SELinux policies to prevent the helper's use as a brute force tool - also support querying user expiration info via unix_chkpwd - misc cleanup: clean up file descriptors when invoking unix_chkpwd (closes: #248310) - make pam_rootok check the SELinux passwd class permissions, not just the uid - add new pam_selinux module (closes: #249499) * Build-depend on libselinux1-dev. * Fix pam_getenv, so that it can read the actual format of /etc/environment instead of trying to read it using the syntax of /etc/security/pam_env.conf; thanks to Colin Watson for the patch. Closes: #327876. * Set LC_COLLATE=C when using alphabetic range expressions in debian/rules; bah, so *that's* what kept happening to my README file when trying to build out of svn! Closes: #295296. * Add a reference to the text of the GPL to debian/copyright. -- Steve Langasek Sun, 25 Sep 2005 22:08:20 -0700 pam (0.76-23) unstable; urgency=low * Fix Gcc 3.4 compilation, Closes: #259634 * Note that pam.conf is not read if /etc/pam.d exists, Closes: #248928 * Fix typo in pam_env.conf, Closes: #277633 -- Sam Hartman Sun, 10 Jul 2005 16:42:25 -0400 pam (0.76-22ubuntu3) breezy; urgency=low * Fix pam_getenv, which never worked: - Parse /etc/security/pam_env.conf using its own syntax, and then /etc/environment using its own syntax rather than the syntax of /etc/security/pam_env.conf. - 'my $val' was used in an incorrect scope; fixed. - Exit non-zero if the requested environment variable is not found. -- Colin Watson Mon, 12 Sep 2005 18:32:54 +0100 pam (0.76-22ubuntu2) breezy; urgency=low * debian/rules: Install unix_chkpwd setgid shadow instead of setuid root. This only breaks when using NIS lookups, therefore the new nis package dpkg-statoverrides it back to setuid root while being installed. (Debian #155583, http://udu.wiki.ubuntu.com/ProactiveSecurityRoadmap) * debian/control: Added conflict to nis (<< 3.13-3ubuntu1): This is the version that corrects the permissions for usage with NIS. -- Martin Pitt Fri, 17 Jun 2005 12:34:23 +0200 pam (0.76-22ubuntu1) breezy; urgency=low * Fix FTBFS with gcc-3.4 (closes: #259634). Ubuntu 9037. -- Matthias Klose Wed, 4 May 2005 18:14:51 +0200 pam (0.76-22) unstable; urgency=medium * Add uploaders * Document location of repository * Fix options containing arguments in pam_unix, Closes: #254904 -- Sam Hartman Mon, 28 Jun 2004 14:28:08 -0400 pam (0.76-21) unstable; urgency=medium * Fix patch 055 again because -20 was broken and didn't actually fix the problem. -- Sam Hartman Tue, 4 May 2004 21:37:38 -0400 pam (0.76-20) unstable; urgency=medium * Update to patch 55 to only check securetty when we are sure the password is null, Closes: #243698 * Medium urgency because the version now in testing has confusing and verbose log messages. * Include pam_getenv script which hopefully will be used by some people somewhere for some purpose -- Sam Hartman Wed, 28 Apr 2004 22:51:18 -0400 pam (0.76-19) unstable; urgency=low * Oops, too busy testing the upgrade from woody to make sure the upgrade from -16 to -18 worked. Thanks to all those who reported, Closes: #243413 -- Sam Hartman Tue, 13 Apr 2004 16:08:54 -0400 pam (0.76-18) unstable; urgency=low * Manipulate conffiles to avoid unnecessary prompt in woody to sarge upgrade, Closes: #218318 -- Sam Hartman Sat, 10 Apr 2004 18:10:35 -0400 pam (0.76-17) unstable; urgency=low * common-password now includes length restrictions and cracklib examples, Closes: #227681, #237537 * Patch 054: abstract out the logic from pam_securetty to determine if a tty is in /etc/securetty into a library function * Patch 55: Add nullok_secure option to pam_unix. If set, then null passwords are accepted from terminals in /etc/securetty. * common-auth now includes nullok_secure, Closes: #228114 -- Sam Hartman Sun, 4 Apr 2004 23:10:11 -0400 pam (0.76-16) unstable; urgency=low * Patch 51 from the x86-64 folks to support 32-bit ll_time in pam_lastlog even if time_t is 64-bits * Don't call openlog in pam_unix (patch 52), Closes: #213566 * Return PAM_USER_UNKNOWN for unknown users in pam_unix (patch 53), Closes: #204506 -- Sam Hartman Tue, 23 Mar 2004 22:26:04 -0500 pam (0.76-15) unstable; urgency=low * Fix description of libpam-runtime, Closes: #209755 * Fix description of libpam-cracklib, Closes: #210014 * Depend on libc6-dev|libc-dev not libc6-dev, Closes: #212354 * Clean up binaries, Thanks Russell, Closes: #212158 * Depend on sufficiently new cracklib2-dev, Closes: #214092 * Treate GNU/* as GNU for OS variable to make pam_limits compile, (patch 050) Closes: #220980 * No longer build-depend on latex2html, Closes: #221318 * Allow : in tty specification for pam_group, (patch 048) Closes: #220439 * Pull in locking patch from Linux-PAM CVS; this ended up causing 021_pam_nis_locking to be reworked and that patch now no longer contains locking fixes, but just NIS cleanup in general. See 049_pam_unix_sane_locking for the locking changes, Closes: #220158 -- Sam Hartman Mon, 12 Jan 2004 02:23:59 -0500 pam (0.76-14) unstable; urgency=low * Pull in NMU diff from 13.1, Closes: #186011 * Split out common-password into its own file, Closes: #207497 * Make other a conffile again and update to @include stuff * Add missing symlink, Closes: #196605 * Remove undocumented manpages * Update PAM mini-policy -- Sam Hartman Mon, 1 Sep 2003 18:08:54 -0400 pam (0.76-13.1) unstable; urgency=low * NMU with maintainer's permission. * Add three new config files (/etc/pam.d/common-{auth,account,session}) to libpam-runtime. Other packages which depend on libpam-runtime can now @include these files from their own PAM configs. * Convert /etc/pam.d/other from a conffile to a non-conffile config file. Closes: #186011. * Remove empty libpam-runtime.prerm script (debhelper will autocreate if needed) -- Steve Langasek Tue, 19 Aug 2003 19:41:03 -0500 pam (0.76-13) unstable; urgency=low * Nope, that dependency didn't work, so let's remove it. If we run into other module versioning issues, I now have an arm build environment to debug with. Closes: #198618 -- Sam Hartman Mon, 7 Jul 2003 00:22:34 -0400 pam (0.76-12) unstable; urgency=low * Fix group.conf example, (patch 046) Closes: #197080 * Ignore module return value in jumps, (patch 045) Closes: #176693 * Accept string value for chroot limit, thanks Andrei Pelinescu-Onciul, Patch (047), Closes: #196903 * Depend on libpam-modules instead of conflicting with older versions. This creates a circular dependency between libpam0g and libpam-modules. James says this works fine; we hope he's right. Closes: #196949 -- Sam Hartman Sat, 21 Jun 2003 17:19:29 -0400 pam (0.76-11) unstable; urgency=low * Don't allow db4 to satisfy build-depends because it doesn't actually work, and sometimes building with it would be wrong. * Don't depend on libpcap-dev on Debian BSD * Conflict with old libpam-modules, Closes: #191906 * Incorrect username should not be logged at alert (patch 43), Closes: #175900 * Patch to support FreeBSD (patch 44, thanks Robert), Closes: #191906 -- Sam Hartman Sat, 31 May 2003 19:55:26 -0400 pam (0.76-10) unstable; urgency=low * Don't double list conffiles, Closes: #190954 * Only install example sources not executables, Closes: #185286 * Display correct directory in error message for pam_mkhomedir, patch 042 thanks to Akira TAGOH, Closes: #165240 * Don't log EPERM when setting NOFILE limit as Linux doesn't let you set that to -1, Closes: #180310 * Add newline to end of distributed time.conf, Closes: #172229 * Up our standards version and support noopt in DEB_BUILD_OPTIONS -- Sam Hartman Sat, 3 May 2003 22:28:37 -0400 pam (0.76-9) unstable; urgency=low * Fix pam_rhosts hurd patch so it actually works, Closes: #172914 * Fix patch 040 not to clobber errno when logging the error fails, Closes: #172186 * Fix dependency for linuxdoc-tools, Closes: #173097 -- Sam Hartman Sun, 15 Dec 2002 17:10:58 -0500 pam (0.76-8) unstable; urgency=low * Have makefile appropriately depend on bootstrap-libpam * Install pam minipolicy, Closes: #167798 * Don't segfault if ttyname is null; this avoids the segfault but does not actually make pam_issue useful for ssh. I believe the way pam_issue works is fundamentally incompatible with what sshd expects from PAM (patch 037), Closes: #153152 * We actually fixed passwords containing , in 0.76-6, but failed to document it. They do work, Closes: #164713 * Note that /etc/pam.d/other is a fall back for each service * Patches from Michal 'hramrach' Suchanek" to make HURD work, Closes: #165066 (patch 038 and 039) * Don't depend on gs and other doc prep tools for build-depends, just build-depends-indep, Closes: #165065 * Patch from Eric Anderson to log failures of setrlimit (patch 040), Closes: #169836 * Build pam_limits on hurd, Closes: #165190 -- Sam Hartman Sun, 24 Nov 2002 22:04:28 -0500 pam (0.76-7) unstable; urgency=low * Fix handling of pam_ignore in case where we're skipping modules; update to patch 034 -- Sam Hartman Sun, 20 Oct 2002 21:49:22 -0400 pam (0.76-6) unstable; urgency=low * The "No, I don't think I actually want any of what upstream is smoking" release * If this were already in testing, this would be an severity emergency upload * pam_unix currently treats * in shadow file as no password not disabled; major security issue; fixed in upstream CVS, (patch 035) Closes: #164659 * OK, I think this actually fixes the rest of the manpage symlinks, Closes: #163839, #164298 * You don't want to use getlogin for pam_wheel because utmp may be wrong or for xterm have no entry, pull forward patch from the 0.72 packages (patch 036), Closes: #163787 -- Sam Hartman Tue, 15 Oct 2002 10:44:56 -0400 pam (0.76-5) unstable; urgency=low * Fix library links from 0.75 to 0.76 * Ignore PAM_IGNORE in _pam_dispatch_aux (patch 34), Closes: #163841 * Fix man page symlinks, Closes: #163839 -- Sam Hartman Fri, 11 Oct 2002 01:08:06 -0400 pam (0.76-4) unstable; urgency=low * Upstream correctly states that one should use gcc not ld when linking and then hapilly proceeds to actually use ld, fixed, Closes: #163711 * Remove experimental warning from readme, Closes: 163742 -- Sam Hartman Mon, 7 Oct 2002 23:45:53 -0400 pam (0.76-3) unstable; urgency=low * Oops, let's try building -fpic. This currently builds everything -fpic which is somewhat wrong, but doing more than that requires significant build system hacking (touch every makefile for dynamic objects), so it will wait, Closes: #163600 -- Sam Hartman Sun, 6 Oct 2002 23:33:12 -0400 pam (0.76-2) unstable; urgency=low * Link against appropriate libraries so we find the symbols we need, Closes: #162175 * The if everyone's going to complain when I upload broken software to experimental release, I might as well upload to unstable and give them something worth actually complaining about release. * Also the remove the scourge of dbs release * Include patch 034 from the 0.72 packages, meaning that we've included all the patches we need before release * Reject the patch to pam_wheel as I cannot find out what reasonable thing it was trying to do and it seemed broken * libpam-cracklib should depend on wordlist so it actually works; thanks Olaf Meeuwissen, Closes: #112965 * Merge build-depends and build-depends-indep because I'm a bad person and was too lazy to make docs build in a separate pass. I'll deal in a few versions. -- Sam Hartman Sun, 6 Oct 2002 18:52:13 -0400 pam (0.76-1) experimental; urgency=low * New upstream version * Upstream includes fix to not break cron, Closes: 160566 * New Upstream correctly handles priority < 0 for pam_limits, Closes: #126251 * .cvsignores removed, Closes: #159961 -- Sam Hartman Sun, 22 Sep 2002 16:11:35 -0400 pam (0.75-3) experimental; urgency=low * Apply patch 027 pam_limits so that we initialize to wide open not current limits. * In pam_mail, don't complain about deleting environment variable if we never set it, Closes: #58429 * Don't set default max procs limit in pam_limits, Closes: #116874 * libpam-runtime now arch all since it has no arch-specific files, Closes: #132545 * Update mini policy to reflect confusion on debian-devel -- Sam Hartman Tue, 16 Jul 2002 09:30:50 -0400 pam (0.75-2) experimental; urgency=low * Fix pam_userdb to build and to build against db3, fixes patch 020 * Fix upstream makefile so pam_group has valid configuration, closes: #148657 * time.conf reference to logoutd removed, closes: #143801 * The static library contains all the appropriate symbols in this version. You may find the complete lack of PAM modules somewhat frustrating; currently the static pam library is only useful if you register your own modules. Fixing this would require annoying hacking on the upstream build system, closes: #103495 * unix_chkpwd.8 typo fixes thanks to dancer@anthill.echidna.id.au, Closes: #139949 * Since we're working on the new upstream version, we also have the new docs, closes: #147763 * Patch from Martin Schwenke to only change passwords in pam_unix when they exist in the password file; hopefully does not break NIS, closes: #135990 * Another patch from Martin to return PAM_USER_UNKNOWN if we ever actually do get into the password changing routine only to find that we have no password to change, closes: #135604 * .cvsignore no longer installed, closes: #120795 * We're using debhelper 3, just in time to be obselete, Closes: #93414 -- Sam Hartman Sat, 8 Jun 2002 18:04:40 -0400 pam (0.75-1) experimental; urgency=low * Preliminary test packages * New upstream version * Hopefully works mostly the same as 0.72 except for upstream bug fixes and for the fact that pam_limits is fairly broken right now. * If it breaks you are lucky if you get to keep both pieces release. -- Sam Hartman Sat, 25 May 2002 22:57:57 -0400 pam (0.72-35) unstable; urgency=medium * Fix like_auth to make libpam-krb5 and libpam-heimdal actually useful, patch from RISKO Gergely , closes: #126251 -- Sam Hartman Mon, 21 Jan 2002 15:20:22 -0500 pam (0.72-34) unstable; urgency=medium * Note that HOME may not be useful in pam_environment, closes: #109281 * Don't smash case domains (groups/users) in pam_limits, closes: #119893 * Remove double the from description, closes: #107705 * Fix typo on mail message, closes: #119689 * Medium since these are small fixes that should go into woody -- Sam Hartman Fri, 23 Nov 2001 21:24:20 -0500 pam (0.72-33) unstable; urgency=low * Fix pam_mail to look in /var/mail not /var/spool/mail, thanks mjb. -- Sam Hartman Thu, 11 Oct 2001 15:44:32 -0400 pam (0.72-32) unstable; urgency=medium * This should probably get into testing before freeze; medium. * Patch from Volker Stolz to fix bug in previous pam_group patch, closes: #111854 -- Sam Hartman Sat, 22 Sep 2001 06:32:29 -0400 pam (0.72-31) unstable; urgency=low * Add support for credential reinitialization in pam_group, closes: #108697 -- Sam Hartman Fri, 31 Aug 2001 13:16:39 -0400 pam (0.72-30) unstable; urgency=low * Include patch from robbe@orcus.priv.at to build pam_limits on hurd, closes: #103556 * Start installing limits.conf for hurd (may not work quite right) -- Sam Hartman Mon, 16 Jul 2001 09:35:51 -0400 pam (0.72-29) unstable; urgency=low * Correctly declare uint32 type for ia64, closes: #104584 -- Sam Hartman Sat, 14 Jul 2001 01:30:39 -0400 pam (0.72-28) unstable; urgency=low * Fix scanf string so pam_limits chroot works, closes: #100812 * Only log unknown user at warning, not alert, closes: #95220 * By default do complete matches not substring matches for pam_time. You can include explicit wildcard for substring, closes: #66152 -- Sam Hartman Tue, 3 Jul 2001 17:31:45 -0400 pam (0.72-27) unstable; urgency=low * Fix typo in last patch -- Sam Hartman Mon, 25 Jun 2001 18:27:42 -0400 pam (0.72-26) unstable; urgency=low * Block SIGCHLD when calling unix password verification program, patch from mdz@debian.org, fixes pam part of #97977 -- Sam Hartman Mon, 25 Jun 2001 08:47:12 -0400 pam (0.72-25) unstable; urgency=medium * Depend on opensp, working around #89063, closes: #100125 * This is urgency medium to get docs back into testing. -- Sam Hartman Fri, 8 Jun 2001 11:44:12 -0400 pam (0.72-24) unstable; urgency=low * New NIS double locking and root password patch from Philippe Troin , fixes bug in unreleased patch submitted for 0.72-23. Also improves changing root password so it does something; ongoing discussion on whether this is right. -- Sam Hartman Mon, 21 May 2001 08:06:05 -0400 pam (0.72-23) unstable; urgency=low * Patch from Benoit Gaussen , Don't trim from , to end of string in user input, only trim from salt grabbed from passwd file, closes: #96779 * Fix NIS double locking, closes: #96736 -- Sam Hartman Wed, 16 May 2001 15:46:34 -0400 pam (0.72-22) unstable; urgency=low * Fix pam.8 to be pam.7, closes: #92874 -- Sam Hartman Tue, 17 Apr 2001 23:04:04 -0400 pam (0.72-21) unstable; urgency=low * Don't depend on libcap for hurd, closes: #91998 * Don't list scurity/limits.conf as a conffile for hurd -- Sam Hartman Mon, 9 Apr 2001 12:30:18 -0400 pam (0.72-20) unstable; urgency=low * Install pam-undocumented in -runtime not -dev, closes: #93063 * Mark pam-runtime as replacing files from -dev in case you installed -19 and have pam-undocumented in the wrong place -- Sam Hartman Fri, 6 Apr 2001 06:38:15 -0400 pam (0.72-19) unstable; urgency=low * New maintainer, closes: #92353 * Install pam-undocumented; somehow it was not installed in -18 -- Sam Hartman Wed, 4 Apr 2001 21:32:17 -0400 pam (0.72-18) unstable; urgency=low * pam_securetty: log failed tty checks. Normally this was only done if the "debug" option was on...do it regardless now, closes: #89390 * Get rid of log message for when "root" is not applied to group checks. closes: #88825 * Add quiet option to pam_listfile, closes: #84428 * pam(8) should be pam(7), pam.conf(8) should be pam.conf(5), closes: #89322 * Added groff to Build-Depends-Indep, closes: #88794 -- Ben Collins Sun, 25 Mar 2001 21:40:32 -0500 pam (0.72-17) unstable; urgency=low * Fixed login in pam_limits where the max logins could be ignored. -- Ben Collins Fri, 9 Mar 2001 09:14:48 -0500 pam (0.72-16) unstable; urgency=low * New pam limits cap patch from Topi Miettinen , closes: #88401, #88406, #88525, #88399, #86197 * pwdb no longer used, closes: #59917 * fix patch 023 for gethostbyname build failure, closes: #86156 * Make sure unix_chkpwd gets installed as suid root, closes: #88519 * Fix whatis parse of manpages, closes: #86203 * pam_listfile, fix arg parsing when arg does not contain '=', closes: #86070 -- Ben Collins Sun, 4 Mar 2001 22:45:58 -0500 pam (0.72-15) unstable; urgency=low * Doh, added build-depends for libcap, closes: #85352 * Change section of libpam-cracklib from admin to libs to match overrides. -- Ben Collins Fri, 9 Feb 2001 09:06:40 -0500 pam (0.72-14) unstable; urgency=low * Added fix to pam_access for gethostname decleration. closes: #82100 * Just name the lib/security directory instead of all the modules seperately for dh_movefiles. closes: #76119 * Fix pam_env corruption, closes: #66849, #77229 * Add patch to allow recursive /etc/skel copy in pam_mkhomedir, closes: #67211 * remove dh_suidregister call, added conflict for old suidregister package * Applied patch for Linux capabilities in pam_limits, closes: #74176 * pam_issue.so works for me, without segv, and even with escapes. This is with login. Note, things like pam_issue do not work with ssh simply because ssh is not able to work in that way (does not support arbiitrary conversations). So if you want it to work there, file a bug on ssh, not on libpam-modules. closes: #77228 * unix_chkpwd: check for NULL password, closes: #69960 -- Ben Collins Thu, 8 Feb 2001 11:06:03 -0500 pam (0.72-13) unstable; urgency=low * Fix grammar in pam_source.sgml, closes: #78959 * pam_undocumented.7: Fix escaped 's, closes: #75987 * Fix build ordering, closes: #71442, #80397, #77017 * Applied Hurd patch, closes: #76119 * Use gcc for linking, not ld. closes: #71941 * Pretty sure this was fixed, closes: #67172 * Applied spealang fixes to Debian-mini-policy. closes: #80249 * Applied patch to allow devfs style terminal devices with pam_group, closes: #77661 * Could not reproduce, even using md5 passwords. User, if you still have * this problem, you need to tell me with what service (login, which I tested, sshd, telnet, etc...) and also send me the entire pam.d file for that service. closes: #76087 * Fixed awhile back, closes: #72858 * Closing this since I am not going to include any modules in this package that aren't in upstream. If someone else wants to package these modules seperately, they can do so. closes: #69550 * For correct usage, pam_wheel.so should be used with "sufficient" and not "required". This is documented. If you use "required", then you must also use the "trust" option, but that doesn't give you the results you want. closes: #76236 -- Ben Collins Sun, 31 Dec 2000 05:38:23 -0500 pam (0.72-12) frozen unstable; urgency=low * Recompile against db2 for glibc change * Add db2 to build-deps -- Ben Collins Wed, 27 Sep 2000 12:08:11 -0400 pam (0.72-11) frozen unstable; urgency=low * Removed all traces of pwdb in packages. libpwdb has been removed from the archive. This means that the pam_pwdb and pam_radius modules are no longer available (from the libpam-pwdb package). * doc/modules/pam_wheel.sgml: Really spell out that being a member of a group meands the user is listed in /etc/group, closes: #69242 * doc/*: s/PAM_AUTHOK_RECOVERY_ERR/PAM_AUTHOK_RECOVER_ERR/g, closes: #64473 * pam_wheel: PAM does not distinguish it, the libc calls make the distinction. The users gid is returned in their passwd info, while getgrent() returns only the members of the group listed in /etc/group. This is ok, because if it's really that important, you can actually have it in both places. The fact that it's documented should suffice in making this clear, closes: #69236 * Sorry, but seperate modules generally need to be packaged seperately. I don't want to overload this package with everyone's pet module, so I have to put my foot down, closes: #61759 * Actually, I'm going to move in Woody to make packages depend more on the defaults in /etc/pam.d/other, so that admins have less to maintain. For one, all packages should not have a password service listed, closes: #70000 (YAY! I got the 70k rollover bug number!) * Sorry, I can't include this. "," is a legitimate char in a password salt/hash. If you can code up something that is super intelligent about lenghts of the field, I can go for it, maybe, closes: #59459 * modules/pam_limits: Added chroot feature patch, closes: #61090 * modules/pam_access: Allow last field to contain ':', closes: #67291 * modules/pam_limits: Allow explicit limits for root, closes: #62448 * modules/pam_unix: Do not zero old/new password fields, libpam does this itself, and doing so in the module breaks stacking, closes: #66270 * modules/pam_group: Allow alpha *and* numeric in tty field (duh), closes: #63752 * modules/pam_access: Enable NIS, closes: #64854 * libpam0g-dbg: removed, useless anyway -- Ben Collins Wed, 30 Aug 2000 18:39:32 -0400 pam (0.72-10) frozen unstable; urgency=low * Update build depends * Fixed logic for showing non-existent user names when auth failed in pam_unix.so, closes: #67786 (thanks to Jim Breton for being patient in helping track this down). It would sometimes show them, even if we didn't want to. -- Ben Collins Thu, 27 Jul 2000 09:17:08 -0400 pam (0.72-9) frozen unstable; urgency=low * pam_unix: do not call obscure_msg() of pass_old is NULL, closes: #65321 * pam_access: check for from[0] == '\0' so that tty logic is actually used, closes: #65401 -- Ben Collins Wed, 14 Jun 2000 11:38:35 -0400 pam (0.72-8) frozen unstable; urgency=low * Build depends added in previous version, closes: #60817, #61439 * Allow use of ":0" in group.conf, closes: #61966 * Added syslog entry to notify that a user succesfully changed their password, closes: #61724 * Make pam_unix compatible with HP-UX style NIS+ password information, patch from ldaffner@rsn.hp.com, closes: #61942 * If "audit" is not enabled, don't let pam_unix print the names of unknown users for auth attempts, closes: #61942 * Fixed ttyname() parsing in pam_access to match that of the old shadow access.conf s,/dev/,, closes: #61644 * Set some sane defaults for pam_limits.so instead of carrying over potentially bad defaults, patch from Peter Paluch closes: #63230 * Allow explicit (e.g. specified specifically for) limits for root, patch from Topi Miettinen , closes: #62448 * Added information to time.conf about logoutd, which is now enabled via this file. * cracklib maintainer claims this isn't a bug, closes: #54180 * fixed control syntax handling which was causing segfaults, closes: #62237 -- Ben Collins Sat, 29 Apr 2000 11:39:59 -0400 pam (0.72-7) frozen unstable; urgency=low * pam_limits: fix parsing of users which explicitly removes limits, closes: #59911, #60287 * Added build-depends -- Ben Collins Mon, 20 Mar 2000 16:06:28 -0500 pam (0.72-6) frozen unstable; urgency=low * Remove conflict for libpam0g-util from libpam0g and put it in libpam-runtime. This should fix a problem with upgrades that apt experiences, closes: #58677 -- Ben Collins Mon, 28 Feb 2000 14:05:28 -0500 pam (0.72-5) frozen unstable; urgency=low * Added obscure password checks to pam_unix. Required for shadow to be able to emulate the pre-PAM setup (referenced in a bug on passwd). * Applied patch from #57800 to fix NIS/NIS+ shadow accounting checks, closes: #57800, #58164 * Fixed two typos in the PAM System Administrators Guide, closes: #56578, #56587 -- Ben Collins Mon, 28 Feb 2000 10:58:09 -0500 pam (0.72-4) frozen unstable; urgency=low * unix_chkpwd: check for NULL on stdin aswell as 0 reads, closes: #56375 * pam_unix/Makefile: removed bashism, closes: #56370 * fixed in shadow upload, closes: #49832 -- Ben Collins Sat, 29 Jan 2000 00:27:28 -0500 pam (0.72-3) unstable; urgency=low * Added cpluplus wraps in all the headers, closes: #53653 -- Ben Collins Sun, 2 Jan 2000 15:15:40 -0500 pam (0.72-2) unstable; urgency=low * Well, this is an odd one. A recompile fixes it. So it must have been a problem from linking with 0.71 when this is version 0.72. All of this build daemons seem to have compiled the latest 0.72, so this should be resolved after this gets recompiled on all of them, closes: #51619, #49584 * This is from a very old version (0.56) of libpam0. It is not relevant to the latest version, closes: #47162 -- Ben Collins Sun, 26 Dec 1999 09:10:13 -0500 pam (0.72-1) unstable; urgency=low * New upstream source release, lots of patches merged upstream (thanks Andrew). * libpam-doc: now provides pam-doc, closes: #45631 * cleanups to the build system * shlibs.local: bumped shlib deps -- Ben Collins Tue, 14 Dec 1999 11:17:36 -0500 pam (0.71-3) unstable; urgency=low * Debian-PAM-MiniPolicy: new document describing how PAM is implemented in Debian -- Ben Collins Fri, 26 Nov 1999 17:26:40 -0500 pam (0.71-2) unstable; urgency=low * pam_listfile: lstat -> stat, closes: #49833 * pam_tally: install the pam_tally program, closes: #50314 * debian/control: libpam-modules, replaces libpam0g-util, closes: #50716 -- Ben Collins Thu, 25 Nov 1999 21:02:23 -0500 pam (0.71-1) unstable; urgency=low * New upstream release, merges lots of patches from the Debian source, also merges the pam_{motd,mkhomedir,issue} modules into the main source. Lots of minor bugs fixed, and compiler warnings * pam_mail: Reimplemented the authentication handlers, so now this works as both (changes nothing in Debian, but was required to get the patch accepted upstream) * general: Lots of small edits to fix compiler warnings * pam_userdb: fixed potential usage of an unitialized value as PAM_AUTHTOK, doesn't look particularly exploitable, but better safe than sorry -- Ben Collins Mon, 8 Nov 1999 19:21:52 -0500 pam (0.70-4) unstable; urgency=low * pam_wheel/pam_wheel.c: change to use getpwuid(getuid()) by default, so avoid the problems associated with getlogin() -- Ben Collins Mon, 1 Nov 1999 13:33:10 -0500 pam (0.70-3) unstable; urgency=low * Applied patch from Herbert Xu to enable PAM_CONV_AGAIN support in pam_ftp, closes: #47288 -- Ben Collins Wed, 13 Oct 1999 13:25:21 -0400 pam (0.70-2) unstable; urgency=low * 100_pam_pwdb_security_fix: new patch fixes security problem with regard to NIS accounts -- Ben Collins Wed, 13 Oct 1999 11:42:41 -0400 pam (0.70-1) unstable; urgency=low * New upstream release * Seems there were a lot of fixes merged/matches upstream, looks good, (maybe it's time I start sending my patches in, since the maintainer is active again). * libpamc: new library (libpam client library), this actually used to be in the Debian packages for a few versions, but it was removed upstream. Guess what, it's back :) -- Ben Collins Sun, 10 Oct 1999 01:07:43 -0400 pam (0.69-11) unstable; urgency=low * {pwdb,unix}_chkpwd.8: fixed format to get rid of "no whatis" warnings from mandb, closes: #47004 * pam_unix.sgml: new file, documents the pam_unix.so module, closes: #46511 -- Ben Collins Sat, 9 Oct 1999 12:41:58 -0400 pam (0.69-10) unstable; urgency=low * libpam/pam_item.c: fixed debug message being in wrong place * 013_pam_issue: new patch, provides issue file parsing for PAM applications (helps to replace lost functionality in login). -- Ben Collins Wed, 6 Oct 1999 20:30:17 -0400 pam (0.69-9) unstable; urgency=low * Fix typo in pam_mail.so module's "no" return -- Ben Collins Sun, 3 Oct 1999 15:08:56 -0400 pam (0.69-8) unstable; urgency=low * docs/modules/pam_mkhomedir.sgml: Fixed module name * changed build system structure * libpam/Makefile: add -lcrypt to the linked libs, closes: #46104 * increase shlib deps to 0.69-7, closes: #45801 * pam_motd.c: close motd file after reading, closes: #46122 * pam_motd.c: fix setting \0 in the wrong place when motd file is zero length, closes: #45686, #45632 * pam_unix_acct.c: allow '0' to denote disabled for some expiry fields since chage(1) documents it this way, closes: #45446 * pam_mail.c|modules/pam_mail.sgml: added 2 options, one "standard" to give the old style "You have ..." response and "quiet" which only reports new mail for both formats, documented both options, closes: #45670 * with the new pam_unix module, this bug is fixed, closes: #42230 * pam_limits.c: make sure that we not only ignore limits on root, we also remove them just in case we are su'ing from a limited user to the root account (since as root they can remove the limits anyway), closes: #35302 -- Ben Collins Sun, 3 Oct 1999 12:07:28 -0400 pam (0.69-7) unstable; urgency=low * debian/rules: fixed module_check * pam_env/pam_env.c: fixed env parsing to include values wrapped in '' and also allow continued lines with a trailing '\'. * pam_motd,pam_mail: converted to session modules, so that they could be ordered with the lastlog module * updated default pam.d/login to reflect above change (now login looks the same as the non-PAM version, lastlog, then motd, and then mail check) * pam_motd: removed extraneous \n from output * modules/pam_limits/pam_limits.c: Fixed parsing of lines with only "domain -", which was documented as being able to get rid of limits for that user or group. * debian/control: (libpam-cracklib) Added depends for cracklib-runtime, closes: #45488 * modules/pam_env.c: Fixed /etc/environment parsing causing segfaults on long lines, closes: #45408 -- Ben Collins Sun, 19 Sep 1999 13:50:40 -0400 pam (0.69-6) unstable; urgency=low * Install unix_chkpwd suid root, it's needed for NIS to work without modification to the binary. * modules/pam_limits/pam_limits.c: hmm, some how I got a strange broken patch left over from the source upgrade...removed all but the pwdb purging, closes: #45088 * modules/pam_env/pam_env.c: Changed to a debug message, instead of a syslog message when /etc/environment does not exist. -- Ben Collins Wed, 15 Sep 1999 04:25:21 -0400 pam (0.69-5) unstable; urgency=low * Removed libpam0g's preinst check for full paths in the pam.d files, this should really be a lintian check at build (i think the old libpam could not work like this, but hey...things change for the better some times. This PAM works fine like that). closes: #45001 +NOTE: Debian packages should not reference modules by the full path so they don't break if I ever decide to move the modules to a different default directory. Only the admin should reference full paths and only for locally installed modules. I have submitted a request to check for this in lintian along with a few other devious things. * debian/patches/008_pam_mkhomedir: Fix title of sgml doc * modules/pam_userdb/Makefile: added patch for building against glibc 2.0 (request from Roman Hodek), closes: #45064 -- Ben Collins Tue, 14 Sep 1999 06:12:34 -0400 pam (0.69-4) unstable; urgency=low * Link all dynamic modules with libpam. For some reason, alpha doesn't like it when we don't -- Ben Collins Mon, 13 Sep 1999 06:01:40 -0400 pam (0.69-3) unstable; urgency=low * doc/modules/pam_cracklib.sgml: changed to correct path for cracklib_dict reference. * modules/pam_env/pam_env.c: now groks bash style env's from /etc/environment to be compatible with other programs that use it. * modules/pam_securetty/pam_securetty.c: don't just plain fail when root isn't allowed to login, fake a password request just like any good auth module would. Keeps us from letting them know that they are doing something bad :) * modules/pam_{motd,mkhomedir}: merged these two modules into this source, also wrote corresponding sgml files for libpam-doc, closes: #40754 * debian/control: Moved libpam0g, libpam-modules and libpam-runtime to base with required priority since login depends on them and policy will require this -- Ben Collins Sat, 11 Sep 1999 08:06:02 -0400 pam (0.69-2) unstable; urgency=low * Modified build so that it uses libs and headers in the build tree rather than on the local system. This involved changint the build order slightly and should make it easier to compile on new archs. * Modified pam_limits so that it was invoked during pam_sm_setcred() instead of during pam_sm_session_open() so that it will work with shadow's su. * Fixed missing symbols in libpam.so, they were caused by it thinking it was supposed to have static modules built in. * Fixed problem where libpam was getting built with -DDEBUG * pam_unix_passwd.c: Changed the perms on shadow to be 0.42 and 0640 instead of 0.0 and 0600 * unix_chkpwd: fix it not being sgid shadow -- Ben Collins Thu, 9 Sep 1999 13:52:01 -0400 pam (0.69-1) unstable; urgency=low * New upstream source - Now with a new and improved pam_unix module, closes: #38631 - Lot's of documentation cleanups * Converted build system to dbs (doogie's build system, aka Adam Heath) * Fixed libpam.so compilation so that it did not link with any of the modules (this was causing lot's of problems, closes; #43913, #40739 * modules/pam_ftp/pam_ftp.c: Fixed sizeof, to use strlen, closes: #44054, #41845, #44142, #39129, #39871, #44412 * Postscript pages are now generated correctly, closes: #41608 * Moved to FHS compliance (including use of debhelper 2.0.40), this also raises the policy version to 3.0.1.1 * Don't check the paths in /etc/pam.d files anymore. This is old and causes nothing but complaints, closes: #39747 * Build libpam0g-dbg with debuggable static and shared libraries, also enabled the internal DEBUG_REL compile flag for these so that the debugging messages will also be output -- Ben Collins Tue, 7 Sep 1999 17:45:20 -0400 pam (0.66-10) unstable; urgency=low * Added ability for pam_env to parse /etc/environment and updated docs to reflect it * Applied patch for pwdb_chkpwd man page, closes: #38976 * Merged pam_unix_*.so modules into one pam_unix.so with symlinks for backward compatibility. This helps centralize this module the same way the pam_pwdb.so is and the way pam_unix.so is on other operating systems (commercial ones specifically). * Closed by pam-apps upload, closes: #38632 * Fixed `sgml2latex' syntax, closes: #39119 * Added doc-base support, closes: #37627 -- Ben Collins Wed, 16 Jun 1999 01:20:23 -0400 pam (0.66-9.1) unstable; urgency=low * SPARC NMU to fix chown symbols when compiling with glibc 2.1.1 -- Ben Collins Tue, 11 May 1999 13:33:33 +0000 pam (0.66-9) unstable; urgency=low * Changed the debian/rules to not mess with the library symlinks (ie running ldconfig in the lib dir) and all is well, closes: #36169 -- Ben Collins Sun, 18 Apr 1999 09:09:51 -0400 pam (0.66-8) unstable; urgency=low * Compiled with libpam_client.so now (seperate lib in libpam0g) * Made regex for libpam0g postinst a little more specific so it didn't flag false problems. closes: #34626 * Applied patch to fix pam_ftp, closes: #35388 * Modified pam_mail and pam_lastlog to honor PAM_SILENT in order to enable apps to use hushlogin/PAM_SILENT * Fixed problem with libpam_client.so being static -- Ben Collins Mon, 15 Mar 1999 20:54:23 -0500 pam (0.66-7) unstable; urgency=low * Fixed XCASE in pam_filter.c (not really in glibc 2.1 by default) -- Ben Collins Sat, 6 Mar 1999 18:46:56 -0500 pam (0.66-6) unstable; urgency=low * Removed empty /lib/security/ from libpam0g (is created in libpam-runtime) * Added a depends for libpam-runtime to libpam0g (was supposed to be there, must have deleted it) * Removed empty /usr/bin from libpam-runtime (old directory where upperLOWER was) -- Ben Collins Wed, 24 Feb 1999 13:14:25 -0500 pam (0.66-5) unstable; urgency=low * Removed harcoded libc6 dependency from libpam0g-dev and changed it to libc6-dev. closes: #33615 * Added md5 flag for pam_unix_passwd.so * Removed upperLOWER program since it is just an example. Moved it's source to the examples directory in libpam-modules * Fixed documentation of pam_strerror() and examples. closes #31142 * Made pam_unix_passwd.so leave /etc/shadow mode 640 and root.shadow after changes * Fixed problem in pam_unix_auth that didn't let you su from a normal user to another normal user (ie. neither one was root) * Closing misc fixed bugs. closes #32809, #32274 (have been fixed, just need closing) * Tested lockvc with pam support, works for normal users (pam_pwdb) closes: #31150 * Changed /var/log/wtmp in pam_lastlog docs to reflect correct /var/log/lastlog file. closes: #26544 * Added -ldl to libpam.so, so apps don't have to -- Ben Collins Fri, 19 Feb 1999 18:47:30 -0500 pam (0.66-4) unstable; urgency=low * Changed pwdb_chkpwd to sgid shadow instead of suid root since it only needs read permissions to /etc/shadow and not write. * Moved a lot of files arouns to get rid of libpam-runtime dependencies * Put libpam-pwdb into it's own package * Removed -lpwdb links for modules since libpwdb is somewhat buggy (or alteast it's interaction with libpam is) * Fixed bug in pam_unix_passwd.so that caused it to never authenticate the correct passwd, making it so you couldn't change the passwd -- Ben Collins Tue, 16 Feb 1999 15:50:28 -0500 pam (0.66-3) unstable; urgency=low * Fixed defaults in /etc/pam.d/other to be pam_unix_*.so modules instead of the accidental pam_pwdb.so module * Fixed suid of pwdb_chkpwd (had to move dh_fixperms after dh_suidregister) * Added Replaces: libpam0g-util in order to help dpkg upgrade from older packages * Applied glibc 2.1 patch from Christian Meder. closes: #32809 * Moved libpam-doc to Section doc. closes: #32274 -- Ben Collins Fri, 12 Feb 1999 02:01:43 -0500 pam (0.66-2) unstable; urgency=low * Removed all of the versioned module stuff. Modules are now in /lib/security and stay there. Seems after discussion, that modules may not change as often as thought * Fixed suidregister for pwdb_chkpwd * Fixed incomplete descriptions in control file * This is a kludge to close some bugs since the last upload was yanked before being installed in the archive, closes: #16882, #30862, #7725, #10234, #10406, #12210, #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128, #9131, #9919, #19383, #5132, #14533, #25915, #28075, #31548, #31191 -- Ben Collins Tue, 2 Feb 1999 12:47:25 -0500 pam (0.66-1) unstable; urgency=low * New maintainer * New upstream release. closes: #16882, #30862, #7725 * Created a better split of the main lib and the runtime to kill the circular dependencies and make it possible to have two .so version of the library installed for upgrades. closes: #10234, #10406, #12210, bug #14291, #15528, #15529, #20660, #25330, #29868, #31088, #31128, bug #9131, #9919. * Harcoded modules directory prefixed with the .so version, and used alternatives to create the symlink to the 'default' modules directory. libpam will use the full path when specified, but use the versioned modules directory for relative names. * Put libpam0g-cracklib modules back in (own package). This means that cracklib support is _not_ in the static libpam.a, also cracklib support is _not_ in pam_unix_passwd.o, but only in pam_cracklib.so by itself. * Fixed a few typos in the source causing compile errors * Fixed source #include's so that pam _didn't_ have to be installed in order to compile the source ( changed from <> to "" ) * Removed empty directories from built packages * Opted not to build examples, only going to put *.c files in examples directory for libpam0g-dev * Moved *.sgml files for modules into their own directory (looks like that is what the original maintainer wanted to do, but it didn't go) * Moved doc build to arch-indep build in rules so that it doesn't get built when specifying -B with debuild/dpkg-buildpackage. * Moved `touch .quiet...' to build-stamp in order to have -B builds not ask about pam.conf * Split out non-standard modules to their own package, so as to make the base install smaller (planning for base inclusion here) * Created small manpage for pwdb_chkpwd. closes: #10941 * The Copright file in /usr/doc/*/ was already named copright and not compressed. closes: #14533 * Package is now lintian clean. closes #19383, #5132 * There is a maintainer now and the patch for #25915 is still included so.... closes: #25915 * Added check for editor backup files in /etc/pam.d (*~). closes: #28075 * Applied patch for md5.h in pam_pwdb module. closes: #31548 * Added support for dhelp in libpam-doc. closes: #31191 -- Ben Collins Wed, 20 Jan 1999 07:09:15 -0500 pam (0.65-0.8) frozen unstable; urgency=high * Marked PAM as orphaned, given that there has been no maintainer upload in almost two years. * [defs/debian.defs] Removed superflous cracklib2 dependency. (Urgent as cracklib still has release-critical bugs). (Fixes #30862). -- J.H.M. Dassen (Ray) Wed, 20 Jan 1999 09:34:35 +0100 pam (0.65-0.7) frozen unstable; urgency=high * Fixed security vulnerability in the pam_unix and pam_tally modules (reported by Michal Zalewski on bugtraq; patch A000-SECURITY-PATCH-0.65-and-below.gz by Andrey V. Savochkin). -- J.H.M. Dassen (Ray) Tue, 29 Dec 1998 16:20:18 +0100 pam (0.65-0.6) unstable; urgency=high * Fixed distribution of files over the various packages, which was severely messed up. * Added appropriate Replaces: to ensure upgrading from both the hamm version and previous slink versions. * Fixed debug libraries, PAM module loading. * Added examples. * Added a "pam-undocumented" manpage pointing to libpam-doc, and made links for functions without a manpage to that. -- J.H.M. Dassen (Ray) Sun, 11 Oct 1998 19:29:40 +0200 pam (0.65-0.5) unstable; urgency=low * Rewritten the preinst warning text (it still mentioned the search path). -- J.H.M. Dassen (Ray) Fri, 9 Oct 1998 14:23:18 +0200 pam (0.65-0.4) unstable; urgency=high * It looks like I misunderstood DEFAULT_MODULE_PATH: Linux-PAM does not currently seem to be easily configured to look for modules in more than one directory. With this version, it's configured to look only in /lib/security . -- J.H.M. Dassen (Ray) Fri, 9 Oct 1998 11:43:34 +0200 pam (0.65-0.3) unstable; urgency=medium * Moving the PAM modules to /lib/security broke netatalk. Added a preinst script to detect /etc/pam.d files with explicit paths to PAM modules, give a warning about them, and offer to abort the install (Fixes #27514). -- J.H.M. Dassen (Ray) Tue, 6 Oct 1998 20:10:43 +0200 pam (0.65-0.2) unstable; urgency=low * Argh. The tools didn't recognise -0.1 as a new upstream release, so my previous upload was rejected due to a missing .orig.tar.gz . -- J.H.M. Dassen (Ray) Sun, 4 Oct 1998 17:15:09 +0200 pam (0.65-0.1) experimental; urgency=low * New upstream version. * Non-maintainer upload. * Major package overhaul; now uses debhelper. * In experimental for now. *Please* provide feedback; if the feedback is positive, we can put this in slink. * Dropped libc5 support. * [libpam/pam_static.c] Fixed compilation: "pamh" was undefined; use "NULL". is this the correct fix? * [defs/debian.defs] New. * [Makefile] * Exit when a make in a subdirectory fails. * Compile statically too. * New variables: LC, LP, LPLIBS, DEFAULT_MODULE_PATH . * [libpam/Makefile] * Use DEFAULT_MODULE_PATH if nonempty. * Link libpam against LPLIBS. * [modules/*/Makefile] * Link the dynamic security objects against libpam and libc (LP and LC). * [modules/pam_pwdb/Makefile] * Link dynamic security objects against libcrypt and libnsl. * [conf/install_conf] Allow for non-interactive install (as the other install_conf scripts already did). * Automatically determine the list of /etc/security/* conffiles. * Moved libpam to /lib, and PAM modules to /lib/security as they will become part of the base system in the future. * Built without cracklib support, to keep the base system smaller. * /sbin/pwdb_chkpwd is undocumented, as is upperLOWER. -- J.H.M. Dassen (Ray) Fri, 2 Oct 1998 20:23:27 +0200 pam (0.57b-0.4) unstable; urgency=high * Non maintainer upload My previous upload had removed the libc5 stuff from the controlfile messing up things. Change 'Architecture: any' to 'i386 m68k' for those .deb's instead. -- Turbo Fredriksson Thu, 20 Aug 1998 20:06:50 -0400 pam (0.57b-0.3) unstable; urgency=high * Non maintainer upload On a glibc2.1 system, XCASE is only defined in the _IF_ '__USE_MISC' or '__USE_UNIX98' is defined. -- Turbo Fredriksson Sun, 16 Aug 1998 22:13:45 -0400 pam (0.57b-0.2) unstable; urgency=high * Yet another non-maintainer release. * Zero changes; simply a re-upload due to a rm-trigger happy release ``manager''. -- James Troup Tue, 17 Mar 1998 19:55:16 +0100 pam (0.57b-0.1) unstable; urgency=medium * Non-maintainer release. * debian/control (Standards-Version): Updated to 2.4.0.0. * debian/control (libpam0g-dev): Also conflict with libpam-dbg. * debian/postinst: use case statement instead of if. * debian/rules (COMPAT_ARCHES): removed sparc. * debian/rules (binary-libc6-dev, binary-libc5-altdev): strip static libraries with --strip-debug, not --strip-unneeded. * debian/rules: each package now has it's own doc directory under /usr/doc/, containing at least the copyright file (Policy 5.6). * debian/rules: install files with `install -m 644' not `cp -p' to avoid read-only files. * debian/rules (binary-libc6-util): strip /usr/lib/*/security/*.so with --strip-unneeded. * debian/rules (binary-libc5-util): ditto. * debian/rules (binary-libc5): don't depend on binary-libc5. -- James Troup Sat, 7 Mar 1998 18:04:19 +0100 pam (0.57b-0) unstable; urgency=medium * Non-maintainer release. * New upstream version. * Doesn't use pristine upstream source as the upstream tar ball is broken. * Added libc6 libraries libpam0g, libpam0g-dev, libpam0g-dbg and libpam0g-util. [#11697] * libpam-dev becomes libpam0-altdev, libpam-util -> libpam0-altutil and libpam-dbg is removed. * libpam0 depends on libpam0g because libpam0g contains the pam conffile. * libpam0-util depends on libpam0g-util because libpam0g contains the binary. * Compiled with -D_REENTRANT and link with -lc. * Fixed permissions on shared libraries. * Corrected syntax of /etc/pam.d/other. [#10497, #10758, #12030] * Fixed typos in postinst. [#10474, #11365] * Made /etc/pam.conf a conffile. * Updated URL in copyright file. * Removed over-zelaously installed README* files from libpam-doc. -- James Troup Sat, 22 Nov 1997 17:54:30 +0100 pam (0.56-2) unstable; urgency=low * Added /etc/pam.d/other with policy 'deny'. * Add manual pages for PAM security modules. -- Klee Dienes Sat, 15 Mar 1997 22:33:22 -0500 pam (0.56-1) unstable; urgency=low * New upstream release. * Converted to new packaging format. * Reorganization of package structure (-dev, -dbg, etc). -- Klee Dienes Sat, 8 Mar 1997 01:21:17 -0500 pam/debian/changelog.old0000644000000000000000000000101513261244762012376 0ustar pam (0.50-1) unstable; urgency=low * added Debian GNU/Linux package maintenance system files. * changes to the installation procedure to fit the Debian packaging system ($PREFIX handling, unconditionally install configuration files, don't run ldconfig after installing the shared libraries). * added documentation in the extradoc directory * commented out all unused entries in etc/pam.conf, etc/secure/group.conf and etc/secure/time.conf -- Patrick Weemeeuw pam/debian/clean0000644000000000000000000000012013261244762010750 0ustar debian/local/pam_getenv.8 debian/libpam0g-dev.links debian/libpam0g-dev.install pam/debian/compat0000644000000000000000000000000213261244762011150 0ustar 9 pam/debian/control0000644000000000000000000001042213261244762011354 0ustar Source: pam Section: libs Priority: optional Uploaders: Sam Hartman , Roger Leigh Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Steve Langasek Standards-Version: 3.9.8 Build-Depends: libcrack2-dev (>= 2.8), bzip2, debhelper (>= 9), quilt (>= 0.48-1), flex, libdb-dev, libselinux1-dev [linux-any], po-debconf, dh-autoreconf, autopoint, libaudit-dev [linux-any], pkg-config, libfl-dev, libfl-dev:native, docbook-xsl, docbook-xml, xsltproc, libxml2-utils, w3m Build-Conflicts-Indep: fop Build-Conflicts: libdb4.2-dev, libxcrypt-dev Vcs-Bzr: https://code.launchpad.net/~ubuntu-core-dev/pam/ubuntu XS-Debian-Vcs-Bzr: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid XS-Debian-Vcs-Browser: https://alioth.debian.org/scm/loggerhead/pkg-pam/debian/sid/files Homepage: http://www.linux-pam.org/ Package: libpam0g Priority: required Architecture: any Multi-Arch: same Replaces: libpam0g-util Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Suggests: libpam-doc Description: Pluggable Authentication Modules library Contains the shared library for Linux-PAM, a library that enables the local system administrator to choose how applications authenticate users. In other words, without rewriting or recompiling a PAM-aware application, it is possible to switch between the authentication mechanism(s) it uses. One may entirely upgrade the local authentication system without touching the applications themselves. Package: libpam-modules Section: admin Priority: required Architecture: any Multi-Arch: same Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam0g (>= 1.1.3-2), libpam-modules-bin (= ${binary:Version}) Conflicts: libpam-motd, libpam-mkhomedir, libpam-umask Replaces: libpam0g-util, libpam-umask Recommends: update-motd Provides: libpam-motd, libpam-mkhomedir, libpam-umask Description: Pluggable Authentication Modules for PAM This package completes the set of modules for PAM. It includes the pam_unix.so module as well as some specialty modules. Package: libpam-modules-bin Section: admin Priority: required Architecture: any Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends} Replaces: libpam-modules (<< 1.1.3-8) Description: Pluggable Authentication Modules for PAM - helper binaries This package contains helper binaries used by the standard set of PAM modules in the libpam-modules package. Package: libpam-runtime Section: admin Priority: required Architecture: all Multi-Arch: foreign Depends: ${misc:Depends}, debconf (>= 1.5.19) | cdebconf, libpam-modules (>= 1.0.1-6) Replaces: libpam0g-util, libpam0g-dev Conflicts: libpam0g-util Description: Runtime support for the PAM library Contains configuration files and directories required for authentication to work on Debian systems. This package is required on almost all installations. Package: libpam0g-dev Section: libdevel Priority: optional Architecture: any Multi-Arch: same Depends: ${misc:Depends}, libpam0g (= ${binary:Version}), libc6-dev|libc-dev Provides: libpam-dev Description: Development files for PAM Contains C header files and development libraries for libpam, the Pluggable Authentication Modules, a library that enables the local system administrator to choose how applications authenticate users. . PAM decouples applications from the authentication mechanism, making it possible to upgrade the authentication system without recompiling or rewriting the applications. Package: libpam-cracklib Section: admin Priority: optional Architecture: any Multi-Arch: same Replaces: libpam0g-cracklib, libpam-modules (<< 1.1.0-3) Depends: ${misc:Depends}, ${shlibs:Depends}, libpam-runtime (>= 1.0.1-6), cracklib-runtime, wamerican | wordlist Description: PAM module to enable cracklib support This package includes libpam_cracklib, a PAM module that tests passwords to make sure they are not too weak during password change. Package: libpam-doc Provides: pam-doc Section: doc Priority: optional Architecture: all Depends: ${misc:Depends} Description: Documentation of PAM Contains documentation (in HTML, ASCII, and PostScript format) for libpam, the Pluggable Authentication Modules library, a library that enables the local system administrator to choose how applications authenticate users. pam/debian/copyright0000644000000000000000000000615013261244762011707 0ustar This package was debianized by J.H.M. Dassen (Ray) jdassen@debian.org on Wed, 23 Sep 1998 20:29:32 +0200. It was downloaded from ftp://ftp.kernel.org/pub/linux/libs/pam/pre/ Copyright (C) 1994, 1995, 1996 Olaf Kirch, Copyright (C) 1995 Wietse Venema Copyright (C) 1995, 2001-2008 Red Hat, Inc. Copyright (C) 1996-1999, 2000-2003, 2005 Andrew G. Morgan Copyright (C) 1996, 1997, 1999 Cristian Gafton Copyright (C) 1996, 1999 Theodore Ts'o Copyright (C) 1996 Alexander O. Yuriev Copyright (C) 1996 Elliot Lee Copyright (C) 1997 Philip W. Dalrymple Copyright (C) 1999 Jan RÄ™korajski Copyright (C) 1999 Ben Collins Copyright (C) 2000-2001, 2003, 2005, 2007 Steve Langasek Copyright (C) 2003, 2005 IBM Corporation Copyright (C) 2003, 2006 SuSE Linux AG. Copyright (C) 2003 Nalin Dahyabhai Copyright (C) 2005-2008 Thorsten Kukuk Copyright (C) 2005 Darren Tucker Unless otherwise *explicitly* stated the following text describes the licensed conditions under which the contents of this Linux-PAM release may be distributed: ------------------------------------------------------------------------- Redistribution and use in source and binary forms of Linux-PAM, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain any existing copyright notice, and this entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission. ALTERNATIVELY, this product may be distributed under the terms of the GNU General Public License, in which case the provisions of the GNU GPL are required INSTEAD OF the above restrictions. (This clause is necessary due to a potential conflict between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL'. pam/debian/libpam-cracklib.install0000644000000000000000000000012113261244762014350 0ustar lib/*/security/pam_cracklib.so debian/pam-configs/cracklib usr/share/pam-configs pam/debian/libpam-cracklib.lintian-overrides0000644000000000000000000000051313261244762016345 0ustar # This is afalse positive because it doesn't use any functions that need # fortifying. Since we know we have hardening turned on globally, suppress # this. If we ever see this warning again for *other* modules, then we know # there's a real problem. libpam-cracklib: hardening-no-fortify-functions lib/*/security/pam_cracklib.so pam/debian/libpam-cracklib.manpages0000644000000000000000000000005513261244762014503 0ustar debian/tmp/usr/share/man/man8/pam_cracklib.8 pam/debian/libpam-cracklib.postinst0000644000000000000000000000015713261244762014576 0ustar #!/bin/sh set -e if dpkg --compare-versions "$2" lt 1.0.1-6; then pam-auth-update --package fi #DEBHELPER# pam/debian/libpam-cracklib.prerm0000644000000000000000000000024013261244762014031 0ustar #!/bin/sh set -e if [ "$1" = remove ] && [ "${DPKG_MAINTSCRIPT_PACKAGE_REFCOUNT:-1}" = 1 ]; then pam-auth-update --package --remove cracklib fi #DEBHELPER# pam/debian/libpam-doc.doc-base.admin-guide0000644000000000000000000000115613261244762015545 0ustar Document: pam-admin-guide Title: The Linux-PAM System Administrators' Guide Author: Andrew G. Morgan Abstract: This manual documents what a system administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system. Section: System/Administration Format: HTML Index: /usr/share/doc/libpam-doc/html/Linux-PAM_SAG.html Files: /usr/share/doc/libpam-doc/html/Linux-PAM_SAG.html /usr/share/doc/libpam-doc/html/sag-*.html Format: text Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_SAG.txt.gz pam/debian/libpam-doc.doc-base.applications-guide0000644000000000000000000000147013261244762017142 0ustar Document: pam-applications-guide Title: The Linux-PAM Application Developers' Guide Author: Andrew G. Morgan Abstract: This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the functions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer. Section: Programming Format: HTML Index: /usr/share/doc/libpam-doc/html/Linux-PAM_ADG.html Files: /usr/share/doc/libpam-doc/html/Linux-PAM_ADG.html /usr/share/doc/libpam-doc/html/adg*.html Format: text Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_ADG.txt.gz pam/debian/libpam-doc.doc-base.modules-guide0000644000000000000000000000113513261244762016122 0ustar Document: pam-modules-guide Title: The Linux-PAM Module Writers' Guide Author: ndrew G. Morgan Abstract: This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard. It also discusses some security issues from the point of view of the module programmer. Section: Programming Format: HTML Index: /usr/share/doc/libpam-doc/html/Linux-PAM_MWG.html Files: /usr/share/doc/libpam-doc/html/Linux-PAM_MWG.html /usr/share/doc/libpam-doc/html/mwg*.html Format: text Files: /usr/share/doc/libpam-doc/txt/Linux-PAM_MWG.txt.gz pam/debian/libpam-doc.install0000644000000000000000000000021713261244762013351 0ustar debian/tmp/usr/share/doc/Linux-PAM/*.html usr/share/doc/libpam-doc/html debian/tmp/usr/share/doc/Linux-PAM/*.txt usr/share/doc/libpam-doc/txt pam/debian/libpam-modules-bin.install0000644000000000000000000000033313261244762015021 0ustar sbin/unix_chkpwd sbin sbin/unix_update sbin sbin/pam_tally sbin sbin/pam_tally2 sbin sbin/mkhomedir_helper sbin sbin/pam_timestamp_check usr/sbin sbin/pam_extrausers_chkpwd sbin sbin/pam_extrausers_update sbin pam/debian/libpam-modules-bin.lintian-overrides0000644000000000000000000000051513261244762017013 0ustar # yes, we know it's sgid, that's the whole point... libpam-modules-bin: setgid-binary sbin/unix_chkpwd 2755 root/shadow # these manpages are in libpam-modules as they document both the module and # the helper binary libpam-modules-bin: binary-without-manpage sbin/pam_tally libpam-modules-bin: binary-without-manpage sbin/pam_tally2 pam/debian/libpam-modules-bin.manpages0000644000000000000000000000021413261244762015144 0ustar debian/tmp/usr/share/man/man8/mkhomedir_helper.8 debian/tmp/usr/share/man/man8/unix_*.8 debian/tmp/usr/share/man/man8/pam_timestamp_check.8 pam/debian/libpam-modules.examples0000644000000000000000000000004313261244762014421 0ustar modules/pam_filter/upperLOWER/*.c pam/debian/libpam-modules.install0000644000000000000000000000014513261244762014254 0ustar etc/security/* etc/security lib/*/security/*.so debian/pam-configs/mkhomedir usr/share/pam-configs/ pam/debian/libpam-modules.lintian-overrides0000644000000000000000000000164313261244762016250 0ustar # These are false positives because they don't use any functions that need # fortifying. Since we know we have hardening turned on globally, suppress # them. If we ever see this warning again for *other* modules, then we know # there's a real problem. libpam-modules: hardening-no-fortify-functions lib/*/security/pam_echo.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_filter.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_group.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_limits.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_shells.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_tally2.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_time.so libpam-modules: hardening-no-fortify-functions lib/*/security/pam_wheel.so pam/debian/libpam-modules.manpages0000644000000000000000000000014113261244762014375 0ustar debian/tmp/usr/share/man/man8/pam_*.8 debian/tmp/usr/share/man/man5/*conf.5 debian/update-motd.5 pam/debian/libpam-modules.postinst0000644000000000000000000000240113261244762014466 0ustar #!/bin/sh -e # If the user has removed the config file, respect this sign of dementia # -- only create on package install. if [ -z "$2" ] || dpkg --compare-versions "$2" lt 0.99.7.1-3 then if ! [ -f /etc/security/opasswd ]; then umask 066 touch /etc/security/opasswd umask 022 fi fi if dpkg --compare-versions "$2" lt 0.99.9.0-1 && ! [ -f /etc/environment ] then touch /etc/environment fi # Add PATH to /etc/environment if it's not present there or in # /etc/security/pam_env.conf if [ "$1" = "configure" ] && dpkg --compare-versions "$2" lt 1.1.3-7ubuntu3; then if ! grep -qs ^PATH /etc/security/pam_env.conf; then if ! grep -qs ^PATH= /etc/environment; then echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"' >> /etc/environment elif ! grep -qs "^PATH=.*/usr/local/games" /etc/environment; then sed -i '/^PATH=/ s,:/usr/games,:/usr/games:/usr/local/games,g' /etc/environment fi fi fi if dpkg --compare-versions "$2" lt-nl 1.1.2-1 \ && grep -q 'pam_unix.*\bmin=[0-9]\+' /etc/pam.d/common-password then echo "'min=' option to pam_unix is obsolete." echo "replacing with 'minlen=' in /etc/pam.d/common-password." sed -i -e'/pam_unix/ s/\bmin=/minlen=/' /etc/pam.d/common-password fi #DEBHELPER# pam/debian/libpam-modules.preinst0000644000000000000000000000041613261244762014273 0ustar #!/bin/sh set -e . /usr/share/debconf/confmodule if dpkg --compare-versions "$2" lt-nl 1.1.3-2; then db_version 2.0 if pidof xscreensaver xlockmore >/dev/null; then db_input critical libpam-modules/disable-screensaver || true db_go || true fi fi #DEBHELPER# pam/debian/libpam-modules.templates0000644000000000000000000000102313261244762014600 0ustar Template: libpam-modules/disable-screensaver Type: error _Description: xscreensaver and xlockmore must be restarted before upgrading One or more running instances of xscreensaver or xlockmore have been detected on this system. Because of incompatible library changes, the upgrade of the libpam-modules package will leave you unable to authenticate to these programs. You should arrange for these programs to be restarted or stopped before continuing this upgrade, to avoid locking your users out of their current sessions. pam/debian/libpam-runtime.dirs0000644000000000000000000000001513261244762013556 0ustar /var/lib/pam pam/debian/libpam-runtime.install0000644000000000000000000000037413261244762014273 0ustar debian/local/pam.conf etc debian/local/other etc/pam.d debian/local/common-* usr/share/pam debian/local/pam_getenv usr/sbin debian/tmp/usr/share/locale usr/share debian/local/pam-auth-update usr/sbin debian/pam-configs/unix usr/share/pam-configs/ pam/debian/libpam-runtime.links0000644000000000000000000000007013261244762013736 0ustar usr/share/man/man7/PAM.7.gz usr/share/man/man7/pam.7.gz pam/debian/libpam-runtime.lintian-overrides0000644000000000000000000000064013261244762016257 0ustar # deliberate. libpam-runtime: no-debconf-config # this warning is just plain crack, there's no reason that using debconf # outside of a maintainer script implies an error. libpam-runtime: debconf-is-not-a-registry usr/sbin/pam-auth-update # this warning is wrong for debconf error templates libpam-runtime: postinst-uses-db-input # meh. libpam-runtime: using-first-person-in-templates libpam-runtime/you-had-no-auth pam/debian/libpam-runtime.manpages0000644000000000000000000000025413261244762014415 0ustar debian/tmp/usr/share/man/man5/pam.conf.5 debian/tmp/usr/share/man/man5/pam.d.5 debian/tmp/usr/share/man/man8/PAM.8 debian/local/pam_getenv.8 debian/local/pam-auth-update.8 pam/debian/libpam-runtime.postinst0000644000000000000000000000241513261244762014506 0ustar #!/bin/sh -e . /usr/share/debconf/confmodule calculate_md5sum() { configfile="$1" sed -n -e'1,/# here are the per-package modules (the "Primary" block)/p; /# here.s the fallback if no module succeeds/,/# and here are more per-package modules (the "Additional" block)/p; /# end of pam-auth-update config/,$p' \ /etc/pam.d/"$configfile" | md5sum | awk '{ print $1 }' } # If the user has removed the config file, respect this sign of dementia # -- only create on package install. force= if [ -z "$2" ] || dpkg --compare-versions "$2" lt 1.0.1-11 then force=--force for configfile in common-auth common-account common-session \ common-password do if [ -f /etc/pam.d/$configfile ] && \ ! fgrep -q $(calculate_md5sum $configfile) \ /usr/share/pam/$configfile.md5sums 2>/dev/null then force= fi done fi pam-auth-update --package $force if [ -n "$force" ]; then rm -f /etc/pam.d/common-auth.pam-old \ /etc/pam.d/common-account.pam-old \ /etc/pam.d/common-password.pam-old \ /etc/pam.d/common-session.pam-old elif dpkg --compare-versions "$2" lt-nl 1.1.0-1 \ && [ ! -e /etc/pam.d/common-session-noninteractive ] then cp -a /etc/pam.d/common-session /etc/pam.d/common-session-noninteractive fi #DEBHELPER# pam/debian/libpam-runtime.postrm0000644000000000000000000000052313261244762014145 0ustar #!/bin/sh -e if [ "$1" = "purge" ]; then rm -f /etc/pam.d/common-auth /etc/pam.d/common-account \ /etc/pam.d/common-session /etc/pam.d/common-password rm -f /var/lib/pam/auth /var/lib/pam/account /var/lib/pam/session \ /var/lib/pam/password /var/lib/pam/seen rmdir --ignore-fail-on-non-empty /var/lib/pam fi #DEBHELPER# pam/debian/libpam-runtime.prerm0000644000000000000000000000014713261244762013750 0ustar #!/bin/sh set -e if [ "$1" = remove ]; then pam-auth-update --package --remove unix fi #DEBHELPER# pam/debian/libpam-runtime.templates0000644000000000000000000000334313261244762014622 0ustar Template: libpam-runtime/title Type: title _Description: PAM configuration Template: libpam-runtime/profiles Type: multiselect Choices: ${profiles} Choices-C: ${profile_names} _Description: PAM profiles to enable: Pluggable Authentication Modules (PAM) determine how authentication, authorization, and password changing are handled on the system, as well as allowing configuration of additional actions to take when starting user sessions. . Some PAM module packages provide profiles that can be used to automatically adjust the behavior of all PAM-using applications on the system. Please indicate which of these behaviors you wish to enable. Template: libpam-runtime/conflicts Type: error #flag:translate!:3 #flag:comment:2 # This paragraph is followed by a (currently) non-translatable list of # PAM profile names. _Description: Incompatible PAM profiles selected. The following PAM profiles cannot be used together: . ${conflicts} . Please select a different set of modules to enable. Template: libpam-runtime/override Type: boolean Default: false _Description: Override local changes to /etc/pam.d/common-*? One or more of the files /etc/pam.d/common-{auth,account,password,session} have been locally modified. Please indicate whether these local changes should be overridden using the system-provided configuration. If you decline this option, you will need to manage your system's authentication configuration by hand. Template: libpam-runtime/no_profiles_chosen Type: error _Description: No PAM profiles have been selected. No PAM profiles have been selected for use on this system. This would grant all users access without authenticating, and is not allowed. Please select at least one PAM profile from the available list. pam/debian/libpam0g-dev.examples0000644000000000000000000000020513261244762013756 0ustar examples/blank.c examples/check_user.c examples/vpass.c examples/xsh.c libpamc/test/agents libpamc/test/modules libpamc/test/regress pam/debian/libpam0g-dev.install.in0000644000000000000000000000012213261244762014211 0ustar usr/include/security/* lib/@DEB_HOST_MULTIARCH@/*.a usr/lib/@DEB_HOST_MULTIARCH@ pam/debian/libpam0g-dev.links.in0000644000000000000000000000036313261244762013672 0ustar /lib/@DEB_HOST_MULTIARCH@/libpam.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam.so /lib/@DEB_HOST_MULTIARCH@/libpamc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpamc.so /lib/@DEB_HOST_MULTIARCH@/libpam_misc.so.0 usr/lib/@DEB_HOST_MULTIARCH@/libpam_misc.so pam/debian/libpam0g-dev.manpages0000644000000000000000000000004013261244762013730 0ustar debian/tmp/usr/share/man/man3/* pam/debian/libpam0g.docs0000644000000000000000000000005213261244762012314 0ustar debian/local/Debian-PAM-MiniPolicy README pam/debian/libpam0g.install0000644000000000000000000000002013261244762013025 0ustar lib/*/lib*.so.* pam/debian/libpam0g.lintian-overrides0000644000000000000000000000062613261244762015031 0ustar # obvious multilib package false-positive; also the package name hasn't # changed since the glibc transition, go us! libpam0g: package-name-doesnt-match-sonames libpam0 libpam-misc0 libpamc0 # yes, these are deliberately asked in the postinst because the checking # for daemons to be restarted needs to be done in the postinst and not # before libpam0g: no-debconf-config libpam0g: postinst-uses-db-input pam/debian/libpam0g.postinst0000644000000000000000000001406213261244762013255 0ustar #!/bin/sh # postinst based heavily on the postinst of libssl0.9.8, courtesy of # Christoph Martin. . /usr/share/debconf/confmodule set -e # element() is a helper function for file-rc: element() { local element list IFS element="$1" [ "$2" = "in" ] && shift list="$2" [ "$list" = "-" ] && return 1 [ "$list" = "*" ] && return 0 IFS="," set -- $list case $element in "$1"|"$2"|"$3"|"$4"|"$5"|"$6"|"$7"|"$8"|"$9") return 0 esac return 1 } # filerc (runlevel, service) returns /etc/init.d/service, if service is # running in $runlevel: filerc() { local runlevel basename runlevel=$1 basename=$2 while read LINE do case $LINE in \#*|"") continue esac set -- $LINE SORT_NO="$1"; STOP="$2"; START="$3"; CMD="$4" [ "$CMD" = "/etc/init.d/$basename" ] || continue if element "$runlevel" in "$START" || element "S" in "$START" then echo "/etc/init.d/$basename" return 0 fi done < /etc/runlevel.conf echo "" } installed_services() { check="$@" # Only get the ones that are installed, and configured check=$(dpkg -s $check 2> /dev/null | egrep '^Package:|^Status:' | awk '{if ($1 ~ /^Package:/) { package=$2 } else if ($0 ~ /^Status: .* installed$/) { print package }}') # some init scripts don't match the package names check=$(echo $check | \ sed -e's/\bapache2-common\b/apache2/g' \ -e's/\bat\b/atd/g' \ -e's/\bdovecot-common\b/dovecot/g' \ -e's/\bdante-server\b/danted/g' \ -e's/\bexim4-base\b/exim4/g' \ -e's/\bheartbeat-2\b/heartbeat/g' \ -e's/\bhylafax-server\b/hylafax/g' \ -e's/\bpartimage-server\b/partimaged/g' \ -e's/\bpostgresql-common\b/postgresql/g' \ -e's/\bsamba\b/smbd-ad-dc/g' \ -e's/\bsasl2-bin\b/saslauthd/g' \ ) for service in $check; do idl="/etc/init.d/${service}" if [ -n "$idl" ] && [ -x $idl ]; then services="$service $services" else echo "WARNING: init script for $service not found." >&2 fi done echo "$services" } if [ "$1" = "configure" ] then if [ ! -z "$2" ]; then if dpkg --compare-versions "$2" lt 1.1.3-2; then db_version 2.0 echo -n "Checking for services that may need to be restarted..." check="apache2-common at bayonne cherokee courier-authdaemon" check="$check cron cups" check="$check dante-server diald dovecot-common exim exim4-base" check="$check fcron fireflier-server freeradius gdm heartbeat" check="$check heartbeat-2 hylafax-server iiimf-server inn2" check="$check kannel linesrv linesrv-mysql lsh-server" check="$check muddleftpd netatalk nuauth partimage-server" check="$check perdition pgpool popa3d" check="$check postgresql-common proftpd pure-ftpd" check="$check pure-ftpd-ldap pure-ftpd-mysql" check="$check pure-ftpd-postgresql racoon samba sasl2-bin" check="$check sfs-server solid-pop3d squid squid3 tac-plus" check="$check vsftpd wu-ftpd wzdftpd xrdp yardradius yaws" if ! who | awk '{print $2}'|grep -q ':[0-9]'; then check="$check wdm xdm" fi echo "Checking init scripts..." services=$(installed_services "$check") if [ -n "$services" ]; then db_reset libpam0g/restart-services db_set libpam0g/restart-services "$services" question_priority="critical" # Do not prompt when we're running in the upgrade-manager # and only default services need restarting. nondefault_services=$(echo "$services" | sed \ -e's/\batd\b//g' \ -e's/\bcron\b//g' \ -e's/\bcups\b//g' \ -e's/\bgdm\b//g' \ -e's/\bsmbd\b//g' \ -e's/^ *//g') if [ -n "$RELEASE_UPGRADE_IN_PROGRESS" ] && [ -z "$nondefault_services" ]; then question_priority="medium" fi db_input "$question_priority" libraries/restart-without-asking || true db_go || true db_get libraries/restart-without-asking if [ "$RET" != true ]; then db_reset libpam0g/restart-services db_set libpam0g/restart-services "$services" db_input "$question_priority" libpam0g/restart-services || true db_go || true db_get libpam0g/restart-services if [ "x$RET" != "x" ] then services=$RET else services="" fi fi echo if [ "$services" != "" ]; then echo "Restarting services possibly affected by the upgrade:" failed="" rl=$(runlevel | sed 's/.*\ //') for service in $services; do idl="invoke-rc.d ${service}" case "$service" in gdm) # If gdm isn't running, there's no need to reload it (LP: #745532) if ! $idl status | grep -q 'Active: active (running)' then echo " $service: not running, no reload needed." continue fi echo -n " $service: reloading..." if $idl reload > /dev/null 2>&1; then echo "done." else echo "FAILED! ($?)" failed="$service $failed" fi continue ;; esac echo -n " $service: stopping..." $idl stop > /dev/null 2>&1 || true sleep 1 echo -n "starting..." if $idl start > /dev/null 2>&1; then echo "done." else echo "FAILED! ($?)" failed="$service $failed" fi done echo if [ -n "$failed" ]; then db_subst libpam0g/restart-failed services "$failed" db_input critical libpam0g/restart-failed || true db_go || true else echo "Services restarted successfully." fi echo fi else echo "Nothing to restart." fi if who | awk '{print $2}' | grep -q ':[0-9]'; then dms="" for service in wdm xdm; do case "$services" in *$service*) ;; *) dms="$dms $service" esac done services=$(installed_services "$dms") if [ -n "$services" ]; then if [ -n "$RELEASE_UPGRADE_IN_PROGRESS" ] \ && [ -x /usr/share/update-notifier/notify-reboot-required ] then /usr/share/update-notifier/notify-reboot-required else db_input critical libpam0g/xdm-needs-restart || true db_go || true fi fi fi # Shut down the frontend, to make sure none of the # restarted services keep a connection open to it db_stop fi # end upgrading and $2 lt 1.1.3-2 fi # Upgrading fi #DEBHELPER# pam/debian/libpam0g.symbols0000644000000000000000000000054713261244762013065 0ustar libpam.so.0 libpam0g #MINVER# *@LIBPAM_1.0 0.99.7.1 *@LIBPAM_EXTENSION_1.0 0.99.7.1 *@LIBPAM_EXTENSION_1.1 1.1.0 *@LIBPAM_EXTENSION_1.1.1 1.1.1 *@LIBPAM_MODUTIL_1.0 0.99.7.1 *@LIBPAM_MODUTIL_1.1 0.99.10.0 *@LIBPAM_MODUTIL_1.1.3 1.1.3 libpam_misc.so.0 libpam0g #MINVER# *@LIBPAM_MISC_1.0 0.99.7.1 libpamc.so.0 libpam0g #MINVER# *@LIBPAMC_1.0 0.99.7.1 pam/debian/libpam0g.templates0000644000000000000000000000321613261244762013367 0ustar Template: libpam0g/restart-services Type: string _Description: Services to restart for PAM library upgrade: Most services that use PAM need to be restarted to use modules built for this new version of libpam. Please review the following space-separated list of init.d scripts for services to be restarted now, and correct it if needed. Template: libpam0g/xdm-needs-restart Type: error _Description: Display manager must be restarted manually The wdm and xdm display managers require a restart for the new version of libpam, but there are X login sessions active on your system that would be terminated by this restart. You will therefore need to restart these services by hand before further X logins will be possible. Template: libpam0g/restart-failed Type: error #flag:translate!:3 _Description: Failure restarting some services for PAM upgrade The following services could not be restarted for the PAM library upgrade: . ${services} . You will need to start these manually by running '/etc/init.d/ start'. Template: libraries/restart-without-asking Type: boolean Default: false _Description: Restart services during package upgrades without asking? There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, and libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will normally be prompted on each upgrade for the list of services you wish to restart. You can choose this option to avoid being prompted; instead, all necessary restarts will be done for you automatically so you can avoid being asked questions on each library upgrade. pam/debian/local/0000755000000000000000000000000013261413076011040 5ustar pam/debian/local/Debian-PAM-MiniPolicy0000644000000000000000000001363513261244762014646 0ustar Author: Ben Collins Modified by: Sam Hartman , Steve Langasek Objective: To document a base set of policies regarding PAM (Pluggable Authentication Modules) usage in Debian packages. =========================================================================== In order to have a consistent and stable implementation across packages that use PAM, these guidelines will help to avoid some common mistakes and be usable as a cross reference for FAQ's. This document will not go into the details of how to add PAM usage to existing code; please read the documentation in the libpam-doc package for info on that. However, it does specify behavior needed to make sure PAM modules in Debian will work with your application. ================== PAM Applications ================== Each application that uses PAM also must contain a file in /etc/pam.d/. This file specifies which PAM modules will be used for the common PAM functions in that application. There are several notes concerning what modules to use in this file. Most commonly, this file should use the @include directive to include common-auth, common-account, and common-password, and one of either common-session or common-session-noninteractive. The selection of common-session or common-session-noninteractive is based on whether the service provides "shell-like" interactive capabilities to the user (e.g.: login, ssh, gdm) or is a non-interactive session or a session mediated by a structured protocol (e.g.: cron, cups, samba, ppp). This allows a service to avoid calling some modules, such as pam_ck_connector, that only make sense in an interactive context and should be avoided otherwise. It is expected that the modules used for noninteractive sessions will always be a subset of those used for interactive sessions. Under some circumstances (such as ftp auth, or auth based on tty) other service-specific modules will need to be listed in the service's /etc/pam.d file. Here is an example of a PAM configuration file that just includes the common module fragments: # # /etc/pam.d/other - specify the PAM fallback behaviour # # Note that this file is used for any unspecified service; for example #if /etc/pam.d/cron specifies no session modules but cron calls #pam_open_session, the session module out of /etc/pam.d/other is #used. If you really want nothing to happen then use pam_permit.so or #pam_deny.so as appropriate. # We fall back to the system default in /etc/pam.d/common-* # @include common-auth @include common-account @include common-password @include common-session The name of this file is determined by the call to pam_start() in the application source code. The first parameter will be a string containing the "service" name (eg. "login", "httpd", etc..). Please make sure that the filename coincides with the value of this parameter used in your application. The file should _not_ reference the full path of the modules. It only needs to reference the basename (eg. "pam_unix.so"). This will ensure that the program continues to work even if the module location changes, since libpam itself will resolve the location. Packages which configure their services by default to use modules other than those provided by /etc/pam.d/common-* must depend on the package providing those modules. E.g., /etc/pam.d/login includes the line: session required pam_limits.so therefore it must depend on libpam-modules, which provides /lib/security/pam_limits.so. Applications need to depend on libpam-runtime (>= 0.76-14) to guarantee that /etc/pam.d/common-* exist. Applications that use common-session-noninteractive must depend on libpam-runtime (>= 1.0.1-11) for this file. The pam_unix.so module allows programs to authenticate the uid of the calling process without being setuid or setgid. NOTE: this means the user executing the program; you cannot authenticate other users without suid root (root makes sure the NIS and NIS+ works too) or at least sgid shadow (won't work in the above cases). Most notably this affects programs like apache being able to use PAM since it runs as www-data which has no privileges and cannot use pam_unix.so to authenticate other users. On the other hand it does allow programs like vlock to authenticate. The application needs to follow the following rules to make sure PAM modules work: 1) Use the same PAM handle for all operations. This means it is not OK to call pam_start once for authentication and then later for session management. Modules need to be able to store pam_data between entry points. 2) The pam_open_session and pam_setcred calls must be made in a parent process of the eventual session. They need to be able to influence the environment of the session. 3) If you are started as root or have root privs for some other reason, pam_open_session and pam_setcred should be called while still root. 4) Implied by 1, make sure that pam_close_session and pam_end are called in the same process or a process descended from the execution context as pam_open_session and pam_setcred. The pam_close_session call may need state stored in the handle by the open session entry point to clean up properly. The pam_end call may need to free data (thus influencing system state in some cases) allocated in the earlier calls. ============= PAM Modules ============= Separately packaged PAM modules should adhere to a few basic setup rules: 1) Packages should use the naming scheme of `libpam-' (eg. libpam-ldap). 2) The modules should be located in the directory of the most recent libpam-modules (currently /lib/security). 3) The module should be named as pam_.so. The module should not contain a version suffix. 4) The module should be linked to libpam (-lpam) when compiled so that proper version dependencies will work. 5) Any config files should be located in /etc/security. The filename will be in the form of .conf. pam/debian/local/common-account0000644000000000000000000000222713261244762013714 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) $account_primary # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) $account_additional # end of pam-auth-update config pam/debian/local/common-account.md5sums0000644000000000000000000000015313261244762015304 0ustar 9f04221fe44762047894adeb96ffd069 debian/local/common-account 3c0c362eaf3421848b679d63fd48c3fa # 1.0.1-6 - pam/debian/local/common-auth0000644000000000000000000000225213261244762013217 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) $auth_primary # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) $auth_additional # end of pam-auth-update config pam/debian/local/common-auth.md5sums0000644000000000000000000000023713261244762014614 0ustar 933d757dcd5974b00619f68955743be7 /etc/pam.d/common-auth b58d8e0a6cadbf879df94869cca6be98 /etc/pam.d/common-auth 8d4fe17e66ba25de16a117035d1396aa # 1.0.1-6 - pam/debian/local/common-password0000644000000000000000000000261013261244762014116 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) $password_primary # here's the fallback if no module succeeds password requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) $password_additional # end of pam-auth-update config pam/debian/local/common-password.md5sums0000644000000000000000000000054513261244762015517 0ustar 601ecfbc99fd359877552cb5298087ad /etc/pam.d/common-password e5ae8ba8d00083c922d9d82a0432ef78 /etc/pam.d/common-password 5d518818f1c6c369040b782f7852f53e /etc/pam.d/common-password 9ba753d0824276b44bcadfee1f87b6bc # 1.0.1-4ubuntu5 - 1.0.1-4ubuntu5.5 4bd7610f2e85f8ddaef79c7db7cb49eb # 1.0.1-6 - 1.1.0-1 50fce2113dfda83ac8bdd5a6e706caec # 1.0.1-6ubuntu1 - pam/debian/local/common-session0000644000000000000000000000260013261244762013736 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) $session_primary # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) $session_additional # end of pam-auth-update config pam/debian/local/common-session-noninteractive0000644000000000000000000000261413261244762016771 0ustar # # /etc/pam.d/common-session-noninteractive - session-related modules # common to all non-interactive services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of all non-interactive sessions. # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) $session_nonint_primary # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # The pam_umask module will set the umask according to the system default in # /etc/login.defs and user settings, solving the problem of different # umask settings with different shells, display managers, remote sessions etc. # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) $session_nonint_additional # end of pam-auth-update config pam/debian/local/common-session-noninteractive.md5sums0000644000000000000000000000005613261244762020363 0ustar ad2b78ce1498dd637ef36469430b6ac6 # 1.0.1-11 - pam/debian/local/common-session.md5sums0000644000000000000000000000025613261244762015337 0ustar 4845c1632b3561a9debe8d59be1b238e /etc/pam.d/common-session 4a25673e8b36f1805219027d3be02cd2 # 1.0.1-4ubuntu5 - 1.0.1-4ubuntu5.5 240fb92986c885b327cdb21dd641da8c # 1.0.1-6 - pam/debian/local/other0000644000000000000000000000101013261244762012100 0ustar # # /etc/pam.d/other - specify the PAM fallback behaviour # # Note that this file is used for any unspecified service; for example #if /etc/pam.d/cron specifies no session modules but cron calls #pam_open_session, the session module out of /etc/pam.d/other is #used. If you really want nothing to happen then use pam_permit.so or #pam_deny.so as appropriate. # We fall back to the system default in /etc/pam.d/common-* # @include common-auth @include common-account @include common-password @include common-session pam/debian/local/pam-auth-update0000644000000000000000000004661213261413076013770 0ustar #!/usr/bin/perl -w # pam-auth-update: update /etc/pam.d/common-* from /usr/share/pam-configs # # Update the /etc/pam.d/common-* files based on the per-package profiles # provided in /usr/share/pam-configs/ taking into consideration user's # preferences (as determined via debconf prompting). # # Written by Steve Langasek # # Copyright (C) 2008 Canonical Ltd. # # This program is free software; you can redistribute it and/or modify # it under the terms of version 3 of the GNU General Public License as # published by the Free Software Foundation. # # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, # USA. use strict; use Debconf::Client::ConfModule ':all'; use IPC::Open2 'open2'; version('2.0'); my $capb=capb('backup escape'); my $inputdir = '/usr/share/pam-configs'; my $template = 'libpam-runtime/profiles'; my $errtemplate = 'libpam-runtime/conflicts'; my $overridetemplate = 'libpam-runtime/override'; my $blanktemplate = 'libpam-runtime/no_profiles_chosen'; my $titletemplate = 'libpam-runtime/title'; my $confdir = '/etc/pam.d'; my $savedir = '/var/lib/pam'; my (%profiles, @sorted, @enabled, @conflicts, @new, %removals, %to_enable); my $force = 0; my $package = 0; my $priority = 'high'; my %md5sums = ( 'auth' => ['8d4fe17e66ba25de16a117035d1396aa'], 'account' => ['3c0c362eaf3421848b679d63fd48c3fa'], 'password' => [ '50fce2113dfda83ac8bdd5a6e706caec', '4bd7610f2e85f8ddaef79c7db7cb49eb', '9ba753d0824276b44bcadfee1f87b6bc', ], 'session' => [ '240fb92986c885b327cdb21dd641da8c', '4a25673e8b36f1805219027d3be02cd2', '73144a2f4e609a922a51e301cd66a57e', ], 'session-noninteractive' => [ 'ad2b78ce1498dd637ef36469430b6ac6', 'a20e8df3469bfe25c13a3b39161b30f0', ], ); opendir(DIR, $inputdir) || die "could not open config directory: $!"; while (my $profile = readdir(DIR)) { next if ($profile eq '.' || $profile eq '..'); %{$profiles{$profile}} = parse_pam_profile($inputdir . '/' . $profile); } closedir DIR; # use a '--force' arg to specify that /etc/pam.d should be overwritten; # used only on upgrades where the postinst has already determined that the # checksums match. Module packages other than libpam-runtime itself must # NEVER use this option! Document with big skullses and crossboneses! It # needs to be exposed for libpam-runtime because that's the package that # decides whether we have a pristine config to be converted, and knows # whether the version being upgraded from is one for which the conversion # should be done. while ($#ARGV >= 0) { my $opt = shift; if ($opt eq '--force') { $force = 1; } elsif ($opt eq '--package') { $package = 1; } elsif ($opt eq '--remove') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); $removals{shift @ARGV} = 1; } # --remove implies --package $package = 1 if (keys(%removals)); } elsif ($opt eq '--enable') { while ($#ARGV >= 0) { last if ($ARGV[0] =~ /^--/); $to_enable{shift @ARGV} = 1; } # --enable implies --package $package = 1 if (keys(%to_enable)); } } $priority = 'medium' if ($package); x_loadtemplatefile('/var/lib/dpkg/info/libpam-runtime.templates','libpam-runtime'); # always sort by priority, so we have consistency and don't have to # shuffle later @sorted = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} || $b cmp $a } keys(%profiles); # If we're being called for package removal, filter out those options here @sorted = grep { !$removals{$_} } @sorted; subst($template, 'profile_names', join(', ',@sorted)); subst($template, 'profiles', join(', ', map { $profiles{$_}->{'Name'} } @sorted)); my $diff = diff_profiles($confdir,$savedir); if ($diff) { @enabled = grep { !$removals{$_} } @{$diff->{'mods'}}; } else { @enabled = split(/, /,get($template)); } # find out what we've seen, so we can ignore those defaults my %seen; if (-e $savedir . '/seen') { open(SEEN,$savedir . '/seen'); while () { chomp; $seen{$_} = 1; } close(SEEN); } # filter out any options that are no longer available for any reason @enabled = grep { $profiles{$_} } @enabled; # an empty module set is an error, so in that case grab all the defaults if (!@enabled) { %seen = (); $priority = 'high' unless ($force); } # add configs to enable push(@enabled, grep { $to_enable{$_} } @sorted); # add any previously-unseen configs push(@enabled, grep { $profiles{$_}->{'Default'} eq 'yes' && !$seen{$_} } @sorted); @enabled = sort { $profiles{$b}->{'Priority'} <=> $profiles{$a}->{'Priority'} || $b cmp $a } @enabled; my $prev = ''; @enabled = grep { $_ ne $prev && (($prev) = $_) } @enabled; # Do we have any new options to show? If not, we shouldn't reprompt the # user, at any priority level, unless explicitly called. @new = grep { !$seen{$_} } @sorted; settitle($titletemplate); # if diff_profiles() fails, and we weren't passed a 'force' argument # (because this isn't an upgrade from an old version, or the checksum # didn't match, or we're being called by some other module package), prompt # the user whether to override. If the user declines (the default), we # never again manage this config unless manually called with '--force'. if (!$diff && !$force) { input('high',$overridetemplate); go(); $force = 1 if (get($overridetemplate) eq 'true'); } if (!$diff && !$force) { print STDERR <= 0; $i--) { my $conflict = $enabled[$i]; if ($profiles{$elem}->{'Conflicts'}->{$conflict}) { splice(@enabled,$i,1); my $desc = $profiles{$elem}->{'Name'} . ', ' . $profiles{$conflict}->{'Name'}; push(@conflicts,$desc); } } } if (@conflicts) { subst($errtemplate, 'conflicts', join("\\n", @conflicts)); input('high',$errtemplate); } set($template, join(', ', @enabled)); if (!@enabled) { input('high',$blanktemplate); # we can only end up here by user error, but give them another # shot at selecting a correct config anyway. fset($template,'seen','false'); } } while (@conflicts || !@enabled); # the decision has been made about what configs to use, so even if # something fails after this, we shouldn't go munging the default # options again. Save the list of known configs to /var/lib/pam. open(SEEN,"> $savedir/seen"); for my $i (@sorted) { print SEEN "$i\n"; } close(SEEN); # @enabled now contains our list of profiles to use for piecing together # a config # we have: # - templates into which we insert the specialness # - magic comments denoting the beginning and end of our managed block; # looking at only the functional config lines would potentially let us # handle more cases, at the expense of much greater complexity, so # pass on this at least for the first round # - a representation of the autogenerated config stored in /var/lib/pam, # that we can diff against in order to account for changed options or # manually dropped modules # - a hash describing the local modifications the user has made to the # config; these are always preserved unless manually overridden with # the --force option write_profiles(\%profiles, \@enabled, $confdir, $savedir, $diff, $force); # take a single line from a stock config, and merge it with the # information about local admin edits sub merge_one_line { my ($line,$diff,$count) = @_; my (@opts,$modline); my ($adds,$removes); $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; @opts = split(/\s+/,$3); $modline = $1; $modline =~ s/end/$count/g; if ($diff) { my $mod = $modline; $mod =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; $adds = \%{$diff->{'add'}{$mod}}; $removes = \%{$diff->{'remove'}{$mod}}; } else { $adds = $removes = undef; } for (my $i = 0; $i <= $#opts; $i++) { if ($adds->{$opts[$i]}) { delete $adds->{$opts[$i]}; } if ($removes->{$opts[$i]}) { splice(@opts,$i,1); $i--; } } return $modline . " " . join(' ',@opts,sort keys(%{$adds})) . "\n"; } # return the lines for a given config name, type, and position in the stack sub lines_for_module_and_type { my ($profiles, $mod, $type, $modpos) = @_; if ($modpos == 0 && $profiles->{$mod}{$type . '-Initial'}) { return $profiles->{$mod}{$type . '-Initial'}; } return $profiles->{$mod}{$type}; } # create a single PAM config from the indicated template and selections, # writing to a new file sub create_from_template { my($template,$dest,$profiles,$enabled,$diff,$type) = @_; my $state = 0; my $uctype = ucfirst($type); $type =~ s/-noninteractive//; open(INPUT,$template) || return 0; open(OUTPUT,">$dest") || return 0; while () { if ($state == 1) { if (/^# here's the fallback if no module succeeds/) { print OUTPUT; $state++; } next; } if ($state == 3) { if (/^# end of pam-auth-update config/) { print OUTPUT; $state++; } next; } print OUTPUT; my ($pattern,$val); if ($state == 0) { $pattern = '^# here are the per-package modules \(the "Primary" block\)'; $val = 'Primary'; } elsif ($state == 2) { $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; $val = 'Additional'; } else { next; } if (/$pattern/) { my $i = 0; my $count = 0; # first we need to get a count of lines that we're # going to output, so we can fix up the jumps correctly for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if $profiles->{$mod}{$uctype . '-Type'} ne $val; $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); # bypasses a perl warning about @_, sigh my @tmparr = split("\n+",$output); $count += @tmparr; } # in case anything tries to jump in the 'additional' # block, let's try not to jump off the stack... $count-- if ($val eq 'Additional'); # no primary block, so output a stock pam_permit line # to keep the stack intact if ($val eq 'Primary' && $count == 0) { print OUTPUT "$type\t[default=1]\t\t\tpam_permit.so\n"; } $i = 0; for my $mod (@{$enabled}) { my $output; my @output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if $profiles->{$mod}{$uctype . '-Type'} ne $val; $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); for my $line (split("\n",$output)) { $line = merge_one_line($line,$diff, $count); print OUTPUT "$type\t$line"; $count--; } } $state++; } } close(INPUT); close(OUTPUT); if ($state < 4) { unlink($dest); return 0; } return 1; } # take a template file, strip out everything between the markers, and # return the md5sum of the remaining contents. Used for testing for # local modifications of the boilerplate. sub get_template_md5sum { my($template) = @_; my $state = 0; open(INPUT,$template) || return ''; my($md5sum_fd,$output_fd); my $pid = open2($md5sum_fd, $output_fd, 'md5sum'); return '' if (!$pid); while () { if ($state == 1) { if (/^# here's the fallback if no module succeeds/) { print $output_fd $_; $state++; } next; } if ($state == 3) { if (/^# end of pam-auth-update config/) { print $output_fd $_; $state++; } next; } print $output_fd $_; my ($pattern,$val); if ($state == 0) { $pattern = '^# here are the per-package modules \(the "Primary" block\)'; } elsif ($state == 2) { $pattern = '^# and here are more per-package modules \(the "Additional" block\)'; } else { next; } if (/$pattern/) { $state++; } } close(INPUT); close($output_fd); my $md5sum = <$md5sum_fd>; close($md5sum_fd); waitpid $pid, 0; $md5sum = (split(/\s+/,$md5sum))[0]; return $md5sum; } # merge a set of module declarations into a set of new config files, # using the information returned from diff_profiles(). sub write_profiles { my($profiles,$enabled,$confdir,$savedir,$diff,$force) = @_; if (! -d $savedir) { mkdir($savedir); } # because we can't atomically replace both /var/lib/pam/$foo and # /etc/pam.d/common-$foo at the same time, take steps to make this # somewhat robust for my $type ('auth','account','password','session', 'session-noninteractive') { my $target = $confdir . '/common-' . $type; my $template = $target; my $dest = $template . '.pam-new'; my $diff = $diff; if ($diff) { $diff = \%{$diff->{$type}}; } # Detect if the template is unmodified, and if so, use # the version from /usr/share. Depends on knowing the # md5sums of the originals. my $md5sum = get_template_md5sum($template); for my $i (@{$md5sums{$type}}) { if ($md5sum eq $i) { $template = '/usr/share/pam/common-' . $type; last; } } # first, write out the new config if (!create_from_template($template,$dest,$profiles,$enabled, $diff,$type)) { if (!$force) { return 0; } $template = '/usr/share/pam/common-' . $type; if (!create_from_template($template,$dest,$profiles, $enabled,$diff,$type)) { return 0; } } # then write out the saved config if (!open(OUTPUT, "> $savedir/$type.new")) { unlink($dest); return 0; } my $i = 0; my $uctype = ucfirst($type); for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Additional'); $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); if ($output) { print OUTPUT "Module: $mod\n"; print OUTPUT $output . "\n"; } } # no primary block, so output a stock pam_permit line if ($i == 0) { print OUTPUT "Module: null\n"; print OUTPUT "[default=1]\t\t\tpam_permit.so\n"; } $i = 0; for my $mod (@{$enabled}) { my $output; next if (!$profiles->{$mod}{$uctype . '-Type'}); next if ($profiles->{$mod}{$uctype . '-Type'} eq 'Primary'); $output = lines_for_module_and_type($profiles, $mod, $uctype, $i++); if ($output) { print OUTPUT "Module: $mod\n"; print OUTPUT $output . "\n"; } } close(OUTPUT); # then do the renames, back-to-back # we have to use system because File::Copy is in # perl-modules, not perl-base if (-e "$target" && $force) { system('cp','-f',$target,$target . '.pam-old'); } rename($dest,$target); rename("$savedir/$type.new","$savedir/$type"); } # at the end of a successful write, reset the 'seen' flag and the # value of the debconf override question. fset($overridetemplate,'seen','false'); set($overridetemplate,'false'); } # reconcile the current config in /etc/pam.d with the saved ones in # /var/lib/pam; returns a hash of profile names and the corresponding # options that should be added/removed relative to the stock config. # returns false if any of the markers are missing that permit a merge, # or on any other failure. sub diff_profiles { my ($sourcedir,$savedir) = @_; my (%diff); @{$diff{'mods'}} = (); # Load the saved config from /var/lib/pam, then iterate through all # lines in the current config that are in the managed block. # If anything fails here, just return immediately since we then # have nothing to merge; instead, the caller will decide later # whether to force an overwrite. for my $type ('auth','account','password','session', 'session-noninteractive') { my (@saved,$modname); open(SAVED,$savedir . '/' . $type) || return 0; while () { if (/^Module: (.*)/) { $modname = $1; next; } chomp; # trim out the destination of any jumps; this saves # us from having to re-parse everything just to fix # up the jump lengths, when changes to these will # already show up as inconsistencies elsewhere s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; s/(\[.*)end(.*\])/$1$2/g; my (@temp) = ($modname,$_); push(@saved,\@temp); } close(SAVED); my $state = 0; my (@prev_opts,$curmod); my $realtype = $type; $realtype =~ s/-noninteractive//; open(CURRENT,$sourcedir . '/common-' . $type) || return 0; while () { if ($state == 0) { $state = 1 if (/^# here are the per-package modules \(the "Primary" block\)/); next; } if ($state == 1) { s/^$realtype\s+//; if (/^# here's the fallback if no module succeeds/) { $state = 2; next; } } if ($state == 2) { $state = 3 if (/^# and here are more per-package modules \(the "Additional" block\)/); next; } if ($state == 3) { last if (/^# end of pam-auth-update config/); s/^$realtype\s+//; } my $found = 0; my $curopts; while (!$found && $#saved >= 0) { my $line; ($modname,$line) = @{$saved[0]}; shift(@saved); $line =~ /^((\[[^]]+\]|\w+)\s+\S+)\s*(.*)/; @prev_opts = split(/\s+/,$3); $curmod = $1; # FIXME: the key isn't derived from the config # name, so collisions are possible if more # than one config references the same module $_ =~ s/(\[[^0-9]*)[0-9]+(.*\])/$1$2/g; # check if this is a match for the current line if ($_ =~ /^\Q$curmod\E\s*(.*)$/) { $found = 1; $curopts = $1; push(@{$diff{'mods'}},$modname); } } # there's a line in the live config that doesn't # correspond to anything from the saved config. # treat this as a failure; it's very error-prone # to decide what to do with an added line that # didn't come from a package. return 0 if (!$found); for my $opt (split(/\s+/,$curopts)) { my $found = 0; for (my $i = 0; $i <= $#prev_opts; $i++) { if ($prev_opts[$i] eq $opt) { $found = 1; splice(@prev_opts,$i,1); } } $diff{$type}{'add'}{$curmod}{$opt} = 1 if (!$found); } for my $opt (@prev_opts) { $diff{$type}{'remove'}{$curmod}{$opt} = 1; } } close(CURRENT); # we couldn't parse the config, so the merge fails return 0 if ($state < 3); } return \%diff; } # simple function to parse a provided config file, in pseudo-RFC822 # format, sub parse_pam_profile { my ($profile) = $_[0]; my $fieldname; my %profile; open(PROFILE, $profile) || die "could not read profile $profile: $!"; while () { if (/^(\S+):\s+(.*)\s*$/) { $fieldname = $1; # compatibility with the first implementation round; # "Auth-Final" is now just called "Auth" $fieldname =~ s/-Final$//; if ($fieldname eq 'Conflicts') { foreach my $elem (split(/, /, $2)) { $profile{'Conflicts'}->{$elem} = 1; } } else { $profile{$fieldname} = $2; } } else { chomp; s/^\s+//; s/\s+$//; $profile{$fieldname} .= "\n$_" if ($_); $profile{$fieldname} =~ s/^[\n\s]+//; } } close(PROFILE); if (!defined($profile{'Session-Interactive-Only'})) { $profile{'Session-noninteractive-Type'} = $profile{'Session-Type'}; $profile{'Session-noninteractive'} = $profile{'Session'}; $profile{'Session-noninteractive-Initial'} = $profile{'Session-Initial'}; } return %profile; } pam/debian/local/pam-auth-update.80000644000000000000000000000714613261413076014135 0ustar .\" Copyright (C) 2008 Canonical Ltd. .\" .\" Author: Steve Langasek .\" .\" This program is free software; you can redistribute it and/or modify .\" it under the terms of version 3 of the GNU General Public License as .\" published by the Free Software Foundation. .\" .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, .\" USA. .TH "PAM\-AUTH\-UPDATE" "8" "08/23/2008" "Debian" .SH NAME pam\-auth\-update - manage PAM configuration using packaged profiles .SH SYNOPSIS .B pam\-auth\-update .RB [ \-\-package " [" \-\-remove .IR profile " [" profile\fR... "]]]" .RB [ \-\-force ] .SH DESCRIPTION .I pam\-auth\-update is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. Profiles shipped in the .I /usr/share/pam\-configs/ directory specify the modules, with options, to enable; the preferred ordering with respect to other profiles; and whether a profile should be enabled by default. Packages providing PAM modules register their profiles at install time by calling .BR "pam\-auth\-update \-\-package" . Selection of profiles is done using the standard debconf interface. The profile selection question will be asked at `medium' priority when packages are added or removed, so no user interaction is required by default. Users may invoke .B pam\-auth\-update directly to change their authentication configuration. .PP The script makes every effort to respect local changes to .IR "/etc/pam.d/common-*". Local modifications to the list of module options will be preserved, and additions of modules within the managed portion of the stack will cause .B pam\-auth\-update to treat the config files as locally modified and not make further changes to the config files unless given the .B \-\-force option. .PP If the user specifies that .B pam\-auth\-update should override local configuration changes, the locally-modified files will be saved in .I /etc/pam.d/ with a suffix of .IR "\.pam\-old" . .SH OPTIONS .TP .B \-\-package Indicate that the caller is a package maintainer script; lowers the priority of debconf questions to `medium' so that the user is not prompted by default. .TP .B \-\-enable \fIprofile \fR[\fIprofile\fR...] Enable the specified profiles in system configuration. This is used to enable profiles that are not on by default. .TP .B \-\-remove \fIprofile \fR[\fIprofile\fR...] Remove the specified profiles from the system configuration. .B pam\-auth\-update \-\-remove should be used to remove profiles from the configuration before the modules they reference are removed from disk, to ensure that PAM is in a consistent and usable state at all times during package upgrades or removals. .TP .B \-\-force Overwrite the current PAM configuration, without prompting. This option .B must not be used by package maintainer scripts; it is intended for use by administrators only. .SH FILES .PP .I /etc/pam.d/common\-* .RS 4 Global configuration of PAM, affecting all installed services. .RE .PP .I /usr/share/pam\-configs/ .RS 4 Package-supplied authentication profiles. .RE .SH AUTHOR Steve Langasek .SH COPYRIGHT Copyright (C) 2008 Canonical Ltd. .SH "SEE ALSO" PAM(7), pam.d(5), debconf(7) pam/debian/local/pam.conf0000644000000000000000000000105013261244762012464 0ustar # ---------------------------------------------------------------------------# # /etc/pam.conf # # ---------------------------------------------------------------------------# # # NOTE # ---- # # NOTE: Most program use a file under the /etc/pam.d/ directory to setup their # PAM service modules. This file is used only if that directory does not exist. # ---------------------------------------------------------------------------# # Format: # serv. module ctrl module [path] ...[args..] # # name type flag # pam/debian/local/pam_getenv0000644000000000000000000000551213261244762013117 0ustar #!/usr/bin/perl -w =head1 NAME pam_getenv - get environment variables from /etc/environment =head1 SYNOPSIS pam_getenv B<[-l] [-s]> I =head1 DESCRIPTION This tool will print out the value of I from F. It will attempt to expand environment variable references in the definition of I but will fail if PAM items are expanded. The B<-l> option indicates the script should return an environment variable related to default locale information. The B<-s> option indicates that the script should return an system default environment variable. Currently neither the B<-l> or B<-s> options do anything. They are included because future versions of Debian may have a separate repository for the initial environment used by init scripts and for system locale information. These options will allow this script to be a stable interface even in that environment. =cut # Copyright 2004 by Sam Hartman # This script may be copied under the terms of the GNU GPL # version 2, or at your option any later version. use strict; use vars qw(*CONFIGFILE *ENVFILE); sub read_line($) { my $fh = shift; my $line; local $_; line: while (<$fh>) { chomp; s/^\s+//; s/\#.*$//; next if $_ eq ""; if (s/\\\s*$//) { $line .= $_; next line; } $line .= $_; last; } $line; } sub parse_line($) { my $var; my (%x, @x); local $_ = shift; return undef unless defined $_ and s/(\S+)\s//; $var->{Name} = $1; s/^\s*//; @x = split(/=([^"\s]\S*|"[^"]*")\s*/, $_); unless (scalar(@x)%2 == 0) { push @x, undef; } %x = @x; @{$var}{"Default", "Override"} = @x{"DEFAULT", "OVERRIDE"}; $var; } sub expand_val($) { my ($val) = @_; return undef unless $val; die "Cannot handle PAM items\n" if /(?{Override})) { $val = expand_val($var->{Default}); } $allvars{$var->{Name}} = $val; } if (open (ENVFILE, "/etc/environment")) { while (my $line = read_line(\*ENVFILE)) { $line =~ s/^export //; $line =~ /(.*?)=(.+)/ or next; my ($var, $val) = ($1, $2); # This is bizarre logic (" and ' match each other, quotes are only # significant at the start and end of the string, and the trailing quote # may be omitted), but it's what pam_env does. $val =~ s/^["'](.*?)["']?$/$1/; $allvars{$var} = $val; } } if (exists $allvars{$lookup}) { print $allvars{$lookup}, "\n"; exit(0); } pam/debian/pam-configs/0000755000000000000000000000000013261244762012155 5ustar pam/debian/pam-configs/cracklib0000644000000000000000000000037213261244762013654 0ustar Name: Cracklib password strength checking Default: yes Priority: 1024 Conflicts: unix-zany Password-Type: Primary Password: requisite pam_cracklib.so retry=3 minlen=8 difok=3 Password-Initial: requisite pam_cracklib.so retry=3 minlen=8 difok=3 pam/debian/pam-configs/mkhomedir0000644000000000000000000000023213261244762014054 0ustar Name: Create home directory on login Default: no Priority: 0 Session-Type: Additional Session-Interactive-Only: yes Session: optional pam_mkhomedir.so pam/debian/pam-configs/unix0000644000000000000000000000125213261244762013063 0ustar Name: Unix authentication Default: yes Priority: 256 Auth-Type: Primary Auth: [success=end default=ignore] pam_unix.so nullok_secure try_first_pass Auth-Initial: [success=end default=ignore] pam_unix.so nullok_secure Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_unix.so Account-Initial: [success=end new_authtok_reqd=done default=ignore] pam_unix.so Session-Type: Additional Session: required pam_unix.so Session-Initial: required pam_unix.so Password-Type: Primary Password: [success=end default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 Password-Initial: [success=end default=ignore] pam_unix.so obscure sha512 pam/debian/patches-applied/0000755000000000000000000000000013261244762013015 5ustar pam/debian/patches-applied/007_modules_pam_unix0000644000000000000000000004276513261244762016714 0ustar Index: pam.debian/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix_passwd.c +++ pam.debian/modules/pam_unix/pam_unix_passwd.c @@ -102,6 +102,9 @@ # endif /* GNU libc 2.1 */ #endif +extern const char *obscure_msg(const char *, const char *, const struct passwd *, + unsigned int); + /* How it works: Gets in username (has to be done) from the calling program @@ -521,6 +524,11 @@ return retval; } } + if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ + struct passwd *pwd; + pwd = pam_modutil_getpwnam(pamh, user); + remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ + } } if (remark) { _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); @@ -536,7 +544,7 @@ int retval; int remember = -1; int rounds = -1; - int pass_min_len = 0; + int pass_min_len = 6; /* */ const char *user; Index: pam.debian/modules/pam_unix/support.h =================================================================== --- pam.debian.orig/modules/pam_unix/support.h +++ pam.debian/modules/pam_unix/support.h @@ -97,8 +97,9 @@ password hash algorithms */ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ +#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ /* -------------- */ -#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) @@ -107,34 +108,35 @@ /* symbol token name ctrl mask ctrl * * ----------------------- ------------------- --------------------- -------- */ -/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 01, 0}, -/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 02, 0}, -/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 04, 0}, -/* UNIX_AUDIT */ {"audit", _ALL_ON_, 010, 0}, -/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(060), 020, 0}, -/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(060), 040, 0}, -/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0100, 0}, -/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0600), 0200, 0}, -/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0600), 0400, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 01000, 0}, -/* UNIX__QUIET */ {NULL, _ALL_ON_, 02000, 0}, -/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 04000, 0}, -/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 010000, 0}, -/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0260420000), 020000, 1}, -/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(01000), 0, 0}, -/* UNIX_DEBUG */ {"debug", _ALL_ON_, 040000, 0}, -/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0100000, 0}, -/* UNIX_NIS */ {"nis", _ALL_ON_, 0200000, 0}, -/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0260420000), 0400000, 1}, -/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 01000000, 0}, -/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 02000000, 0}, -/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 04000000, 0}, -/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 010000000, 0}, -/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0260420000), 020000000, 1}, -/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0260420000), 040000000, 1}, -/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0}, -/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1}, -/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0}, +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, +/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, +/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, +/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, +/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, +/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1}, +/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0}, +/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, +/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, +/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, +/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1}, +/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, +/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, +/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1}, +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1}, +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, +/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml @@ -337,8 +337,81 @@ Set a minimum password length of n - characters. The max. for DES crypt based passwords are 8 - characters. + characters. The default value is 6. The maximum for DES + crypt-based passwords is 8 characters. + + + + + + + + + + Enable some extra checks on password strength. These checks + are based on the "obscure" checks in the original shadow + package. The behavior is similar to the pam_cracklib + module, but for non-dictionary-based checks. The following + checks are implemented: + + + + + + + + Verifies that the new password is not a palindrome + of (i.e., the reverse of) the previous one. + + + + + + + + + + Verifies that the new password isn't the same as the + old one with a change of case. + + + + + + + + + + Verifies that the new password isn't too much like + the previous one. + + + + + + + + + + Is the new password too simple? This is based on + the length of the password and the number of + different types of characters (alpha, numeric, etc.) + used. + + + + + + + + + + Is the new password a rotated version of the old + password? (E.g., "billy" and "illyb") + + + + Index: pam.debian/modules/pam_unix/obscure.c =================================================================== --- /dev/null +++ pam.debian/modules/pam_unix/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Julianne F. Haugh nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + + +#include "support.h" + +/* can't be a palindrome - like `R A D A R' or `M A D A M' */ +static int palindrome(const char *old, const char *new) { + int i, j; + + i = strlen (new); + + for (j = 0;j < i;j++) + if (new[i - j - 1] != new[j]) + return 0; + + return 1; +} + +/* more than half of the characters are different ones. */ +static int similar(const char *old, const char *new) { + int i, j; + + /* + * XXX - sometimes this fails when changing from a simple password + * to a really long one (MD5). For now, I just return success if + * the new password is long enough. Please feel free to suggest + * something better... --marekm + */ + if (strlen(new) >= 8) + return 0; + + for (i = j = 0; new[i] && old[i]; i++) + if (strchr(new, old[i])) + j++; + + if (i >= j * 2) + return 0; + + return 1; +} + +/* a nice mix of characters. */ +static int simple(const char *old, const char *new) { + int digits = 0; + int uppers = 0; + int lowers = 0; + int others = 0; + int size; + int i; + + for (i = 0;new[i];i++) { + if (isdigit (new[i])) + digits++; + else if (isupper (new[i])) + uppers++; + else if (islower (new[i])) + lowers++; + else + others++; + } + + /* + * The scam is this - a password of only one character type + * must be 8 letters long. Two types, 7, and so on. + */ + + size = 9; + if (digits) size--; + if (uppers) size--; + if (lowers) size--; + if (others) size--; + + if (size <= i) + return 0; + + return 1; +} + +static char *str_lower(char *string) { + char *cp; + + for (cp = string; *cp; cp++) + *cp = tolower(*cp); + return string; +} + +static const char * password_check(const char *old, const char *new, + const struct passwd *pwdp) { + const char *msg = NULL; + char *oldmono, *newmono, *wrapped; + + if (strcmp(new, old) == 0) + return _("Bad: new password must be different than the old one"); + + newmono = str_lower(strdup(new)); + oldmono = str_lower(strdup(old)); + wrapped = (char *)malloc(strlen(oldmono) * 2 + 1); + strcpy (wrapped, oldmono); + strcat (wrapped, oldmono); + + if (palindrome(oldmono, newmono)) { + msg = _("Bad: new password cannot be a palindrome"); + } else if (strcmp(oldmono, newmono) == 0) { + msg = _("Bad: new and old password must differ by more than just case"); + } else if (similar(oldmono, newmono)) { + msg = _("Bad: new and old password are too similar"); + } else if (simple(old, new)) { + msg = _("Bad: new password is too simple"); + } else if (strstr(wrapped, newmono)) { + msg = _("Bad: new password is just a wrapped version of the old one"); + } + + _pam_delete(newmono); + _pam_delete(oldmono); + _pam_delete(wrapped); + + return msg; +} + +const char *obscure_msg(const char *old, const char *new, + const struct passwd *pwdp, unsigned int ctrl) { + int oldlen, newlen; + char *new1, *old1; + const char *msg; + + if (old == NULL) + return NULL; /* no check if old is NULL */ + + oldlen = strlen(old); + newlen = strlen(new); + + /* Remaining checks are optional. */ + if (off(UNIX_OBSCURE_CHECKS,ctrl)) + return NULL; + + if ((msg = password_check(old, new, pwdp)) != NULL) + return msg; + + /* The traditional crypt() truncates passwords to 8 chars. It is + possible to circumvent the above checks by choosing an easy + 8-char password and adding some random characters to it... + Example: "password$%^&*123". So check it again, this time + truncated to the maximum length. Idea from npasswd. --marekm */ + + if (!UNIX_DES_CRYPT(ctrl)) + return NULL; /* unlimited password length */ + + if (oldlen <= 8 && newlen <= 8) + return NULL; + + new1 = strndup(new,8); + old1 = strndup(old,8); + + msg = password_check(old1, new1, pwdp); + + _pam_delete(new1); + _pam_delete(old1); + + return msg; +} Index: pam.debian/modules/pam_unix/Makefile.am =================================================================== --- pam.debian.orig/modules/pam_unix/Makefile.am +++ pam.debian/modules/pam_unix/Makefile.am @@ -43,7 +43,7 @@ pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c if STATIC_MODULES pam_unix_la_SOURCES += pam_unix_static.c endif Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 @@ -183,7 +183,38 @@ .RS 4 Set a minimum password length of \fIn\fR -characters\&. The max\&. for DES crypt based passwords are 8 characters\&. +characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&. +.RE +.PP +\fBobscure\fR +.RS 4 +Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented: +.PP +\fBPalindrome\fR +.RS 4 +Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&. +.RE +.PP +\fBCase Change Only\fR +.RS 4 +Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&. +.RE +.PP +\fBSimilar\fR +.RS 4 +Verifies that the new password isn\*(Aqt too much like the previous one\&. +.RE +.PP +\fBSimple\fR +.RS 4 +Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&. +.RE +.PP +\fBRotated\fR +.RS 4 +Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb") +.RE +.sp .RE .PP Invalid arguments are logged with pam/debian/patches-applied/008_modules_pam_limits_chroot0000644000000000000000000001007313261244762020574 0ustar Index: pam.debian/modules/pam_limits/pam_limits.c =================================================================== --- pam.debian.orig/modules/pam_limits/pam_limits.c +++ pam.debian/modules/pam_limits/pam_limits.c @@ -87,6 +87,7 @@ int flag_numsyslogins; /* whether to limit logins only for a specific user or to count all logins */ int priority; /* the priority to run user process with */ + char chroot_dir[8092]; /* directory to chroot into */ struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; @@ -97,6 +98,7 @@ #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 #define LIMIT_PRI RLIM_NLIMITS+3 +#define LIMIT_CHROOT RLIM_NLIMITS+4 #define LIMIT_SOFT 1 #define LIMIT_HARD 2 @@ -472,6 +474,8 @@ pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; + pl->chroot_dir[0] = '\0'; + return retval; } @@ -542,6 +546,8 @@ pl->flag_numsyslogins = 1; } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; + } else if (strcmp(lim_item, "chroot") == 0) { + limit_item = LIMIT_CHROOT; } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; @@ -579,9 +585,9 @@ pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); - return; + return; } - } else { + } else if (limit_item != LIMIT_CHROOT) { #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else @@ -642,7 +648,11 @@ #endif } - if ( (limit_item != LIMIT_LOGIN) + if (limit_item == LIMIT_CHROOT) { + strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1); + pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0'; + } + else if ( (limit_item != LIMIT_LOGIN) && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) ) { if (limit_type & LIMIT_SOFT) { @@ -986,6 +996,15 @@ retval |= LOGIN_ERR; } + if (!retval && pl->chroot_dir[0]) { + i = chdir(pl->chroot_dir); + if (i == 0) + i = chroot(pl->chroot_dir); + if (i == 0) + i = chdir("/"); + if (i != 0) + retval = LIMIT_ERR; + } return retval; } Index: pam.debian/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5.xml +++ pam.debian/modules/pam_limits/limits.conf.5.xml @@ -255,6 +255,12 @@ (Linux 2.6.12 and higher) + + + + the directory to chroot the user to + + Index: pam.debian/modules/pam_limits/limits.conf.5 =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5 +++ pam.debian/modules/pam_limits/limits.conf.5 @@ -260,6 +260,11 @@ .RS 4 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) .RE +.PP +\fBchroot\fR +.RS 4 +the directory to chroot the user to +.RE .RE .PP All items support the values Index: pam.debian/modules/pam_limits/limits.conf =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf +++ pam.debian/modules/pam_limits/limits.conf @@ -35,6 +35,7 @@ # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority +# - chroot - change root to directory (Debian-specific) # # # @@ -45,6 +46,7 @@ #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 +#ftp - chroot /ftp #@student - maxlogins 4 # End of file pam/debian/patches-applied/021_nis_cleanup0000644000000000000000000000311613261244762015623 0ustar Patch from Philippe Troin Originally this included a bunch of changes to locking, but the more recent code pulled from Linux_pam CVS seems to fix that issue. Index: pam.deb/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c +++ pam.deb/modules/pam_unix/pam_unix_passwd.c @@ -577,7 +577,7 @@ if (_unix_blankpasswd(pamh, ctrl, user)) { return PAM_SUCCESS; - } else if (off(UNIX__IAMROOT, ctrl)) { + } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) { /* instruct user what is happening */ if (asprintf(&Announce, _("Changing password for %s."), user) < 0) { @@ -590,7 +590,9 @@ set(UNIX__OLD_PASSWD, lctrl); retval = _unix_read_password(pamh, lctrl ,Announce - ,_("(current) UNIX password: ") + ,(on(UNIX__IAMROOT, ctrl) + ? _("NIS server root password: ") + : _("(current) UNIX password: ")) ,NULL ,_UNIX_OLD_AUTHTOK ,&pass_old); @@ -601,9 +603,12 @@ "password - (old) token not obtained"); return retval; } - /* verify that this is the password for this user */ + /* verify that this is the password for this user + * if we're not using NIS */ - retval = _unix_verify_password(pamh, user, pass_old, ctrl); + if (off(UNIX_NIS, ctrl)) { + retval = _unix_verify_password(pamh, user, pass_old, ctrl); + } } else { D(("process run by root so do nothing this time around")); pass_old = NULL; pam/debian/patches-applied/022_pam_unix_group_time_miscfixes0000644000000000000000000000207113261244762021447 0ustar Description: handle the case of flags being empty or only PAM_SILENT, which is documented in other PAM implementations as meaning PAM_ESTABLISH_CRED: http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.basetechref%2Fdoc%2Fbasetrf1%2Fpam_setcred.htm Index: pam.deb/modules/pam_group/pam_group.c =================================================================== --- pam.deb.orig/modules/pam_group/pam_group.c +++ pam.deb/modules/pam_group/pam_group.c @@ -765,9 +765,12 @@ unsigned setting; /* only interested in establishing credentials */ + /* PAM docs say that an empty flag is to be treated as PAM_ESTABLISH_CRED. + Some people just pass PAM_SILENT, so cope with it, too. */ setting = flags; - if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED))) { + if (!(setting & (PAM_ESTABLISH_CRED | PAM_REINITIALIZE_CRED)) + && (setting != 0) && (setting != PAM_SILENT)) { D(("ignoring call - not for establishing credentials")); return PAM_SUCCESS; /* don't fail because of this */ } pam/debian/patches-applied/026_pam_unix_passwd_unknown_user0000644000000000000000000000163713261244762021354 0ustar Description: distinguish between password manipulation failure and missing user. Author: Martin Schwenke Index: pam.deb/modules/pam_unix/passverify.c =================================================================== --- pam.deb.orig/modules/pam_unix/passverify.c +++ pam.deb/modules/pam_unix/passverify.c @@ -719,7 +719,7 @@ struct passwd *tmpent = NULL; struct stat st; FILE *pwfile, *opwfile; - int err = 1; + int err = 1, found = 0; int oldmask; #ifdef WITH_SELINUX security_context_t prev_context=NULL; @@ -790,6 +790,7 @@ tmpent->pw_passwd = assigned_passwd.charp; err = 0; + found = 1; } if (putpwent(tmpent, pwfile)) { D(("error writing entry to password file: %m")); @@ -832,7 +833,7 @@ return PAM_SUCCESS; } else { unlink(PW_TMPFILE); - return PAM_AUTHTOK_ERR; + return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; } } pam/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root0000644000000000000000000002035213261244762024222 0ustar Description: Allow explicit limits for root and reset limits on each session When crossing session boundaries (such as when su'ing from one user to another), if the target account has no limit specified in limits.conf we want to use the default, not the current value configured for the source account. . If /proc/1/limits is unavailable, fall back to a set of hard-coded values that shadow the currently known defaults on Linux. . Also, don't apply wildcard limits to the root account; only apply limits to root that reference root by name. Author: Peter Paluch , Ben Collins , Steve Langasek , Bug-Debian: http://bugs.debian.org/63230 Index: pam.debian/modules/pam_limits/pam_limits.c =================================================================== --- pam.debian.orig/modules/pam_limits/pam_limits.c +++ pam.debian/modules/pam_limits/pam_limits.c @@ -45,6 +45,14 @@ #include #endif +#ifndef MLOCK_LIMIT +#ifdef __FreeBSD_kernel__ +#define MLOCK_LIMIT RLIM_INFINITY +#else +#define MLOCK_LIMIT (64*1024) +#endif +#endif + /* Module defines */ #define LINE_LENGTH 1024 @@ -82,6 +90,7 @@ /* internal data */ struct pam_limit_s { + int root; /* running as root? */ int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a @@ -436,9 +445,18 @@ { int i; int retval = PAM_SUCCESS; + static int mlock_limit = 0; D(("called.")); + pl->root = 0; + + if (mlock_limit == 0) { + mlock_limit = sysconf(_SC_PAGESIZE); + if (mlock_limit < MLOCK_LIMIT) + mlock_limit = MLOCK_LIMIT; + } + for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { @@ -454,18 +472,68 @@ } #ifdef __linux__ - if (ctrl & PAM_SET_ALL) { - parse_kernel_limits(pamh, pl, ctrl); + parse_kernel_limits(pamh, pl, ctrl); +#endif - for(i = 0; i < RLIM_NLIMITS; i++) { + for(i = 0; i < RLIM_NLIMITS; i++) { if (pl->limits[i].supported && (pl->limits[i].src_soft == LIMITS_DEF_NONE || pl->limits[i].src_hard == LIMITS_DEF_NONE)) { - pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); +#ifdef __linux__ + pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); +#endif + pl->limits[i].src_soft = LIMITS_DEF_DEFAULT; + pl->limits[i].src_hard = LIMITS_DEF_DEFAULT; + switch(i) { + case RLIMIT_CPU: + case RLIMIT_FSIZE: + case RLIMIT_DATA: + case RLIMIT_RSS: + case RLIMIT_NPROC: +#ifdef RLIMIT_AS + case RLIMIT_AS: +#endif +#ifdef RLIMIT_LOCKS + case RLIMIT_LOCKS: +#endif + pl->limits[i].limit.rlim_cur = RLIM_INFINITY; + pl->limits[i].limit.rlim_max = RLIM_INFINITY; + break; + case RLIMIT_MEMLOCK: + pl->limits[i].limit.rlim_cur = mlock_limit; + pl->limits[i].limit.rlim_max = mlock_limit; + break; +#ifdef RLIMIT_SIGPENDING + case RLIMIT_SIGPENDING: + pl->limits[i].limit.rlim_cur = 16382; + pl->limits[i].limit.rlim_max = 16382; + break; +#endif +#ifdef RLIMIT_MSGQUEUE + case RLIMIT_MSGQUEUE: + pl->limits[i].limit.rlim_cur = 819200; + pl->limits[i].limit.rlim_max = 819200; + break; +#endif + case RLIMIT_CORE: + pl->limits[i].limit.rlim_cur = 0; + pl->limits[i].limit.rlim_max = RLIM_INFINITY; + break; + case RLIMIT_STACK: + pl->limits[i].limit.rlim_cur = 8192*1024; + pl->limits[i].limit.rlim_max = RLIM_INFINITY; + break; + case RLIMIT_NOFILE: + pl->limits[i].limit.rlim_cur = 1024; + pl->limits[i].limit.rlim_max = 1024; + break; + default: + pl->limits[i].src_soft = LIMITS_DEF_NONE; + pl->limits[i].src_hard = LIMITS_DEF_NONE; + break; + } } - } } -#endif errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); @@ -804,7 +872,7 @@ if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); - else if (domain[0]=='@') { + else if (domain[0]=='@' && !pl->root) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", @@ -830,7 +898,7 @@ process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } - } else if (domain[0]=='%') { + } else if (domain[0]=='%' && !pl->root) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", @@ -864,7 +932,7 @@ } else { switch(rngtype) { case LIMIT_RANGE_NONE: - if (strcmp(domain, "*") == 0) + if (strcmp(domain, "*") == 0 && !pl->root) process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; @@ -1050,6 +1118,8 @@ return PAM_ABORT; } + if (pwd->pw_uid == 0) + pl->root = 1; retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable ' -' entry", CONF_FILE)); Index: pam.debian/modules/pam_limits/limits.conf =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf +++ pam.debian/modules/pam_limits/limits.conf @@ -11,6 +11,9 @@ # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit +# - NOTE: group and wildcard limits are not applied to root. +# To apply a limit to the root user, must be +# the literal username root. # # can have the two values: # - "soft" for enforcing the soft limits @@ -41,6 +44,7 @@ # #* soft core 0 +#root hard core 100000 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 Index: pam.debian/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5.xml +++ pam.debian/modules/pam_limits/limits.conf.5.xml @@ -88,6 +88,11 @@ + + NOTE: group and wildcard limits are not + applied to the root user. To set a limit for the root user, this field + must contain the literal username root. + @@ -309,6 +314,7 @@ * soft core 0 +root hard core 100000 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 Index: pam.debian/modules/pam_limits/limits.conf.5 =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5 +++ pam.debian/modules/pam_limits/limits.conf.5 @@ -132,6 +132,10 @@ \fB%:\fR\fI\fR applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. .RE +.sp +\fBNOTE:\fR +group and wildcard limits are not applied to the root user\&. To set a limit for the root user, this field must contain the literal username +\fBroot\fR\&. .RE .PP \fB\fR @@ -304,6 +308,7 @@ .\} .nf * soft core 0 +root hard core 100000 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 Index: pam.debian/modules/pam_limits/README =================================================================== --- pam.debian.orig/modules/pam_limits/README +++ pam.debian/modules/pam_limits/README @@ -54,6 +54,7 @@ limits.conf. * soft core 0 +root hard core 100000 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 pam/debian/patches-applied/031_pam_include0000644000000000000000000000433313261244762015606 0ustar Patch to implement an @include directive for use in pam.d config files. Authors: Jan Christoph Nordholz Upstream status: not yet submitted Index: pam.debian/libpam/pam_handlers.c =================================================================== --- pam.debian.orig/libpam/pam_handlers.c +++ pam.debian/libpam/pam_handlers.c @@ -122,6 +122,10 @@ module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { module_type = PAM_T_PASS; + } else if (!strcasecmp("@include", tok)) { + pam_include = 1; + module_type = requested_module_type; + goto parsing_done; } else { /* Illegal module type */ D(("_pam_init_handlers: bad module type: %s", tok)); @@ -192,8 +196,10 @@ _pam_set_default_control(actions, _PAM_ACTION_BAD); } +parsing_done: tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (pam_include) { + struct stat include_dir; if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, stack_level, module_type, actions, tok, @@ -204,13 +210,35 @@ return PAM_ABORT; } } - if (_pam_load_conf_file(pamh, tok, this_service, module_type, - stack_level + substack + if (tok[0] == '/') { + if (_pam_load_conf_file(pamh, tok, this_service, + module_type, stack_level + substack +#ifdef PAM_READ_BOTH_CONFS + , !other +#endif /* PAM_READ_BOTH_CONFS */ + ) == PAM_SUCCESS) + continue; + } + else if (!stat(PAM_CONFIG_D, &include_dir) + && S_ISDIR(include_dir.st_mode)) + { + char *include_file; + if (asprintf (&include_file, PAM_CONFIG_DF, tok) < 0) { + pam_syslog(pamh, LOG_CRIT, "asprintf failed"); + return PAM_ABORT; + } + if (_pam_load_conf_file(pamh, include_file, this_service, + module_type, stack_level + substack #ifdef PAM_READ_BOTH_CONFS , !other #endif /* PAM_READ_BOTH_CONFS */ - ) == PAM_SUCCESS) - continue; + ) == PAM_SUCCESS) + { + free(include_file); + continue; + } + free(include_file); + } _pam_set_default_control(actions, _PAM_ACTION_BAD); mod_path = NULL; handler_type = PAM_HT_MUST_FAIL; pam/debian/patches-applied/032_pam_limits_EPERM_NOT_FATAL0000644000000000000000000000137313261244762020045 0ustar setrlimit will sometimes return EPERM for example if you try to increase the number of open files too much. This is not something we want to consider fatal. This also happens if you use non-root and try to decrease a limit. Running PAM as non-root is not so great. Authors: ? Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> Index: pam.deb/modules/pam_limits/pam_limits.c =================================================================== --- pam.deb.orig/modules/pam_limits/pam_limits.c +++ pam.deb/modules/pam_limits/pam_limits.c @@ -735,6 +735,8 @@ if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); + if (res == -1 && errno == EPERM) + continue; status |= res; } pam/debian/patches-applied/036_pam_wheel_getlogin_considered_harmful0000644000000000000000000001115513261244762023101 0ustar Patch for Debian bug #163787 et al Always use the process uid, not getlogin(), to identify an applicant in pam_wheel; utmp may be wrong or may have no entry at all in the case of an xterm Authors: Ben Collins Upstream status: submitted in <20070901175405.GA26092@dario.dodds.net> Index: pam.debian/modules/pam_wheel/pam_wheel.c =================================================================== --- pam.debian.orig/modules/pam_wheel/pam_wheel.c +++ pam.debian/modules/pam_wheel/pam_wheel.c @@ -60,9 +60,8 @@ /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 -#define PAM_USE_UID_ARG 0x0002 -#define PAM_TRUST_ARG 0x0004 -#define PAM_DENY_ARG 0x0010 +#define PAM_TRUST_ARG 0x0002 +#define PAM_DENY_ARG 0x0004 #define PAM_ROOT_ONLY_ARG 0x0020 static int @@ -80,8 +79,7 @@ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; - else if (!strcmp(*argv,"use_uid")) - ctrl |= PAM_USE_UID_ARG; + else if (!strcmp(*argv,"use_uid")); /* ignored for compat. */ else if (!strcmp(*argv,"trust")) ctrl |= PAM_TRUST_ARG; else if (!strcmp(*argv,"deny")) @@ -129,27 +127,14 @@ } } - if (ctrl & PAM_USE_UID_ARG) { - tpwd = pam_modutil_getpwuid (pamh, getuid()); - if (!tpwd) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } - return PAM_SERVICE_ERR; - } - fromsu = tpwd->pw_name; - } else { - fromsu = pam_modutil_getlogin(pamh); - if (fromsu) { - tpwd = pam_modutil_getpwnam (pamh, fromsu); - } - if (!fromsu || !tpwd) { - if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); - } - return PAM_SERVICE_ERR; + tpwd = pam_modutil_getpwuid (pamh, getuid()); + if (!tpwd) { + if (ctrl & PAM_DEBUG_ARG) { + pam_syslog(pamh, LOG_NOTICE, "who is running me ?!"); } + return PAM_SERVICE_ERR; } + fromsu = tpwd->pw_name; /* * At this point fromsu = username-of-invoker; tpwd = pwd ptr for fromsu Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml =================================================================== --- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml +++ pam.debian/modules/pam_wheel/pam_wheel.8.xml @@ -33,9 +33,6 @@ trust - - use_uid - @@ -115,18 +112,6 @@ - - - - - - - The check for wheel membership will be done against - the current uid instead of the original one (useful when - jumping with su from one account to another for example). - - - Index: pam.debian/modules/pam_wheel/pam_wheel.8 =================================================================== --- pam.debian.orig/modules/pam_wheel/pam_wheel.8 +++ pam.debian/modules/pam_wheel/pam_wheel.8 @@ -31,7 +31,7 @@ pam_wheel \- Only permit root access to members of group wheel .SH "SYNOPSIS" .HP \w'\fBpam_wheel\&.so\fR\ 'u -\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] [use_uid] +\fBpam_wheel\&.so\fR [debug] [deny] [group=\fIname\fR] [root_only] [trust] .SH "DESCRIPTION" .PP The pam_wheel PAM module is used to enforce the so\-called @@ -72,11 +72,6 @@ .RS 4 The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play stacking the modules the wheel members may be able to su to root without being prompted for a passwd)\&. .RE -.PP -\fBuse_uid\fR -.RS 4 -The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one account to another for example)\&. -.RE .SH "MODULE TYPES PROVIDED" .PP The Index: pam.debian/modules/pam_wheel/README =================================================================== --- pam.debian.orig/modules/pam_wheel/README +++ pam.debian/modules/pam_wheel/README @@ -39,12 +39,6 @@ modules the wheel members may be able to su to root without being prompted for a passwd). -use_uid - - The check for wheel membership will be done against the current uid instead - of the original one (useful when jumping with su from one account to - another for example). - EXAMPLES The root account gains access by default (rootok), only wheel members can pam/debian/patches-applied/040_pam_limits_log_failure0000644000000000000000000000246113261244762020034 0ustar Patch for Debian bug #180310 Generate some (low-severity) log information whenever setrlimit() fails, for debugging purposes. Authors: Sam Hartman Upstream status: submitted in <20070830171918.GB30563@dario.dodds.net> Index: pam.deb/modules/pam_limits/pam_limits.c =================================================================== --- pam.deb.orig/modules/pam_limits/pam_limits.c +++ pam.deb/modules/pam_limits/pam_limits.c @@ -732,9 +732,19 @@ if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); - if (res != 0) - pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", - rlimit2str(i)); + if (res != 0 && (i != RLIMIT_NOFILE + || pl->limits[i].limit.rlim_cur != RLIM_INFINITY)) + { + int save_errno = errno; + pam_syslog(pamh, LOG_DEBUG, + "Could not set limit for '%s' to soft=%d, hard=%d:" + " %m; uid=%lu,euid=%lu", rlimit2str(i), + pl->limits[i].limit.rlim_cur, + pl->limits[i].limit.rlim_max, + (unsigned long) getuid(), + (unsigned long) geteuid()); + errno = save_errno; + } if (res == -1 && errno == EPERM) continue; status |= res; pam/debian/patches-applied/045_pam_dispatch_jump_is_ignore0000644000000000000000000000212713261244762021057 0ustar Previously jumps were treated as PAM_IGNORE in the freezing part of the chain and PAM_OK (aka required) in the frozen part of the chain. No one on pam-list was able to explain this behavior, so I changed it to be consistent. Index: pam.debian/libpam/pam_dispatch.c =================================================================== --- pam.debian.orig/libpam/pam_dispatch.c +++ pam.debian/libpam/pam_dispatch.c @@ -254,19 +254,7 @@ if ( _PAM_ACTION_IS_JUMP(action) ) { /* If we are evaluating a cached chain, we treat this - module as required (aka _PAM_ACTION_OK) as well as - executing the jump. */ - - if (use_cached_chain) { - if (impression == _PAM_UNDEF - || (impression == _PAM_POSITIVE - && status == PAM_SUCCESS) ) { - if ( retval != PAM_IGNORE || cached_retval == retval ) { - impression = _PAM_POSITIVE; - status = retval; - } - } - } + module as ignored as well as executing the jump. */ /* this means that we need to skip #action stacked modules */ while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { pam/debian/patches-applied/054_pam_security_abstract_securetty_handling0000644000000000000000000001370313261244762023676 0ustar Description: extract the securetty logic for use with the "nullok_secure" option introduced in the "055_pam_unix_nullok_secure" patch. Index: pam.debian/modules/pam_securetty/pam_securetty.c =================================================================== --- pam.debian.orig/modules/pam_securetty/pam_securetty.c +++ pam.debian/modules/pam_securetty/pam_securetty.c @@ -1,7 +1,5 @@ /* pam_securetty module */ -#define SECURETTY_FILE "/etc/securetty" -#define TTY_PREFIX "/dev/" #define CMDLINE_FILE "/proc/cmdline" #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active" @@ -40,6 +38,9 @@ #include #include +extern int _pammodutil_tty_secure(const pam_handle_t *pamh, + const char *uttyname); + #define PAM_DEBUG_ARG 0x0001 #define PAM_NOCONSOLE_ARG 0x0002 @@ -73,11 +74,7 @@ const char *username; const char *uttyname; const void *void_uttyname; - char ttyfileline[256]; - char ptname[256]; - struct stat ttyfileinfo; struct passwd *user_pwd; - FILE *ttyfile; /* log a trail for debugging */ if (ctrl & PAM_DEBUG_ARG) { @@ -105,50 +102,7 @@ return PAM_SERVICE_ERR; } - /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ - if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { - uttyname += sizeof(TTY_PREFIX)-1; - } - - if (stat(SECURETTY_FILE, &ttyfileinfo)) { - pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); - return PAM_SUCCESS; /* for compatibility with old securetty handling, - this needs to succeed. But we still log the - error. */ - } - - if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { - /* If the file is world writable or is not a - normal file, return error */ - pam_syslog(pamh, LOG_ERR, - "%s is either world writable or not a normal file", - SECURETTY_FILE); - return PAM_AUTH_ERR; - } - - ttyfile = fopen(SECURETTY_FILE,"r"); - if (ttyfile == NULL) { /* Check that we opened it successfully */ - pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); - return PAM_SERVICE_ERR; - } - - if (isdigit(uttyname[0])) { - snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); - } else { - ptname[0] = '\0'; - } - - retval = 1; - - while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) - && retval) { - if (ttyfileline[strlen(ttyfileline) - 1] == '\n') - ttyfileline[strlen(ttyfileline) - 1] = '\0'; - - retval = ( strcmp(ttyfileline, uttyname) - && (!ptname[0] || strcmp(ptname, uttyname)) ); - } - fclose(ttyfile); + retval = _pammodutil_tty_secure(pamh, uttyname); if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { FILE *cmdlinefile; Index: pam.debian/modules/pam_securetty/tty_secure.c =================================================================== --- /dev/null +++ pam.debian/modules/pam_securetty/tty_secure.c @@ -0,0 +1,90 @@ +/* + * A function to determine if a particular line is in /etc/securetty + */ + + +#define SECURETTY_FILE "/etc/securetty" +#define TTY_PREFIX "/dev/" + +/* This function taken out of pam_securetty by Sam Hartman + * */ +/* + * by Elliot Lee , Red Hat Software. + * July 25, 1996. + * Slight modifications AGM. 1996/12/3 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +extern int _pammodutil_tty_secure(const pam_handle_t *pamh, + const char *uttyname); + +int _pammodutil_tty_secure(const pam_handle_t *pamh, const char *uttyname) +{ + int retval = PAM_AUTH_ERR; + char ttyfileline[256]; + char ptname[256]; + struct stat ttyfileinfo; + FILE *ttyfile; + /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ + if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) + uttyname += sizeof(TTY_PREFIX)-1; + + if (stat(SECURETTY_FILE, &ttyfileinfo)) { + pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", + SECURETTY_FILE); + return PAM_SUCCESS; /* for compatibility with old securetty handling, + this needs to succeed. But we still log the + error. */ + } + + if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { + /* If the file is world writable or is not a + normal file, return error */ + pam_syslog(pamh, LOG_ERR, + "%s is either world writable or not a normal file", + SECURETTY_FILE); + return PAM_AUTH_ERR; + } + + ttyfile = fopen(SECURETTY_FILE,"r"); + if(ttyfile == NULL) { /* Check that we opened it successfully */ + pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); + return PAM_SERVICE_ERR; + } + + if (isdigit(uttyname[0])) { + snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); + } else { + ptname[0] = '\0'; + } + + retval = 1; + + while ((fgets(ttyfileline,sizeof(ttyfileline)-1, ttyfile) != NULL) + && retval) { + if(ttyfileline[strlen(ttyfileline) - 1] == '\n') + ttyfileline[strlen(ttyfileline) - 1] = '\0'; + retval = ( strcmp(ttyfileline,uttyname) + && (!ptname[0] || strcmp(ptname, uttyname)) ); + } + fclose(ttyfile); + + if(retval) { + retval = PAM_AUTH_ERR; + } + + return retval; +} Index: pam.debian/modules/pam_securetty/Makefile.am =================================================================== --- pam.debian.orig/modules/pam_securetty/Makefile.am +++ pam.debian/modules/pam_securetty/Makefile.am @@ -24,6 +24,10 @@ securelib_LTLIBRARIES = pam_securetty.la pam_securetty_la_LIBADD = -L$(top_builddir)/libpam -lpam +pam_securetty_la_SOURCES = \ + pam_securetty.c \ + tty_secure.c + if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_securetty.8.xml pam/debian/patches-applied/055_pam_unix_nullok_secure0000644000000000000000000002063413261244762020110 0ustar Debian patch to add a new 'nullok_secure' option to pam_unix, which accepts users with null passwords only when the applicant is connected from a tty listed in /etc/securetty. Authors: Sam Hartman , Steve Langasek Upstream status: not yet submitted Index: pam.debian/modules/pam_unix/support.c =================================================================== --- pam.debian.orig/modules/pam_unix/support.c +++ pam.debian/modules/pam_unix/support.c @@ -189,13 +189,22 @@ /* now parse the arguments to this module */ for (; argc-- > 0; ++argv) { + int sl; D(("pam_unix arg: %s", *argv)); for (j = 0; j < UNIX_CTRLS_; ++j) { - if (unix_args[j].token - && !strncmp(*argv, unix_args[j].token, strlen(unix_args[j].token))) { - break; + if (unix_args[j].token) { + sl = strlen(unix_args[j].token); + if (unix_args[j].token[sl-1] == '=') { + /* exclude argument from comparison */ + if (!strncmp(*argv, unix_args[j].token, sl)) + break; + } else { + /* compare full strings */ + if (!strcmp(*argv, unix_args[j].token)) + break; + } } } @@ -565,6 +574,7 @@ child = fork(); if (child == 0) { int i=0; + int nullok = off(UNIX__NONULL, ctrl); struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL }; @@ -595,7 +605,18 @@ /* exec binary helper */ args[0] = strdup(CHKPWD_HELPER); args[1] = x_strdup(user); - if (off(UNIX__NONULL, ctrl)) { /* this means we've succeeded */ + + if (on(UNIX_NULLOK_SECURE, ctrl)) { + const void *uttyname; + retval = pam_get_item(pamh, PAM_TTY, &uttyname); + if (retval != PAM_SUCCESS || uttyname == NULL + || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) + { + nullok = 0; + } + } + + if (nullok) { args[2]=strdup("nullok"); } else { args[2]=strdup("nonull"); @@ -675,6 +696,17 @@ if (on(UNIX__NONULL, ctrl)) return 0; /* will fail but don't let on yet */ + if (on(UNIX_NULLOK_SECURE, ctrl)) { + int retval2; + const void *uttyname; + retval2 = pam_get_item(pamh, PAM_TTY, &uttyname); + if (retval2 != PAM_SUCCESS || uttyname == NULL) + return 0; + + if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) + return 0; + } + /* UNIX passwords area */ retval = get_pwd_hash(pamh, name, &pwd, &salt); @@ -761,7 +793,8 @@ } } } else { - retval = verify_pwd_hash(p, salt, off(UNIX__NONULL, ctrl)); + retval = verify_pwd_hash(p, salt, + _unix_blankpasswd(pamh, ctrl, name)); } if (retval == PAM_SUCCESS) { Index: pam.debian/modules/pam_unix/support.h =================================================================== --- pam.debian.orig/modules/pam_unix/support.h +++ pam.debian/modules/pam_unix/support.h @@ -98,8 +98,9 @@ #define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ #define UNIX_MIN_PASS_LEN 27 /* min length for password */ #define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ +#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */ /* -------------- */ -#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */ +#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ #define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) @@ -117,7 +118,7 @@ /* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, /* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, /* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, -/* UNIX__NONULL */ {NULL, _ALL_ON_, 0x200, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0}, /* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, /* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, /* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, @@ -137,6 +138,7 @@ /* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, /* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, /* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, +/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, }; #define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) @@ -172,6 +174,9 @@ ,const char *data_name ,const void **pass); +extern int _pammodutil_tty_secure(const pam_handle_t *pamh, + const char *uttyname); + extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); #endif /* _PAM_UNIX_SUPPORT_H */ Index: pam.debian/modules/pam_unix/Makefile.am =================================================================== --- pam.debian.orig/modules/pam_unix/Makefile.am +++ pam.debian/modules/pam_unix/Makefile.am @@ -30,7 +30,8 @@ pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ - @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) + @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ + ../pam_securetty/tty_secure.lo securelib_LTLIBRARIES = pam_unix.la Index: pam.debian/modules/pam_unix/README =================================================================== --- pam.debian.orig/modules/pam_unix/README +++ pam.debian/modules/pam_unix/README @@ -58,7 +58,16 @@ The default action of this module is to not permit the user access to a service if their official password is blank. The nullok argument overrides - this default. + this default and allows any user with a blank password to access the + service. + +nullok_secure + + The default action of this module is to not permit the user access to a + service if their official password is blank. The nullok_secure argument + overrides this default and allows any user with a blank password to access + the service as long as the value of PAM_TTY is set to one of the values + found in /etc/securetty. try_first_pass Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 @@ -82,7 +82,14 @@ .RS 4 The default action of this module is to not permit the user access to a service if their official password is blank\&. The \fBnullok\fR -argument overrides this default\&. +argument overrides this default and allows any user with a blank password to access the service\&. +.RE +.PP +\fBnullok_secure\fR +.RS 4 +The default action of this module is to not permit the user access to a service if their official password is blank\&. The +\fBnullok_secure\fR +argument overrides this default and allows any user with a blank password to access the service as long as the value of PAM_TTY is set to one of the values found in /etc/securetty\&. .RE .PP \fBtry_first_pass\fR Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml @@ -137,7 +137,24 @@ The default action of this module is to not permit the user access to a service if their official password is blank. - The argument overrides this default. + The argument overrides this default + and allows any user with a blank password to access the + service. + + + + + + + + + + The default action of this module is to not permit the + user access to a service if their official password is blank. + The argument overrides this + default and allows any user with a blank password to access + the service as long as the value of PAM_TTY is set to one of + the values found in /etc/securetty. pam/debian/patches-applied/PAM-manpage-section0000644000000000000000000016546413261244762016445 0ustar Patch to put the PAM manpage in section 7 (general topics) instead of 8 (system administration commands) Authors: Steve Langasek Upstream status: maybe provide a backwards-compatibility link first? Index: pam.debian/doc/man/pam.8.xml =================================================================== --- pam.debian.orig/doc/man/pam.8.xml +++ pam.debian/doc/man/pam.8.xml @@ -6,7 +6,7 @@ pam - 8 + 7 Linux-PAM Manual @@ -179,7 +179,7 @@ pam_strerror3 , - PAM8 + PAM7 Index: pam.debian/doc/man/PAM.8 =================================================================== --- pam.debian.orig/doc/man/PAM.8 +++ pam.debian/doc/man/PAM.8 @@ -2,12 +2,12 @@ .\" Title: pam .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 09/19/2013 +.\" Date: 01/16/2014 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" +.TH "PAM" "7" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -118,4 +118,4 @@ \fBpam_authenticate\fR(3), \fBpam_sm_setcred\fR(3), \fBpam_strerror\fR(3), -\fBPAM\fR(8) +\fBPAM\fR(7) Index: pam.debian/modules/pam_access/access.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_access/access.conf.5.xml +++ pam.debian/modules/pam_access/access.conf.5.xml @@ -191,7 +191,7 @@ pam_access8, pam.d5, - pam8 + pam7 Index: pam.debian/modules/pam_access/access.conf.5 =================================================================== --- pam.debian.orig/modules/pam_access/access.conf.5 +++ pam.debian/modules/pam_access/access.conf.5 @@ -181,7 +181,7 @@ .PP \fBpam_access\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHORS" .PP Original Index: pam.debian/modules/pam_env/pam_env.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.conf.5.xml +++ pam.debian/modules/pam_env/pam_env.conf.5.xml @@ -110,7 +110,7 @@ pam_env8, pam.d5, - pam8 + pam7 Index: pam.debian/modules/pam_env/pam_env.conf.5 =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.conf.5 +++ pam.debian/modules/pam_env/pam_env.conf.5 @@ -112,7 +112,7 @@ .PP \fBpam_env\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_env was written by Dave Kinchlea \&. Index: pam.debian/modules/pam_group/group.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_group/group.conf.5.xml +++ pam.debian/modules/pam_group/group.conf.5.xml @@ -128,7 +128,7 @@ pam_group8, pam.d5, - pam8 + pam7 Index: pam.debian/modules/pam_group/group.conf.5 =================================================================== --- pam.debian.orig/modules/pam_group/group.conf.5 +++ pam.debian/modules/pam_group/group.conf.5 @@ -113,7 +113,7 @@ .PP \fBpam_group\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_group was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_limits/limits.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5.xml +++ pam.debian/modules/pam_limits/limits.conf.5.xml @@ -343,7 +343,7 @@ pam_limits8, pam.d5, - pam8, + pam7, getrlimit2 getrlimit3p Index: pam.debian/modules/pam_limits/limits.conf.5 =================================================================== --- pam.debian.orig/modules/pam_limits/limits.conf.5 +++ pam.debian/modules/pam_limits/limits.conf.5 @@ -339,7 +339,7 @@ .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8), +\fBpam\fR(7), \fBgetrlimit\fR(2)\fBgetrlimit\fR(3p) .SH "AUTHOR" .PP Index: pam.debian/modules/pam_namespace/namespace.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_namespace/namespace.conf.5.xml +++ pam.debian/modules/pam_namespace/namespace.conf.5.xml @@ -204,7 +204,7 @@ pam_namespace8, pam.d5, - pam8 + pam7 Index: pam.debian/modules/pam_namespace/namespace.conf.5 =================================================================== --- pam.debian.orig/modules/pam_namespace/namespace.conf.5 +++ pam.debian/modules/pam_namespace/namespace.conf.5 @@ -155,7 +155,7 @@ .PP \fBpam_namespace\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHORS" .PP The namespace\&.conf manual page was written by Janak Desai \&. More features added by Tomas Mraz \&. Index: pam.debian/modules/pam_time/time.conf.5.xml =================================================================== --- pam.debian.orig/modules/pam_time/time.conf.5.xml +++ pam.debian/modules/pam_time/time.conf.5.xml @@ -130,7 +130,7 @@ pam_time8, pam.d5, - pam8 + pam7 Index: pam.debian/modules/pam_time/time.conf.5 =================================================================== --- pam.debian.orig/modules/pam_time/time.conf.5 +++ pam.debian/modules/pam_time/time.conf.5 @@ -107,7 +107,7 @@ .PP \fBpam_time\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_time was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_access/pam_access.8.xml =================================================================== --- pam.debian.orig/modules/pam_access/pam_access.8.xml +++ pam.debian/modules/pam_access/pam_access.8.xml @@ -237,7 +237,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_access/pam_access.8 =================================================================== --- pam.debian.orig/modules/pam_access/pam_access.8 +++ pam.debian/modules/pam_access/pam_access.8 @@ -125,7 +125,7 @@ .PP \fBaccess.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHORS" .PP The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin \&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \&. Index: pam.debian/modules/pam_cracklib/pam_cracklib.8.xml =================================================================== --- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8.xml +++ pam.debian/modules/pam_cracklib/pam_cracklib.8.xml @@ -577,7 +577,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_cracklib/pam_cracklib.8 =================================================================== --- pam.debian.orig/modules/pam_cracklib/pam_cracklib.8 +++ pam.debian/modules/pam_cracklib/pam_cracklib.8 @@ -357,7 +357,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_cracklib was written by Cristian Gafton Index: pam.debian/modules/pam_debug/pam_debug.8.xml =================================================================== --- pam.debian.orig/modules/pam_debug/pam_debug.8.xml +++ pam.debian/modules/pam_debug/pam_debug.8.xml @@ -216,7 +216,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_debug/pam_debug.8 =================================================================== --- pam.debian.orig/modules/pam_debug/pam_debug.8 +++ pam.debian/modules/pam_debug/pam_debug.8 @@ -138,7 +138,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_debug was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_deny/pam_deny.8.xml =================================================================== --- pam.debian.orig/modules/pam_deny/pam_deny.8.xml +++ pam.debian/modules/pam_deny/pam_deny.8.xml @@ -120,7 +120,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_deny/pam_deny.8 =================================================================== --- pam.debian.orig/modules/pam_deny/pam_deny.8 +++ pam.debian/modules/pam_deny/pam_deny.8 @@ -96,7 +96,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_deny was written by Andrew G\&. Morgan Index: pam.debian/modules/pam_echo/pam_echo.8.xml =================================================================== --- pam.debian.orig/modules/pam_echo/pam_echo.8.xml +++ pam.debian/modules/pam_echo/pam_echo.8.xml @@ -159,7 +159,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_echo/pam_echo.8 =================================================================== --- pam.debian.orig/modules/pam_echo/pam_echo.8 +++ pam.debian/modules/pam_echo/pam_echo.8 @@ -126,7 +126,7 @@ .PP \fBpam.conf\fR(8), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP Thorsten Kukuk Index: pam.debian/modules/pam_env/pam_env.8.xml =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.8.xml +++ pam.debian/modules/pam_env/pam_env.8.xml @@ -235,7 +235,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_exec/pam_exec.8.xml =================================================================== --- pam.debian.orig/modules/pam_exec/pam_exec.8.xml +++ pam.debian/modules/pam_exec/pam_exec.8.xml @@ -257,7 +257,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_exec/pam_exec.8 =================================================================== --- pam.debian.orig/modules/pam_exec/pam_exec.8 +++ pam.debian/modules/pam_exec/pam_exec.8 @@ -160,7 +160,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_exec was written by Thorsten Kukuk and Josh Triplett \&. Index: pam.debian/modules/pam_faildelay/pam_faildelay.8.xml =================================================================== --- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8.xml +++ pam.debian/modules/pam_faildelay/pam_faildelay.8.xml @@ -121,7 +121,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_faildelay/pam_faildelay.8 =================================================================== --- pam.debian.orig/modules/pam_faildelay/pam_faildelay.8 +++ pam.debian/modules/pam_faildelay/pam_faildelay.8 @@ -87,7 +87,7 @@ \fBpam_fail_delay\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_faildelay was written by Darren Tucker \&. Index: pam.debian/modules/pam_filter/pam_filter.8.xml =================================================================== --- pam.debian.orig/modules/pam_filter/pam_filter.8.xml +++ pam.debian/modules/pam_filter/pam_filter.8.xml @@ -246,7 +246,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_filter/pam_filter.8 =================================================================== --- pam.debian.orig/modules/pam_filter/pam_filter.8 +++ pam.debian/modules/pam_filter/pam_filter.8 @@ -166,7 +166,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_filter was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_ftp/pam_ftp.8.xml =================================================================== --- pam.debian.orig/modules/pam_ftp/pam_ftp.8.xml +++ pam.debian/modules/pam_ftp/pam_ftp.8.xml @@ -168,7 +168,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_ftp/pam_ftp.8 =================================================================== --- pam.debian.orig/modules/pam_ftp/pam_ftp.8 +++ pam.debian/modules/pam_ftp/pam_ftp.8 @@ -119,7 +119,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_ftp was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_group/pam_group.8.xml =================================================================== --- pam.debian.orig/modules/pam_group/pam_group.8.xml +++ pam.debian/modules/pam_group/pam_group.8.xml @@ -148,7 +148,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_group/pam_group.8 =================================================================== --- pam.debian.orig/modules/pam_group/pam_group.8 +++ pam.debian/modules/pam_group/pam_group.8 @@ -103,7 +103,7 @@ .PP \fBgroup.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHORS" .PP pam_group was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_issue/pam_issue.8.xml =================================================================== --- pam.debian.orig/modules/pam_issue/pam_issue.8.xml +++ pam.debian/modules/pam_issue/pam_issue.8.xml @@ -219,7 +219,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_issue/pam_issue.8 =================================================================== --- pam.debian.orig/modules/pam_issue/pam_issue.8 +++ pam.debian/modules/pam_issue/pam_issue.8 @@ -152,7 +152,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_issue was written by Ben Collins \&. Index: pam.debian/modules/pam_keyinit/pam_keyinit.8.xml =================================================================== --- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8.xml +++ pam.debian/modules/pam_keyinit/pam_keyinit.8.xml @@ -223,7 +223,7 @@ pam.d5 , - pam8 + pam7 keyctl1 Index: pam.debian/modules/pam_keyinit/pam_keyinit.8 =================================================================== --- pam.debian.orig/modules/pam_keyinit/pam_keyinit.8 +++ pam.debian/modules/pam_keyinit/pam_keyinit.8 @@ -130,7 +130,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\fBkeyctl\fR(1) +\fBpam\fR(7)\fBkeyctl\fR(1) .SH "AUTHOR" .PP pam_keyinit was written by David Howells, \&. Index: pam.debian/modules/pam_lastlog/pam_lastlog.8.xml =================================================================== --- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8.xml +++ pam.debian/modules/pam_lastlog/pam_lastlog.8.xml @@ -298,7 +298,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_lastlog/pam_lastlog.8 =================================================================== --- pam.debian.orig/modules/pam_lastlog/pam_lastlog.8 +++ pam.debian/modules/pam_lastlog/pam_lastlog.8 @@ -173,7 +173,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_lastlog was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_limits/pam_limits.8.xml =================================================================== --- pam.debian.orig/modules/pam_limits/pam_limits.8.xml +++ pam.debian/modules/pam_limits/pam_limits.8.xml @@ -241,7 +241,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_limits/pam_limits.8 =================================================================== --- pam.debian.orig/modules/pam_limits/pam_limits.8 +++ pam.debian/modules/pam_limits/pam_limits.8 @@ -146,7 +146,7 @@ .PP \fBlimits.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHORS" .PP pam_limits was initially written by Cristian Gafton Index: pam.debian/modules/pam_listfile/pam_listfile.8.xml =================================================================== --- pam.debian.orig/modules/pam_listfile/pam_listfile.8.xml +++ pam.debian/modules/pam_listfile/pam_listfile.8.xml @@ -281,7 +281,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_listfile/pam_listfile.8 =================================================================== --- pam.debian.orig/modules/pam_listfile/pam_listfile.8 +++ pam.debian/modules/pam_listfile/pam_listfile.8 @@ -205,7 +205,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_listfile was written by Michael K\&. Johnson and Elliot Lee \&. Index: pam.debian/modules/pam_localuser/pam_localuser.8.xml =================================================================== --- pam.debian.orig/modules/pam_localuser/pam_localuser.8.xml +++ pam.debian/modules/pam_localuser/pam_localuser.8.xml @@ -158,7 +158,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_localuser/pam_localuser.8 =================================================================== --- pam.debian.orig/modules/pam_localuser/pam_localuser.8 +++ pam.debian/modules/pam_localuser/pam_localuser.8 @@ -102,7 +102,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_localuser was written by Nalin Dahyabhai \&. Index: pam.debian/modules/pam_loginuid/pam_loginuid.8.xml =================================================================== --- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8.xml +++ pam.debian/modules/pam_loginuid/pam_loginuid.8.xml @@ -104,7 +104,7 @@ pam.d5 , - pam8 + pam7 , auditctl8 Index: pam.debian/modules/pam_loginuid/pam_loginuid.8 =================================================================== --- pam.debian.orig/modules/pam_loginuid/pam_loginuid.8 +++ pam.debian/modules/pam_loginuid/pam_loginuid.8 @@ -75,7 +75,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8), +\fBpam\fR(7), \fBauditctl\fR(8), \fBauditd\fR(8) .SH "AUTHOR" Index: pam.debian/modules/pam_mail/pam_mail.8.xml =================================================================== --- pam.debian.orig/modules/pam_mail/pam_mail.8.xml +++ pam.debian/modules/pam_mail/pam_mail.8.xml @@ -265,7 +265,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_mail/pam_mail.8 =================================================================== --- pam.debian.orig/modules/pam_mail/pam_mail.8 +++ pam.debian/modules/pam_mail/pam_mail.8 @@ -153,7 +153,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_mail was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml =================================================================== --- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8.xml +++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8.xml @@ -189,7 +189,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 =================================================================== --- pam.debian.orig/modules/pam_mkhomedir/pam_mkhomedir.8 +++ pam.debian/modules/pam_mkhomedir/pam_mkhomedir.8 @@ -123,7 +123,7 @@ .SH "SEE ALSO" .PP \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHOR" .PP pam_mkhomedir was written by Jason Gunthorpe \&. Index: pam.debian/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.debian.orig/modules/pam_motd/pam_motd.8.xml +++ pam.debian/modules/pam_motd/pam_motd.8.xml @@ -99,7 +99,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_motd/pam_motd.8 =================================================================== --- pam.debian.orig/modules/pam_motd/pam_motd.8 +++ pam.debian/modules/pam_motd/pam_motd.8 @@ -78,7 +78,7 @@ \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_motd was written by Ben Collins \&. Index: pam.debian/modules/pam_namespace/pam_namespace.8.xml =================================================================== --- pam.debian.orig/modules/pam_namespace/pam_namespace.8.xml +++ pam.debian/modules/pam_namespace/pam_namespace.8.xml @@ -399,7 +399,7 @@ mount8 , - pam8 + pam7 . Index: pam.debian/modules/pam_namespace/pam_namespace.8 =================================================================== --- pam.debian.orig/modules/pam_namespace/pam_namespace.8 +++ pam.debian/modules/pam_namespace/pam_namespace.8 @@ -178,7 +178,7 @@ \fBnamespace.conf\fR(5), \fBpam.d\fR(5), \fBmount\fR(8), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHORS" .PP The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \&. Additional improvements by Xavier Toth and Tomas Mraz \&. Index: pam.debian/modules/pam_nologin/pam_nologin.8.xml =================================================================== --- pam.debian.orig/modules/pam_nologin/pam_nologin.8.xml +++ pam.debian/modules/pam_nologin/pam_nologin.8.xml @@ -160,7 +160,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_nologin/pam_nologin.8 =================================================================== --- pam.debian.orig/modules/pam_nologin/pam_nologin.8 +++ pam.debian/modules/pam_nologin/pam_nologin.8 @@ -124,7 +124,7 @@ \fBnologin\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_nologin was written by Michael K\&. Johnson \&. Index: pam.debian/modules/pam_permit/pam_permit.8.xml =================================================================== --- pam.debian.orig/modules/pam_permit/pam_permit.8.xml +++ pam.debian/modules/pam_permit/pam_permit.8.xml @@ -91,7 +91,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_permit/pam_permit.8 =================================================================== --- pam.debian.orig/modules/pam_permit/pam_permit.8 +++ pam.debian/modules/pam_permit/pam_permit.8 @@ -78,7 +78,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_permit was written by Andrew G\&. Morgan, \&. Index: pam.debian/modules/pam_rhosts/pam_rhosts.8.xml =================================================================== --- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8.xml +++ pam.debian/modules/pam_rhosts/pam_rhosts.8.xml @@ -156,7 +156,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_rhosts/pam_rhosts.8 =================================================================== --- pam.debian.orig/modules/pam_rhosts/pam_rhosts.8 +++ pam.debian/modules/pam_rhosts/pam_rhosts.8 @@ -122,7 +122,7 @@ \fBrhosts\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_rhosts was written by Thorsten Kukuk Index: pam.debian/modules/pam_rootok/pam_rootok.8.xml =================================================================== --- pam.debian.orig/modules/pam_rootok/pam_rootok.8.xml +++ pam.debian/modules/pam_rootok/pam_rootok.8.xml @@ -116,7 +116,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_rootok/pam_rootok.8 =================================================================== --- pam.debian.orig/modules/pam_rootok/pam_rootok.8 +++ pam.debian/modules/pam_rootok/pam_rootok.8 @@ -99,7 +99,7 @@ \fBsu\fR(1), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_rootok was written by Andrew G\&. Morgan, \&. Index: pam.debian/modules/pam_securetty/pam_securetty.8.xml =================================================================== --- pam.debian.orig/modules/pam_securetty/pam_securetty.8.xml +++ pam.debian/modules/pam_securetty/pam_securetty.8.xml @@ -168,7 +168,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_securetty/pam_securetty.8 =================================================================== --- pam.debian.orig/modules/pam_securetty/pam_securetty.8 +++ pam.debian/modules/pam_securetty/pam_securetty.8 @@ -119,7 +119,7 @@ \fBsecuretty\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_securetty was written by Elliot Lee \&. Index: pam.debian/modules/pam_selinux/pam_selinux.8.xml =================================================================== --- pam.debian.orig/modules/pam_selinux/pam_selinux.8.xml +++ pam.debian/modules/pam_selinux/pam_selinux.8.xml @@ -258,7 +258,7 @@ pam.d5 , - pam8 + pam7 , selinux8 Index: pam.debian/modules/pam_selinux/pam_selinux.8 =================================================================== --- pam.debian.orig/modules/pam_selinux/pam_selinux.8 +++ pam.debian/modules/pam_selinux/pam_selinux.8 @@ -2,12 +2,12 @@ .\" Title: pam_selinux .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 06/18/2013 +.\" Date: 01/14/2014 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_SELINUX" "8" "01/14/2014" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -144,7 +144,7 @@ \fBexecve\fR(2), \fBtty\fR(4), \fBpam.d\fR(5), -\fBpam\fR(8), +\fBpam\fR(7), \fBselinux\fR(8) .SH "AUTHOR" .PP Index: pam.debian/modules/pam_sepermit/pam_sepermit.8.xml =================================================================== --- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8.xml +++ pam.debian/modules/pam_sepermit/pam_sepermit.8.xml @@ -176,7 +176,7 @@ pam.d5 , - pam8 + pam7 selinux8 Index: pam.debian/modules/pam_sepermit/pam_sepermit.8 =================================================================== --- pam.debian.orig/modules/pam_sepermit/pam_sepermit.8 +++ pam.debian/modules/pam_sepermit/pam_sepermit.8 @@ -124,7 +124,7 @@ \fBsepermit.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\fBselinux\fR(8) +\fBpam\fR(7)\fBselinux\fR(8) .SH "AUTHOR" .PP pam_sepermit and this manual page were written by Tomas Mraz \&. Index: pam.debian/modules/pam_shells/pam_shells.8.xml =================================================================== --- pam.debian.orig/modules/pam_shells/pam_shells.8.xml +++ pam.debian/modules/pam_shells/pam_shells.8.xml @@ -102,7 +102,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_shells/pam_shells.8 =================================================================== --- pam.debian.orig/modules/pam_shells/pam_shells.8 +++ pam.debian/modules/pam_shells/pam_shells.8 @@ -85,7 +85,7 @@ \fBshells\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_shells was written by Erik Troan \&. Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml =================================================================== --- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8.xml +++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -295,7 +295,7 @@ glob7 , - pam8 + pam7 Index: pam.debian/modules/pam_succeed_if/pam_succeed_if.8 =================================================================== --- pam.debian.orig/modules/pam_succeed_if/pam_succeed_if.8 +++ pam.debian/modules/pam_succeed_if/pam_succeed_if.8 @@ -220,7 +220,7 @@ .SH "SEE ALSO" .PP \fBglob\fR(7), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP Nalin Dahyabhai Index: pam.debian/modules/pam_tally/pam_tally.8.xml =================================================================== --- pam.debian.orig/modules/pam_tally/pam_tally.8.xml +++ pam.debian/modules/pam_tally/pam_tally.8.xml @@ -444,7 +444,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_tally/pam_tally.8 =================================================================== --- pam.debian.orig/modules/pam_tally/pam_tally.8 +++ pam.debian/modules/pam_tally/pam_tally.8 @@ -248,7 +248,7 @@ \fBfaillog\fR(8), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_tally was written by Tim Baverstock and Tomas Mraz\&. Index: pam.debian/modules/pam_time/pam_time.8.xml =================================================================== --- pam.debian.orig/modules/pam_time/pam_time.8.xml +++ pam.debian/modules/pam_time/pam_time.8.xml @@ -169,7 +169,7 @@ pam.d5 , - pam8 + pam7 . Index: pam.debian/modules/pam_time/pam_time.8 =================================================================== --- pam.debian.orig/modules/pam_time/pam_time.8 +++ pam.debian/modules/pam_time/pam_time.8 @@ -109,7 +109,7 @@ .PP \fBtime.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHOR" .PP pam_time was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_umask/pam_umask.8.xml =================================================================== --- pam.debian.orig/modules/pam_umask/pam_umask.8.xml +++ pam.debian/modules/pam_umask/pam_umask.8.xml @@ -201,7 +201,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_umask/pam_umask.8 =================================================================== --- pam.debian.orig/modules/pam_umask/pam_umask.8 +++ pam.debian/modules/pam_umask/pam_umask.8 @@ -150,7 +150,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_umask was written by Thorsten Kukuk \&. Index: pam.debian/modules/pam_unix/pam_unix.8.xml =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8.xml +++ pam.debian/modules/pam_unix/pam_unix.8.xml @@ -494,7 +494,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_unix/pam_unix.8 =================================================================== --- pam.debian.orig/modules/pam_unix/pam_unix.8 +++ pam.debian/modules/pam_unix/pam_unix.8 @@ -269,7 +269,7 @@ \fBlogin.defs\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_unix was written by various people\&. Index: pam.debian/doc/man/misc_conv.3.xml =================================================================== --- pam.debian.orig/doc/man/misc_conv.3.xml +++ pam.debian/doc/man/misc_conv.3.xml @@ -171,7 +171,7 @@ pam_conv3 , - pam8 + pam7 Index: pam.debian/doc/man/misc_conv.3 =================================================================== --- pam.debian.orig/doc/man/misc_conv.3 +++ pam.debian/doc/man/misc_conv.3 @@ -117,7 +117,7 @@ .SH "SEE ALSO" .PP \fBpam_conv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_acct_mgmt.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_acct_mgmt.3.xml +++ pam.debian/doc/man/pam_acct_mgmt.3.xml @@ -138,7 +138,7 @@ pam_strerror3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_acct_mgmt.3 =================================================================== --- pam.debian.orig/doc/man/pam_acct_mgmt.3 +++ pam.debian/doc/man/pam_acct_mgmt.3 @@ -97,4 +97,4 @@ \fBpam_authenticate\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_authenticate.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_authenticate.3.xml +++ pam.debian/doc/man/pam_authenticate.3.xml @@ -162,7 +162,7 @@ pam_strerror3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_authenticate.3 =================================================================== --- pam.debian.orig/doc/man/pam_authenticate.3 +++ pam.debian/doc/man/pam_authenticate.3 @@ -107,4 +107,4 @@ \fBpam_setcred\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_chauthtok.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_chauthtok.3.xml +++ pam.debian/doc/man/pam_chauthtok.3.xml @@ -157,7 +157,7 @@ pam_strerror3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_chauthtok.3 =================================================================== --- pam.debian.orig/doc/man/pam_chauthtok.3 +++ pam.debian/doc/man/pam_chauthtok.3 @@ -106,4 +106,4 @@ \fBpam_setcred\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_conv.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_conv.3.xml +++ pam.debian/doc/man/pam_conv.3.xml @@ -221,7 +221,7 @@ pam_strerror3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_conv.3 =================================================================== --- pam.debian.orig/doc/man/pam_conv.3 +++ pam.debian/doc/man/pam_conv.3 @@ -174,4 +174,4 @@ \fBpam_set_item\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_error.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_error.3.xml +++ pam.debian/doc/man/pam_error.3.xml @@ -105,7 +105,7 @@ pam_vprompt3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_error.3 =================================================================== --- pam.debian.orig/doc/man/pam_error.3 +++ pam.debian/doc/man/pam_error.3 @@ -80,7 +80,7 @@ \fBpam_vinfo\fR(3), \fBpam_prompt\fR(3), \fBpam_vprompt\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_getenv.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_getenv.3.xml +++ pam.debian/doc/man/pam_getenv.3.xml @@ -60,7 +60,7 @@ pam_putenv3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_getenv.3 =================================================================== --- pam.debian.orig/doc/man/pam_getenv.3 +++ pam.debian/doc/man/pam_getenv.3 @@ -57,4 +57,4 @@ \fBpam_start\fR(3), \fBpam_getenvlist\fR(3), \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_getenvlist.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_getenvlist.3.xml +++ pam.debian/doc/man/pam_getenvlist.3.xml @@ -78,7 +78,7 @@ pam_putenv3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_getenvlist.3 =================================================================== --- pam.debian.orig/doc/man/pam_getenvlist.3 +++ pam.debian/doc/man/pam_getenvlist.3 @@ -63,4 +63,4 @@ \fBpam_start\fR(3), \fBpam_getenv\fR(3), \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_info.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_info.3.xml +++ pam.debian/doc/man/pam_info.3.xml @@ -93,7 +93,7 @@ SEE ALSO - pam8 + pam7 Index: pam.debian/doc/man/pam_info.3 =================================================================== --- pam.debian.orig/doc/man/pam_info.3 +++ pam.debian/doc/man/pam_info.3 @@ -76,7 +76,7 @@ .RE .SH "SEE ALSO" .PP -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_misc_drop_env.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_misc_drop_env.3.xml +++ pam.debian/doc/man/pam_misc_drop_env.3.xml @@ -46,7 +46,7 @@ pam_getenvlist3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_misc_drop_env.3 =================================================================== --- pam.debian.orig/doc/man/pam_misc_drop_env.3 +++ pam.debian/doc/man/pam_misc_drop_env.3 @@ -52,7 +52,7 @@ .SH "SEE ALSO" .PP \fBpam_getenvlist\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_misc_paste_env.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_misc_paste_env.3.xml +++ pam.debian/doc/man/pam_misc_paste_env.3.xml @@ -44,7 +44,7 @@ pam_putenv3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_misc_paste_env.3 =================================================================== --- pam.debian.orig/doc/man/pam_misc_paste_env.3 +++ pam.debian/doc/man/pam_misc_paste_env.3 @@ -47,7 +47,7 @@ .SH "SEE ALSO" .PP \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_misc_setenv.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_misc_setenv.3.xml +++ pam.debian/doc/man/pam_misc_setenv.3.xml @@ -51,7 +51,7 @@ pam_putenv3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_misc_setenv.3 =================================================================== --- pam.debian.orig/doc/man/pam_misc_setenv.3 +++ pam.debian/doc/man/pam_misc_setenv.3 @@ -52,7 +52,7 @@ .SH "SEE ALSO" .PP \fBpam_putenv\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/doc/man/pam_prompt.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_prompt.3.xml +++ pam.debian/doc/man/pam_prompt.3.xml @@ -95,7 +95,7 @@ SEE ALSO - pam8 + pam7 , pam_conv3 Index: pam.debian/doc/man/pam_prompt.3 =================================================================== --- pam.debian.orig/doc/man/pam_prompt.3 +++ pam.debian/doc/man/pam_prompt.3 @@ -70,7 +70,7 @@ .RE .SH "SEE ALSO" .PP -\fBpam\fR(8), +\fBpam\fR(7), \fBpam_conv\fR(3) .SH "STANDARDS" .PP Index: pam.debian/doc/man/pam_putenv.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_putenv.3.xml +++ pam.debian/doc/man/pam_putenv.3.xml @@ -145,7 +145,7 @@ pam_strerror3 , - pam8 + pam7 Index: pam.debian/doc/man/pam_putenv.3 =================================================================== --- pam.debian.orig/doc/man/pam_putenv.3 +++ pam.debian/doc/man/pam_putenv.3 @@ -108,4 +108,4 @@ \fBpam_getenv\fR(3), \fBpam_getenvlist\fR(3), \fBpam_strerror\fR(3), -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_strerror.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_strerror.3.xml +++ pam.debian/doc/man/pam_strerror.3.xml @@ -51,7 +51,7 @@ SEE ALSO - pam8 + pam7 Index: pam.debian/doc/man/pam_strerror.3 =================================================================== --- pam.debian.orig/doc/man/pam_strerror.3 +++ pam.debian/doc/man/pam_strerror.3 @@ -49,4 +49,4 @@ This function returns always a pointer to a string\&. .SH "SEE ALSO" .PP -\fBpam\fR(8) +\fBpam\fR(7) Index: pam.debian/doc/man/pam_syslog.3.xml =================================================================== --- pam.debian.orig/doc/man/pam_syslog.3.xml +++ pam.debian/doc/man/pam_syslog.3.xml @@ -66,7 +66,7 @@ SEE ALSO - pam8 + pam7 Index: pam.debian/doc/man/pam_syslog.3 =================================================================== --- pam.debian.orig/doc/man/pam_syslog.3 +++ pam.debian/doc/man/pam_syslog.3 @@ -67,7 +67,7 @@ variable argument list macros\&. .SH "SEE ALSO" .PP -\fBpam\fR(8) +\fBpam\fR(7) .SH "STANDARDS" .PP The Index: pam.debian/modules/pam_userdb/pam_userdb.8.xml =================================================================== --- pam.debian.orig/modules/pam_userdb/pam_userdb.8.xml +++ pam.debian/modules/pam_userdb/pam_userdb.8.xml @@ -277,7 +277,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_userdb/pam_userdb.8 =================================================================== --- pam.debian.orig/modules/pam_userdb/pam_userdb.8 +++ pam.debian/modules/pam_userdb/pam_userdb.8 @@ -150,7 +150,7 @@ \fBcrypt\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. Index: pam.debian/modules/pam_warn/pam_warn.8.xml =================================================================== --- pam.debian.orig/modules/pam_warn/pam_warn.8.xml +++ pam.debian/modules/pam_warn/pam_warn.8.xml @@ -90,7 +90,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_warn/pam_warn.8 =================================================================== --- pam.debian.orig/modules/pam_warn/pam_warn.8 +++ pam.debian/modules/pam_warn/pam_warn.8 @@ -83,7 +83,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_warn was written by Andrew G\&. Morgan \&. Index: pam.debian/modules/pam_wheel/pam_wheel.8.xml =================================================================== --- pam.debian.orig/modules/pam_wheel/pam_wheel.8.xml +++ pam.debian/modules/pam_wheel/pam_wheel.8.xml @@ -212,7 +212,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_wheel/pam_wheel.8 =================================================================== --- pam.debian.orig/modules/pam_wheel/pam_wheel.8 +++ pam.debian/modules/pam_wheel/pam_wheel.8 @@ -136,7 +136,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_wheel was written by Cristian Gafton \&. Index: pam.debian/modules/pam_xauth/pam_xauth.8.xml =================================================================== --- pam.debian.orig/modules/pam_xauth/pam_xauth.8.xml +++ pam.debian/modules/pam_xauth/pam_xauth.8.xml @@ -276,7 +276,7 @@ pam.d5 , - pam8 + pam7 Index: pam.debian/modules/pam_xauth/pam_xauth.8 =================================================================== --- pam.debian.orig/modules/pam_xauth/pam_xauth.8 +++ pam.debian/modules/pam_xauth/pam_xauth.8 @@ -177,7 +177,7 @@ .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8) +\fBpam\fR(7) .SH "AUTHOR" .PP pam_xauth was written by Nalin Dahyabhai , based on original version by Michael K\&. Johnson \&. Index: pam.debian/modules/pam_env/pam_env.8 =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.8 +++ pam.debian/modules/pam_env/pam_env.8 @@ -2,12 +2,12 @@ .\" Title: pam_env .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 01/15/2014 +.\" Date: 01/16/2014 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" +.TH "PAM_ENV" "8" "01/16/2014" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- pam/debian/patches-applied/cve-2010-4708.patch0000644000000000000000000000451013261244762015573 0ustar Description: fix cve-2010-4708: .pam_environment privilege issue Index: pam.debian/modules/pam_env/pam_env.c =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.c +++ pam.debian/modules/pam_env/pam_env.c @@ -10,7 +10,7 @@ #define DEFAULT_READ_ENVFILE 1 #define DEFAULT_USER_ENVFILE ".pam_environment" -#define DEFAULT_USER_READ_ENVFILE 1 +#define DEFAULT_USER_READ_ENVFILE 0 #include "config.h" Index: pam.debian/modules/pam_env/pam_env.8.xml =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.8.xml +++ pam.debian/modules/pam_env/pam_env.8.xml @@ -147,7 +147,7 @@ Turns on or off the reading of the user specific environment - file. 0 is off, 1 is on. By default this option is on. + file. 0 is off, 1 is on. By default this option is off. Index: pam.debian/modules/pam_env/pam_env.8 =================================================================== --- pam.debian.orig/modules/pam_env/pam_env.8 +++ pam.debian/modules/pam_env/pam_env.8 @@ -2,12 +2,12 @@ .\" Title: pam_env .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 09/19/2013 +.\" Date: 01/15/2014 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" +.TH "PAM_ENV" "8" "01/15/2014" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -88,7 +88,7 @@ .PP \fBuser_readenv=\fR\fB\fI0|1\fR\fR .RS 4 -Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&. +Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is off\&. .RE .SH "MODULE TYPES PROVIDED" .PP @@ -138,7 +138,7 @@ .PP \fBpam_env.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(8)\&. +\fBpam\fR(7)\&. .SH "AUTHOR" .PP pam_env was written by Dave Kinchlea \&. pam/debian/patches-applied/cve-2013-7041.patch0000644000000000000000000000332313261244762015570 0ustar From 57a1e2b274d0a6376d92ada9926e5c5741e7da20 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 24 Jan 2014 22:18:32 +0000 Subject: pam_userdb: fix password hash comparison Starting with commit Linux-PAM-0-77-28-g0b3e583 that introduced hashed passwords support in pam_userdb, hashes are compared case-insensitively. This bug leads to accepting hashes for completely different passwords in addition to those that should be accepted. Additionally, commit Linux-PAM-1_1_6-13-ge2a8187 that added support for modern password hashes with different lengths and settings, did not update the hash comparison accordingly, which leads to accepting computed hashes longer than stored hashes when the latter is a prefix of the former. * modules/pam_userdb/pam_userdb.c (user_lookup): Reject the computed hash whose length differs from the stored hash length. Compare computed and stored hashes case-sensitively. Fixes CVE-2013-7041. Bug-Debian: http://bugs.debian.org/731368 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -222,12 +222,15 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, } else { cryptpw = crypt (pass, data.dptr); - if (cryptpw) { - compare = strncasecmp (data.dptr, cryptpw, data.dsize); + if (cryptpw && strlen(cryptpw) == (size_t)data.dsize) { + compare = memcmp(data.dptr, cryptpw, data.dsize); } else { compare = -2; if (ctrl & PAM_DEBUG_ARG) { - pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); + if (cryptpw) + pam_syslog(pamh, LOG_INFO, "lengths of computed and stored hashes differ"); + else + pam_syslog(pamh, LOG_INFO, "crypt() returned NULL"); } }; pam/debian/patches-applied/cve-2014-2583.patch0000644000000000000000000000307113261244762015577 0ustar From 9dcead87e6d7f66d34e7a56d11a30daca367dffb Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 26 Mar 2014 22:17:23 +0000 Subject: pam_timestamp: fix potential directory traversal issue (ticket #27) pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of the timestamp pathname it creates, so extra care should be taken to avoid potential directory traversal issues. * modules/pam_timestamp/pam_timestamp.c (check_tty): Treat "." and ".." tty values as invalid. (get_ruser): Treat "." and ".." ruser values, as well as any ruser value containing '/', as invalid. Fixes CVE-2014-2583. Reported-by: Sebastian Krahmer --- a/modules/pam_timestamp/pam_timestamp.c +++ b/modules/pam_timestamp/pam_timestamp.c @@ -158,7 +158,7 @@ check_tty(const char *tty) tty = strrchr(tty, '/') + 1; } /* Make sure the tty wasn't actually a directory (no basename). */ - if (strlen(tty) == 0) { + if (!strlen(tty) || !strcmp(tty, ".") || !strcmp(tty, "..")) { return NULL; } return tty; @@ -243,6 +243,17 @@ get_ruser(pam_handle_t *pamh, char *ruserbuf, size_t ruserbuflen) if (pwd != NULL) { ruser = pwd->pw_name; } + } else { + /* + * This ruser is used by format_timestamp_name as a component + * of constructed timestamp pathname, so ".", "..", and '/' + * are disallowed to avoid potential path traversal issues. + */ + if (!strcmp(ruser, ".") || + !strcmp(ruser, "..") || + strchr(ruser, '/')) { + ruser = NULL; + } } if (ruser == NULL || strlen(ruser) >= ruserbuflen) { *ruserbuf = '\0'; pam/debian/patches-applied/cve-2015-3238.patch0000644000000000000000000001272213261244762015601 0ustar From e89d4c97385ff8180e6e81e84c5aa745daf28a79 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 22 Jun 2015 14:53:01 +0200 Subject: Release version 1.2.1 Security fix: CVE-2015-3238 If the process executing pam_sm_authenticate or pam_sm_chauthtok method of pam_unix is not privileged enough to check the password, e.g. if selinux is enabled, the _unix_run_helper_binary function is called. When a long enough password is supplied (16 pages or more, i.e. 65536+ bytes on a system with 4K pages), this helper function hangs indefinitely, blocked in the write(2) call while writing to a blocking pipe that has a limited capacity. With this fix, the verifiable password length will be limited to PAM_MAX_RESP_SIZE bytes (i.e. 512 bytes) for pam_exec and pam_unix. diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c index 5ab9630..17ba6ca 100644 --- a/modules/pam_exec/pam_exec.c +++ b/modules/pam_exec/pam_exec.c @@ -178,11 +178,11 @@ call_exec (const char *pam_type, pam_handle_t *pamh, } pam_set_item (pamh, PAM_AUTHTOK, resp); - authtok = strdupa (resp); + authtok = strndupa (resp, PAM_MAX_RESP_SIZE); _pam_drop (resp); } else - authtok = void_pass; + authtok = strndupa (void_pass, PAM_MAX_RESP_SIZE); if (pipe(fds) != 0) { diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 2d330e5..c2e5de5 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -240,15 +240,22 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const /* wait for child */ /* if the stored password is NULL */ int rc=0; - if (fromwhat) - pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); - else - pam_modutil_write(fds[1], "", 1); - if (towhat) { - pam_modutil_write(fds[1], towhat, strlen(towhat)+1); + if (fromwhat) { + int len = strlen(fromwhat); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + pam_modutil_write(fds[1], fromwhat, len); } - else - pam_modutil_write(fds[1], "", 1); + pam_modutil_write(fds[1], "", 1); + if (towhat) { + int len = strlen(towhat); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + pam_modutil_write(fds[1], towhat, len); + } + pam_modutil_write(fds[1], "", 1); close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index b325602..e79b55e 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -1115,12 +1115,15 @@ getuidname(uid_t uid) int read_passwords(int fd, int npass, char **passwords) { + /* The passwords array must contain npass preallocated + * buffers of length MAXPASS + 1 + */ int rbytes = 0; int offset = 0; int i = 0; char *pptr; while (npass > 0) { - rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); + rbytes = read(fd, passwords[i]+offset, MAXPASS+1-offset); if (rbytes < 0) { if (errno == EINTR) continue; diff --git a/modules/pam_unix/passverify.h b/modules/pam_unix/passverify.h index 3de6759..caf7ae8 100644 --- a/modules/pam_unix/passverify.h +++ b/modules/pam_unix/passverify.h @@ -8,7 +8,7 @@ #define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT -#define MAXPASS 200 /* the maximum length of a password */ +#define MAXPASS PAM_MAX_RESP_SIZE /* the maximum length of a password */ #define OLD_PASSWORDS_FILE "/etc/security/opasswd" diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index fdb45c2..abccd82 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -609,7 +609,12 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, /* if the stored password is NULL */ int rc=0; if (passwd != NULL) { /* send the password to the child */ - if (write(fds[1], passwd, strlen(passwd)+1) == -1) { + int len = strlen(passwd); + + if (len > PAM_MAX_RESP_SIZE) + len = PAM_MAX_RESP_SIZE; + if (write(fds[1], passwd, len) == -1 || + write(fds[1], "", 1) == -1) { pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); retval = PAM_AUTH_ERR; } --- a/modules/pam_unix/pam_unix.8 2017-05-27 15:38:27.000000000 +0000 +++ b/modules/pam_unix/pam_unix.8 2017-05-27 15:34:49.000000000 +0000 @@ -56,6 +56,10 @@ \fBnoreap\fR module argument can be used to suppress this temporary shielding and may be needed for use with certain applications\&. .PP +The maximum length of a password supported by the pam_unix module via the helper binary is +\fIPAM_MAX_RESP_SIZE\fR +\- currently 512 bytes\&. The rest of the password provided by the conversation function to the module will be ignored\&. +.PP The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the \fBENCRYPT_METHOD\fR variable from --- a/modules/pam_exec/pam_exec.8 2017-05-27 15:38:27.000000000 +0000 +++ b/modules/pam_exec/pam_exec.8 2017-05-27 15:56:25.000000000 +0000 @@ -65,7 +65,9 @@ \fBexpose_authtok\fR .RS 4 During authentication the calling command can read the password from -\fBstdin\fR(3)\&. +\fBstdin\fR(3)\&. Only first +\fIPAM_MAX_RESP_SIZE\fR +bytes of a password are provided to the command\&. .RE .PP \fBlog=\fR\fB\fIfile\fR\fR pam/debian/patches-applied/do_not_check_nis_accidentally0000644000000000000000000000136313261244762020747 0ustar Patch for Debian bug #469635 Always call _unix_getpwnam() consistent with the value of the 'nis' option, so that we only grab from the backends we're expecting. Authors: Quentin Godfroy Upstream status: should be submitted Index: pam.deb/modules/pam_unix/pam_unix_passwd.c =================================================================== --- pam.deb.orig/modules/pam_unix/pam_unix_passwd.c +++ pam.deb/modules/pam_unix/pam_unix_passwd.c @@ -551,7 +551,7 @@ return PAM_USER_UNKNOWN; } else { struct passwd *pwd; - _unix_getpwnam(pamh, user, 1, 1, &pwd); + _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); if (pwd == NULL) { pam_syslog(pamh, LOG_DEBUG, "user \"%s\" has corrupted passwd entry", pam/debian/patches-applied/extrausers.patch0000644000000000000000000057010413261244762016252 0ustar Index: pam-1.1.8/modules/pam_extrausers/Makefile.am =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/Makefile.am @@ -0,0 +1,70 @@ +# +# Copyright (c) 2005, 2006, 2009, 2011 Thorsten Kukuk +# + +CLEANFILES = *~ +MAINTAINERCLEANFILES = $(MANS) + +EXTRA_DIST = md5.c md5_crypt.c lckpwdf.-c $(MANS) \ + tst-pam_extrausers $(XMLS) + +man_MANS = pam_extrausers.8 +XMLS = pam_extrausers.8.xml + +#TESTS = tst-pam_extrausers + +securelibdir = $(SECUREDIR) +secureconfdir = $(SCONFIGDIR) + +AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ + -DCHKPWD_HELPER=\"$(sbindir)/pam_extrausers_chkpwd\" \ + -DUPDATE_HELPER=\"$(sbindir)/pam_extrausers_update\" \ + $(NIS_CFLAGS) + +if HAVE_LIBSELINUX + AM_CFLAGS += -D"WITH_SELINUX" +endif + +pam_extrausers_la_LDFLAGS = -no-undefined -avoid-version -module +if HAVE_VERSIONING + pam_extrausers_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map +endif +pam_extrausers_la_LIBADD = $(top_builddir)/libpam/libpam.la \ + @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) \ + ../pam_securetty/tty_secure.lo + +securelib_LTLIBRARIES = pam_extrausers.la + +noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ + pam_unix_static.h + +sbin_PROGRAMS = pam_extrausers_chkpwd pam_extrausers_update + +noinst_PROGRAMS = bigcrypt + +pam_extrausers_la_SOURCES = bigcrypt.c pam_unix_acct.c \ + pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ + passverify.c yppasswd_xdr.c md5_good.c md5_broken.c obscure.c +if STATIC_MODULES +pam_extrausers_la_SOURCES += pam_unix_static.c +endif + +bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c +bigcrypt_CFLAGS = $(AM_CFLAGS) +bigcrypt_LDADD = @LIBCRYPT@ + +pam_extrausers_chkpwd_SOURCES = unix_chkpwd.c md5_good.c md5_broken.c bigcrypt.c \ + passverify.c +pam_extrausers_chkpwd_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"pam_extrausers_chkpwd\" +pam_extrausers_chkpwd_LDFLAGS = @PIE_LDFLAGS@ +pam_extrausers_chkpwd_LDADD = @LIBCRYPT@ @LIBSELINUX@ @LIBAUDIT@ + +pam_extrausers_update_SOURCES = unix_update.c md5_good.c md5_broken.c bigcrypt.c \ + passverify.c +pam_extrausers_update_CFLAGS = $(AM_CFLAGS) @PIE_CFLAGS@ -DHELPER_COMPILE=\"pam_extrausers_update\" +pam_extrausers_update_LDFLAGS = @PIE_LDFLAGS@ +pam_extrausers_update_LDADD = @LIBCRYPT@ @LIBSELINUX@ + +if ENABLE_REGENERATE_MAN +-include $(top_srcdir)/Make.xml.rules +endif Index: pam-1.1.8/modules/pam_extrausers/README =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/README @@ -0,0 +1,5 @@ +This is a simple fork of pam_unix, but with the following changes: + + - The expected namespace changes + - References to /etc or /etc/secure are replaced with /var/lib/extrausers + - Unconditionally use our custom lckpwdf methods and namespace them Index: pam-1.1.8/modules/pam_extrausers/bigcrypt.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/bigcrypt.c @@ -0,0 +1,159 @@ +/* + * This function implements the "bigcrypt" algorithm specifically for + * Linux-PAM. + * + * This algorithm is algorithm 0 (default) shipped with the C2 secure + * implementation of Digital UNIX. + * + * Disclaimer: This work is not based on the source code to Digital + * UNIX, nor am I connected to Digital Equipment Corp, in any way + * other than as a customer. This code is based on published + * interfaces and reasonable guesswork. + * + * Description: The cleartext is divided into blocks of SEGMENT_SIZE=8 + * characters or less. Each block is encrypted using the standard UNIX + * libc crypt function. The result of the encryption for one block + * provides the salt for the suceeding block. + * + * Restrictions: The buffer used to hold the encrypted result is + * statically allocated. (see MAX_PASS_LEN below). This is necessary, + * as the returned pointer points to "static data that are overwritten + * by each call", (XPG3: XSI System Interface + Headers pg 109), and + * this is a drop in replacement for crypt(); + * + * Andy Phillips + */ + +#include "config.h" + +#include +#include +#include +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) +#include +#endif + +#include "bigcrypt.h" + +/* + * Max cleartext password length in segments of 8 characters this + * function can deal with (16 segments of 8 chars= max 128 character + * password). + */ + +#define MAX_PASS_LEN 16 +#define SEGMENT_SIZE 8 +#define SALT_SIZE 2 +#define KEYBUF_SIZE ((MAX_PASS_LEN*SEGMENT_SIZE)+SALT_SIZE) +#define ESEGMENT_SIZE 11 +#define CBUF_SIZE ((MAX_PASS_LEN*ESEGMENT_SIZE)+SALT_SIZE+1) + +char *bigcrypt(const char *key, const char *salt) +{ + char *dec_c2_cryptbuf; +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; +#endif + unsigned long int keylen, n_seg, j; + char *cipher_ptr, *plaintext_ptr, *tmp_ptr, *salt_ptr; + char keybuf[KEYBUF_SIZE + 1]; + + D(("called with key='%s', salt='%s'.", key, salt)); + + /* reset arrays */ + dec_c2_cryptbuf = malloc(CBUF_SIZE); + if (!dec_c2_cryptbuf) { + return NULL; + } +#ifdef HAVE_CRYPT_R + cdata = malloc(sizeof(*cdata)); + if(!cdata) { + free(dec_c2_cryptbuf); + return NULL; + } + cdata->initialized = 0; +#endif + memset(keybuf, 0, KEYBUF_SIZE + 1); + memset(dec_c2_cryptbuf, 0, CBUF_SIZE); + + /* fill KEYBUF_SIZE with key */ + strncpy(keybuf, key, KEYBUF_SIZE); + + /* deal with case that we are doing a password check for a + conventially encrypted password: the salt will be + SALT_SIZE+ESEGMENT_SIZE long. */ + if (strlen(salt) == (SALT_SIZE + ESEGMENT_SIZE)) + keybuf[SEGMENT_SIZE] = '\0'; /* terminate password early(?) */ + + keylen = strlen(keybuf); + + if (!keylen) { + n_seg = 1; + } else { + /* work out how many segments */ + n_seg = 1 + ((keylen - 1) / SEGMENT_SIZE); + } + + if (n_seg > MAX_PASS_LEN) + n_seg = MAX_PASS_LEN; /* truncate at max length */ + + /* set up some pointers */ + cipher_ptr = dec_c2_cryptbuf; + plaintext_ptr = keybuf; + + /* do the first block with supplied salt */ +#ifdef HAVE_CRYPT_R + tmp_ptr = crypt_r(plaintext_ptr, salt, cdata); /* libc crypt_r() */ +#else + tmp_ptr = crypt(plaintext_ptr, salt); /* libc crypt() */ +#endif + if (tmp_ptr == NULL) { + free(dec_c2_cryptbuf); + return NULL; + } + /* and place in the static area */ + strncpy(cipher_ptr, tmp_ptr, 13); + cipher_ptr += ESEGMENT_SIZE + SALT_SIZE; + plaintext_ptr += SEGMENT_SIZE; /* first block of SEGMENT_SIZE */ + + /* change the salt (1st 2 chars of previous block) - this was found + by dowsing */ + + salt_ptr = cipher_ptr - ESEGMENT_SIZE; + + /* so far this is identical to "return crypt(key, salt);", if + there is more than one block encrypt them... */ + + if (n_seg > 1) { + for (j = 2; j <= n_seg; j++) { + +#ifdef HAVE_CRYPT_R + tmp_ptr = crypt_r(plaintext_ptr, salt_ptr, cdata); +#else + tmp_ptr = crypt(plaintext_ptr, salt_ptr); +#endif + if (tmp_ptr == NULL) { + _pam_overwrite(dec_c2_cryptbuf); + free(dec_c2_cryptbuf); + return NULL; + } + + /* skip the salt for seg!=0 */ + strncpy(cipher_ptr, (tmp_ptr + SALT_SIZE), ESEGMENT_SIZE); + + cipher_ptr += ESEGMENT_SIZE; + plaintext_ptr += SEGMENT_SIZE; + salt_ptr = cipher_ptr - ESEGMENT_SIZE; + } + } + D(("key=|%s|, salt=|%s|\nbuf=|%s|\n", key, salt, dec_c2_cryptbuf)); + +#ifdef HAVE_CRYPT_R + free(cdata); +#endif + + /* this is the terminated encrypted password */ + return dec_c2_cryptbuf; +} Index: pam-1.1.8/modules/pam_extrausers/bigcrypt.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/bigcrypt.h @@ -0,0 +1 @@ +extern char *bigcrypt(const char *key, const char *salt); Index: pam-1.1.8/modules/pam_extrausers/bigcrypt_main.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/bigcrypt_main.c @@ -0,0 +1,18 @@ +#include +#include + +#include "bigcrypt.h" + +int +main(int argc, char **argv) +{ + if (argc < 3) { + fprintf(stderr, "Usage: %s password salt\n", + strchr(argv[0], '/') ? + (strchr(argv[0], '/') + 1) : + argv[0]); + return 0; + } + fprintf(stdout, "%s\n", bigcrypt(argv[1], argv[2])); + return 0; +} Index: pam-1.1.8/modules/pam_extrausers/lckpwdf.-c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/lckpwdf.-c @@ -0,0 +1,142 @@ +/* + * This is a hack, but until libc and glibc both include this function + * by default (libc only includes it if nys is not being used, at the + * moment, and glibc doesn't appear to have it at all) we need to have + * it here, too. :-( + * + * This should not become an official part of PAM. + * + * BEGIN_HACK + */ + +/* + * lckpwdf.c -- prevent simultaneous updates of password files + * + * Before modifying any of the password files, call lckpwdf(). It may block + * for up to 15 seconds trying to get the lock. Return value is 0 on success + * or -1 on failure. When you are done, call ulckpwdf() to release the lock. + * The lock is also released automatically when the process exits. Only one + * process at a time may hold the lock. + * + * These functions are supposed to be conformant with AT&T SVID Issue 3. + * + * Written by Marek Michalkiewicz , + * public domain. + */ + +#include +#include +#ifdef WITH_SELINUX +#include +#endif + +#define LOCKFILE "/var/lib/extrausers/.pwd.lock" +#define TIMEOUT 15 + +static int lockfd = -1; + +static int set_close_on_exec(int fd) +{ + int flags = fcntl(fd, F_GETFD, 0); + if (flags == -1) + return -1; + flags |= FD_CLOEXEC; + return fcntl(fd, F_SETFD, flags); +} + +static int do_lock(int fd) +{ + struct flock fl; + + memset(&fl, 0, sizeof fl); + fl.l_type = F_WRLCK; + fl.l_whence = SEEK_SET; + return fcntl(fd, F_SETLKW, &fl); +} + +static void alarm_catch(int sig) +{ +/* does nothing, but fcntl F_SETLKW will fail with EINTR */ +} + +static int extrausers_lckpwdf(void) +{ + struct sigaction act, oldact; + sigset_t set, oldset; + + if (lockfd != -1) + return -1; + +#ifdef WITH_SELINUX + if(is_selinux_enabled()>0) + { + lockfd = open(LOCKFILE, O_WRONLY); + if(lockfd == -1 && errno == ENOENT) + { + security_context_t create_context; + int rc; + + if(getfilecon("/var/lib/extrausers/passwd", &create_context)) + return -1; + rc = setfscreatecon(create_context); + freecon(create_context); + if(rc) + return -1; + lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600); + if(setfscreatecon(NULL)) + return -1; + } + } + else +#endif + lockfd = open(LOCKFILE, O_CREAT | O_WRONLY, 0600); + if (lockfd == -1) + return -1; + if (set_close_on_exec(lockfd) == -1) + goto cleanup_fd; + + memset(&act, 0, sizeof act); + act.sa_handler = alarm_catch; + act.sa_flags = 0; + sigfillset(&act.sa_mask); + if (sigaction(SIGALRM, &act, &oldact) == -1) + goto cleanup_fd; + + sigemptyset(&set); + sigaddset(&set, SIGALRM); + if (sigprocmask(SIG_UNBLOCK, &set, &oldset) == -1) + goto cleanup_sig; + + alarm(TIMEOUT); + if (do_lock(lockfd) == -1) + goto cleanup_alarm; + alarm(0); + sigprocmask(SIG_SETMASK, &oldset, NULL); + sigaction(SIGALRM, &oldact, NULL); + return 0; + + cleanup_alarm: + alarm(0); + sigprocmask(SIG_SETMASK, &oldset, NULL); + cleanup_sig: + sigaction(SIGALRM, &oldact, NULL); + cleanup_fd: + close(lockfd); + lockfd = -1; + return -1; +} + +static int extrausers_ulckpwdf(void) +{ + unlink(LOCKFILE); + if (lockfd == -1) + return -1; + + if (close(lockfd) == -1) { + lockfd = -1; + return -1; + } + lockfd = -1; + return 0; +} +/* END_HACK */ Index: pam-1.1.8/modules/pam_extrausers/md5.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/md5.c @@ -0,0 +1,255 @@ +/* + * $Id$ + * + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * MD5Context structure, pass it to MD5Init, call MD5Update as + * needed on buffers full of bytes, and then call MD5Final, which + * will fill a supplied 16-byte array with the digest. + * + */ + +#include +#include "md5.h" + +#ifndef HIGHFIRST +#define byteReverse(buf, len) /* Nothing */ +#else +static void byteReverse(unsigned char *buf, unsigned longs); + +#ifndef ASM_MD5 +/* + * Note: this code is harmless on little-endian machines. + */ +static void byteReverse(unsigned char *buf, unsigned longs) +{ + uint32 t; + do { + t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | + ((unsigned) buf[1] << 8 | buf[0]); + *(uint32 *) buf = t; + buf += 4; + } while (--longs); +} +#endif +#endif + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +void MD5Name(MD5Init)(struct MD5Context *ctx) +{ + ctx->buf[0] = 0x67452301U; + ctx->buf[1] = 0xefcdab89U; + ctx->buf[2] = 0x98badcfeU; + ctx->buf[3] = 0x10325476U; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsigned len) +{ + uint32 t; + + /* Update bitcount */ + + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + + if (t) { + unsigned char *p = (unsigned char *) ctx->in + t; + + t = 64 - t; + if (len < t) { + memcpy(p, buf, len); + return; + } + memcpy(p, buf, t); + byteReverse(ctx->in, 16); + MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + buf += t; + len -= t; + } + /* Process data in 64-byte chunks */ + + while (len >= 64) { + memcpy(ctx->in, buf, 64); + byteReverse(ctx->in, 16); + MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + + memcpy(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) +{ + unsigned count; + unsigned char *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) { + /* Two lots of padding: Pad the first block to 64 bytes */ + memset(p, 0, count); + byteReverse(ctx->in, 16); + MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + + /* Now fill the next block with 56 bytes */ + memset(ctx->in, 0, 56); + } else { + /* Pad block to 56 bytes */ + memset(p, 0, count - 8); + } + byteReverse(ctx->in, 14); + + /* Append length in bits and transform */ + memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); + + MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); + byteReverse((unsigned char *) ctx->buf, 4); + memcpy(digest, ctx->buf, 16); + memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ +} + +#ifndef ASM_MD5 + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) F1(z, x, y) +#define F3(x, y, z) (x ^ y ^ z) +#define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +#define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +void MD5Name(MD5Transform)(uint32 buf[4], uint32 const in[16]) +{ + register uint32 a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478U, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756U, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070dbU, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceeeU, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0fafU, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62aU, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613U, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501U, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8U, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7afU, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1U, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7beU, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122U, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193U, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438eU, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821U, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562U, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340U, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51U, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aaU, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105dU, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453U, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681U, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8U, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6U, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6U, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87U, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14edU, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905U, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8U, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9U, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8aU, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942U, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681U, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122U, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380cU, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44U, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9U, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60U, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70U, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6U, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127faU, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085U, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05U, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039U, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5U, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8U, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665U, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244U, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97U, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7U, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039U, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3U, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92U, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47dU, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1U, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4fU, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0U, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314U, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1U, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82U, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235U, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bbU, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391U, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +#endif Index: pam-1.1.8/modules/pam_extrausers/md5.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/md5.h @@ -0,0 +1,31 @@ + +#ifndef MD5_H +#define MD5_H + +typedef unsigned int uint32; + +struct MD5Context { + uint32 buf[4]; + uint32 bits[2]; + unsigned char in[64]; +}; + +void GoodMD5Init(struct MD5Context *); +void GoodMD5Update(struct MD5Context *, unsigned const char *, unsigned); +void GoodMD5Final(unsigned char digest[16], struct MD5Context *); +void GoodMD5Transform(uint32 buf[4], uint32 const in[16]); +void BrokenMD5Init(struct MD5Context *); +void BrokenMD5Update(struct MD5Context *, unsigned const char *, unsigned); +void BrokenMD5Final(unsigned char digest[16], struct MD5Context *); +void BrokenMD5Transform(uint32 buf[4], uint32 const in[16]); + +char *Goodcrypt_md5(const char *pw, const char *salt); +char *Brokencrypt_md5(const char *pw, const char *salt); + +/* + * This is needed to make RSAREF happy on some MS-DOS compilers. + */ + +typedef struct MD5Context MD5_CTX; + +#endif /* MD5_H */ Index: pam-1.1.8/modules/pam_extrausers/md5_broken.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/md5_broken.c @@ -0,0 +1,4 @@ +#define MD5Name(x) Broken##x + +#include "md5.c" +#include "md5_crypt.c" Index: pam-1.1.8/modules/pam_extrausers/md5_crypt.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/md5_crypt.c @@ -0,0 +1,154 @@ +/* + * $Id$ + * + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + * + * Origin: Id: crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp + * + */ + +#include +#include +#include "md5.h" + +static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ +"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +static void to64(char *s, unsigned long v, int n) +{ + while (--n >= 0) { + *s++ = itoa64[v & 0x3f]; + v >>= 6; + } +} + +/* + * UNIX password + * + * Use MD5 for what it is best at... + */ + +char *MD5Name(crypt_md5)(const char *pw, const char *salt) +{ + const char *magic = "$1$"; + /* This string is magic for this algorithm. Having + * it this way, we can get get better later on */ + char *passwd, *p; + const char *sp, *ep; + unsigned char final[16]; + int sl, pl, i, j; + MD5_CTX ctx, ctx1; + unsigned long l; + + /* Refine the Salt first */ + sp = salt; + + /* TODO: now that we're using malloc'ed memory, get rid of the + strange constant buffer size. */ + passwd = malloc(120); + + /* If it starts with the magic string, then skip that */ + if (!strncmp(sp, magic, strlen(magic))) + sp += strlen(magic); + + /* It stops at the first '$', max 8 chars */ + for (ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) + continue; + + /* get the length of the true salt */ + sl = ep - sp; + + MD5Name(MD5Init)(&ctx); + + /* The password first, since that is what is most unknown */ + MD5Name(MD5Update)(&ctx,(unsigned const char *)pw,strlen(pw)); + + /* Then our magic string */ + MD5Name(MD5Update)(&ctx,(unsigned const char *)magic,strlen(magic)); + + /* Then the raw salt */ + MD5Name(MD5Update)(&ctx,(unsigned const char *)sp,sl); + + /* Then just as many characters of the MD5(pw,salt,pw) */ + MD5Name(MD5Init)(&ctx1); + MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); + MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl); + MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); + MD5Name(MD5Final)(final,&ctx1); + for (pl = strlen(pw); pl > 0; pl -= 16) + MD5Name(MD5Update)(&ctx,(unsigned const char *)final,pl>16 ? 16 : pl); + + /* Don't leave anything around in vm they could use. */ + memset(final, 0, sizeof final); + + /* Then something really weird... */ + for (j = 0, i = strlen(pw); i; i >>= 1) + if (i & 1) + MD5Name(MD5Update)(&ctx, (unsigned const char *)final+j, 1); + else + MD5Name(MD5Update)(&ctx, (unsigned const char *)pw+j, 1); + + /* Now make the output string */ + strcpy(passwd, magic); + strncat(passwd, sp, sl); + strcat(passwd, "$"); + + MD5Name(MD5Final)(final,&ctx); + + /* + * and now, just to make sure things don't run too fast + * On a 60 Mhz Pentium this takes 34 msec, so you would + * need 30 seconds to build a 1000 entry dictionary... + */ + for (i = 0; i < 1000; i++) { + MD5Name(MD5Init)(&ctx1); + if (i & 1) + MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); + else + MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16); + + if (i % 3) + MD5Name(MD5Update)(&ctx1,(unsigned const char *)sp,sl); + + if (i % 7) + MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); + + if (i & 1) + MD5Name(MD5Update)(&ctx1,(unsigned const char *)final,16); + else + MD5Name(MD5Update)(&ctx1,(unsigned const char *)pw,strlen(pw)); + MD5Name(MD5Final)(final,&ctx1); + } + + p = passwd + strlen(passwd); + + l = (final[0] << 16) | (final[6] << 8) | final[12]; + to64(p, l, 4); + p += 4; + l = (final[1] << 16) | (final[7] << 8) | final[13]; + to64(p, l, 4); + p += 4; + l = (final[2] << 16) | (final[8] << 8) | final[14]; + to64(p, l, 4); + p += 4; + l = (final[3] << 16) | (final[9] << 8) | final[15]; + to64(p, l, 4); + p += 4; + l = (final[4] << 16) | (final[10] << 8) | final[5]; + to64(p, l, 4); + p += 4; + l = final[11]; + to64(p, l, 2); + p += 2; + *p = '\0'; + + /* Don't leave anything around in vm they could use. */ + memset(final, 0, sizeof final); + + return passwd; +} Index: pam-1.1.8/modules/pam_extrausers/md5_good.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/md5_good.c @@ -0,0 +1,5 @@ +#define HIGHFIRST +#define MD5Name(x) Good##x + +#include "md5.c" +#include "md5_crypt.c" Index: pam-1.1.8/modules/pam_extrausers/obscure.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/obscure.c @@ -0,0 +1,198 @@ +/* + * Copyright 1989 - 1994, Julianne Frances Haugh + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Julianne F. Haugh nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + + +#include "support.h" + +/* can't be a palindrome - like `R A D A R' or `M A D A M' */ +static int palindrome(const char *old, const char *new) { + int i, j; + + i = strlen (new); + + for (j = 0;j < i;j++) + if (new[i - j - 1] != new[j]) + return 0; + + return 1; +} + +/* more than half of the characters are different ones. */ +static int similar(const char *old, const char *new) { + int i, j; + + /* + * XXX - sometimes this fails when changing from a simple password + * to a really long one (MD5). For now, I just return success if + * the new password is long enough. Please feel free to suggest + * something better... --marekm + */ + if (strlen(new) >= 8) + return 0; + + for (i = j = 0; new[i] && old[i]; i++) + if (strchr(new, old[i])) + j++; + + if (i >= j * 2) + return 0; + + return 1; +} + +/* a nice mix of characters. */ +static int simple(const char *old, const char *new) { + int digits = 0; + int uppers = 0; + int lowers = 0; + int others = 0; + int size; + int i; + + for (i = 0;new[i];i++) { + if (isdigit (new[i])) + digits++; + else if (isupper (new[i])) + uppers++; + else if (islower (new[i])) + lowers++; + else + others++; + } + + /* + * The scam is this - a password of only one character type + * must be 8 letters long. Two types, 7, and so on. + */ + + size = 9; + if (digits) size--; + if (uppers) size--; + if (lowers) size--; + if (others) size--; + + if (size <= i) + return 0; + + return 1; +} + +static char *str_lower(char *string) { + char *cp; + + for (cp = string; *cp; cp++) + *cp = tolower(*cp); + return string; +} + +static const char * password_check(const char *old, const char *new, + const struct passwd *pwdp) { + const char *msg = NULL; + char *oldmono, *newmono, *wrapped; + + if (strcmp(new, old) == 0) + return _("Bad: new password must be different than the old one"); + + newmono = str_lower(strdup(new)); + oldmono = str_lower(strdup(old)); + wrapped = (char *)malloc(strlen(oldmono) * 2 + 1); + strcpy (wrapped, oldmono); + strcat (wrapped, oldmono); + + if (palindrome(oldmono, newmono)) { + msg = _("Bad: new password cannot be a palindrome"); + } else if (strcmp(oldmono, newmono) == 0) { + msg = _("Bad: new and old password must differ by more than just case"); + } else if (similar(oldmono, newmono)) { + msg = _("Bad: new and old password are too similar"); + } else if (simple(old, new)) { + msg = _("Bad: new password is too simple"); + } else if (strstr(wrapped, newmono)) { + msg = _("Bad: new password is just a wrapped version of the old one"); + } + + _pam_delete(newmono); + _pam_delete(oldmono); + _pam_delete(wrapped); + + return msg; +} + +const char *obscure_msg(const char *old, const char *new, + const struct passwd *pwdp, unsigned int ctrl) { + int oldlen, newlen; + char *new1, *old1; + const char *msg; + + if (old == NULL) + return NULL; /* no check if old is NULL */ + + oldlen = strlen(old); + newlen = strlen(new); + + /* Remaining checks are optional. */ + if (off(UNIX_OBSCURE_CHECKS,ctrl)) + return NULL; + + if ((msg = password_check(old, new, pwdp)) != NULL) + return msg; + + /* The traditional crypt() truncates passwords to 8 chars. It is + possible to circumvent the above checks by choosing an easy + 8-char password and adding some random characters to it... + Example: "password$%^&*123". So check it again, this time + truncated to the maximum length. Idea from npasswd. --marekm */ + + if (!UNIX_DES_CRYPT(ctrl)) + return NULL; /* unlimited password length */ + + if (oldlen <= 8 && newlen <= 8) + return NULL; + + new1 = strndup(new,8); + old1 = strndup(old,8); + + msg = password_check(old1, new1, pwdp); + + _pam_delete(new1); + _pam_delete(old1); + + return msg; +} Index: pam-1.1.8/modules/pam_extrausers/pam_unix_acct.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_acct.c @@ -0,0 +1,304 @@ +/* + * Copyright Elliot Lee, 1996. All rights reserved. + * Copyright Jan R\EAkorajski, 1999. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* for time() */ +#include +#include + +#include + +/* indicate that the following groups are defined */ + +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_ACCOUNT +#endif + +#include +#include +#include + +#include "support.h" +#include "passverify.h" + +int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, + const char *user, int *daysleft) +{ + int retval=0, child, fds[2]; + struct sigaction newsa, oldsa; + D(("running verify_binary")); + + /* create a pipe for the messages */ + if (pipe(fds) != 0) { + D(("could not make pipe")); + pam_syslog(pamh, LOG_ERR, "Could not make pipe: %m"); + return PAM_AUTH_ERR; + } + D(("called.")); + + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ + child = fork(); + if (child == 0) { + int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL }; + + /* reopen stdout as pipe */ + dup2(fds[1], STDOUT_FILENO); + + /* XXX - should really tidy up PAM here too */ + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDOUT_FILENO) { + close(i); + } + } + } + + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ + if (setuid(0) == -1) { + pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); + printf("-1\n"); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); + } + } + + /* exec binary helper */ + args[0] = x_strdup(CHKPWD_HELPER); + args[1] = x_strdup(user); + args[2] = x_strdup("chkexpiry"); + + execve(CHKPWD_HELPER, args, envp); + + pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); + /* should not get here: exit with error */ + D(("helper binary is not available")); + printf("-1\n"); + fflush(stdout); + _exit(PAM_AUTHINFO_UNAVAIL); + } else { + close(fds[1]); + if (child > 0) { + char buf[32]; + int rc=0; + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); + if (rc<0) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_chkpwd waitpid returned %d: %m", rc); + retval = PAM_AUTH_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_chkpwd abnormal exit: %d", retval); + retval = PAM_AUTH_ERR; + } else { + retval = WEXITSTATUS(retval); + rc = pam_modutil_read(fds[0], buf, sizeof(buf) - 1); + if(rc > 0) { + buf[rc] = '\0'; + if (sscanf(buf,"%d", daysleft) != 1 ) + retval = PAM_AUTH_ERR; + } + else { + pam_syslog(pamh, LOG_ERR, "read pam_extrausers_chkpwd output error %d: %m", rc); + retval = PAM_AUTH_ERR; + } + } + } else { + pam_syslog(pamh, LOG_ERR, "Fork failed: %m"); + D(("fork failed")); + retval = PAM_AUTH_ERR; + } + close(fds[0]); + } + + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } + + D(("Returning %d",retval)); + return retval; +} + +/* + * PAM framework looks for this entry-point to pass control to the + * account management module. + */ + +int +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + unsigned int ctrl; + const void *void_uname; + const char *uname; + int retval, daysleft; + struct spwd *spent; + struct passwd *pwent; + char buf[256]; + + D(("called.")); + + ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, &void_uname); + uname = void_uname; + D(("user = `%s'", uname)); + if (retval != PAM_SUCCESS || uname == NULL) { + pam_syslog(pamh, LOG_ALERT, + "could not identify user (from uid=%lu)", + (unsigned long int)getuid()); + return PAM_USER_UNKNOWN; + } + + retval = get_account_info(pamh, uname, &pwent, &spent); + if (retval == PAM_USER_UNKNOWN) { + pam_syslog(pamh, LOG_ALERT, + "could not identify user (from getpwnam(%s))", + uname); + return retval; + } + + if (retval == PAM_SUCCESS && spent == NULL) + return PAM_SUCCESS; + + if (retval == PAM_UNIX_RUN_HELPER) { + retval = _unix_run_verify_binary(pamh, ctrl, uname, &daysleft); + if (retval == PAM_AUTHINFO_UNAVAIL && + on(UNIX_BROKEN_SHADOW, ctrl)) + return PAM_SUCCESS; + } else if (retval != PAM_SUCCESS) { + if (on(UNIX_BROKEN_SHADOW,ctrl)) + return PAM_SUCCESS; + else + return retval; + } else + retval = check_shadow_expiry(pamh, spent, &daysleft); + + switch (retval) { + case PAM_ACCT_EXPIRED: + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (account expired)", + uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + _("Your account has expired; please contact your system administrator")); + break; + case PAM_NEW_AUTHTOK_REQD: + if (daysleft == 0) { + pam_syslog(pamh, LOG_NOTICE, + "expired password for user %s (root enforced)", + uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + _("You are required to change your password immediately (root enforced)")); + } else { + pam_syslog(pamh, LOG_DEBUG, + "expired password for user %s (password aged)", + uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + _("You are required to change your password immediately (password aged)")); + } + break; + case PAM_AUTHTOK_EXPIRED: + pam_syslog(pamh, LOG_NOTICE, + "account %s has expired (failed to change password)", + uname); + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + _("Your account has expired; please contact your system administrator")); + break; + case PAM_AUTHTOK_ERR: + retval = PAM_SUCCESS; + /* fallthrough */ + case PAM_SUCCESS: + if (daysleft >= 0) { + pam_syslog(pamh, LOG_DEBUG, + "password for user %s will expire in %d days", + uname, daysleft); +#if defined HAVE_DNGETTEXT && defined ENABLE_NLS + snprintf (buf, sizeof (buf), + dngettext(PACKAGE, + "Warning: your password will expire in %d day", + "Warning: your password will expire in %d days", + daysleft), + daysleft); +#else + if (daysleft == 1) + snprintf(buf, sizeof (buf), + _("Warning: your password will expire in %d day"), + daysleft); + else + snprintf(buf, sizeof (buf), + /* TRANSLATORS: only used if dngettext is not supported */ + _("Warning: your password will expire in %d days"), + daysleft); +#endif + _make_remark(pamh, ctrl, PAM_TEXT_INFO, buf); + } + } + + D(("all done")); + + return retval; +} Index: pam-1.1.8/modules/pam_extrausers/pam_unix_auth.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_auth.c @@ -0,0 +1,218 @@ +/* + * Copyright Alexander O. Yuriev, 1996. All rights reserved. + * NIS+ support by Thorsten Kukuk + * Copyright Jan R\EAkorajski, 1999. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* indicate the following groups are defined */ + +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_AUTH +#endif + +#define _PAM_EXTERN_FUNCTIONS +#include +#include +#include + +#include "support.h" + +/* + * PAM framework looks for these entry-points to pass control to the + * authentication module. + */ + +/* Fun starts here :) + + * pam_sm_authenticate() performs UNIX/shadow authentication + * + * First, if shadow support is available, attempt to perform + * authentication using shadow passwords. If shadow is not + * available, or user does not have a shadow password, fallback + * onto a normal UNIX authentication + */ + +#define _UNIX_AUTHTOK "-UN*X-PASS" + +#define AUTH_RETURN \ +do { \ + if (on(UNIX_LIKE_AUTH, ctrl) && ret_data) { \ + D(("recording return code for next time [%d]", \ + retval)); \ + *ret_data = retval; \ + pam_set_data(pamh, "unix_setcred_return", \ + (void *) ret_data, setcred_free); \ + } else if (ret_data) \ + free (ret_data); \ + D(("done. [%s]", pam_strerror(pamh, retval))); \ + return retval; \ +} while (0) + + +static void +setcred_free (pam_handle_t *pamh UNUSED, void *ptr, int err UNUSED) +{ + if (ptr) + free (ptr); +} + +int +pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + unsigned int ctrl; + int retval, *ret_data = NULL; + const char *name; + const void *p; + + D(("called.")); + + ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); + + /* Get a few bytes so we can pass our return value to + pam_sm_setcred(). */ + if (on(UNIX_LIKE_AUTH, ctrl)) + ret_data = malloc(sizeof(int)); + + /* get the user'name' */ + + retval = pam_get_user(pamh, &name, NULL); + if (retval == PAM_SUCCESS) { + /* + * Various libraries at various times have had bugs related to + * '+' or '-' as the first character of a user name. Don't + * allow this characters here. + */ + if (name == NULL || name[0] == '-' || name[0] == '+') { + pam_syslog(pamh, LOG_ERR, "bad username [%s]", name); + retval = PAM_USER_UNKNOWN; + AUTH_RETURN; + } + if (on(UNIX_DEBUG, ctrl)) + D(("username [%s] obtained", name)); + } else { + D(("trouble reading username")); + if (retval == PAM_CONV_AGAIN) { + D(("pam_get_user/conv() function is not ready yet")); + /* it is safe to resume this function so we translate this + * retval to the value that indicates we're happy to resume. + */ + retval = PAM_INCOMPLETE; + } + AUTH_RETURN; + } + + /* if this user does not have a password... */ + + if (_unix_blankpasswd(pamh, ctrl, name)) { + D(("user '%s' has blank passwd", name)); + name = NULL; + retval = PAM_SUCCESS; + AUTH_RETURN; + } + /* get this user's authentication token */ + + retval = _unix_read_password(pamh, ctrl, NULL, _("Password: "), NULL + ,_UNIX_AUTHTOK, &p); + if (retval != PAM_SUCCESS) { + if (retval != PAM_CONV_AGAIN) { + pam_syslog(pamh, LOG_CRIT, + "auth could not identify password for [%s]", name); + } else { + D(("conversation function is not ready yet")); + /* + * it is safe to resume this function so we translate this + * retval to the value that indicates we're happy to resume. + */ + retval = PAM_INCOMPLETE; + } + name = NULL; + AUTH_RETURN; + } + D(("user=%s, password=[%s]", name, p)); + + /* verify the password of this user */ + retval = _unix_verify_password(pamh, name, p, ctrl); + name = p = NULL; + + AUTH_RETURN; +} + + +/* + * The only thing _pam_set_credentials_unix() does is initialization of + * UNIX group IDs. + * + * Well, everybody but me on linux-pam is convinced that it should not + * initialize group IDs, so I am not doing it but don't say that I haven't + * warned you. -- AOY + */ + +int +pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, + int argc UNUSED, const char **argv UNUSED) +{ + int retval; + const void *pretval = NULL; + + D(("called.")); + + retval = PAM_SUCCESS; + + D(("recovering return code from auth call")); + /* We will only find something here if UNIX_LIKE_AUTH is set -- + don't worry about an explicit check of argv. */ + if (pam_get_data(pamh, "unix_setcred_return", &pretval) == PAM_SUCCESS + && pretval) { + retval = *(const int *)pretval; + pam_set_data(pamh, "unix_setcred_return", NULL, NULL); + D(("recovered data indicates that old retval was %d", retval)); + } + + return retval; +} Index: pam-1.1.8/modules/pam_extrausers/pam_unix_passwd.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_passwd.c @@ -0,0 +1,843 @@ +/* + * Main coding by Elliot Lee , Red Hat Software. + * Copyright (C) 1996. + * Copyright (c) Jan Rêkorajski, 1999. + * Copyright (c) Red Hat, Inc., 2007, 2008. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* for time() */ +#include +#include +#include +#include + +#include +#include +#include +#include + +#include + +/* indicate the following groups are defined */ + +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_PASSWORD +#endif + +#include +#include +#include + +#include "md5.h" +#include "support.h" +#include "passverify.h" +#include "bigcrypt.h" + +#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER +# define HAVE_NIS +#endif + +#ifdef HAVE_NIS +# include + +# if HAVE_RPCSVC_YP_PROT_H +# include +# endif + +# if HAVE_RPCSVC_YPCLNT_H +# include +# endif + +# include "yppasswd.h" + +# if !HAVE_DECL_GETRPCPORT +extern int getrpcport(const char *host, unsigned long prognum, + unsigned long versnum, unsigned int proto); +# endif /* GNU libc 2.1 */ +#endif + +extern const char *obscure_msg(const char *, const char *, const struct passwd *, + unsigned int); + +/* + How it works: + Gets in username (has to be done) from the calling program + Does authentication of user (only if we are not running as root) + Gets new password/checks for sanity + Sets it. + */ + +/* data tokens */ + +#define _UNIX_OLD_AUTHTOK "-UN*X-OLD-PASS" +#define _UNIX_NEW_AUTHTOK "-UN*X-NEW-PASS" + +#define MAX_PASSWD_TRIES 3 + +#ifdef HAVE_NIS +static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) +{ + char *master; + char *domainname; + int port, err; + +#ifdef HAVE_YP_GET_DEFAULT_DOMAIN + if ((err = yp_get_default_domain(&domainname)) != 0) { + pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s", + yperr_string(err)); + return NULL; + } +#elif defined(HAVE_GETDOMAINNAME) + char domainname_res[256]; + + if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) + { + if (strcmp (domainname_res, "(none)") == 0) + { + /* If domainname is not set, some systems will return "(none)" */ + domainname_res[0] = '\0'; + } + domainname = domainname_res; + } + else domainname = NULL; +#endif + + if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) { + pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s", + yperr_string(err)); + return NULL; + } + port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); + if (port == 0) { + pam_syslog(pamh, LOG_WARNING, + "yppasswdd not running on NIS master host"); + return NULL; + } + if (port >= IPPORT_RESERVED) { + pam_syslog(pamh, LOG_WARNING, + "yppasswd daemon running on illegal port"); + return NULL; + } + if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d", + master, port); + } + return master; +} +#endif + +#ifdef WITH_SELINUX + +static int _unix_run_update_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, + const char *fromwhat, const char *towhat, int remember) +{ + int retval, child, fds[2]; + struct sigaction newsa, oldsa; + + D(("called.")); + /* create a pipe for the password */ + if (pipe(fds) != 0) { + D(("could not make pipe")); + return PAM_AUTH_ERR; + } + + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ + child = fork(); + if (child == 0) { + int i=0; + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL }; + char buffer[16]; + + /* XXX - should really tidy up PAM here too */ + + /* reopen stdin as pipe */ + dup2(fds[0], STDIN_FILENO); + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) + close(i); + } + } + + /* exec binary helper */ + args[0] = x_strdup(UPDATE_HELPER); + args[1] = x_strdup(user); + args[2] = x_strdup("update"); + if (on(UNIX_SHADOW, ctrl)) + args[3] = x_strdup("1"); + else + args[3] = x_strdup("0"); + + snprintf(buffer, sizeof(buffer), "%d", remember); + args[4] = x_strdup(buffer); + + execve(UPDATE_HELPER, args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); + _exit(PAM_AUTHINFO_UNAVAIL); + } else if (child > 0) { + /* wait for child */ + /* if the stored password is NULL */ + int rc=0; + if (fromwhat) + pam_modutil_write(fds[1], fromwhat, strlen(fromwhat)+1); + else + pam_modutil_write(fds[1], "", 1); + if (towhat) { + pam_modutil_write(fds[1], towhat, strlen(towhat)+1); + } + else + pam_modutil_write(fds[1], "", 1); + + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); + if (rc<0) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_update waitpid failed: %m"); + retval = PAM_AUTHTOK_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_update abnormal exit: %d", retval); + retval = PAM_AUTHTOK_ERR; + } else { + retval = WEXITSTATUS(retval); + } + } else { + D(("fork failed")); + close(fds[0]); + close(fds[1]); + retval = PAM_AUTH_ERR; + } + + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } + + return retval; +} +#endif + +static int check_old_password(const char *forwho, const char *newpass) +{ + static char buf[16384]; + char *s_luser, *s_uid, *s_npas, *s_pas; + int retval = PAM_SUCCESS; + FILE *opwfile; + size_t len = strlen(forwho); + + opwfile = fopen(OLD_PASSWORDS_FILE, "r"); + if (opwfile == NULL) + return PAM_ABORT; + + while (fgets(buf, 16380, opwfile)) { + if (!strncmp(buf, forwho, len) && (buf[len] == ':' || + buf[len] == ',')) { + char *sptr; + buf[strlen(buf) - 1] = '\0'; + s_luser = strtok_r(buf, ":,", &sptr); + s_uid = strtok_r(NULL, ":,", &sptr); + s_npas = strtok_r(NULL, ":,", &sptr); + s_pas = strtok_r(NULL, ":,", &sptr); + while (s_pas != NULL) { + char *md5pass = Goodcrypt_md5(newpass, s_pas); + if (!strcmp(md5pass, s_pas)) { + _pam_delete(md5pass); + retval = PAM_AUTHTOK_ERR; + break; + } + s_pas = strtok_r(NULL, ":,", &sptr); + _pam_delete(md5pass); + } + break; + } + } + fclose(opwfile); + + return retval; +} + +static int _do_setpass(pam_handle_t* pamh, const char *forwho, + const char *fromwhat, + char *towhat, unsigned int ctrl, int remember) +{ + struct passwd *pwd = NULL; + int retval = 0; + int unlocked = 0; + char *master = NULL; + + D(("called")); + + pwd = getpwnam(forwho); + + if (pwd == NULL) { + retval = PAM_AUTHTOK_ERR; + goto done; + } + + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { +#ifdef HAVE_NIS + if ((master=getNISserver(pamh, ctrl)) != NULL) { + struct timeval timeout; + struct yppasswd yppwd; + CLIENT *clnt; + int status; + enum clnt_stat err; + + /* Unlock passwd file to avoid deadlock */ + unlock_pwdf(); + unlocked = 1; + + /* Initialize password information */ + yppwd.newpw.pw_passwd = pwd->pw_passwd; + yppwd.newpw.pw_name = pwd->pw_name; + yppwd.newpw.pw_uid = pwd->pw_uid; + yppwd.newpw.pw_gid = pwd->pw_gid; + yppwd.newpw.pw_gecos = pwd->pw_gecos; + yppwd.newpw.pw_dir = pwd->pw_dir; + yppwd.newpw.pw_shell = pwd->pw_shell; + yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup (""); + yppwd.newpw.pw_passwd = towhat; + + D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho)); + + /* The yppasswd.x file said `unix authentication required', + * so I added it. This is the only reason it is in here. + * My yppasswdd doesn't use it, but maybe some others out there + * do. --okir + */ + clnt = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp"); + clnt->cl_auth = authunix_create_default(); + memset((char *) &status, '\0', sizeof(status)); + timeout.tv_sec = 25; + timeout.tv_usec = 0; + err = clnt_call(clnt, YPPASSWDPROC_UPDATE, + (xdrproc_t) xdr_yppasswd, (char *) &yppwd, + (xdrproc_t) xdr_int, (char *) &status, + timeout); + + free (yppwd.oldpass); + + if (err) { + _make_remark(pamh, ctrl, PAM_TEXT_INFO, + clnt_sperrno(err)); + } else if (status) { + D(("Error while changing NIS password.\n")); + } + D(("The password has%s been changed on %s.", + (err || status) ? " not" : "", master)); + pam_syslog(pamh, LOG_NOTICE, "password%s changed for %s on %s", + (err || status) ? " not" : "", pwd->pw_name, master); + + auth_destroy(clnt->cl_auth); + clnt_destroy(clnt); + if (err || status) { + _make_remark(pamh, ctrl, PAM_TEXT_INFO, + _("NIS password could not be changed.")); + retval = PAM_TRY_AGAIN; + } +#ifdef PAM_DEBUG + sleep(5); +#endif + } else { + retval = PAM_TRY_AGAIN; + } +#else + if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_DEBUG, "No NIS support available"); + } + + retval = PAM_TRY_AGAIN; +#endif + } + + if (_unix_comesfromsource(pamh, forwho, 1, 0)) { + if(unlocked) { + if (lock_pwdf() != PAM_SUCCESS) { + return PAM_AUTHTOK_LOCK_BUSY; + } + } +#ifdef WITH_SELINUX + if (unix_selinux_confined()) + return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember); +#endif + /* first, save old password */ + if (save_old_password(pamh, forwho, fromwhat, remember)) { + retval = PAM_AUTHTOK_ERR; + goto done; + } + if (on(UNIX_SHADOW, ctrl) || is_pwd_shadowed(pwd)) { + retval = unix_update_shadow(pamh, forwho, towhat); + if (retval == PAM_SUCCESS) + if (!is_pwd_shadowed(pwd)) + retval = unix_update_passwd(pamh, forwho, "x"); + } else { + retval = unix_update_passwd(pamh, forwho, towhat); + } + } + + +done: + unlock_pwdf(); + + return retval; +} + +static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned int ctrl) +{ + struct passwd *pwent = NULL; /* Password and shadow password */ + struct spwd *spent = NULL; /* file entries for the user */ + int daysleft; + int retval; + + retval = get_account_info(pamh, user, &pwent, &spent); + if (retval == PAM_USER_UNKNOWN) { + return retval; + } + + if (retval == PAM_SUCCESS && spent == NULL) + return PAM_SUCCESS; + + if (retval == PAM_UNIX_RUN_HELPER) { + retval = _unix_run_verify_binary(pamh, ctrl, user, &daysleft); + if (retval == PAM_AUTH_ERR || retval == PAM_USER_UNKNOWN) + return retval; + } + else if (retval == PAM_SUCCESS) + retval = check_shadow_expiry(pamh, spent, &daysleft); + + if (on(UNIX__IAMROOT, ctrl) || retval == PAM_NEW_AUTHTOK_REQD) + return PAM_SUCCESS; + + return retval; +} + +static int _pam_unix_approve_pass(pam_handle_t * pamh + ,unsigned int ctrl + ,const char *pass_old + ,const char *pass_new, + int pass_min_len) +{ + const void *user; + const char *remark = NULL; + int retval = PAM_SUCCESS; + + D(("&new=%p, &old=%p", pass_old, pass_new)); + D(("new=[%s]", pass_new)); + D(("old=[%s]", pass_old)); + + if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) { + if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); + } + _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? + _("No password supplied") : _("Password unchanged")); + return PAM_AUTHTOK_ERR; + } + /* + * if one wanted to hardwire authentication token strength + * checking this would be the place - AGM + */ + + retval = pam_get_item(pamh, PAM_USER, &user); + if (retval != PAM_SUCCESS) { + if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_ERR, "Can not get username"); + return PAM_AUTHTOK_ERR; + } + } + if (off(UNIX__IAMROOT, ctrl)) { + if (strlen(pass_new) < pass_min_len) + remark = _("You must choose a longer password"); + D(("length check [%s]", remark)); + if (on(UNIX_REMEMBER_PASSWD, ctrl)) { + if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) + remark = _("Password has been already used. Choose another."); + if (retval == PAM_ABORT) { + pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords", + OLD_PASSWORDS_FILE); + return retval; + } + } + if (!remark && pass_old != NULL) { /* only check if we don't already have a failure */ + struct passwd *pwd; + pwd = pam_modutil_getpwnam(pamh, user); + remark = (char *)obscure_msg(pass_old,pass_new,pwd,ctrl); /* do obscure checks */ + } + } + if (remark) { + _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark); + retval = PAM_AUTHTOK_ERR; + } + return retval; +} + +int +pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + unsigned int ctrl, lctrl; + int retval; + int remember = -1; + int rounds = -1; + int pass_min_len = 6; + + /* */ + const char *user; + const void *pass_old, *pass_new; + /* */ + + D(("called.")); + + ctrl = _set_ctrl(pamh, flags, &remember, &rounds, &pass_min_len, + argc, argv); + + /* + * First get the name of a user + */ + retval = pam_get_user(pamh, &user, NULL); + if (retval == PAM_SUCCESS) { + /* + * Various libraries at various times have had bugs related to + * '+' or '-' as the first character of a user name. Don't + * allow them. + */ + if (user == NULL || user[0] == '-' || user[0] == '+') { + pam_syslog(pamh, LOG_ERR, "bad username [%s]", user); + return PAM_USER_UNKNOWN; + } + if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl)) + pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained", + user); + } else { + if (on(UNIX_DEBUG, ctrl)) + pam_syslog(pamh, LOG_DEBUG, + "password - could not identify user"); + return retval; + } + + D(("Got username of %s", user)); + + /* + * Before we do anything else, check to make sure that the user's + * info is in one of the databases we can modify from this module, + * which currently is 'files' and 'nis'. We have to do this because + * getpwnam() doesn't tell you *where* the information it gives you + * came from, nor should it. That's our job. + */ + if (_unix_comesfromsource(pamh, user, 1, on(UNIX_NIS, ctrl)) == 0) { + pam_syslog(pamh, LOG_DEBUG, + "user \"%s\" does not exist in /var/lib/extrausers/passwd%s", + user, on(UNIX_NIS, ctrl) ? " or NIS" : ""); + return PAM_USER_UNKNOWN; + } else { + struct passwd *pwd; + _unix_getpwnam(pamh, user, 1, on(UNIX_NIS, ctrl), &pwd); + if (pwd == NULL) { + pam_syslog(pamh, LOG_DEBUG, + "user \"%s\" has corrupted passwd entry", + user); + return PAM_USER_UNKNOWN; + } + } + + /* + * This is not an AUTH module! + */ + if (on(UNIX__NONULL, ctrl)) + set(UNIX__NULLOK, ctrl); + + if (on(UNIX__PRELIM, ctrl)) { + /* + * obtain and verify the current password (OLDAUTHTOK) for + * the user. + */ + char *Announce; + + D(("prelim check")); + + if (_unix_blankpasswd(pamh, ctrl, user)) { + return PAM_SUCCESS; + } else if (off(UNIX__IAMROOT, ctrl) || on(UNIX_NIS, ctrl)) { + /* instruct user what is happening */ + if (asprintf(&Announce, _("Changing password for %s."), + user) < 0) { + pam_syslog(pamh, LOG_CRIT, + "password - out of memory"); + return PAM_BUF_ERR; + } + + lctrl = ctrl; + set(UNIX__OLD_PASSWD, lctrl); + retval = _unix_read_password(pamh, lctrl + ,Announce + ,(on(UNIX__IAMROOT, ctrl) + ? _("NIS server root password: ") + : _("(current) UNIX password: ")) + ,NULL + ,_UNIX_OLD_AUTHTOK + ,&pass_old); + free(Announce); + + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, + "password - (old) token not obtained"); + return retval; + } + /* verify that this is the password for this user + * if we're not using NIS */ + + if (off(UNIX_NIS, ctrl)) { + retval = _unix_verify_password(pamh, user, pass_old, ctrl); + } + } else { + D(("process run by root so do nothing this time around")); + pass_old = NULL; + retval = PAM_SUCCESS; /* root doesn't have too */ + } + + if (retval != PAM_SUCCESS) { + D(("Authentication failed")); + pass_old = NULL; + return retval; + } + retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); + pass_old = NULL; + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "failed to set PAM_OLDAUTHTOK"); + } + retval = _unix_verify_shadow(pamh,user, ctrl); + if (retval == PAM_AUTHTOK_ERR) { + if (off(UNIX__IAMROOT, ctrl)) + _make_remark(pamh, ctrl, PAM_ERROR_MSG, + _("You must wait longer to change your password")); + else + retval = PAM_SUCCESS; + } + } else if (on(UNIX__UPDATE, ctrl)) { + /* + * tpass is used below to store the _pam_md() return; it + * should be _pam_delete()'d. + */ + + char *tpass = NULL; + int retry = 0; + + /* + * obtain the proposed password + */ + + D(("do update")); + + /* + * get the old token back. NULL was ok only if root [at this + * point we assume that this has already been enforced on a + * previous call to this function]. + */ + + if (off(UNIX_NOT_SET_PASS, ctrl)) { + retval = pam_get_item(pamh, PAM_OLDAUTHTOK + ,&pass_old); + } else { + retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK + ,&pass_old); + if (retval == PAM_NO_MODULE_DATA) { + retval = PAM_SUCCESS; + pass_old = NULL; + } + } + D(("pass_old [%s]", pass_old)); + + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "user not authenticated"); + return retval; + } + + D(("get new password now")); + + lctrl = ctrl; + + if (on(UNIX_USE_AUTHTOK, lctrl)) { + set(UNIX_USE_FIRST_PASS, lctrl); + } + retry = 0; + retval = PAM_AUTHTOK_ERR; + while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) { + /* + * use_authtok is to force the use of a previously entered + * password -- needed for pluggable password strength checking + */ + + retval = _unix_read_password(pamh, lctrl + ,NULL + ,_("Enter new UNIX password: ") + ,_("Retype new UNIX password: ") + ,_UNIX_NEW_AUTHTOK + ,&pass_new); + + if (retval != PAM_SUCCESS) { + if (on(UNIX_DEBUG, ctrl)) { + pam_syslog(pamh, LOG_ALERT, + "password - new password not obtained"); + } + pass_old = NULL; /* tidy up */ + return retval; + } + D(("returned to _unix_chauthtok")); + + /* + * At this point we know who the user is and what they + * propose as their new password. Verify that the new + * password is acceptable. + */ + + if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */ + pass_new = NULL; + } + retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, + pass_new, pass_min_len); + + if (retval != PAM_SUCCESS && off(UNIX_NOT_SET_PASS, ctrl)) { + pam_set_item(pamh, PAM_AUTHTOK, NULL); + } + } + + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, + "new password not acceptable"); + pass_new = pass_old = NULL; /* tidy up */ + return retval; + } + if (lock_pwdf() != PAM_SUCCESS) { + return PAM_AUTHTOK_LOCK_BUSY; + } + + if (pass_old) { + retval = _unix_verify_password(pamh, user, pass_old, ctrl); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "user password changed by another process"); + unlock_pwdf(); + return retval; + } + } + + retval = _unix_verify_shadow(pamh, user, ctrl); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, "user shadow entry expired"); + unlock_pwdf(); + return retval; + } + + retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new, + pass_min_len); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_NOTICE, + "new password not acceptable 2"); + pass_new = pass_old = NULL; /* tidy up */ + unlock_pwdf(); + return retval; + } + + /* + * By reaching here we have approved the passwords and must now + * rebuild the password database file. + */ + + /* + * First we encrypt the new password. + */ + + tpass = create_password_hash(pamh, pass_new, ctrl, rounds); + if (tpass == NULL) { + pam_syslog(pamh, LOG_CRIT, + "crypt() failure or out of memory for password"); + pass_new = pass_old = NULL; /* tidy up */ + unlock_pwdf(); + return PAM_BUF_ERR; + } + + D(("password processed")); + + /* update the password database(s) -- race conditions..? */ + + retval = _do_setpass(pamh, user, pass_old, tpass, ctrl, + remember); + /* _do_setpass has called unlock_pwdf for us */ + + _pam_delete(tpass); + pass_old = pass_new = NULL; + } else { /* something has broken with the module */ + pam_syslog(pamh, LOG_ALERT, + "password received unknown request"); + retval = PAM_ABORT; + } + + D(("retval was %d", retval)); + + return retval; +} Index: pam-1.1.8/modules/pam_extrausers/pam_unix_sess.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_sess.c @@ -0,0 +1,133 @@ +/* + * $Id$ + * + * Copyright Alexander O. Yuriev, 1996. All rights reserved. + * Copyright Jan R\EAkorajski, 1999. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +/* indicate the following groups are defined */ + +#ifdef PAM_STATIC +# include "pam_unix_static.h" +#else +# define PAM_SM_SESSION +#endif + +#include +#include +#include +#include + +#include "support.h" + +/* + * PAM framework looks for these entry-points to pass control to the + * session module. + */ + +int +pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + char *user_name, *service; + unsigned int ctrl; + int retval; + const char *login_name; + + D(("called.")); + + ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "open_session - error recovering username"); + return PAM_SESSION_ERR; /* How did we get authenticated with + no username?! */ + } + retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service); + if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "open_session - error recovering service"); + return PAM_SESSION_ERR; + } + login_name = pam_modutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + pam_syslog(pamh, LOG_INFO, "session opened for user %s by %s(uid=%lu)", + user_name, login_name, (unsigned long)getuid()); + + return PAM_SUCCESS; +} + +int +pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +{ + char *user_name, *service; + unsigned int ctrl; + int retval; + + D(("called.")); + + ctrl = _set_ctrl(pamh, flags, NULL, NULL, NULL, argc, argv); + + retval = pam_get_item(pamh, PAM_USER, (void *) &user_name); + if (user_name == NULL || *user_name == '\0' || retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "close_session - error recovering username"); + return PAM_SESSION_ERR; /* How did we get authenticated with + no username?! */ + } + retval = pam_get_item(pamh, PAM_SERVICE, (void *) &service); + if (service == NULL || *service == '\0' || retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "close_session - error recovering service"); + return PAM_SESSION_ERR; + } + pam_syslog(pamh, LOG_INFO, "session closed for user %s", + user_name); + + return PAM_SUCCESS; +} Index: pam-1.1.8/modules/pam_extrausers/pam_unix_static.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_static.c @@ -0,0 +1,23 @@ +#include "config.h" + +#ifdef PAM_STATIC + +#define static extern +#define PAM_SM_ACCOUNT +#define PAM_SM_AUTH +#define PAM_SM_PASSWORD +#define PAM_SM_SESSION +#include "pam_unix_static.h" +#include + +struct pam_module _pam_extrausers_modstruct = { + "pam_extrausers", + pam_sm_authenticate, + pam_sm_setcred, + pam_sm_acct_mgmt, + pam_sm_open_session, + pam_sm_close_session, + pam_sm_chauthtok, +}; + +#endif Index: pam-1.1.8/modules/pam_extrausers/pam_unix_static.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_unix_static.h @@ -0,0 +1,6 @@ +#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt +#define pam_sm_authenticate _pam_unix_sm_authenticate +#define pam_sm_setcred _pam_unix_sm_setcred +#define pam_sm_chauthtok _pam_unix_sm_chauthtok +#define pam_sm_open_session _pam_unix_sm_open_session +#define pam_sm_close_session _pam_unix_sm_close_session Index: pam-1.1.8/modules/pam_extrausers/passverify.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/passverify.c @@ -0,0 +1,1164 @@ +/* + * Copyright information at end of file. + */ +#include "config.h" +#include +#include +#include "support.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LIBXCRYPT +#include +#elif defined(HAVE_CRYPT_H) +#include +#endif + +#include "md5.h" +#include "bigcrypt.h" +#include "passverify.h" + +#ifdef WITH_SELINUX +#include +#define SELINUX_ENABLED is_selinux_enabled()>0 +#else +#define SELINUX_ENABLED 0 +#endif + +#ifdef HELPER_COMPILE +#define pam_modutil_getpwnam(h,n) getpwnam(n) +#define pam_modutil_getspnam(h,n) getspnam(n) +#define pam_syslog(h,a,b,c) helper_log_err(a,b,c) +#else +#include +#include +#endif + +#if defined(USE_LCKPWDF) +# include "./lckpwdf.-c" +#endif + +static void +strip_hpux_aging(char *hash) +{ + static const char valid[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789./"; + if ((*hash != '$') && (strlen(hash) > 13)) { + for (hash += 13; *hash != '\0'; hash++) { + if (strchr(valid, *hash) == NULL) { + *hash = '\0'; + break; + } + } + } +} + +int +verify_pwd_hash(const char *p, char *hash, unsigned int nullok) +{ + size_t hash_len; + char *pp = NULL; + int retval; + D(("called")); + + strip_hpux_aging(hash); + hash_len = strlen(hash); + if (!hash_len) { + /* the stored password is NULL */ + if (nullok) { /* this means we've succeeded */ + D(("user has empty password - access granted")); + retval = PAM_SUCCESS; + } else { + D(("user has empty password - access denied")); + retval = PAM_AUTH_ERR; + } + } else if (!p || *hash == '*' || *hash == '!') { + retval = PAM_AUTH_ERR; + } else { + if (!strncmp(hash, "$1$", 3)) { + pp = Goodcrypt_md5(p, hash); + if (pp && strcmp(pp, hash) != 0) { + _pam_delete(pp); + pp = Brokencrypt_md5(p, hash); + } + } else if (*hash != '$' && hash_len >= 13) { + pp = bigcrypt(p, hash); + if (pp && hash_len == 13 && strlen(pp) > hash_len) { + _pam_overwrite(pp + hash_len); + } + } else { + /* + * Ok, we don't know the crypt algorithm, but maybe + * libcrypt knows about it? We should try it. + */ +#ifdef HAVE_CRYPT_R + struct crypt_data *cdata; + cdata = malloc(sizeof(*cdata)); + if (cdata != NULL) { + cdata->initialized = 0; + pp = x_strdup(crypt_r(p, hash, cdata)); + memset(cdata, '\0', sizeof(*cdata)); + free(cdata); + } +#else + pp = x_strdup(crypt(p, hash)); +#endif + } + p = NULL; /* no longer needed here */ + + /* the moment of truth -- do we agree with the password? */ + D(("comparing state of pp[%s] and hash[%s]", pp, hash)); + + if (pp && strcmp(pp, hash) == 0) { + retval = PAM_SUCCESS; + } else { + retval = PAM_AUTH_ERR; + } + } + + if (pp) + _pam_delete(pp); + D(("done [%d].", retval)); + + return retval; +} + +int +is_pwd_shadowed(const struct passwd *pwd) +{ + if (pwd != NULL) { + if (strcmp(pwd->pw_passwd, "x") == 0) { + return 1; + } + if ((pwd->pw_passwd[0] == '#') && + (pwd->pw_passwd[1] == '#') && + (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0)) { + return 1; + } + } + return 0; +} + +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent) +{ + /* UNIX passwords area */ + *pwd = pam_modutil_getpwnam(pamh, name); /* Get password file entry... */ + *spwdent = NULL; + + if (*pwd != NULL) { + if (strcmp((*pwd)->pw_passwd, "*NP*") == 0) + { /* NIS+ */ +#ifdef HELPER_COMPILE + uid_t save_euid, save_uid; + + save_euid = geteuid(); + save_uid = getuid(); + if (save_uid == (*pwd)->pw_uid) + setreuid(save_euid, save_uid); + else { + setreuid(0, -1); + if (setreuid(-1, (*pwd)->pw_uid) == -1) { + setreuid(-1, 0); + setreuid(0, -1); + if(setreuid(-1, (*pwd)->pw_uid) == -1) + return PAM_CRED_INSUFFICIENT; + } + } + + *spwdent = pam_modutil_getspnam(pamh, name); + if (save_uid == (*pwd)->pw_uid) + setreuid(save_uid, save_euid); + else { + setreuid(-1, 0); + setreuid(save_uid, -1); + setreuid(-1, save_euid); + } + + if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) + return PAM_AUTHINFO_UNAVAIL; +#else + /* we must run helper for NIS+ passwords */ + return PAM_UNIX_RUN_HELPER; +#endif + } else if (is_pwd_shadowed(*pwd)) { + /* + * ...and shadow password file entry for this user, + * if shadowing is enabled + */ + *spwdent = pam_modutil_getspnam(pamh, name); +#ifndef HELPER_COMPILE + if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED)) + return PAM_UNIX_RUN_HELPER; +#endif + if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) + return PAM_AUTHINFO_UNAVAIL; + } + } else { + return PAM_USER_UNKNOWN; + } + return PAM_SUCCESS; +} + +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash) +{ + int retval; + struct spwd *spwdent = NULL; + + retval = get_account_info(PAMH_ARG(name, pwd, &spwdent)); + if (retval != PAM_SUCCESS) { + return retval; + } + + if (spwdent) + *hash = x_strdup(spwdent->sp_pwdp); + else + *hash = x_strdup((*pwd)->pw_passwd); + if (*hash == NULL) + return PAM_BUF_ERR; + + return PAM_SUCCESS; +} + +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft) +{ + long int curdays; + *daysleft = -1; + curdays = (long int)(time(NULL) / (60 * 60 * 24)); + D(("today is %d, last change %d", curdays, spent->sp_lstchg)); + if ((curdays >= spent->sp_expire) && (spent->sp_expire != -1)) { + D(("account expired")); + return PAM_ACCT_EXPIRED; + } + if (spent->sp_lstchg == 0) { + D(("need a new password")); + *daysleft = 0; + return PAM_NEW_AUTHTOK_REQD; + } + if (curdays < spent->sp_lstchg) { + pam_syslog(pamh, LOG_DEBUG, + "account %s has password changed in future", + spent->sp_namp); + return PAM_SUCCESS; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) + && (curdays - spent->sp_lstchg > spent->sp_inact) + && (curdays - spent->sp_lstchg > spent->sp_max + spent->sp_inact) + && (spent->sp_max != -1) && (spent->sp_inact != -1)) { + *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays); + D(("authtok expired")); + return PAM_AUTHTOK_EXPIRED; + } + if ((curdays - spent->sp_lstchg > spent->sp_max) && (spent->sp_max != -1)) { + D(("need a new password 2")); + return PAM_NEW_AUTHTOK_REQD; + } + if ((curdays - spent->sp_lstchg > spent->sp_max - spent->sp_warn) + && (spent->sp_max != -1) && (spent->sp_warn != -1)) { + *daysleft = (int)((spent->sp_lstchg + spent->sp_max) - curdays); + D(("warn before expiry")); + } + if ((curdays - spent->sp_lstchg < spent->sp_min) + && (spent->sp_min != -1)) { + /* + * The last password change was too recent. This error will be ignored + * if no password change is attempted. + */ + D(("password change too recent")); + return PAM_AUTHTOK_ERR; + } + return PAM_SUCCESS; +} + +/* passwd/salt conversion macros */ + +#define PW_TMPFILE "/var/lib/extrausers/npasswd" +#define SH_TMPFILE "/var/lib/extrausers/nshadow" +#define OPW_TMPFILE "/var/lib/extrausers/nopasswd" + +/* + * i64c - convert an integer to a radix 64 character + */ +static int +i64c(int i) +{ + if (i < 0) + return ('.'); + else if (i > 63) + return ('z'); + if (i == 0) + return ('.'); + if (i == 1) + return ('/'); + if (i >= 2 && i <= 11) + return ('0' - 2 + i); + if (i >= 12 && i <= 37) + return ('A' - 12 + i); + if (i >= 38 && i <= 63) + return ('a' - 38 + i); + return ('\0'); +} + +/* must point to a buffer of at least +1 length */ +static void +crypt_make_salt(char *where, int length) +{ + struct timeval tv; + MD5_CTX ctx; + unsigned char tmp[16]; + unsigned char *src = (unsigned char *)where; + int i; +#ifdef PAM_PATH_RANDOMDEV + int fd; + int rv; + + if ((rv = fd = open(PAM_PATH_RANDOMDEV, O_RDONLY)) != -1) { + while ((rv = read(fd, where, length)) != length && errno == EINTR); + close (fd); + } + if (rv != length) { +#endif + /* + * Code lifted from Marek Michalkiewicz's shadow suite. (CG) + * removed use of static variables (AGM) + * + * will work correctly only for length <= 16 */ + src = tmp; + GoodMD5Init(&ctx); + gettimeofday(&tv, (struct timezone *) 0); + GoodMD5Update(&ctx, (void *) &tv, sizeof tv); + i = getpid(); + GoodMD5Update(&ctx, (void *) &i, sizeof i); + i = clock(); + GoodMD5Update(&ctx, (void *) &i, sizeof i); + GoodMD5Update(&ctx, src, length); + GoodMD5Final(tmp, &ctx); +#ifdef PAM_PATH_RANDOMDEV + } +#endif + for (i = 0; i < length; i++) + *where++ = i64c(src[i] & 077); + *where = '\0'; +} + +char * +crypt_md5_wrapper(const char *pass_new) +{ + unsigned char result[16]; + char *cp = (char *) result; + + cp = stpcpy(cp, "$1$"); /* magic for the MD5 */ + crypt_make_salt(cp, 8); + + /* no longer need cleartext */ + cp = Goodcrypt_md5(pass_new, (const char *) result); + pass_new = NULL; + + return cp; +} + +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds) +{ + const char *algoid; + char salt[64]; /* contains rounds number + max 16 bytes of salt + algo id */ + char *sp; + + if (on(UNIX_MD5_PASS, ctrl)) { + /* algoid = "$1" */ + return crypt_md5_wrapper(password); + } else if (on(UNIX_BLOWFISH_PASS, ctrl)) { + algoid = "$2a$"; + } else if (on(UNIX_SHA256_PASS, ctrl)) { + algoid = "$5$"; + } else if (on(UNIX_SHA512_PASS, ctrl)) { + algoid = "$6$"; + } else { /* must be crypt/bigcrypt */ + char tmppass[9]; + char *crypted; + + crypt_make_salt(salt, 2); + if (off(UNIX_BIGCRYPT, ctrl) && strlen(password) > 8) { + strncpy(tmppass, password, sizeof(tmppass)-1); + tmppass[sizeof(tmppass)-1] = '\0'; + password = tmppass; + } + crypted = bigcrypt(password, salt); + memset(tmppass, '\0', sizeof(tmppass)); + password = NULL; + return crypted; + } + +#ifdef HAVE_CRYPT_GENSALT_R + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + char entropy[17]; + crypt_make_salt(entropy, sizeof(entropy) - 1); + sp = crypt_gensalt_r (algoid, rounds, + entropy, sizeof(entropy), + salt, sizeof(salt)); + } else { +#endif + sp = stpcpy(salt, algoid); + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + sp += snprintf(sp, sizeof(salt) - 3, "rounds=%u$", rounds); + } + crypt_make_salt(sp, 8); + /* For now be conservative so the resulting hashes + * are not too long. 8 bytes of salt prevents dictionary + * attacks well enough. */ +#ifdef HAVE_CRYPT_GENSALT_R + } +#endif + sp = crypt(password, salt); + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { + /* libxcrypt/libc doesn't know the algorithm, use MD5 */ + pam_syslog(pamh, LOG_ERR, + "Algo %s not supported by the crypto backend, " + "falling back to MD5\n", + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : + on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); + if(sp) { + memset(sp, '\0', strlen(sp)); + } + return crypt_md5_wrapper(password); + } + + return x_strdup(sp); +} + +#ifdef WITH_SELINUX +int +unix_selinux_confined(void) +{ + static int confined = -1; + int fd; + char tempfile[]="/var/lib/extrausers/.pwdXXXXXX"; + + if (confined != -1) + return confined; + + /* cannot be confined without SELinux enabled */ + if (!SELINUX_ENABLED){ + confined = 0; + return confined; + } + + /* let's try opening shadow read only */ + if ((fd=open("/var/lib/extrausers/shadow", O_RDONLY)) != -1) { + close(fd); + confined = 0; + return confined; + } + + if (errno == EACCES) { + confined = 1; + return confined; + } + + /* shadow opening failed because of other reasons let's try + creating a file in /var/lib/extrausers */ + if ((fd=mkstemp(tempfile)) != -1) { + unlink(tempfile); + close(fd); + confined = 0; + return confined; + } + + confined = 1; + return confined; +} + +#else +int +unix_selinux_confined(void) +{ + return 0; +} +#endif + +#ifdef USE_LCKPWDF +int +lock_pwdf(void) +{ + int i; + int retval; + +#ifndef HELPER_COMPILE + if (unix_selinux_confined()) { + return PAM_SUCCESS; + } +#endif + /* These values for the number of attempts and the sleep time + are, of course, completely arbitrary. + My reading of the PAM docs is that, once pam_chauthtok() has been + called with PAM_UPDATE_AUTHTOK, we are obliged to take any + reasonable steps to make sure the token is updated; so retrying + for 1/10 sec. isn't overdoing it. */ + i=0; + while((retval = extrausers_lckpwdf()) != 0 && i < 100) { + usleep(1000); + i++; + } + if(retval != 0) { + return PAM_AUTHTOK_LOCK_BUSY; + } + return PAM_SUCCESS; +} + +void +unlock_pwdf(void) +{ +#ifndef HELPER_COMPILE + if (unix_selinux_confined()) { + return; + } +#endif + extrausers_ulckpwdf(); +} +#else +int +lock_pwdf(void) +{ + return PAM_SUCCESS; +} + +void +unlock_pwdf(void) +{ + return; +} +#endif + +#ifdef HELPER_COMPILE +int +save_old_password(const char *forwho, const char *oldpass, + int howmany) +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany) +#endif +{ + static char buf[16384]; + static char nbuf[16384]; + char *s_luser, *s_uid, *s_npas, *s_pas, *pass; + int npas; + FILE *pwfile, *opwfile; + int err = 0; + int oldmask; + int found = 0; + struct passwd *pwd = NULL; + struct stat st; + size_t len = strlen(forwho); +#ifdef WITH_SELINUX + security_context_t prev_context=NULL; +#endif + + if (howmany < 0) { + return PAM_SUCCESS; + } + + if (oldpass == NULL) { + return PAM_SUCCESS; + } + + oldmask = umask(077); + +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + security_context_t passwd_context=NULL; + if (getfilecon("/var/lib/extrausers/passwd",&passwd_context)<0) { + return PAM_AUTHTOK_ERR; + }; + if (getfscreatecon(&prev_context)<0) { + freecon(passwd_context); + return PAM_AUTHTOK_ERR; + } + if (setfscreatecon(passwd_context)) { + freecon(passwd_context); + freecon(prev_context); + return PAM_AUTHTOK_ERR; + } + freecon(passwd_context); + } +#endif + pwfile = fopen(OPW_TMPFILE, "w"); + umask(oldmask); + if (pwfile == NULL) { + err = 1; + goto done; + } + + opwfile = fopen(OLD_PASSWORDS_FILE, "r"); + if (opwfile == NULL) { + fclose(pwfile); + err = 1; + goto done; + } + + if (fstat(fileno(opwfile), &st) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + if (fchmod(fileno(pwfile), st.st_mode) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + while (fgets(buf, 16380, opwfile)) { + if (!strncmp(buf, forwho, len) && strchr(":,\n", buf[len]) != NULL) { + char *sptr = NULL; + found = 1; + if (howmany == 0) + continue; + buf[strlen(buf) - 1] = '\0'; + s_luser = strtok_r(buf, ":", &sptr); + s_uid = strtok_r(NULL, ":", &sptr); + s_npas = strtok_r(NULL, ":", &sptr); + s_pas = strtok_r(NULL, ":", &sptr); + npas = strtol(s_npas, NULL, 10) + 1; + while (npas > howmany) { + s_pas = strpbrk(s_pas, ","); + if (s_pas != NULL) + s_pas++; + npas--; + } + pass = crypt_md5_wrapper(oldpass); + if (s_pas == NULL) + snprintf(nbuf, sizeof(nbuf), "%s:%s:%d:%s\n", + s_luser, s_uid, npas, pass); + else + snprintf(nbuf, sizeof(nbuf),"%s:%s:%d:%s,%s\n", + s_luser, s_uid, npas, s_pas, pass); + _pam_delete(pass); + if (fputs(nbuf, pwfile) < 0) { + err = 1; + break; + } + } else if (fputs(buf, pwfile) < 0) { + err = 1; + break; + } + } + fclose(opwfile); + + if (!found) { + pwd = pam_modutil_getpwnam(pamh, forwho); + if (pwd == NULL) { + err = 1; + } else { + pass = crypt_md5_wrapper(oldpass); + snprintf(nbuf, sizeof(nbuf), "%s:%lu:1:%s\n", + forwho, (unsigned long)pwd->pw_uid, pass); + _pam_delete(pass); + if (fputs(nbuf, pwfile) < 0) { + err = 1; + } + } + } + + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to old passwords file: %m")); + err = 1; + } + + if (fclose(pwfile)) { + D(("fclose error writing entries to old passwords file: %m")); + err = 1; + } + +done: + if (!err) { + if (rename(OPW_TMPFILE, OLD_PASSWORDS_FILE)) + err = 1; + } +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + if (setfscreatecon(prev_context)) { + err = 1; + } + if (prev_context) + freecon(prev_context); + prev_context=NULL; + } +#endif + if (!err) { + return PAM_SUCCESS; + } else { + unlink(OPW_TMPFILE); + return PAM_AUTHTOK_ERR; + } +} + +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat) +{ + struct passwd *tmpent = NULL; + struct stat st; + FILE *pwfile, *opwfile; + int err = 1, found = 0; + int oldmask; +#ifdef WITH_SELINUX + security_context_t prev_context=NULL; +#endif + + oldmask = umask(077); +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + security_context_t passwd_context=NULL; + if (getfilecon("/var/lib/extrausers/passwd",&passwd_context)<0) { + return PAM_AUTHTOK_ERR; + }; + if (getfscreatecon(&prev_context)<0) { + freecon(passwd_context); + return PAM_AUTHTOK_ERR; + } + if (setfscreatecon(passwd_context)) { + freecon(passwd_context); + freecon(prev_context); + return PAM_AUTHTOK_ERR; + } + freecon(passwd_context); + } +#endif + pwfile = fopen(PW_TMPFILE, "w"); + umask(oldmask); + if (pwfile == NULL) { + err = 1; + goto done; + } + + opwfile = fopen("/var/lib/extrausers/passwd", "r"); + if (opwfile == NULL) { + fclose(pwfile); + err = 1; + goto done; + } + + if (fstat(fileno(opwfile), &st) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + if (fchmod(fileno(pwfile), st.st_mode) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + tmpent = fgetpwent(opwfile); + while (tmpent) { + if (!strcmp(tmpent->pw_name, forwho)) { + /* To shut gcc up */ + union { + const char *const_charp; + char *charp; + } assigned_passwd; + assigned_passwd.const_charp = towhat; + + tmpent->pw_passwd = assigned_passwd.charp; + err = 0; + found = 1; + } + if (putpwent(tmpent, pwfile)) { + D(("error writing entry to password file: %m")); + err = 1; + break; + } + tmpent = fgetpwent(opwfile); + } + fclose(opwfile); + + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to password file: %m")); + err = 1; + } + + if (fclose(pwfile)) { + D(("fclose error writing entries to password file: %m")); + err = 1; + } + +done: + if (!err) { + if (!rename(PW_TMPFILE, "/var/lib/extrausers/passwd")) + pam_syslog(pamh, + LOG_NOTICE, "password changed for %s", forwho); + else + err = 1; + } +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + if (setfscreatecon(prev_context)) { + err = 1; + } + if (prev_context) + freecon(prev_context); + prev_context=NULL; + } +#endif + if (!err) { + return PAM_SUCCESS; + } else { + unlink(PW_TMPFILE); + return found ? PAM_AUTHTOK_ERR : PAM_USER_UNKNOWN; + } +} + +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat) +{ + struct spwd spwdent, *stmpent = NULL; + struct stat st; + FILE *pwfile, *opwfile; + int err = 0; + int oldmask; + int wroteentry = 0; +#ifdef WITH_SELINUX + security_context_t prev_context=NULL; +#endif + + oldmask = umask(077); + +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + security_context_t shadow_context=NULL; + if (getfilecon("/var/lib/extrausers/shadow",&shadow_context)<0) { + return PAM_AUTHTOK_ERR; + }; + if (getfscreatecon(&prev_context)<0) { + freecon(shadow_context); + return PAM_AUTHTOK_ERR; + } + if (setfscreatecon(shadow_context)) { + freecon(shadow_context); + freecon(prev_context); + return PAM_AUTHTOK_ERR; + } + freecon(shadow_context); + } +#endif + pwfile = fopen(SH_TMPFILE, "w"); + umask(oldmask); + if (pwfile == NULL) { + err = 1; + goto done; + } + + opwfile = fopen("/var/lib/extrausers/shadow", "r"); + if (opwfile == NULL) { + fclose(pwfile); + err = 1; + goto done; + } + + if (fstat(fileno(opwfile), &st) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + if (fchown(fileno(pwfile), st.st_uid, st.st_gid) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + if (fchmod(fileno(pwfile), st.st_mode) == -1) { + fclose(opwfile); + fclose(pwfile); + err = 1; + goto done; + } + + stmpent = fgetspent(opwfile); + while (stmpent) { + + if (!strcmp(stmpent->sp_namp, forwho)) { + stmpent->sp_pwdp = towhat; + stmpent->sp_lstchg = time(NULL) / (60 * 60 * 24); + if (stmpent->sp_lstchg == 0) + stmpent->sp_lstchg = -1; /* Don't request passwort change + only because time isn't set yet. */ + wroteentry = 1; + D(("Set password %s for %s", stmpent->sp_pwdp, forwho)); + } + + if (putspent(stmpent, pwfile)) { + D(("error writing entry to shadow file: %m")); + err = 1; + break; + } + + stmpent = fgetspent(opwfile); + } + + fclose(opwfile); + + if (!wroteentry && !err) { + spwdent.sp_namp = forwho; + spwdent.sp_pwdp = towhat; + spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24); + if (spwdent.sp_lstchg == 0) + spwdent.sp_lstchg = -1; /* Don't request passwort change + only because time isn't set yet. */ + spwdent.sp_min = spwdent.sp_max = spwdent.sp_warn = spwdent.sp_inact = + spwdent.sp_expire = -1; + spwdent.sp_flag = (unsigned long)-1l; + if (putspent(&spwdent, pwfile)) { + D(("error writing entry to shadow file: %m")); + err = 1; + } + } + + if (fflush(pwfile) || fsync(fileno(pwfile))) { + D(("fflush or fsync error writing entries to shadow file: %m")); + err = 1; + } + + if (fclose(pwfile)) { + D(("fclose error writing entries to shadow file: %m")); + err = 1; + } + + done: + if (!err) { + if (!rename(SH_TMPFILE, "/var/lib/extrausers/shadow")) + pam_syslog(pamh, + LOG_NOTICE, "password changed for %s", forwho); + else + err = 1; + } + +#ifdef WITH_SELINUX + if (SELINUX_ENABLED) { + if (setfscreatecon(prev_context)) { + err = 1; + } + if (prev_context) + freecon(prev_context); + prev_context=NULL; + } +#endif + + if (!err) { + return PAM_SUCCESS; + } else { + unlink(SH_TMPFILE); + return PAM_AUTHTOK_ERR; + } +} + +#ifdef HELPER_COMPILE + +int +helper_verify_password(const char *name, const char *p, int nullok) +{ + struct passwd *pwd = NULL; + char *salt = NULL; + int retval; + + retval = get_pwd_hash(name, &pwd, &salt); + + if (pwd == NULL || salt == NULL) { + helper_log_err(LOG_WARNING, "check pass; user unknown"); + retval = PAM_USER_UNKNOWN; + } else { + retval = verify_pwd_hash(p, salt, nullok); + } + + if (salt) { + _pam_overwrite(salt); + _pam_drop(salt); + } + + p = NULL; /* no longer needed here */ + + return retval; +} + +void +helper_log_err(int err, const char *format, ...) +{ + va_list args; + + va_start(args, format); + openlog(HELPER_COMPILE, LOG_CONS | LOG_PID, LOG_AUTHPRIV); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ +#ifndef SA_RESETHAND + /* emulate the behaviour of the SA_RESETHAND flag */ + if ( sig == SIGILL || sig == SIGTRAP || sig == SIGBUS || sig = SIGSERV ) { + struct sigaction sa; + memset(&sa, '\0', sizeof(sa)); + sa.sa_handler = SIG_DFL; + sigaction(sig, &sa, NULL); + } +#endif + if (sig > 0) { + _exit(sig); + } +} + +void +setup_signals(void) +{ + struct sigaction action; /* posix signal structure */ + + /* + * Setup signal handlers + */ + (void) memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; +#ifdef SA_RESETHAND + action.sa_flags = SA_RESETHAND; +#endif + (void) sigaction(SIGILL, &action, NULL); + (void) sigaction(SIGTRAP, &action, NULL); + (void) sigaction(SIGBUS, &action, NULL); + (void) sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + (void) sigaction(SIGTERM, &action, NULL); + (void) sigaction(SIGHUP, &action, NULL); + (void) sigaction(SIGINT, &action, NULL); + (void) sigaction(SIGQUIT, &action, NULL); +} + +char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[256]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + return username; +} + +int +read_passwords(int fd, int npass, char **passwords) +{ + int rbytes = 0; + int offset = 0; + int i = 0; + char *pptr; + while (npass > 0) { + rbytes = read(fd, passwords[i]+offset, MAXPASS-offset); + + if (rbytes < 0) { + if (errno == EINTR) continue; + break; + } + if (rbytes == 0) + break; + + while (npass > 0 && (pptr=memchr(passwords[i]+offset, '\0', rbytes)) + != NULL) { + rbytes -= pptr - (passwords[i]+offset) + 1; + i++; + offset = 0; + npass--; + if (rbytes > 0) { + if (npass > 0) + memcpy(passwords[i], pptr+1, rbytes); + memset(pptr+1, '\0', rbytes); + } + } + offset += rbytes; + } + + /* clear up */ + if (offset > 0 && npass > 0) { + memset(passwords[i], '\0', offset); + } + + return i; +} + +#endif +/* ****************************************************************** * + * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Andrew G. Morgan 1996-8. + * Copyright (c) Alex O. Yuriev, 1996. + * Copyright (c) Cristian Gafton 1996. + * Copyright (c) Red Hat, Inc. 1996, 2007, 2008. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ Index: pam-1.1.8/modules/pam_extrausers/passverify.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/passverify.h @@ -0,0 +1,119 @@ +/* + * Copyright information at end of file. + */ + +#include +#include +#include + +#define PAM_UNIX_RUN_HELPER PAM_CRED_INSUFFICIENT + +#define MAXPASS 200 /* the maximum length of a password */ + +#define OLD_PASSWORDS_FILE "/var/lib/extrausers/opasswd" + +int +verify_pwd_hash(const char *p, char *hash, unsigned int nullok); + +int +is_pwd_shadowed(const struct passwd *pwd); + +char * +crypt_md5_wrapper(const char *pass_new); + +int +unix_selinux_confined(void); + +int +lock_pwdf(void); + +void +unlock_pwdf(void); + +#ifdef HELPER_COMPILE +int +save_old_password(const char *forwho, const char *oldpass, + int howmany); +#else +int +save_old_password(pam_handle_t *pamh, const char *forwho, const char *oldpass, + int howmany); +#endif + +#ifdef HELPER_COMPILE +void +helper_log_err(int err, const char *format,...); + +int +helper_verify_password(const char *name, const char *p, int nullok); + +void +setup_signals(void); + +char * +getuidname(uid_t uid); + +int +read_passwords(int fd, int npass, char **passwords); +#endif + +#ifdef HELPER_COMPILE +#define PAMH_ARG_DECL(fname, ...) fname(__VA_ARGS__) +#define PAMH_ARG(...) __VA_ARGS__ +#else +#define PAMH_ARG_DECL(fname, ...) fname(pam_handle_t *pamh, __VA_ARGS__) +#define PAMH_ARG(...) pamh, __VA_ARGS__ +#endif + +PAMH_ARG_DECL(char * create_password_hash, + const char *password, unsigned int ctrl, int rounds); + +PAMH_ARG_DECL(int get_account_info, + const char *name, struct passwd **pwd, struct spwd **spwdent); + +PAMH_ARG_DECL(int get_pwd_hash, + const char *name, struct passwd **pwd, char **hash); + +PAMH_ARG_DECL(int check_shadow_expiry, + struct spwd *spent, int *daysleft); + +PAMH_ARG_DECL(int unix_update_passwd, + const char *forwho, const char *towhat); + +PAMH_ARG_DECL(int unix_update_shadow, + const char *forwho, char *towhat); + +/* ****************************************************************** * + * Copyright (c) Red Hat, Inc. 2007. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ Index: pam-1.1.8/modules/pam_extrausers/support.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/support.c @@ -0,0 +1,1083 @@ +/* + * Copyright information at end of file. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_RPCSVC_YPCLNT_H +#include +#endif + +#include +#include +#include +#include + +#include "support.h" +#include "passverify.h" +#ifdef WITH_SELINUX +#include +#define SELINUX_ENABLED is_selinux_enabled()>0 +#else +#define SELINUX_ENABLED 0 +#endif + +static char * +search_key (const char *key, const char *filename) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + char *retval = NULL; + + fp = fopen (filename, "r"); + if (NULL == fp) + return NULL; + + while (!feof (fp)) + { + char *tmp, *cp; +#if defined(HAVE_GETLINE) + ssize_t n = getline (&buf, &buflen, fp); +#elif defined (HAVE_GETDELIM) + ssize_t n = getdelim (&buf, &buflen, '\n', fp); +#else + ssize_t n; + + if (buf == NULL) + { + buflen = BUF_SIZE; + buf = malloc (buflen); + if (buf == NULL) { + fclose (fp); + return NULL; + } + } + buf[0] = '\0'; + if (fgets (buf, buflen - 1, fp) == NULL) + break; + else if (buf != NULL) + n = strlen (buf); + else + n = 0; +#endif /* HAVE_GETLINE / HAVE_GETDELIM */ + cp = buf; + + if (n < 1) + break; + + tmp = strchr (cp, '#'); /* remove comments */ + if (tmp) + *tmp = '\0'; + while (isspace ((int)*cp)) /* remove spaces and tabs */ + ++cp; + if (*cp == '\0') /* ignore empty lines */ + continue; + + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + tmp = strsep (&cp, " \t="); + if (cp != NULL) + while (isspace ((int)*cp) || *cp == '=') + ++cp; + + if (strcasecmp (tmp, key) == 0) + { + retval = strdup (cp); + break; + } + } + fclose (fp); + + free (buf); + + return retval; +} + + +/* this is a front-end for module-application conversations */ + +int _make_remark(pam_handle_t * pamh, unsigned int ctrl, + int type, const char *text) +{ + int retval = PAM_SUCCESS; + + if (off(UNIX__QUIET, ctrl)) { + retval = pam_prompt(pamh, type, NULL, "%s", text); + } + return retval; +} + +/* + * set the control flags for the UNIX module. + */ + +int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, + int *pass_min_len, int argc, const char **argv) +{ + unsigned int ctrl; + char *val; + int j; + + D(("called.")); + + ctrl = UNIX_DEFAULTS; /* the default selection of options */ + + /* set some flags manually */ + + if (getuid() == 0 && !(flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { + D(("IAMROOT")); + set(UNIX__IAMROOT, ctrl); + } + if (flags & PAM_UPDATE_AUTHTOK) { + D(("UPDATE_AUTHTOK")); + set(UNIX__UPDATE, ctrl); + } + if (flags & PAM_PRELIM_CHECK) { + D(("PRELIM_CHECK")); + set(UNIX__PRELIM, ctrl); + } + if (flags & PAM_SILENT) { + D(("SILENT")); + set(UNIX__QUIET, ctrl); + } + + /* preset encryption method with value from /etc/login.defs */ + val = search_key ("ENCRYPT_METHOD", LOGIN_DEFS); + if (val) { + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token && unix_args[j].is_hash_algo + && !strncasecmp(val, unix_args[j].token, strlen(unix_args[j].token))) { + break; + } + } + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_WARNING, "unrecognized ENCRYPT_METHOD value [%s]", val); + } else { + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + free (val); + + /* read number of rounds for crypt algo */ + if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { + val=search_key ("SHA_CRYPT_MAX_ROUNDS", LOGIN_DEFS); + + if (val) { + *rounds = strtol(val, NULL, 10); + free (val); + } + } + } + + /* now parse the arguments to this module */ + + for (; argc-- > 0; ++argv) { + int sl; + + D(("pam_extrausers arg: %s", *argv)); + + for (j = 0; j < UNIX_CTRLS_; ++j) { + if (unix_args[j].token) { + sl = strlen(unix_args[j].token); + if (unix_args[j].token[sl-1] == '=') { + /* exclude argument from comparison */ + if (!strncmp(*argv, unix_args[j].token, sl)) + break; + } else { + /* compare full strings */ + if (!strcmp(*argv, unix_args[j].token)) + break; + } + } + } + + if (j >= UNIX_CTRLS_) { + pam_syslog(pamh, LOG_ERR, + "unrecognized option [%s]", *argv); + } else { + /* special cases */ + if (j == UNIX_REMEMBER_PASSWD) { + if (remember == NULL) { + pam_syslog(pamh, LOG_ERR, + "option remember not allowed for this module type"); + continue; + } + *remember = strtol(*argv + 9, NULL, 10); + if ((*remember == INT_MIN) || (*remember == INT_MAX)) + *remember = -1; + if (*remember > 400) + *remember = 400; + } else if (j == UNIX_MIN_PASS_LEN) { + if (pass_min_len == NULL) { + pam_syslog(pamh, LOG_ERR, + "option minlen not allowed for this module type"); + continue; + } + *pass_min_len = atoi(*argv + 7); + } else if (j == UNIX_ALGO_ROUNDS) { + if (rounds == NULL) { + pam_syslog(pamh, LOG_ERR, + "option rounds not allowed for this module type"); + continue; + } + *rounds = strtol(*argv + 7, NULL, 10); + } + + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } + } + + if (UNIX_DES_CRYPT(ctrl) + && pass_min_len && *pass_min_len > 8) + { + pam_syslog (pamh, LOG_NOTICE, "Password minlen reset to 8 characters"); + *pass_min_len = 8; + } + + if (flags & PAM_DISALLOW_NULL_AUTHTOK) { + D(("DISALLOW_NULL_AUTHTOK")); + set(UNIX__NONULL, ctrl); + } + + /* Set default rounds for blowfish */ + if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { + *rounds = 5; + set(UNIX_ALGO_ROUNDS, ctrl); + } + + /* Enforce sane "rounds" values */ + if (on(UNIX_ALGO_ROUNDS, ctrl)) { + if (on(UNIX_BLOWFISH_PASS, ctrl)) { + if (*rounds < 4 || *rounds > 31) + *rounds = 5; + } else if (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl)) { + if ((*rounds < 1000) || (*rounds == INT_MAX)) + /* don't care about bogus values */ + unset(UNIX_ALGO_ROUNDS, ctrl); + if (*rounds >= 10000000) + *rounds = 9999999; + } + } + + /* auditing is a more sensitive version of debug */ + + if (on(UNIX_AUDIT, ctrl)) { + set(UNIX_DEBUG, ctrl); + } + /* return the set of flags */ + + D(("done.")); + return ctrl; +} + +static void _cleanup(pam_handle_t * pamh UNUSED, void *x, int error_status UNUSED) +{ + _pam_delete(x); +} + +/* ************************************************************** * + * Useful non-trivial functions * + * ************************************************************** */ + + /* + * the following is used to keep track of the number of times a user fails + * to authenticate themself. + */ + +#define FAIL_PREFIX "-UN*X-FAIL-" +#define UNIX_MAX_RETRIES 3 + +struct _pam_failed_auth { + char *user; /* user that's failed to be authenticated */ + char *name; /* attempt from user with name */ + int uid; /* uid of calling user */ + int euid; /* euid of calling process */ + int count; /* number of failures so far */ +}; + +#ifndef PAM_DATA_REPLACE +#error "Need to get an updated libpam 0.52 or better" +#endif + +static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) +{ + int quiet; + const void *service = NULL; + const void *ruser = NULL; + const void *rhost = NULL; + const void *tty = NULL; + struct _pam_failed_auth *failure; + + D(("called")); + + quiet = err & PAM_DATA_SILENT; /* should we log something? */ + err &= PAM_DATA_REPLACE; /* are we just replacing data? */ + failure = (struct _pam_failed_auth *) fl; + + if (failure != NULL) { + + if (!quiet && !err) { /* under advisement from Sun,may go away */ + + /* log the number of authentication failures */ + if (failure->count > 1) { + (void) pam_get_item(pamh, PAM_SERVICE, + &service); + (void) pam_get_item(pamh, PAM_RUSER, + &ruser); + (void) pam_get_item(pamh, PAM_RHOST, + &rhost); + (void) pam_get_item(pamh, PAM_TTY, + &tty); + pam_syslog(pamh, LOG_NOTICE, + "%d more authentication failure%s; " + "logname=%s uid=%d euid=%d " + "tty=%s ruser=%s rhost=%s " + "%s%s", + failure->count - 1, failure->count == 2 ? "" : "s", + failure->name, failure->uid, failure->euid, + tty ? (const char *)tty : "", ruser ? (const char *)ruser : "", + rhost ? (const char *)rhost : "", + (failure->user && failure->user[0] != '\0') + ? " user=" : "", failure->user + ); + + if (failure->count > UNIX_MAX_RETRIES) { + pam_syslog(pamh, LOG_ALERT, + "service(%s) ignoring max retries; %d > %d", + service == NULL ? "**unknown**" : (const char *)service, + failure->count, + UNIX_MAX_RETRIES); + } + } + } + _pam_delete(failure->user); /* tidy up */ + _pam_delete(failure->name); /* tidy up */ + free(failure); + } +} + +/* + * _unix_getpwnam() searches only /var/lib/extrausers/passwd and NIS to find user information + */ +static void _unix_cleanup(pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) +{ + free(data); +} + +int _unix_getpwnam(pam_handle_t *pamh, const char *name, + int files, int nis, struct passwd **ret) +{ + FILE *passwd; + char buf[16384]; + int matched = 0, buflen; + char *slogin, *spasswd, *suid, *sgid, *sgecos, *shome, *sshell, *p; + + memset(buf, 0, sizeof(buf)); + + if (!matched && files) { + int userlen = strlen(name); + passwd = fopen("/var/lib/extrausers/passwd", "r"); + if (passwd != NULL) { + while (fgets(buf, sizeof(buf), passwd) != NULL) { + if ((buf[userlen] == ':') && + (strncmp(name, buf, userlen) == 0)) { + p = buf + strlen(buf) - 1; + while (isspace(*p) && (p >= buf)) { + *p-- = '\0'; + } + matched = 1; + break; + } + } + fclose(passwd); + } + } + +#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined (HAVE_YP_BIND) && defined (HAVE_YP_MATCH) && defined (HAVE_YP_UNBIND) + if (!matched && nis) { + char *userinfo = NULL, *domain = NULL; + int len = 0, i; + len = yp_get_default_domain(&domain); + if (len == YPERR_SUCCESS) { + len = yp_bind(domain); + } + if (len == YPERR_SUCCESS) { + i = yp_match(domain, "passwd.byname", name, + strlen(name), &userinfo, &len); + yp_unbind(domain); + if ((i == YPERR_SUCCESS) && ((size_t)len < sizeof(buf))) { + strncpy(buf, userinfo, sizeof(buf) - 1); + buf[sizeof(buf) - 1] = '\0'; + matched = 1; + } + } + } +#else + /* we don't have NIS support, make compiler happy. */ + nis = 0; +#endif + + if (matched && (ret != NULL)) { + *ret = NULL; + + slogin = buf; + + spasswd = strchr(slogin, ':'); + if (spasswd == NULL) { + return matched; + } + *spasswd++ = '\0'; + + suid = strchr(spasswd, ':'); + if (suid == NULL) { + return matched; + } + *suid++ = '\0'; + + sgid = strchr(suid, ':'); + if (sgid == NULL) { + return matched; + } + *sgid++ = '\0'; + + sgecos = strchr(sgid, ':'); + if (sgecos == NULL) { + return matched; + } + *sgecos++ = '\0'; + + shome = strchr(sgecos, ':'); + if (shome == NULL) { + return matched; + } + *shome++ = '\0'; + + sshell = strchr(shome, ':'); + if (sshell == NULL) { + return matched; + } + *sshell++ = '\0'; + + buflen = sizeof(struct passwd) + + strlen(slogin) + 1 + + strlen(spasswd) + 1 + + strlen(sgecos) + 1 + + strlen(shome) + 1 + + strlen(sshell) + 1; + *ret = malloc(buflen); + if (*ret == NULL) { + return matched; + } + memset(*ret, '\0', buflen); + + (*ret)->pw_uid = strtol(suid, &p, 10); + if ((strlen(suid) == 0) || (*p != '\0')) { + free(*ret); + *ret = NULL; + return matched; + } + + (*ret)->pw_gid = strtol(sgid, &p, 10); + if ((strlen(sgid) == 0) || (*p != '\0')) { + free(*ret); + *ret = NULL; + return matched; + } + + p = ((char*)(*ret)) + sizeof(struct passwd); + (*ret)->pw_name = strcpy(p, slogin); + p += strlen(p) + 1; + (*ret)->pw_passwd = strcpy(p, spasswd); + p += strlen(p) + 1; + (*ret)->pw_gecos = strcpy(p, sgecos); + p += strlen(p) + 1; + (*ret)->pw_dir = strcpy(p, shome); + p += strlen(p) + 1; + (*ret)->pw_shell = strcpy(p, sshell); + + snprintf(buf, sizeof(buf), "_pam_unix_getpwnam_%s", name); + + if (pam_set_data(pamh, buf, + *ret, _unix_cleanup) != PAM_SUCCESS) { + free(*ret); + *ret = NULL; + } + } + + return matched; +} + +/* + * _unix_comsefromsource() is a quick check to see if information about a given + * user comes from a particular source (just files and nis for now) + * + */ +int _unix_comesfromsource(pam_handle_t *pamh, + const char *name, int files, int nis) +{ + return _unix_getpwnam(pamh, name, files, nis, NULL); +} + +/* + * verify the password of a user + */ + +#include +#include + +static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, + unsigned int ctrl, const char *user) +{ + int retval, child, fds[2]; + struct sigaction newsa, oldsa; + + D(("called.")); + /* create a pipe for the password */ + if (pipe(fds) != 0) { + D(("could not make pipe")); + return PAM_AUTH_ERR; + } + + if (off(UNIX_NOREAP, ctrl)) { + /* + * This code arranges that the demise of the child does not cause + * the application to receive a signal it is not expecting - which + * may kill the application or worse. + * + * The "noreap" module argument is provided so that the admin can + * override this behavior. + */ + memset(&newsa, '\0', sizeof(newsa)); + newsa.sa_handler = SIG_DFL; + sigaction(SIGCHLD, &newsa, &oldsa); + } + + /* fork */ + child = fork(); + if (child == 0) { + int i=0; + int nullok = off(UNIX__NONULL, ctrl); + struct rlimit rlim; + static char *envp[] = { NULL }; + char *args[] = { NULL, NULL, NULL, NULL }; + + /* XXX - should really tidy up PAM here too */ + + /* reopen stdin as pipe */ + dup2(fds[0], STDIN_FILENO); + + if (getrlimit(RLIMIT_NOFILE,&rlim)==0) { + if (rlim.rlim_max >= MAX_FD_NO) + rlim.rlim_max = MAX_FD_NO; + for (i=0; i < (int)rlim.rlim_max; i++) { + if (i != STDIN_FILENO) + close(i); + } + } + + if (geteuid() == 0) { + /* must set the real uid to 0 so the helper will not error + out if pam is called from setuid binary (su, sudo...) */ + if (setuid(0) == -1) { + D(("setuid failed")); + _exit(PAM_AUTHINFO_UNAVAIL); + } + } + + /* exec binary helper */ + args[0] = strdup(CHKPWD_HELPER); + args[1] = x_strdup(user); + + if (on(UNIX_NULLOK_SECURE, ctrl)) { + const void *uttyname; + retval = pam_get_item(pamh, PAM_TTY, &uttyname); + if (retval != PAM_SUCCESS || uttyname == NULL + || _pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) + { + nullok = 0; + } + } + + if (nullok) { + args[2]=strdup("nullok"); + } else { + args[2]=strdup("nonull"); + } + + execve(CHKPWD_HELPER, args, envp); + + /* should not get here: exit with error */ + D(("helper binary is not available")); + _exit(PAM_AUTHINFO_UNAVAIL); + } else if (child > 0) { + /* wait for child */ + /* if the stored password is NULL */ + int rc=0; + if (passwd != NULL) { /* send the password to the child */ + if (write(fds[1], passwd, strlen(passwd)+1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + retval = PAM_AUTH_ERR; + } + passwd = NULL; + } else { /* blank password */ + if (write(fds[1], "", 1) == -1) { + pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); + retval = PAM_AUTH_ERR; + } + } + close(fds[0]); /* close here to avoid possible SIGPIPE above */ + close(fds[1]); + /* wait for helper to complete: */ + while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); + if (rc<0) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_chkpwd waitpid returned %d: %m", rc); + retval = PAM_AUTH_ERR; + } else if (!WIFEXITED(retval)) { + pam_syslog(pamh, LOG_ERR, "pam_extrausers_chkpwd abnormal exit: %d", retval); + retval = PAM_AUTH_ERR; + } else { + retval = WEXITSTATUS(retval); + } + } else { + D(("fork failed")); + close(fds[0]); + close(fds[1]); + retval = PAM_AUTH_ERR; + } + + if (off(UNIX_NOREAP, ctrl)) { + sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ + } + + D(("returning %d", retval)); + return retval; +} + +/* + * _unix_blankpasswd() is a quick check for a blank password + * + * returns TRUE if user does not have a password + * - to avoid prompting for one in such cases (CG) + */ + +int +_unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) +{ + struct passwd *pwd = NULL; + char *salt = NULL; + int retval; + + D(("called")); + + /* + * This function does not have to be too smart if something goes + * wrong, return FALSE and let this case to be treated somewhere + * else (CG) + */ + + if (on(UNIX__NONULL, ctrl)) + return 0; /* will fail but don't let on yet */ + + if (on(UNIX_NULLOK_SECURE, ctrl)) { + int retval2; + const void *uttyname; + retval2 = pam_get_item(pamh, PAM_TTY, &uttyname); + if (retval2 != PAM_SUCCESS || uttyname == NULL) + return 0; + + if (_pammodutil_tty_secure(pamh, (const char *)uttyname) != PAM_SUCCESS) + return 0; + } + + /* UNIX passwords area */ + + retval = get_pwd_hash(pamh, name, &pwd, &salt); + + if (retval == PAM_UNIX_RUN_HELPER) { + /* salt will not be set here so we can return immediately */ + if (_unix_run_helper_binary(pamh, NULL, ctrl, name) == PAM_SUCCESS) + return 1; + else + return 0; + } + + /* Does this user have a password? */ + if (salt == NULL) { + retval = 0; + } else { + if (strlen(salt) == 0) + retval = 1; + else + retval = 0; + } + + /* tidy up */ + + if (salt) + _pam_delete(salt); + + return retval; +} + +int _unix_verify_password(pam_handle_t * pamh, const char *name + ,const char *p, unsigned int ctrl) +{ + struct passwd *pwd = NULL; + char *salt = NULL; + char *data_name; + int retval; + + + D(("called")); + +#ifdef HAVE_PAM_FAIL_DELAY + if (off(UNIX_NODELAY, ctrl)) { + D(("setting delay")); + (void) pam_fail_delay(pamh, 2000000); /* 2 sec delay for on failure */ + } +#endif + + /* locate the entry for this user */ + + D(("locating user's record")); + + retval = get_pwd_hash(pamh, name, &pwd, &salt); + + data_name = (char *) malloc(sizeof(FAIL_PREFIX) + strlen(name)); + if (data_name == NULL) { + pam_syslog(pamh, LOG_CRIT, "no memory for data-name"); + } else { + strcpy(data_name, FAIL_PREFIX); + strcpy(data_name + sizeof(FAIL_PREFIX) - 1, name); + } + + if (retval != PAM_SUCCESS) { + if (retval == PAM_UNIX_RUN_HELPER) { + D(("running helper binary")); + retval = _unix_run_helper_binary(pamh, p, ctrl, name); + } else { + D(("user's record unavailable")); + p = NULL; + if (on(UNIX_AUDIT, ctrl)) { + /* this might be a typo and the user has given a password + instead of a username. Careful with this. */ + pam_syslog(pamh, LOG_WARNING, + "check pass; user (%s) unknown", name); + } else { + name = NULL; + if (on(UNIX_DEBUG, ctrl) || pwd == NULL) { + pam_syslog(pamh, LOG_WARNING, + "check pass; user unknown"); + } else { + /* don't log failure as another pam module can succeed */ + goto cleanup; + } + } + } + } else { + retval = verify_pwd_hash(p, salt, + _unix_blankpasswd(pamh, ctrl, name)); + } + + if (retval == PAM_SUCCESS) { + if (data_name) /* reset failures */ + pam_set_data(pamh, data_name, NULL, _cleanup_failures); + } else { + if (data_name != NULL) { + struct _pam_failed_auth *new = NULL; + const struct _pam_failed_auth *old = NULL; + + /* get a failure recorder */ + + new = (struct _pam_failed_auth *) + malloc(sizeof(struct _pam_failed_auth)); + + if (new != NULL) { + + const char *login_name; + const void *void_old; + + + login_name = pam_modutil_getlogin(pamh); + if (login_name == NULL) { + login_name = ""; + } + + new->user = x_strdup(name ? name : ""); + new->uid = getuid(); + new->euid = geteuid(); + new->name = x_strdup(login_name); + + /* any previous failures for this user ? */ + if (pam_get_data(pamh, data_name, &void_old) + == PAM_SUCCESS) + old = void_old; + else + old = NULL; + + if (old != NULL) { + new->count = old->count + 1; + if (new->count >= UNIX_MAX_RETRIES) { + retval = PAM_MAXTRIES; + } + } else { + const void *service=NULL; + const void *ruser=NULL; + const void *rhost=NULL; + const void *tty=NULL; + + (void) pam_get_item(pamh, PAM_SERVICE, + &service); + (void) pam_get_item(pamh, PAM_RUSER, + &ruser); + (void) pam_get_item(pamh, PAM_RHOST, + &rhost); + (void) pam_get_item(pamh, PAM_TTY, + &tty); + + pam_syslog(pamh, LOG_NOTICE, + "authentication failure; " + "logname=%s uid=%d euid=%d " + "tty=%s ruser=%s rhost=%s " + "%s%s", + new->name, new->uid, new->euid, + tty ? (const char *)tty : "", + ruser ? (const char *)ruser : "", + rhost ? (const char *)rhost : "", + (new->user && new->user[0] != '\0') + ? " user=" : "", + new->user + ); + new->count = 1; + } + + pam_set_data(pamh, data_name, new, _cleanup_failures); + + } else { + pam_syslog(pamh, LOG_CRIT, + "no memory for failure recorder"); + } + } + } + +cleanup: + if (data_name) + _pam_delete(data_name); + if (salt) + _pam_delete(salt); + + D(("done [%d].", retval)); + + return retval; +} + +/* + * obtain a password from the user + */ + +int _unix_read_password(pam_handle_t * pamh + ,unsigned int ctrl + ,const char *comment + ,const char *prompt1 + ,const char *prompt2 + ,const char *data_name + ,const void **pass) +{ + int authtok_flag; + int retval = PAM_SUCCESS; + char *token; + + D(("called")); + + /* + * make sure nothing inappropriate gets returned + */ + + *pass = token = NULL; + + /* + * which authentication token are we getting? + */ + + authtok_flag = on(UNIX__OLD_PASSWD, ctrl) ? PAM_OLDAUTHTOK : PAM_AUTHTOK; + + /* + * should we obtain the password from a PAM item ? + */ + + if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) { + retval = pam_get_item(pamh, authtok_flag, pass); + if (retval != PAM_SUCCESS) { + /* very strange. */ + pam_syslog(pamh, LOG_ALERT, + "pam_get_item returned error to unix-read-password" + ); + return retval; + } else if (*pass != NULL) { /* we have a password! */ + return PAM_SUCCESS; + } else if (on(UNIX_USE_AUTHTOK, ctrl) + && off(UNIX__OLD_PASSWD, ctrl)) { + return PAM_AUTHTOK_ERR; + } else if (on(UNIX_USE_FIRST_PASS, ctrl)) { + return PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ + } + } + /* + * getting here implies we will have to get the password from the + * user directly. + */ + + { + int replies=1; + char *resp[2] = { NULL, NULL }; + + if (comment != NULL && off(UNIX__QUIET, ctrl)) { + retval = pam_info(pamh, "%s", comment); + } + + if (retval == PAM_SUCCESS) { + retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, + &resp[0], "%s", prompt1); + + if (retval == PAM_SUCCESS && prompt2 != NULL) { + retval = pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, + &resp[1], "%s", prompt2); + ++replies; + } + } + + if (resp[0] != NULL && resp[replies-1] != NULL) { + /* interpret the response */ + + if (retval == PAM_SUCCESS) { /* a good conversation */ + + token = resp[0]; + if (token != NULL) { + if (replies == 2) { + /* verify that password entered correctly */ + if (strcmp(token, resp[replies - 1])) { + /* mistyped */ + retval = PAM_AUTHTOK_RECOVERY_ERR; + _make_remark(pamh, ctrl, + PAM_ERROR_MSG, MISTYPED_PASS); + } + } + } else { + pam_syslog(pamh, LOG_NOTICE, + "could not recover authentication token"); + } + + } + + } else { + retval = (retval == PAM_SUCCESS) + ? PAM_AUTHTOK_RECOVERY_ERR : retval; + } + + resp[0] = NULL; + if (replies > 1) + _pam_delete(resp[1]); + } + + if (retval != PAM_SUCCESS) { + _pam_delete(token); + + if (on(UNIX_DEBUG, ctrl)) + pam_syslog(pamh, LOG_DEBUG, + "unable to obtain a password"); + return retval; + } + /* 'token' is the entered password */ + + if (off(UNIX_NOT_SET_PASS, ctrl)) { + + /* we store this password as an item */ + + retval = pam_set_item(pamh, authtok_flag, token); + _pam_delete(token); /* clean it up */ + if (retval != PAM_SUCCESS + || (retval = pam_get_item(pamh, authtok_flag, pass)) + != PAM_SUCCESS) { + + *pass = NULL; + pam_syslog(pamh, LOG_CRIT, "error manipulating password"); + return retval; + + } + } else { + /* + * then store it as data specific to this module. pam_end() + * will arrange to clean it up. + */ + + retval = pam_set_data(pamh, data_name, (void *) token, _cleanup); + if (retval != PAM_SUCCESS) { + pam_syslog(pamh, LOG_CRIT, + "error manipulating password data [%s]", + pam_strerror(pamh, retval)); + _pam_delete(token); + return retval; + } + *pass = token; + token = NULL; /* break link to password */ + } + + return PAM_SUCCESS; +} + +/* ****************************************************************** * + * Copyright (c) Jan Rêkorajski 1999. + * Copyright (c) Andrew G. Morgan 1996-8. + * Copyright (c) Alex O. Yuriev, 1996. + * Copyright (c) Cristian Gafton 1996. + * Copyright (c) Red Hat, Inc. 2007. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ Index: pam-1.1.8/modules/pam_extrausers/support.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/support.h @@ -0,0 +1,182 @@ +/* + * $Id$ + */ + +#ifndef _PAM_UNIX_SUPPORT_H +#define _PAM_UNIX_SUPPORT_H + +#include + +/* + * File to read value of ENCRYPT_METHOD from. + */ +#define LOGIN_DEFS "/etc/login.defs" + + +/* + * here is the string to inform the user that the new passwords they + * typed were not the same. + */ + +#define MISTYPED_PASS "Sorry, passwords do not match" + +/* type definition for the control options */ + +typedef struct { + const char *token; + unsigned int mask; /* shall assume 32 bits of flags */ + unsigned int flag; + unsigned int is_hash_algo; +} UNIX_Ctrls; + +/* + * macro to determine if a given flag is on + */ + +#define on(x,ctrl) (unix_args[x].flag & ctrl) + +/* + * macro to determine that a given flag is NOT on + */ + +#define off(x,ctrl) (!on(x,ctrl)) + +/* + * macro to turn on/off a ctrl flag manually + */ + +#define set(x,ctrl) (ctrl = ((ctrl)&unix_args[x].mask)|unix_args[x].flag) +#define unset(x,ctrl) (ctrl &= ~(unix_args[x].flag)) + +/* the generic mask */ + +#define _ALL_ON_ (~0U) + +/* end of macro definitions definitions for the control flags */ + +/* ****************************************************************** * + * ctrl flags proper.. + */ + +/* + * here are the various options recognized by the unix module. They + * are enumerated here and then defined below. Internal arguments are + * given NULL tokens. + */ + +#define UNIX__OLD_PASSWD 0 /* internal */ +#define UNIX__VERIFY_PASSWD 1 /* internal */ +#define UNIX__IAMROOT 2 /* internal */ + +#define UNIX_AUDIT 3 /* print more things than debug.. + some information may be sensitive */ +#define UNIX_USE_FIRST_PASS 4 +#define UNIX_TRY_FIRST_PASS 5 +#define UNIX_NOT_SET_PASS 6 /* don't set the AUTHTOK items */ + +#define UNIX__PRELIM 7 /* internal */ +#define UNIX__UPDATE 8 /* internal */ +#define UNIX__NONULL 9 /* internal */ +#define UNIX__QUIET 10 /* internal */ +#define UNIX_USE_AUTHTOK 11 /* insist on reading PAM_AUTHTOK */ +#define UNIX_SHADOW 12 /* signal shadow on */ +#define UNIX_MD5_PASS 13 /* force the use of MD5 passwords */ +#define UNIX__NULLOK 14 /* Null token ok */ +#define UNIX_DEBUG 15 /* send more info to syslog(3) */ +#define UNIX_NODELAY 16 /* admin does not want a fail-delay */ +#define UNIX_NIS 17 /* wish to use NIS for pwd */ +#define UNIX_BIGCRYPT 18 /* use DEC-C2 crypt()^x function */ +#define UNIX_LIKE_AUTH 19 /* need to auth for setcred to work */ +#define UNIX_REMEMBER_PASSWD 20 /* Remember N previous passwords */ +#define UNIX_NOREAP 21 /* don't reap child process */ +#define UNIX_BROKEN_SHADOW 22 /* ignore errors reading password aging + * information during acct management */ +#define UNIX_SHA256_PASS 23 /* new password hashes will use SHA256 */ +#define UNIX_SHA512_PASS 24 /* new password hashes will use SHA512 */ +#define UNIX_ALGO_ROUNDS 25 /* optional number of rounds for new + password hash algorithms */ +#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */ +#define UNIX_MIN_PASS_LEN 27 /* min length for password */ +#define UNIX_OBSCURE_CHECKS 28 /* enable obscure checks on passwords */ +#define UNIX_NULLOK_SECURE 29 /* NULL passwords allowed only on secure ttys */ +/* -------------- */ +#define UNIX_CTRLS_ 30 /* number of ctrl arguments defined */ + +#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl)) + +static const UNIX_Ctrls unix_args[UNIX_CTRLS_] = +{ +/* symbol token name ctrl mask ctrl * + * ----------------------- ------------------- --------------------- -------- */ + +/* UNIX__OLD_PASSWD */ {NULL, _ALL_ON_, 0x1, 0}, +/* UNIX__VERIFY_PASSWD */ {NULL, _ALL_ON_, 0x2, 0}, +/* UNIX__IAMROOT */ {NULL, _ALL_ON_, 0x4, 0}, +/* UNIX_AUDIT */ {"audit", _ALL_ON_, 0x8, 0}, +/* UNIX_USE_FIRST_PASS */ {"use_first_pass", _ALL_ON_^(0x30), 0x10, 0}, +/* UNIX_TRY_FIRST_PASS */ {"try_first_pass", _ALL_ON_^(0x30), 0x20, 0}, +/* UNIX_NOT_SET_PASS */ {"not_set_pass", _ALL_ON_, 0x40, 0}, +/* UNIX__PRELIM */ {NULL, _ALL_ON_^(0x180), 0x80, 0}, +/* UNIX__UPDATE */ {NULL, _ALL_ON_^(0x180), 0x100, 0}, +/* UNIX__NONULL */ {NULL, _ALL_ON_^(0x10000000), 0x200, 0}, +/* UNIX__QUIET */ {NULL, _ALL_ON_, 0x400, 0}, +/* UNIX_USE_AUTHTOK */ {"use_authtok", _ALL_ON_, 0x800, 0}, +/* UNIX_SHADOW */ {"shadow", _ALL_ON_, 0x1000, 0}, +/* UNIX_MD5_PASS */ {"md5", _ALL_ON_^(0x2C22000), 0x2000, 1}, +/* UNIX__NULLOK */ {"nullok", _ALL_ON_^(0x200), 0, 0}, +/* UNIX_DEBUG */ {"debug", _ALL_ON_, 0x4000, 0}, +/* UNIX_NODELAY */ {"nodelay", _ALL_ON_, 0x8000, 0}, +/* UNIX_NIS */ {"nis", _ALL_ON_, 0x10000, 0}, +/* UNIX_BIGCRYPT */ {"bigcrypt", _ALL_ON_^(0x2C22000), 0x20000, 1}, +/* UNIX_LIKE_AUTH */ {"likeauth", _ALL_ON_, 0x40000, 0}, +/* UNIX_REMEMBER_PASSWD */ {"remember=", _ALL_ON_, 0x80000, 0}, +/* UNIX_NOREAP */ {"noreap", _ALL_ON_, 0x100000, 0}, +/* UNIX_BROKEN_SHADOW */ {"broken_shadow", _ALL_ON_, 0x200000, 0}, +/* UNIX_SHA256_PASS */ {"sha256", _ALL_ON_^(0x2C22000), 0x400000, 1}, +/* UNIX_SHA512_PASS */ {"sha512", _ALL_ON_^(0x2C22000), 0x800000, 1}, +/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0x1000000, 0}, +/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0x2C22000),0x2000000, 1}, +/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0x4000000, 0}, +/* UNIX_OBSCURE_CHECKS */ {"obscure", _ALL_ON_, 0x8000000, 0}, +/* UNIX_NULLOK_SECURE */ {"nullok_secure", _ALL_ON_^(0x200), 0x10000000, 0}, +}; + +#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag) + +#define MAX_FD_NO 2000000 + +/* use this to free strings. ESPECIALLY password strings */ + +#define _pam_delete(xx) \ +{ \ + _pam_overwrite(xx); \ + _pam_drop(xx); \ +} + +extern int _make_remark(pam_handle_t * pamh, unsigned int ctrl + ,int type, const char *text); +extern int _set_ctrl(pam_handle_t * pamh, int flags, int *remember, int *rounds, + int *pass_min_len, int argc, const char **argv); +extern int _unix_getpwnam (pam_handle_t *pamh, + const char *name, int files, int nis, + struct passwd **ret); +extern int _unix_comesfromsource (pam_handle_t *pamh, + const char *name, int files, int nis); +extern int _unix_blankpasswd(pam_handle_t *pamh,unsigned int ctrl, + const char *name); +extern int _unix_verify_password(pam_handle_t * pamh, const char *name + ,const char *p, unsigned int ctrl); +extern int _unix_read_password(pam_handle_t * pamh + ,unsigned int ctrl + ,const char *comment + ,const char *prompt1 + ,const char *prompt2 + ,const char *data_name + ,const void **pass); + +extern int _pammodutil_tty_secure(const pam_handle_t *pamh, + const char *uttyname); + +extern int _unix_run_verify_binary(pam_handle_t *pamh, + unsigned int ctrl, const char *user, int *daysleft); +#endif /* _PAM_UNIX_SUPPORT_H */ Index: pam-1.1.8/modules/pam_extrausers/unix_chkpwd.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/unix_chkpwd.c @@ -0,0 +1,239 @@ +/* + * This program is designed to run setuid(root) or with sufficient + * privilege to read all of the unix password databases. It is designed + * to provide a mechanism for the current user (defined by this + * process' uid) to verify their own password. + * + * The password is read from the standard input. The exit status of + * this program indicates whether the user is authenticated or not. + * + * Copyright information is located at the end of the file. + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_LIBAUDIT +#include +#endif + +#include +#include + +#include "passverify.h" + +static int _check_expiry(const char *uname) +{ + struct spwd *spent; + struct passwd *pwent; + int retval; + int daysleft; + + retval = get_account_info(uname, &pwent, &spent); + if (retval != PAM_SUCCESS) { + helper_log_err(LOG_ALERT, "could not obtain user info (%s)", uname); + printf("-1\n"); + return retval; + } + + if (spent == NULL) { + printf("-1\n"); + return retval; + } + + retval = check_shadow_expiry(spent, &daysleft); + printf("%d\n", daysleft); + return retval; +} + +#ifdef HAVE_LIBAUDIT +static int _audit_log(int type, const char *uname, int rc) +{ + int audit_fd; + + audit_fd = audit_open(); + if (audit_fd < 0) { + /* You get these error codes only when the kernel doesn't have + * audit compiled in. */ + if (errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT) + return PAM_SUCCESS; + + helper_log_err(LOG_CRIT, "audit_open() failed: %m"); + return PAM_AUTH_ERR; + } + + rc = audit_log_acct_message(audit_fd, type, NULL, "PAM:pam_extrausers_chkpwd", + uname, -1, NULL, NULL, NULL, rc == PAM_SUCCESS); + if (rc == -EPERM && geteuid() != 0) { + rc = 0; + } + + audit_close(audit_fd); + + return rc < 0 ? PAM_AUTH_ERR : PAM_SUCCESS; +} +#endif + +int main(int argc, char *argv[]) +{ + char pass[MAXPASS + 1]; + char *option; + int npass, nullok; + int blankpass = 0; + int retval = PAM_AUTH_ERR; + char *user; + char *passwords[] = { pass }; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * we establish that this program is running with non-tty stdin. + * this is to discourage casual use. It does *NOT* prevent an + * intruder from repeatadly running this program to determine the + * password of the current user (brute force attack, but one for + * which the attacker must already have gained access to the user's + * account). + */ + + if (isatty(STDIN_FILENO) || argc != 3 ) { + helper_log_err(LOG_NOTICE + ,"inappropriate use of Unix helper binary [UID=%d]" + ,getuid()); +#ifdef HAVE_LIBAUDIT + _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif + fprintf(stderr + ,"This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return PAM_SYSTEM_ERR; + } + + /* + * Determine what the current user's name is. + * We must thus skip the check if the real uid is 0. + */ + if (getuid() == 0) { + user=argv[1]; + } + else { + user = getuidname(getuid()); + /* if the caller specifies the username, verify that user + matches it */ + if (strcmp(user, argv[1])) { + gid_t gid = getgid(); + user = argv[1]; + /* no match -> permanently change to the real user and proceed */ + if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) + return PAM_AUTH_ERR; + } + } + + option=argv[2]; + + if (strcmp(option, "chkexpiry") == 0) + /* Check account information from the shadow file */ + return _check_expiry(argv[1]); + /* read the nullok/nonull option */ + else if (strcmp(option, "nullok") == 0) + nullok = 1; + else if (strcmp(option, "nonull") == 0) + nullok = 0; + else { +#ifdef HAVE_LIBAUDIT + _audit_log(AUDIT_ANOM_EXEC, getuidname(getuid()), PAM_SYSTEM_ERR); +#endif + return PAM_SYSTEM_ERR; + } + /* read the password from stdin (a pipe from the pam_unix module) */ + + npass = read_passwords(STDIN_FILENO, 1, passwords); + + if (npass != 1) { /* is it a valid password? */ + helper_log_err(LOG_DEBUG, "no password supplied"); + *pass = '\0'; + } + + if (*pass == '\0') { + blankpass = 1; + } + + retval = helper_verify_password(user, pass, nullok); + + memset(pass, '\0', MAXPASS); /* clear memory of the password */ + + /* return pass or fail */ + + if (retval != PAM_SUCCESS) { + if (!nullok || !blankpass) { + /* no need to log blank pass test */ +#ifdef HAVE_LIBAUDIT + if (getuid() != 0) + _audit_log(AUDIT_USER_AUTH, user, PAM_AUTH_ERR); +#endif + helper_log_err(LOG_NOTICE, "password check failed for user (%s)", user); + } + return PAM_AUTH_ERR; + } else { + if (getuid() != 0) { +#ifdef HAVE_LIBAUDIT + return _audit_log(AUDIT_USER_AUTH, user, PAM_SUCCESS); +#else + return PAM_SUCCESS; +#endif + } + return PAM_SUCCESS; + } +} + +/* + * Copyright (c) Andrew G. Morgan, 1996. All rights reserved + * Copyright (c) Red Hat, Inc., 2007,2008. All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ Index: pam-1.1.8/modules/pam_extrausers/unix_update.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/unix_update.c @@ -0,0 +1,191 @@ +/* + * This program is designed to run with sufficient privilege + * to read and write all of the unix password databases. + * Its purpose is to allow updating the databases when + * SELinux confinement of the caller domain prevents them to + * do that themselves. + * + * The password is read from the standard input. The exit status of + * this program indicates whether the password was updated or not. + * + * Copyright information is located at the end of the file. + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "passverify.h" + +static int +set_password(const char *forwho, const char *shadow, const char *remember) +{ + struct passwd *pwd = NULL; + int retval; + char pass[MAXPASS + 1]; + char towhat[MAXPASS + 1]; + int npass = 0; + /* we don't care about number format errors because the helper + should be called internally only */ + int doshadow = atoi(shadow); + int nremember = atoi(remember); + char *passwords[] = { pass, towhat }; + + /* read the password from stdin (a pipe from the pam_unix module) */ + + npass = read_passwords(STDIN_FILENO, 2, passwords); + + if (npass != 2) { /* is it a valid password? */ + if (npass == 1) { + helper_log_err(LOG_DEBUG, "no new password supplied"); + memset(pass, '\0', MAXPASS); + } else { + helper_log_err(LOG_DEBUG, "no valid passwords supplied"); + } + return PAM_AUTHTOK_ERR; + } + + if (lock_pwdf() != PAM_SUCCESS) + return PAM_AUTHTOK_LOCK_BUSY; + + pwd = getpwnam(forwho); + + if (pwd == NULL) { + retval = PAM_USER_UNKNOWN; + goto done; + } + + /* If real caller uid is not root we must verify that + received old pass agrees with the current one. + We always allow change from null pass. */ + if (getuid()) { + retval = helper_verify_password(forwho, pass, 1); + if (retval != PAM_SUCCESS) { + goto done; + } + } + + /* first, save old password */ + if (save_old_password(forwho, pass, nremember)) { + retval = PAM_AUTHTOK_ERR; + goto done; + } + + if (doshadow || is_pwd_shadowed(pwd)) { + retval = unix_update_shadow(forwho, towhat); + if (retval == PAM_SUCCESS) + if (!is_pwd_shadowed(pwd)) + retval = unix_update_passwd(forwho, "x"); + } else { + retval = unix_update_passwd(forwho, towhat); + } + +done: + memset(pass, '\0', MAXPASS); + memset(towhat, '\0', MAXPASS); + + unlock_pwdf(); + + if (retval == PAM_SUCCESS) { + return PAM_SUCCESS; + } else { + return PAM_AUTHTOK_ERR; + } +} + +int main(int argc, char *argv[]) +{ + char *option; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * we establish that this program is running with non-tty stdin. + * this is to discourage casual use. It does *NOT* prevent an + * intruder from repeatadly running this program to determine the + * password of the current user (brute force attack, but one for + * which the attacker must already have gained access to the user's + * account). + */ + + if (isatty(STDIN_FILENO) || argc != 5 ) { + helper_log_err(LOG_NOTICE + ,"inappropriate use of Unix helper binary [UID=%d]" + ,getuid()); + fprintf(stderr + ,"This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return PAM_SYSTEM_ERR; + } + + /* We must be root to read/update shadow. + */ + if (geteuid() != 0) { + return PAM_CRED_INSUFFICIENT; + } + + option = argv[2]; + + if (strcmp(option, "update") == 0) { + /* Attempting to change the password */ + return set_password(argv[1], argv[3], argv[4]); + } + + return PAM_SYSTEM_ERR; +} + +/* + * Copyright (c) Andrew G. Morgan, 1996. All rights reserved + * Copyright (c) Red Hat, Inc., 2007, 2008. All rights reserved + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, and the entire permission notice in its entirety, + * including the disclaimer of warranties. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * ALTERNATIVELY, this product may be distributed under the terms of + * the GNU Public License, in which case the provisions of the GPL are + * required INSTEAD OF the above restrictions. (This clause is + * necessary due to a potential bad interaction between the GPL and + * the restrictions contained in a BSD-style copyright.) + * + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ Index: pam-1.1.8/modules/pam_extrausers/yppasswd.h =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/yppasswd.h @@ -0,0 +1,51 @@ +/* + * yppasswdd + * Copyright 1994, 1995, 1996 Olaf Kirch, + * + * This program is covered by the GNU General Public License, version 2 + * or later. It is provided in the hope that it is useful. However, the author + * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. + * + * This file was generated automatically by rpcgen from yppasswd.x, and + * editied manually. + */ + +#ifndef _YPPASSWD_H_ +#define _YPPASSWD_H_ + +#define YPPASSWDPROG ((u_long)100009) +#define YPPASSWDVERS ((u_long)1) +#define YPPASSWDPROC_UPDATE ((u_long)1) + +/* + * The password struct passed by the update call. I renamed it to + * xpasswd to avoid a type clash with the one defined in . + */ +#ifndef __sgi +typedef struct xpasswd { + char *pw_name; + char *pw_passwd; + int pw_uid; + int pw_gid; + char *pw_gecos; + char *pw_dir; + char *pw_shell; +} xpasswd; + +#else +#include +typedef struct xpasswd xpasswd; +#endif + +/* The updated password information, plus the old password. + */ +typedef struct yppasswd { + char *oldpass; + xpasswd newpw; +} yppasswd; + +/* XDR encoding/decoding routines */ +bool_t xdr_xpasswd(XDR * xdrs, xpasswd * objp); +bool_t xdr_yppasswd(XDR * xdrs, yppasswd * objp); + +#endif /* _YPPASSWD_H_ */ Index: pam-1.1.8/modules/pam_extrausers/yppasswd_xdr.c =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/yppasswd_xdr.c @@ -0,0 +1,40 @@ +/* + * yppasswdd + * Copyright 1994, 1995, 1996 Olaf Kirch, + * + * This program is covered by the GNU General Public License, version 2 + * or later. It is provided in the hope that it is useful. However, the author + * disclaims ALL WARRANTIES, expressed or implied. See the GPL for details. + * + * This file was generated automatically by rpcgen from yppasswd.x, and + * editied manually. + */ + +#include "config.h" + +#ifdef HAVE_RPC_RPC_H + +#include +#include "yppasswd.h" + +bool_t +xdr_xpasswd(XDR * xdrs, xpasswd * objp) +{ + return xdr_string(xdrs, &objp->pw_name, ~0) + && xdr_string(xdrs, &objp->pw_passwd, ~0) + && xdr_int(xdrs, &objp->pw_uid) + && xdr_int(xdrs, &objp->pw_gid) + && xdr_string(xdrs, &objp->pw_gecos, ~0) + && xdr_string(xdrs, &objp->pw_dir, ~0) + && xdr_string(xdrs, &objp->pw_shell, ~0); +} + + +bool_t +xdr_yppasswd(XDR * xdrs, yppasswd * objp) +{ + return xdr_string(xdrs, &objp->oldpass, ~0) + && xdr_xpasswd(xdrs, &objp->newpw); +} + +#endif Index: pam-1.1.8/modules/Makefile.am =================================================================== --- pam-1.1.8.orig/modules/Makefile.am +++ pam-1.1.8/modules/Makefile.am @@ -3,7 +3,7 @@ # SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ - pam_env pam_exec pam_faildelay pam_filter pam_ftp \ + pam_env pam_exec pam_extrausers pam_faildelay pam_filter pam_ftp \ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ pam_listfile pam_localuser pam_loginuid pam_mail \ pam_mkhomedir pam_motd pam_namespace pam_nologin \ Index: pam-1.1.8/configure.in =================================================================== --- pam-1.1.8.orig/configure.in +++ pam-1.1.8/configure.in @@ -607,6 +607,7 @@ AC_CONFIG_FILES([Makefile libpam/Makefil modules/pam_access/Makefile modules/pam_cracklib/Makefile \ modules/pam_debug/Makefile modules/pam_deny/Makefile \ modules/pam_echo/Makefile modules/pam_env/Makefile \ + modules/pam_extrausers/Makefile \ modules/pam_faildelay/Makefile \ modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \ modules/pam_ftp/Makefile modules/pam_group/Makefile \ Index: pam-1.1.8/modules/pam_extrausers/tst-pam_extrausers =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/tst-pam_extrausers @@ -0,0 +1,2 @@ +#!/bin/sh +../../tests/tst-dlopen .libs/pam_extrausers.so Index: pam-1.1.8/modules/pam_extrausers/pam_extrausers.8.xml =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_extrausers.8.xml @@ -0,0 +1,488 @@ + + + + + + + pam_extrausers + 8 + Linux-PAM Manual + + + + pam_extrausers + Module for libnss-extrausers authentication + + + + + pam_extrausers.so + + ... + + + + + + + DESCRIPTION + + + This is similar to the standard Unix authentication module pam_unix. + But instead of using /etc/passwd and /etc/shadow, it uses + /var/lib/extrausers/passwd and /var/lib/extrausers/shadow. + + + + The account component performs the task of establishing the status + of the user's account and password based on the following + shadow elements: expire, last_change, max_change, + min_change, warn_change. In the case of the latter, it may offer advice + to the user on changing their password or, through the + PAM_AUTHTOKEN_REQD return, delay + giving service to the user until they have established a new password. + The entries listed above are documented in the + shadow5 + manual page. Should the user's record not contain + one or more of these entries, the corresponding + shadow check is not performed. + + + + The authentication component performs the task of checking the + users credentials (password). The default action of this module + is to not permit the user access to a service if their official + password is blank. + + + + The password component of this module performs the task of updating + the user's password. The default encryption hash is taken from the + ENCRYPT_METHOD variable from + /etc/login.defs + + + + The session component of this module logs when a user logins + or leave the system. + + + + Remaining arguments, supported by others functions of this + module, are silently ignored. Other arguments are logged as + errors through + syslog3 + . + + + + + + OPTIONS + + + + + + + + Turns on debugging via + + syslog3 + . + + + + + + + + + + + A little more extreme than debug. + + + + + + + + + + + The default action of this module is to not permit the + user access to a service if their official password is blank. + The argument overrides this default + and allows any user with a blank password to access the + service. + + + + + + + + + + The default action of this module is to not permit the + user access to a service if their official password is blank. + The argument overrides this + default and allows any user with a blank password to access + the service as long as the value of PAM_TTY is set to one of + the values found in /etc/securetty. + + + + + + + + + + Before prompting the user for their password, the module first + tries the previous stacked module's password in case that + satisfies this module as well. + + + + + + + + + + The argument forces the module + to use a previous stacked modules password and will never prompt + the user - if no password is available or the password is not + appropriate, the user will be denied access. + + + + + + + + + + This argument can be used to discourage the authentication + component from requesting a delay should the authentication + as a whole fail. The default action is for the module to + request a delay-on-failure of the order of two second. + + + + + + + + + + When password changing enforce the module to set the new + password to the one provided by a previously stacked + module (this is used in the + example of the stacking of the pam_cracklib + module documented below). + + + + + + + + + + This argument is used to inform the module that it is not to + pay attention to/make available the old or new passwords from/to + other (stacked) password modules. + + + + + + + + + + NIS RPC is used for setting new passwords. + + + + + + + + + + The last n passwords for each + user are saved in /etc/security/opasswd + in order to force password change history and keep the user + from alternating between the same password too frequently. + Instead of this option the pam_pwhistory + module should be used. + + + + + + + + + + Try to maintain a shadow based system. + + + + + + + + + + When a user changes their password next, encrypt + it with the MD5 algorithm. + + + + + + + + + + When a user changes their password next, + encrypt it with the DEC C2 algorithm. + + + + + + + + + + When a user changes their password next, + encrypt it with the SHA256 algorithm. If the + SHA256 algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + When a user changes their password next, + encrypt it with the SHA512 algorithm. If the + SHA512 algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + When a user changes their password next, + encrypt it with the blowfish algorithm. If the + blowfish algorithm is not known to the + crypt3 + function, + fall back to MD5. + + + + + + + + + + Set the optional number of rounds of the SHA256, SHA512 + and blowfish password hashing algorithms to + n. + + + + + + + + + + Ignore errors reading shadow information for + users in the account management module. + + + + + + + + + + Set a minimum password length of n + characters. The default value is 6. The maximum for DES + crypt-based passwords is 8 characters. + + + + + + + + + + Enable some extra checks on password strength. These checks + are based on the "obscure" checks in the original shadow + package. The behavior is similar to the pam_cracklib + module, but for non-dictionary-based checks. The following + checks are implemented: + + + + + + + + Verifies that the new password is not a palindrome + of (i.e., the reverse of) the previous one. + + + + + + + + + + Verifies that the new password isn't the same as the + old one with a change of case. + + + + + + + + + + Verifies that the new password isn't too much like + the previous one. + + + + + + + + + + Is the new password too simple? This is based on + the length of the password and the number of + different types of characters (alpha, numeric, etc.) + used. + + + + + + + + + + Is the new password a rotated version of the old + password? (E.g., "billy" and "illyb") + + + + + + + + + + Invalid arguments are logged with + syslog3 + . + + + + + MODULE TYPES PROVIDED + + All module types (, , + and ) are provided. + + + + + RETURN VALUES + + + PAM_IGNORE + + + Ignore this module. + + + + + + + + EXAMPLES + + An example usage for /etc/pam.d/common-password + might be: + +password [success=2 default=ignore] pam_extrausers.so obscure sha512 +password [success=1 default=ignore] pam_unix.so obscure sha512 +# here's the fallback if no module succeeds +password requisite pam_deny.so +# prime the stack with a positive return value if there isn't one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit.so +# and here are more per-package modules (the "Additional" block) +password optional pam_gnome_keyring.so +password optional pam_ecryptfs.so + + + + + + SEE ALSO + + + login.defs5 + , + + pam.conf5 + , + + pam.d5 + , + + pam7 + + + + + + AUTHOR + + pam_extrausers was written by various people. + + + + Index: pam-1.1.8/modules/pam_extrausers/pam_extrausers.8 =================================================================== --- /dev/null +++ pam-1.1.8/modules/pam_extrausers/pam_extrausers.8 @@ -0,0 +1,269 @@ +'\" t +.\" Title: pam_extrausers +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.78.1 +.\" Date: 07/22/2014 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_EXTRAUSERS" "8" "07/22/2014" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_extrausers \- Module for libnss\-extrausers authentication +.SH "SYNOPSIS" +.HP \w'\fBpam_extrausers\&.so\fR\ 'u +\fBpam_extrausers\&.so\fR [\&.\&.\&.] +.SH "DESCRIPTION" +.PP +This is similar to the standard Unix authentication module pam_unix\&. But instead of using /etc/passwd and /etc/shadow, it uses /var/lib/extrausers/passwd and /var/lib/extrausers/shadow\&. +.PP +The account component performs the task of establishing the status of the user\*(Aqs account and password based on the following +\fIshadow\fR +elements: expire, last_change, max_change, min_change, warn_change\&. In the case of the latter, it may offer advice to the user on changing their password or, through the +\fBPAM_AUTHTOKEN_REQD\fR +return, delay giving service to the user until they have established a new password\&. The entries listed above are documented in the +\fBshadow\fR(5) +manual page\&. Should the user\*(Aqs record not contain one or more of these entries, the corresponding +\fIshadow\fR +check is not performed\&. +.PP +The authentication component performs the task of checking the users credentials (password)\&. The default action of this module is to not permit the user access to a service if their official password is blank\&. +.PP +The password component of this module performs the task of updating the user\*(Aqs password\&. The default encryption hash is taken from the +\fBENCRYPT_METHOD\fR +variable from +\fI/etc/login\&.defs\fR +.PP +The session component of this module logs when a user logins or leave the system\&. +.PP +Remaining arguments, supported by others functions of this module, are silently ignored\&. Other arguments are logged as errors through +\fBsyslog\fR(3)\&. +.SH "OPTIONS" +.PP +\fBdebug\fR +.RS 4 +Turns on debugging via +\fBsyslog\fR(3)\&. +.RE +.PP +\fBaudit\fR +.RS 4 +A little more extreme than debug\&. +.RE +.PP +\fBnullok\fR +.RS 4 +The default action of this module is to not permit the user access to a service if their official password is blank\&. The +\fBnullok\fR +argument overrides this default and allows any user with a blank password to access the service\&. +.RE +.PP +\fBnullok_secure\fR +.RS 4 +The default action of this module is to not permit the user access to a service if their official password is blank\&. The +\fBnullok_secure\fR +argument overrides this default and allows any user with a blank password to access the service as long as the value of PAM_TTY is set to one of the values found in /etc/securetty\&. +.RE +.PP +\fBtry_first_pass\fR +.RS 4 +Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&. +.RE +.PP +\fBuse_first_pass\fR +.RS 4 +The argument +\fBuse_first_pass\fR +forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&. +.RE +.PP +\fBnodelay\fR +.RS 4 +This argument can be used to discourage the authentication component from requesting a delay should the authentication as a whole fail\&. The default action is for the module to request a delay\-on\-failure of the order of two second\&. +.RE +.PP +\fBuse_authtok\fR +.RS 4 +When password changing enforce the module to set the new password to the one provided by a previously stacked +\fBpassword\fR +module (this is used in the example of the stacking of the +\fBpam_cracklib\fR +module documented below)\&. +.RE +.PP +\fBnot_set_pass\fR +.RS 4 +This argument is used to inform the module that it is not to pay attention to/make available the old or new passwords from/to other (stacked) password modules\&. +.RE +.PP +\fBnis\fR +.RS 4 +NIS RPC is used for setting new passwords\&. +.RE +.PP +\fBremember=\fR\fB\fIn\fR\fR +.RS 4 +The last +\fIn\fR +passwords for each user are saved in +/etc/security/opasswd +in order to force password change history and keep the user from alternating between the same password too frequently\&. Instead of this option the +\fBpam_pwhistory\fR +module should be used\&. +.RE +.PP +\fBshadow\fR +.RS 4 +Try to maintain a shadow based system\&. +.RE +.PP +\fBmd5\fR +.RS 4 +When a user changes their password next, encrypt it with the MD5 algorithm\&. +.RE +.PP +\fBbigcrypt\fR +.RS 4 +When a user changes their password next, encrypt it with the DEC C2 algorithm\&. +.RE +.PP +\fBsha256\fR +.RS 4 +When a user changes their password next, encrypt it with the SHA256 algorithm\&. If the SHA256 algorithm is not known to the +\fBcrypt\fR(3) +function, fall back to MD5\&. +.RE +.PP +\fBsha512\fR +.RS 4 +When a user changes their password next, encrypt it with the SHA512 algorithm\&. If the SHA512 algorithm is not known to the +\fBcrypt\fR(3) +function, fall back to MD5\&. +.RE +.PP +\fBblowfish\fR +.RS 4 +When a user changes their password next, encrypt it with the blowfish algorithm\&. If the blowfish algorithm is not known to the +\fBcrypt\fR(3) +function, fall back to MD5\&. +.RE +.PP +\fBrounds=\fR\fB\fIn\fR\fR +.RS 4 +Set the optional number of rounds of the SHA256, SHA512 and blowfish password hashing algorithms to +\fIn\fR\&. +.RE +.PP +\fBbroken_shadow\fR +.RS 4 +Ignore errors reading shadow information for users in the account management module\&. +.RE +.PP +\fBminlen=\fR\fB\fIn\fR\fR +.RS 4 +Set a minimum password length of +\fIn\fR +characters\&. The default value is 6\&. The maximum for DES crypt\-based passwords is 8 characters\&. +.RE +.PP +\fBobscure\fR +.RS 4 +Enable some extra checks on password strength\&. These checks are based on the "obscure" checks in the original shadow package\&. The behavior is similar to the pam_cracklib module, but for non\-dictionary\-based checks\&. The following checks are implemented: +.PP +\fBPalindrome\fR +.RS 4 +Verifies that the new password is not a palindrome of (i\&.e\&., the reverse of) the previous one\&. +.RE +.PP +\fBCase Change Only\fR +.RS 4 +Verifies that the new password isn\*(Aqt the same as the old one with a change of case\&. +.RE +.PP +\fBSimilar\fR +.RS 4 +Verifies that the new password isn\*(Aqt too much like the previous one\&. +.RE +.PP +\fBSimple\fR +.RS 4 +Is the new password too simple? This is based on the length of the password and the number of different types of characters (alpha, numeric, etc\&.) used\&. +.RE +.PP +\fBRotated\fR +.RS 4 +Is the new password a rotated version of the old password? (E\&.g\&., "billy" and "illyb") +.RE +.sp +.RE +.PP +Invalid arguments are logged with +\fBsyslog\fR(3)\&. +.SH "MODULE TYPES PROVIDED" +.PP +All module types (\fBaccount\fR, +\fBauth\fR, +\fBpassword\fR +and +\fBsession\fR) are provided\&. +.SH "RETURN VALUES" +.PP +PAM_IGNORE +.RS 4 +Ignore this module\&. +.RE +.SH "EXAMPLES" +.PP +An example usage for +/etc/pam\&.d/common\-password +would be: +.sp +.if n \{\ +.RS 4 +.\} +.nf +password [success=2 default=ignore] pam_extrausers\&.so obscure sha512 +password [success=1 default=ignore] pam_unix\&.so obscure sha512 +# here\*(Aqs the fallback if no module succeeds +password requisite pam_deny\&.so +# prime the stack with a positive return value if there isn\*(Aqt one already; +# this avoids us returning an error just because nothing sets a success code +# since the modules above will each just jump around +password required pam_permit\&.so +# and here are more per\-package modules (the "Additional" block) +password optional pam_gnome_keyring\&.so +password optional pam_ecryptfs\&.so + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "SEE ALSO" +.PP +\fBlogin.defs\fR(5), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(7) +.SH "AUTHOR" +.PP +pam_extrausers was written by various people\&. pam/debian/patches-applied/hurd_no_setfsuid0000644000000000000000000000322013261244762016301 0ustar On systems without setfsuid(), use setreuid() instead. Authors: Steve Langasek Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv are implemented Index: pam.debian/libpam/pam_modutil_priv.c =================================================================== --- pam.debian.orig/libpam/pam_modutil_priv.c +++ pam.debian/libpam/pam_modutil_priv.c @@ -14,7 +14,9 @@ #include #include #include +#ifdef HAVE_SYS_FSUID_H #include +#endif /* HAVE_SYS_FSUID_H */ /* * Two setfsuid() calls in a row are necessary to check @@ -22,17 +24,55 @@ */ static int change_uid(uid_t uid, uid_t *save) { +#ifdef HAVE_SYS_FSUID_H uid_t tmp = setfsuid(uid); if (save) *save = tmp; return (uid_t) setfsuid(uid) == uid ? 0 : -1; +#else + uid_t euid = geteuid(); + uid_t ruid = getuid(); + if (save) + *save = ruid; + if (ruid == uid && uid != 0) + if (setreuid(euid, uid)) + return -1; + else { + setreuid(0, -1); + if (setreuid(-1, uid)) { + setreuid(-1, 0); + setreuid(0, -1); + if (setreuid(-1, uid)) + return -1; + } + } +#endif } static int change_gid(gid_t gid, gid_t *save) { +#ifdef HAVE_SYS_FSUID_H gid_t tmp = setfsgid(gid); if (save) *save = tmp; return (gid_t) setfsgid(gid) == gid ? 0 : -1; +#else + gid_t egid = getegid(); + gid_t rgid = getgid(); + if (save) + *save = rgid; + if (rgid == gid) + if (setregid(egid, gid)) + return -1; + else { + setregid(0, -1); + if (setregid(-1, gid)) { + setregid(-1, 0); + setregid(0, -1); + if (setregid(-1, gid)) + return -1; + } + } +#endif } static int cleanup(struct pam_modutil_privs *p) pam/debian/patches-applied/lib_security_multiarch_compat0000644000000000000000000000471213261244762021054 0ustar Unqualified module paths should always be looked up in *both* the default module dir, *and* the ISA dir. That's what paths are for. This lets us have a soft transition to multiarch for modules without having to rewrite /etc/pam.d/ files or add ugly symlinks. Authors: Steve Langasek Upstream status: not ready to be committed - this needs tweaked, we're currently abusing the existing variables and inverting their meaning in order to get everything installed where we want it and get absolute paths the way we want them. Index: multiarch/libpam/pam_handlers.c =================================================================== --- multiarch.orig/libpam/pam_handlers.c +++ multiarch/libpam/pam_handlers.c @@ -705,7 +705,26 @@ } #else D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); + if (mod_path[0] == '/') { + mod->dl_handle = _pam_dlopen(mod_path); + } else { + if (asprintf(&mod_full_isa_path, "%s%s", + DEFAULT_MODULE_PATH, mod_path) >= 0) { + mod->dl_handle = _pam_dlopen(mod_full_isa_path); + _pam_drop(mod_full_isa_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); + } + if (!mod->dl_handle) { + if (asprintf(&mod_full_isa_path, "%s/%s", + _PAM_ISA, mod_path) >= 0) { + mod->dl_handle = _pam_dlopen(mod_full_isa_path); + _pam_drop(mod_full_isa_path); + } else { + pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); + } + } + } D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { @@ -775,7 +794,6 @@ struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; - char *mod_full_path; servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; @@ -787,16 +805,7 @@ if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { - if (mod_path[0] == '/') { - mod = _pam_load_module(pamh, mod_path, handler_type); - } else if (asprintf(&mod_full_path, "%s%s", - DEFAULT_MODULE_PATH, mod_path) >= 0) { - mod = _pam_load_module(pamh, mod_full_path, handler_type); - _pam_drop(mod_full_path); - } else { - pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); - return PAM_ABORT; - } + mod = _pam_load_module(pamh, mod_path, handler_type); if (mod == NULL) { /* if we get here with NULL it means allocation error */ pam/debian/patches-applied/make_documentation_reproducible.patch0000644000000000000000000000135413261244762022446 0ustar Description: Make documentation reproducible Add LC_ALL=C to w3m to avoid changes in the output when build the documentation with different locales. Author: Juan Picca Last-Update: 2015-07-11 --- pam.orig/configure +++ pam/configure @@ -15162,7 +15162,7 @@ fi if test ! -z "$BROWSER"; then - BROWSER="$BROWSER -T text/html -dump" + BROWSER="LC_ALL=C $BROWSER -T text/html -dump" else enable_docu=no fi --- pam.orig/configure.in +++ pam/configure.in @@ -554,7 +554,7 @@ JH_CHECK_XML_CATALOG([http://docbook.sou AC_PATH_PROG([BROWSER], [w3m]) if test ! -z "$BROWSER"; then - BROWSER="$BROWSER -T text/html -dump" + BROWSER="LC_ALL=C $BROWSER -T text/html -dump" else enable_docu=no fi pam/debian/patches-applied/no_PATH_MAX_on_hurd0000644000000000000000000000123013261244762016407 0ustar Description: define PATH_MAX for compatibility when it's not already set Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable default value in this case. Author: Steve Langasek Bug-Debian: http://bugs.debian.org/552043 Index: pam.deb/tests/tst-dlopen.c =================================================================== --- pam.deb.orig/tests/tst-dlopen.c +++ pam.deb/tests/tst-dlopen.c @@ -16,6 +16,11 @@ #include #include +/* Hurd compatibility */ +#ifndef PATH_MAX +#define PATH_MAX 4096 +#endif + /* Simple program to see if dlopen() would succeed. */ int main(int argc, char **argv) { pam/debian/patches-applied/pam-limits-nofile-fd-setsize-cap0000644000000000000000000000513213261244762021103 0ustar From: Robie Basak Subject: pam_limits: cap the default soft nofile limit read from pid 1 to FD_SETSIZE Cap the default soft nofile limit read from pid 1 to FD_SETSIZE since larger values can cause problems with fd_set overflow and systemd sets itself higher. See: https://lists.ubuntu.com/archives/ubuntu-devel/2010-September/031446.html http://www.outflux.net/blog/archives/2014/06/13/5-year-old-glibc-select-weakness-fixed/ https://sourceware.org/bugzilla/show_bug.cgi?id=10352 https://github.com/systemd/systemd/commit/4096d6f5879aef73e20dd7b62a01f447629945b0 pam_limits reads the default limits from /proc/1/limits. Previously, using upstart, this resulted in a 1024 nofile soft limit on Ubuntu systems by default. Using systemd, this results in a limit of 65536 instead. This is not the intention of systemd upstream. See systemd commit 4096d6f for an explanation of systemd's behaviour. If we want to make such a change to the default distribution soft limit in PAM, we should do it deliberately and carefully, not accidentally. A change should consider what uses select(2) and might inadvertently (and incorrectly) assume that file descriptors will always fit into an fd_set, what vulnerabilities or crashes the change could consequently create, and whether the protection now present with FORTIFY_SOURCE is suitably enabled in all relevant builds. So this keeps the soft limit at 1024 for now. The hard limit will rise to 65536 along with systemd. Anything that knows that it will not be buggy with respect to fd_set and FD_SETSIZE, such as by using poll(2) or epoll(7) instead of select(2), can always raise the soft limit itself without issue. 20:54 slangasek: [...] I'm also not sure how to go about upstreaming this as pam_limits seems to be heavily patched already. Forwarded: no Reviewed-by: Adam Conrad Reviewed-by: Martin Pitt Last-Update: 2015-04-22 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -439,6 +439,14 @@ static void parse_kernel_limits(pam_hand pl->limits[i].src_hard = LIMITS_DEF_KERNEL; } fclose(limitsfile); + + /* Cap the default soft nofile limit read from pid 1 to FD_SETSIZE + * since larger values can cause problems with fd_set overflow and + * systemd sets itself higher. */ + if (pl->limits[RLIMIT_NOFILE].src_soft == LIMITS_DEF_KERNEL && + pl->limits[RLIMIT_NOFILE].limit.rlim_cur > FD_SETSIZE) { + pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE; + } } static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) pam/debian/patches-applied/pam-loginuid-in-containers0000644000000000000000000001121313261244762020072 0ustar Author: Stéphane Graber Description: pam_loginuid: Ignore failure in user namespaces When running pam_loginuid in a container using the user namespaces, even uid 0 isn't allowed to set the loginuid property. . This change catches the EACCES from opening loginuid, checks if the user is in the host namespace (by comparing the uid_map with the host's one) and only if that's the case, sets rc to 1. . Should uid_map not exist or be unreadable for some reason, it'll be assumed that the process is running on the host's namespace. . The initial reason behind this change was failure to ssh into an unprivileged container (using a 3.13 kernel and current LXC) when using a standard pam profile for sshd (which requires success from pam_loginuid). . I believe this solution doesn't have any drawback and will allow people to use unprivileged containers normally. An alternative would be to have all distros set pam_loginuid as optional but that'd be bad for any of the other potential failure case which people may care about. . There has also been some discussions to get some of the audit features tied with the user namespaces but currently none of that has been merged upstream and the currently proposed implementation doesn't cover loginuid (nor is it clear how this should even work when loginuid is set as immutable after initial write). . Signed-off-by: Steve Langasek Signed-off-by: Dmitry V. Levin Index: ubuntu/modules/pam_loginuid/pam_loginuid.c =================================================================== --- ubuntu.orig/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:07:08.665185675 +0000 +++ ubuntu/modules/pam_loginuid/pam_loginuid.c 2014-01-31 21:05:05.000000000 +0000 @@ -47,25 +47,56 @@ /* * This function writes the loginuid to the /proc system. It returns - * 0 on success and 1 on failure. + * PAM_SUCCESS on success, + * PAM_IGNORE when /proc/self/loginuid does not exist, + * PAM_SESSION_ERR in case of any other error. */ static int set_loginuid(pam_handle_t *pamh, uid_t uid) { - int fd, count, rc = 0; - char loginuid[24]; + int fd, count, rc = PAM_SESSION_ERR; + char loginuid[24], buf[24]; + static const char host_uid_map[] = " 0 0 4294967295\n"; + char uid_map[sizeof(host_uid_map)]; + + /* loginuid in user namespaces currently isn't writable and in some + case, not even readable, so consider any failure as ignorable (but try + anyway, in case we hit a kernel which supports it). */ + fd = open("/proc/self/uid_map", O_RDONLY); + if (fd >= 0) { + count = pam_modutil_read(fd, uid_map, sizeof(uid_map)); + if (strncmp(uid_map, host_uid_map, count) != 0) + rc = PAM_IGNORE; + close(fd); + } - count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); - fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); + fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDWR); if (fd < 0) { - if (errno != ENOENT) { - rc = 1; - pam_syslog(pamh, LOG_ERR, - "Cannot open /proc/self/loginuid: %m"); + if (errno == ENOENT) { + rc = PAM_IGNORE; + } + if (rc != PAM_IGNORE) { + pam_syslog(pamh, LOG_ERR, "Cannot open %s: %m", + "/proc/self/loginuid"); } return rc; } - if (pam_modutil_write(fd, loginuid, count) != count) - rc = 1; + + count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); + if (pam_modutil_read(fd, buf, sizeof(buf)) == count && + memcmp(buf, loginuid, count) == 0) { + rc = PAM_SUCCESS; + goto done; /* already correct */ + } + if (lseek(fd, 0, SEEK_SET) == 0 && ftruncate(fd, 0) == 0 && + pam_modutil_write(fd, loginuid, count) == count) { + rc = PAM_SUCCESS; + } else { + if (rc != PAM_IGNORE) { + pam_syslog(pamh, LOG_ERR, "Error writing %s: %m", + "/proc/self/loginuid"); + } + } + done: close(fd); return rc; } @@ -165,6 +196,7 @@ { const char *user = NULL; struct passwd *pwd; + int ret; #ifdef HAVE_LIBAUDIT int require_auditd = 0; #endif @@ -183,9 +215,14 @@ return PAM_SESSION_ERR; } - if (set_loginuid(pamh, pwd->pw_uid)) { - pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); - return PAM_SESSION_ERR; + ret = set_loginuid(pamh, pwd->pw_uid); + switch (ret) { + case PAM_SUCCESS: + case PAM_IGNORE: + break; + default: + pam_syslog(pamh, LOG_ERR, "set_loginuid failed"); + return ret; } #ifdef HAVE_LIBAUDIT @@ -195,11 +232,12 @@ argv++; } - if (require_auditd) - return check_auditd(); - else + if (require_auditd) { + int rc = check_auditd(); + return rc != PAM_SUCCESS ? rc : ret; + } else #endif - return PAM_SUCCESS; + return ret; } /* pam/debian/patches-applied/pam_motd-legal-notice0000644000000000000000000000512113261244762017100 0ustar Patch for Ubuntu bug #399071 Display the contents of /etc/legal as part of the MOTD, the first time the user logs in, and set a flag in the user's homedir if possible to prevent repeat displays. Authors: Dustin Kirkland Upstream status: Ubuntu-specific, maybe submit to Debian Index: pam.ubuntu/modules/pam_motd/pam_motd.c =================================================================== --- pam.ubuntu.orig/modules/pam_motd/pam_motd.c +++ pam.ubuntu/modules/pam_motd/pam_motd.c @@ -73,6 +73,61 @@ close(fd); } +int display_legal(pam_handle_t *pamh) +{ + int retval = PAM_IGNORE, rc; + char *user = NULL; + char *dir = NULL; + char *flag = NULL; + struct passwd *pwd = NULL; + struct stat s; + int f; + /* Get the user name to determine if we need to print the disclaimer */ + rc = pam_get_item(pamh, PAM_USER, &user); + if (rc == PAM_SUCCESS && user != NULL && *(const char *)user != '\0') + { + PAM_MODUTIL_DEF_PRIVS(privs); + + /* Get the password entry */ + pwd = pam_modutil_getpwnam (pamh, user); + if (pwd != NULL) + { + if (pam_modutil_drop_priv(pamh, &privs, pwd)) { + pam_syslog(pamh, LOG_ERR, + "Unable to change UID to %d temporarily\n", + pwd->pw_uid); + retval = PAM_SESSION_ERR; + goto finished; + } + + if (asprintf(&dir, "%s/.cache", pwd->pw_dir) == -1 || !dir) + goto finished; + if (asprintf(&flag, "%s/motd.legal-displayed", dir) == -1 || !flag) + goto finished; + + if (stat(flag, &s) != 0) + { + display_file(pamh, "/etc/legal"); + mkdir(dir, 0700); + f = open(flag, O_WRONLY|O_CREAT|O_EXCL, + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if (f>=0) close(f); + } + +finished: + if (pam_modutil_regain_priv(pamh, &privs)) { + pam_syslog(pamh, LOG_ERR, + "Unable to change UID back to %d\n", privs.old_uid); + retval = PAM_SESSION_ERR; + } + + _pam_drop(flag); + _pam_drop(dir); + } + } + return retval; +} + PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) @@ -116,6 +171,9 @@ /* Display the updated motd */ display_file(pamh, motd_path); + /* Display the legal disclaimer only if necessary */ + retval = display_legal(pamh); + return retval; } pam/debian/patches-applied/pam_namespace_fix_bashism.patch0000644000000000000000000000456413261244762021214 0ustar From fbc65c39d6853af268c9a093923afc876d0b138e Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Tue, 14 Jan 2014 19:48:51 -0800 Subject: pam_namespace: don't use bashisms in default namespace.init script * modules/pam_namespace/pam_namespace.c: call setuid() before execing the namespace init script, so that scripts run with maximum privilege regardless of the shell implementation. * modules/pam_namespace/namespace.init: drop the '-p' bashism from the shebang line This is not a POSIX standard option, it's a bashism. The bash manpage says that it's used to prevent the effective user id from being reset to the real user id on startup, and to ignore certain unsafe variables from the environment. In the case of pam_namespace, the -p is not necessary for environment sanitizing because the PAM module (properly) sanitizes the environment before execing the script. The stated reason given in CVS history for passing -p is to "preserve euid when called from setuid apps (su, newrole)." This should be done more portably, by calling setuid() before spawning the shell. Signed-off-by: Steve Langasek Bug-Debian: http://bugs.debian.org/624842 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1081323 --- modules/pam_namespace/namespace.init | 2 +- modules/pam_namespace/pam_namespace.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/pam_namespace/namespace.init b/modules/pam_namespace/namespace.init index 9ab5806..67d4aa2 100755 --- a/modules/pam_namespace/namespace.init +++ b/modules/pam_namespace/namespace.init @@ -1,4 +1,4 @@ -#!/bin/sh -p +#!/bin/sh # It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index e0d5e30..92883f5 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -1205,6 +1205,11 @@ static int inst_init(const struct polydir_s *polyptr, const char *ipath, _exit(1); } #endif + /* Pass maximum privs when we exec() */ + if (setuid(geteuid()) < 0) { + /* ignore failures, they don't matter */ + } + if (execle(init_script, init_script, polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) _exit(1); -- cgit v0.12 pam/debian/patches-applied/pam_umask_usergroups_from_login.defs.patch0000644000000000000000000001225613261244762023452 0ustar Description: Deprecate pam_unix' explicit "usergroups" option and instead read it from /etc/login.def's "USERGROUP_ENAB" option if umask is only defined there. This restores compatibility with the pre-PAM behaviour of login. See https://blueprints.launchpad.net/ubuntu/+spec/umask-to-0002. Author: Martin Pitt Bug-Debian: http://bugs.debian.org/583958 === modified file 'modules/pam_umask/pam_umask.c' Index: pam.ubuntu/modules/pam_umask/pam_umask.c =================================================================== --- pam.ubuntu.orig/modules/pam_umask/pam_umask.c +++ pam.ubuntu/modules/pam_umask/pam_umask.c @@ -87,7 +87,7 @@ } static char * -search_key (const char *filename) +search_key (const char *filename, const char *key) { FILE *fp; char *buf = NULL; @@ -146,7 +146,7 @@ while (isspace ((int)*cp) || *cp == '=') ++cp; - if (strcasecmp (tmp, "UMASK") == 0) + if (strcasecmp (tmp, key) == 0) { retval = strdup (cp); break; @@ -163,15 +163,34 @@ get_options (const pam_handle_t *pamh, options_t *options, int argc, const char **argv) { + char *result; + memset (options, 0, sizeof (options_t)); /* Parse parameters for module */ for ( ; argc-- > 0; argv++) parse_option (pamh, *argv, options); if (options->umask == NULL) - options->umask = search_key (LOGIN_DEFS); + { + options->umask = search_key (LOGIN_DEFS, "UMASK"); + /* login.defs' USERGROUPS_ENAB will modify the UMASK setting there by way + * of usergroups; but we don't want it to influence umask definitions + * from other places (like GECOS). This restores compatibility with + * shadow from the pre-PAM age. + */ + if (options->umask != NULL) + { + result = search_key (LOGIN_DEFS, "USERGROUPS_ENAB"); + if (result != NULL) + { + options->usergroups = (strcasecmp (result, "yes") == 0); + free (result); + } + } + } + if (options->umask == NULL) - options->umask = search_key (LOGIN_CONF); + options->umask = search_key (LOGIN_CONF, "UMASK"); return 0; } Index: pam.ubuntu/modules/pam_umask/pam_umask.8.xml =================================================================== --- pam.ubuntu.orig/modules/pam_umask/pam_umask.8.xml +++ pam.ubuntu/modules/pam_umask/pam_umask.8.xml @@ -63,7 +63,8 @@ - UMASK entry from /etc/login.defs + UMASK entry from /etc/login.defs (influenced by USERGROUPS_ENAB in + /etc/login.defs) @@ -115,6 +116,11 @@ If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 -> 002, 077 -> 007). + Note that using this option explicitly is discouraged. pam_umask + enables this functionality by default if /etc/login.defs enables + USERGROUPS_ENAB, and the umask is not set explicitly in other + places than /etc/login.defs (this is compatible with login's + behaviour without PAM). Index: pam.ubuntu/modules/pam_umask/pam_umask.8 =================================================================== --- pam.ubuntu.orig/modules/pam_umask/pam_umask.8 +++ pam.ubuntu/modules/pam_umask/pam_umask.8 @@ -2,12 +2,12 @@ .\" Title: pam_umask .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 -.\" Date: 09/19/2013 +.\" Date: 01/16/2014 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" -.TH "PAM_UMASK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" +.TH "PAM_UMASK" "8" "01/16/2014" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -79,7 +79,7 @@ .sp -1 .IP \(bu 2.3 .\} -UMASK entry from /etc/login\&.defs +UMASK entry from /etc/login\&.defs (influenced by USERGROUPS_ENAB in /etc/login\&.defs) .RE .PP The GECOS field is split on comma \*(Aq,\*(Aq characters\&. The module also in addition to the umask= entry recognizes pri= entry, which sets the nice priority value for the session, and ulimit= entry, which sets the maximum size of files the processes in the session can create\&. @@ -98,7 +98,7 @@ .PP \fBusergroups\fR .RS 4 -If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. +If the user is not root and the username is the same as primary group name, the umask group bits are set to be the same as owner bits (examples: 022 \-> 002, 077 \-> 007)\&. Note that using this option explicitly is discouraged\&. pam_umask enables this functionality by default if /etc/login\&.defs enables USERGROUPS_ENAB, and the umask is not set explicitly in other places than /etc/login\&.defs (this is compatible with login\*(Aqs behaviour without PAM)\&. .RE .PP \fBumask=\fR\fB\fImask\fR\fR pam/debian/patches-applied/pam_unix_dont_trust_chkpwd_caller.patch0000644000000000000000000000176113261244762023032 0ustar Dropping suid bits is not enough to let us trust the caller; the unix_chkpwd helper could be sgid shadow instead of suid root, as it is in Debian and Ubuntu by default. Drop any sgid bits as well. Authors: Steve Langasek , Michael Spang Upstream status: to be submitted Index: pam-debian/modules/pam_unix/unix_chkpwd.c =================================================================== --- pam-debian.orig/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:22:06.270705822 -0700 +++ pam-debian/modules/pam_unix/unix_chkpwd.c 2011-10-10 16:24:06.080224301 -0700 @@ -137,9 +137,10 @@ /* if the caller specifies the username, verify that user matches it */ if (strcmp(user, argv[1])) { + gid_t gid = getgid(); user = argv[1]; /* no match -> permanently change to the real user and proceed */ - if (setuid(getuid()) != 0) + if (setresgid(gid, gid, gid) != 0 || setuid(getuid()) != 0) return PAM_AUTH_ERR; } } pam/debian/patches-applied/pam_unix_fix_sgid_shadow_auth.patch0000644000000000000000000000167413261244762022130 0ustar Revert upstream change that prevents pam_unix from working with sgid shadow applications. Authors: Steve Langasek Upstream status: to be submitted (and debated...) Index: debian-pkg-pam/modules/pam_unix/passverify.c =================================================================== --- debian-pkg-pam.orig/modules/pam_unix/passverify.c 2009-04-17 12:46:39.000000000 -0700 +++ debian-pkg-pam/modules/pam_unix/passverify.c 2009-04-17 12:46:40.000000000 -0700 @@ -203,11 +203,11 @@ * ...and shadow password file entry for this user, * if shadowing is enabled */ + *spwdent = pam_modutil_getspnam(pamh, name); #ifndef HELPER_COMPILE - if (geteuid() || SELINUX_ENABLED) + if (*spwdent == NULL && (geteuid() || SELINUX_ENABLED)) return PAM_UNIX_RUN_HELPER; #endif - *spwdent = pam_modutil_getspnam(pamh, name); if (*spwdent == NULL || (*spwdent)->sp_pwdp == NULL) return PAM_AUTHINFO_UNAVAIL; } pam/debian/patches-applied/series0000644000000000000000000000167313261244762014241 0ustar pam_unix_fix_sgid_shadow_auth.patch pam_unix_dont_trust_chkpwd_caller.patch 007_modules_pam_unix 008_modules_pam_limits_chroot 021_nis_cleanup 022_pam_unix_group_time_miscfixes 026_pam_unix_passwd_unknown_user do_not_check_nis_accidentally 027_pam_limits_better_init_allow_explicit_root 031_pam_include 032_pam_limits_EPERM_NOT_FATAL 036_pam_wheel_getlogin_considered_harmful hurd_no_setfsuid 040_pam_limits_log_failure 045_pam_dispatch_jump_is_ignore 054_pam_security_abstract_securetty_handling 055_pam_unix_nullok_secure cve-2010-4708.patch PAM-manpage-section update-motd pam_motd-legal-notice no_PATH_MAX_on_hurd ubuntu-rlimit_nice_correction update-motd-manpage-ref lib_security_multiarch_compat pam_umask_usergroups_from_login.defs.patch pam-loginuid-in-containers extrausers.patch cve-2013-7041.patch cve-2014-2583.patch cve-2015-3238.patch pam-limits-nofile-fd-setsize-cap pam_namespace_fix_bashism.patch make_documentation_reproducible.patch pam/debian/patches-applied/ubuntu-rlimit_nice_correction0000644000000000000000000000114413261244762021005 0ustar Index: pam.ubuntu/modules/pam_limits/pam_limits.c =================================================================== --- pam.ubuntu.orig/modules/pam_limits/pam_limits.c +++ pam.ubuntu/modules/pam_limits/pam_limits.c @@ -362,6 +362,12 @@ pl->limits[i].limit.rlim_cur = 8192*1024; pl->limits[i].limit.rlim_max = RLIM_INFINITY; break; +#ifdef RLIMIT_NICE + case RLIMIT_NICE: + pl->limits[i].limit.rlim_cur = 20; + pl->limits[i].limit.rlim_max = 20; + break; +#endif case RLIMIT_NOFILE: pl->limits[i].limit.rlim_cur = 1024; pl->limits[i].limit.rlim_max = 1024; pam/debian/patches-applied/update-motd0000644000000000000000000001073213261244762015166 0ustar Patch for Ubuntu bug #399071 Provide a more dynamic MOTD, based on the short-lived update-motd project. Authors: Dustin Kirkland Upstream status: not yet submitted Index: pam.debian/modules/pam_motd/pam_motd.c =================================================================== --- pam.debian.orig/modules/pam_motd/pam_motd.c +++ pam.debian/modules/pam_motd/pam_motd.c @@ -48,14 +48,39 @@ static char default_motd[] = DEFAULT_MOTD; +static void display_file(pam_handle_t *pamh, const char *motd_path) +{ + int fd; + char *mtmp = NULL; + while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { + struct stat st; + /* fill in message buffer with contents of motd */ + if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) + break; + if (!(mtmp = malloc(st.st_size+1))) + break; + if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) + break; + if (mtmp[st.st_size-1] == '\n') + mtmp[st.st_size-1] = '\0'; + else + mtmp[st.st_size] = '\0'; + pam_info (pamh, "%s", mtmp); + break; + } + _pam_drop (mtmp); + if (fd >= 0) + close(fd); +} + PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; - int fd; + int do_update = 1; const char *motd_path = NULL; - char *mtmp = NULL; + struct stat st; if (flags & PAM_SILENT) { return retval; @@ -73,6 +98,9 @@ "motd= specification missing argument - ignored"); } } + else if (!strcmp(*argv,"noupdate")) { + do_update = 0; + } else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } @@ -80,34 +108,23 @@ if (motd_path == NULL) motd_path = default_motd; - while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { - struct stat st; - - /* fill in message buffer with contents of motd */ - if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) - break; - - if (!(mtmp = malloc(st.st_size+1))) - break; - - if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) - break; - - if (mtmp[st.st_size-1] == '\n') - mtmp[st.st_size-1] = '\0'; - else - mtmp[st.st_size] = '\0'; - - pam_info (pamh, "%s", mtmp); - break; + /* Run the update-motd dynamic motd scripts, outputting to /run/motd.dynamic. + This will be displayed only when calling pam_motd with + motd=/run/motd.dynamic; current /etc/pam.d/login and /etc/pam.d/sshd + display both this file and /etc/motd. */ + if (do_update && (stat("/etc/update-motd.d", &st) == 0) + && S_ISDIR(st.st_mode)) + { + mode_t old_mask = umask(0022); + if (!system("/usr/bin/env -i PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin run-parts --lsbsysinit /etc/update-motd.d > /run/motd.dynamic.new")) + rename("/run/motd.dynamic.new", "/run/motd.dynamic"); + umask(old_mask); } - _pam_drop (mtmp); - - if (fd >= 0) - close(fd); + /* Display the updated motd */ + display_file(pamh, motd_path); - return retval; + return retval; } Index: pam.debian/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.debian.orig/modules/pam_motd/pam_motd.8.xml +++ pam.debian/modules/pam_motd/pam_motd.8.xml @@ -52,6 +52,17 @@ + + + + + + + Don't run the scripts in /etc/update-motd.d + to refresh the motd file. + + + Index: pam.debian/modules/pam_motd/pam_motd.8 =================================================================== --- pam.debian.orig/modules/pam_motd/pam_motd.8 +++ pam.debian/modules/pam_motd/pam_motd.8 @@ -45,6 +45,13 @@ /path/filename file is displayed as message of the day\&. .RE +.PP +\fBnoupdate\fR +.RS 4 +Don\*(Aqt run the scripts in +/etc/update\-motd\&.d +to refresh the motd file\&. +.RE .SH "MODULE TYPES PROVIDED" .PP Only the Index: pam.debian/modules/pam_motd/README =================================================================== --- pam.debian.orig/modules/pam_motd/README +++ pam.debian/modules/pam_motd/README @@ -14,6 +14,10 @@ The /path/filename file is displayed as message of the day. +noupdate + + Don't run the scripts in /etc/update-motd.d to refresh the motd file. + EXAMPLES The suggested usage for /etc/pam.d/login is: pam/debian/patches-applied/update-motd-manpage-ref0000644000000000000000000000163613261244762017351 0ustar Index: pam.ubuntu/modules/pam_motd/pam_motd.8.xml =================================================================== --- pam.ubuntu.orig/modules/pam_motd/pam_motd.8.xml +++ pam.ubuntu/modules/pam_motd/pam_motd.8.xml @@ -100,6 +100,9 @@ , pam7 + , + + update-motd5 Index: pam.ubuntu/modules/pam_motd/pam_motd.8 =================================================================== --- pam.ubuntu.orig/modules/pam_motd/pam_motd.8 +++ pam.ubuntu/modules/pam_motd/pam_motd.8 @@ -79,7 +79,8 @@ \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), -\fBpam\fR(7) +\fBpam\fR(7), +\fBupdate-motd\fR(5) .SH "AUTHOR" .PP pam_motd was written by Ben Collins \&. pam/debian/po/0000755000000000000000000000000013261244762010370 5ustar pam/debian/po/POTFILES.in0000644000000000000000000000022313261244762012142 0ustar [type: gettext/rfc822deb] libpam0g.templates [type: gettext/rfc822deb] libpam-runtime.templates [type: gettext/rfc822deb] libpam-modules.templates pam/debian/po/bg.po0000644000000000000000000002532113261244762011323 0ustar # translation of bg.po to Bulgarian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # Damyan Ivanov , 2007, 2009, 2012. # msgid "" msgstr "" "Project-Id-Version: bg\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-19 22:36+0200\n" "Last-Translator: Damyan Ivanov \n" "Language-Team: БългарÑки \n" "Language: bg\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "РеÑтартиране на уÑлуги при обновÑване на PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Повечето уÑлуги, които използват PAM Ñ‚Ñ€Ñбва да бъдат реÑтартирани за да " "могат да използват модулите за новата верÑÐ¸Ñ Ð½Ð° libpam. Прегледайте ÑпиÑъка " "от init.d Ñкриптове по-долу и го коригирайте ако е необходимо. Имената на " "отделните Ñкриптове Ñ‚Ñ€Ñбва да Ñа отделени Ñ Ð¸Ð½Ñ‚ÐµÑ€Ð²Ð°Ð»." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Мениджъра на диÑплеи трÑбва да бъде реÑтартиран ръчно" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Мениджърите на диÑплеи wdm и xdm трÑбва да бъдат реÑтартирани, но това би прекъÑнало активните влизаниÑ и затова тази операциÑ нÑма да бъде извършена автоматично. Преди " "да може отново да Ñе влезе в ÑиÑтемата " "чрез тези уÑлуги, те трÑбва да бъдат реÑтартирани ръчно." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Грешка при реÑтартиране на нÑкои уÑлуги за обновÑване на PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "Следните уÑлуги не бÑха реÑтартирани за обновÑването на PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Ще Ñ‚Ñ€Ñбва Ñами да ги Ñтартирате чрез „/etc/init.d/<уÑлуга> start“." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Ðвтоматично реÑтартиране на уÑлугите при обновÑване на пакета?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "СиÑтемата има инÑталирани уÑлуги, които Ñ‚Ñ€Ñбва да Ñе реÑтартират при " "обновÑване на нÑкои библиотеки като libpam, libc и libssl. Тъй като " "реÑтартирането може да предизвика прекъÑване на Ñъответната уÑлуга, " "обикновено админиÑтраторите предпочитат да бъдат попитани кои уÑлуги могат " "да бъдат реÑтартиране при вÑÑко обновÑване на библиотеките. Ðко потвърдите, " "че не желаете да потвърждавате реÑтартирането, уÑлугите ще бъдат " "реÑтартирани автоматично без излишни въпроÑи при обновÑване на нÑÐºÐ¾Ñ Ð¾Ñ‚ " "критичните библиотеки." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "ÐаÑтройване на PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Разрешаване на PAM профили:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Модулите за Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñ (PAM, Pluggable Authentication Modules) управлÑват " "идентификациÑта, оторизациÑта и промÑната на паролите. Те дават и възможноÑÑ‚ " "за изпълнÑване на допълнителни дейÑÑ‚Ð²Ð¸Ñ Ð¿Ñ€Ð¸ Ñтартиране на нови потребителÑки " "ÑеÑии." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "ÐÑкои пакети Ñ PAM модули предлагат „профили“, чрез които може да Ñе промени " "поведението на вÑички приложениÑ, използващи PAM. Изберете кои от профилите " "желаете да разрешите." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Избрани Ñа неÑъвмеÑтими PAM профили." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Следните PAM профили не могат да Ñе използват едновременно:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Изберете друга група профили." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "ОтмÑна на локалните промени в /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "ÐÑкои от файловете /etc/pam.d/common-{auth,account,password,session} Ñа " "променени. Укажете дали желаете променените файлове да бъдат презапиÑани и " "да Ñе използват наÑтройките доÑтавени ÑÑŠÑ ÑиÑтемата. Ðко откажете ще Ñ‚Ñ€Ñбва " "ръчно да наÑтроите PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Ðе Ñа избрани PAM профили." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "ÐÑма избрани PAM профили. Това ще разреши доÑтъпа на вÑички потребители без " "удоÑтоверÑване на ÑамоличноÑтта и не е позволено. Изберете поне един профил " "от ÑпиÑъка." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver и xlockmore Ñ‚Ñ€Ñбва да бъдат реÑтартирани" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Открити Ñа работещи процеÑи xscreensaver или xlockmore. Поради неÑъвмеÑтими " "промени в библиотеката, обновÑването на пакета libpam-modules ще направи " "невъзможно идентифицирането Ñ Ñ‚ÐµÐ·Ð¸ програми. ТрÑбва да оÑигурите " "реÑтартирането или Ñпирането на xscreensaver и xlockmore за да избегнете " "проблеми Ñ Ð¸Ð´ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ñта при потребителите, които ги използват." pam/debian/po/ca.po0000644000000000000000000002240413261244762011315 0ustar # pam po-debconf translation to Catalan # Copyright (C) 2007 Software in the Public Interest, SPI Inc. # This file is distributed under the same license as the pam package. # # Innocent De Marchi , 2011-2012 msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6.1\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-21 08:33+0100\n" "Last-Translator: Innocent De Marchi \n" "Language-Team: Catalan \n" "Language: ca\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Catalan\n" "X-Poedit-Country: SPAIN\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" "Serveis que cal reiniciar per a l'actualització de la biblioteca de PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "És necessari reiniciar la majoria dels serveis que fan servir PAM per a que " "facin servir els mòduls d'aquesta versió de «libpam». Reviseu la següent " "llista separada per espais dels scripts «init.d» que indica els serveis que " "es reiniciaran ara i modificau-la si és necessari." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Cal reiniciar manualment el gestor de pantalla" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Entre els serveis que cal reiniciar degut a la nova versió de «libpam» hi ha " "els gestors de pantalla «wdm» i «xdm». Malgrat tot, hi ha sessions d'«X» en " "execució en el sistema que s'aturaran si es reinicien aquests serveis. Cal " "reiniciar-los manualment si desitjau que sigui possible iniciar una sessió " "«X» més endavant." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "" "S'ha produït un error en reiniciar algun dels serveis en l'actualització de " "PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "No ha estat possible reiniciar els serveis indicats a continuació en el " "procés d'actualització de la biblioteca de PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Caldrà engegar manualment aquests serveis executant «/etc/init.d/ " "start»." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" "Voleu que es reiniciïn els serveis sense demanar confirmació durant les " "actualitzacions del paquet?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Hi ha serveis instal·lats en el seu sistema que necessiten ser reiniciats en " "actualitzar certes biblioteques, com libpam, libc i libssl. Ja que el procés " "de reinicii pot causar interrupcions en el sistema, normalment se vos " "demanarà, a cada actualització, per a la llista de serveis que voleu " "reiniciar. Podeu triar aquesta opció per evitar que se vos demani; en canvi, " "es faran automàticament tots els reinicis necessaris sense demanar-vos " "confirmació en cada actualització de biblioteques." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Configuració de PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Perfils PAM que cal habilitar:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Els «Pluggable Authentication Modules» (PAM, o Mòduls d'autenticació " "inseribles) determinen com es gestionen en el sistema l'autenticació, " "autorització i modificació de contrasenyes. També permet la definició " "d'accions addicionals a realitzar quan s'inicia la sessió d'un usuari." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Alguns dels paquets de mòduls de PAM ofereixen perfils que poden utilitzar-" "se per ajustar automàticament el comportament de totes les aplicacions que " "fan servir PAM en el sistema. Indiqueu quin d'aquests comportaments desitjau " "activar." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Heu seleccionat perfils PAM incompatibles." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "" "No és possible fer servir conjuntament els perfils de PAM indicats a " "continuació:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Seleccioneu un conjunt distint de mòduls a activar." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" "Desitjau descartar els canvis locals realitzats a «/etc/pam.d/common-*»?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "S'ha modificat localment algun dels fitxers «/etc/pam.d/common-{auth,account," "password,session}». Indicau si desitjau que aquests canvis locals siguin " "substituïts amb la configuració definida pel sistema. Caldrà gestionar la " "configuració d'autenticació del sistema manualment si rebutjau aquesta opció." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "No heu seleccionat cap perfil PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "No heu seleccionat cap perfil de PAM per a aquest sistema. Així és possible " "que qualsevol usuari accedeixi sense autenticació, la qual cosa no és " "permesa. Heu de seleccionar almenys un perfil de PAM de la llista." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "Cal reiniciar «xscreensaver» i «xlockmore» abans de l'actualització" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "S'han detectat una o més instàncies dels programes «xscreensaver» o " "«xlockmore». L'actualització del paquet «libpam-modules» podria impedir " "l'autenticació en aquests programes degut a canvis incompatibles en la " "biblioteca. Heu de procurar que aquests programes es reinicien o s'aturin " "abans de continuar amb l'actualització. Així evitareu que els usuaris quedin " "bloquejats i no puguin continuar les seves sessions actuals." pam/debian/po/cs.po0000644000000000000000000002135013261244762011336 0ustar # Czech translation of pam debconf mesages. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the pam package. # Miroslav Kure , 2007-2012. # msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-27 07:56+0100\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Služby, které se mají restartovat po aktualizaci knihovny PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Aby se zaÄaly používat moduly z nové verze knihovny libpam, musí se vÄ›tÅ¡ina " "služeb používajících PAM restartovat. Zkontrolujte prosím následující seznam " "služeb (init.d skriptů), které se mají nyní restartovat a v případÄ› potÅ™eby " "seznam opravte." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Správce displeje se musí restartovat ruÄnÄ›" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Správcové displejů wdm a xdm musí být s novou verzí knihovny libpam " "restartováni. Restart tÄ›chto služeb by vÅ¡ak ukonÄil probíhající X sezení a " "proto je ponechán restart zmínÄ›ných správců displejů na vás, až urÄíte, že " "nastal vhodný okamžik. S restartem byste nemÄ›li otálet, protože do té doby " "se pomocí nich nebudou moci uživatelé pÅ™ihlásit." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Restartování nÄ›kterých služeb pÅ™i aktualizaci PAMu selhalo" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Následující služby nemohly být pÅ™i aktualizaci knihovny PAM restartovány:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Tyto služby budete muset spustit ruÄnÄ› příkazem '/etc/init.d/ start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Restartovat služby pÅ™i aktualizaci balíku bez ptaní?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "V systému jsou nainstalovány služby, které je nutno pÅ™i aktualizaci " "urÄitých knihoven (libpam, libc nebo libssl) restartovat. BÄ›hem restartu " "služeb jsou tyto po nÄ›jakou dobu nedostupné. Abychom pÅ™edeÅ¡li nechtÄ›né " "nedostupnosti, je pÅ™i každé aktualizaci nabídnut seznam služeb, které se " "mají restartovat. Povolíte-li tuto možnost, budou se vÅ¡echny potÅ™ebné " "služby restartovat pÅ™i aktualizaci knihoven automaticky bez ptaní." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Nastavení PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "PAM profily, které se mají povolit:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Moduly PAM (Pluggable Authentication Modules) urÄují, jakým způsobem je na " "systému Å™eÅ¡ena autentizace, autorizace, zmÄ›na hesel a také umožňují nastavit " "dodateÄné akce pÅ™i spouÅ¡tÄ›ní uživatelských sezení." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "NÄ›které balíky s PAM moduly poskytují profily, které mohou automaticky " "upravit chování vÅ¡ech aplikací používajících PAM. Vyberte si, která chování " "chcete povolit." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Vybrány nekompatibilní PAM profily." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Následující PAM profily nelze používat souÄasnÄ›:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Povolte prosím jinou sadu modulů." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "PÅ™epsat místní zmÄ›ny v /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "NÄ›které ze souborů /etc/pam.d/common-{auth,account,password,session} " "obsahují místní úpravy. Vyberte si, zda se mají tyto zmÄ›ny pÅ™epsat verzí z " "balíku. Zamítnete-li tuto možnost, budete muset spravovat tyto soubory ruÄnÄ›." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Nebyly vybrány žádné PAM profily." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Pro tento systém nebyly vybrány žádné PAM profily, což znamená, že vÅ¡em " "uživatelům umožňujete přístup bez autentizace. To není dovoleno. Vyberte " "prosím ze seznamu alespoň jeden PAM profil." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "Programy xscreensaver a xlockmore musí být pÅ™ed aktualizací restartovány" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Zdá se, že v systému běží jedna nebo více instancí programu xscreensaver " "resp. xlockmore. Z důvodu nekompatibilních zmÄ›n v knihovnách se po " "aktualizaci balíku libpam-modules nebudete moci pomocí tÄ›chto programů " "autentizovat. To jinými slovy znamená, že se uživatelé nedostanou ke svým " "uzamÄeným sezením. Abyste tomu pÅ™edeÅ¡li, mÄ›li byste pÅ™ed aktualizací zmínÄ›né " "programy zastavit, nebo je ve vhodný Äas restartovat." pam/debian/po/da.po0000644000000000000000000002140413261244762011315 0ustar # Danish translation pam. # Copyright (C) 2011 pam & nedenstÃ¥ende oversættere. # This file is distributed under the same license as the pam package. # Joe Hansen , 2010, 2011. # msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-11-10 19:21+0100\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" "Language: da\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Tjenester at genstarte for PAM-biblioteksopgradering:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "De fleste tjenester, som bruger PAM, har brug for at blive genstartet for at " "kunne bruge moduler bygget til denne nye version af libpam. GennemgÃ¥ " "venligst den følgende mellemrumsadskilte liste af init.d-skripter for " "tjenester som genstartes nu, og ret den hvis behovet er der." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "VisningshÃ¥ndtering skal genstartes manuelt" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "wdm- og xdm-visningshÃ¥ndteringerne kræver en genstart for den nye version af " "libpam, men der er X-logindsessioner, som er aktive pÃ¥ dit system og som vil " "blive afsluttet af denne genstart. Du skal derfor manuelt genstarte disse " "tjenester, før yderligere X-logind'er vil være mulige." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "" "Der opstod en fejl under genstart af nogle tjenester til PAM-opgradering" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "De følgende tjenester kunne ikke genstartes for PAM-biblioteksopgraderingen:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du skal starte disse manuelt ved at køre '/etc/init.d/ start'" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Genstart tjenester under pakkeopgradering uden at spørge?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Der er tjenester installeret pÃ¥ dit system som skal genstartes, nÃ¥r bestemte " "biblioteker - sÃ¥som libpam, libc og libssl - opgraderes. Da disse genstarter " "kan medføre afbrydelser af tjeneste for systemet, vil du normalt blive " "spurgt ved hver opgradering for listen af tjenester, du ønsker at genstarte. " "Du kan vælge denne indstilling for at undgÃ¥ at blive spurgt; i stedet for " "vil alle nødvendige genstarter automatisk blive udført, sÃ¥ du kan undgÃ¥ at " "fÃ¥ stillet spørgsmÃ¥lene ved hver biblioteksopgradering." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM-konfiguration" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "PAM-profiler at aktivere:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) afgør hvordan ændring af godkendelse, " "autorisation og adgangskode hÃ¥ndteres pÃ¥ systemet, samt tillader " "konfiguration af yderligere handlinger, der skal igangsættes ved opstart af " "brugersessioner." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Nogle PAM-modulpakker tilbyder profiler som automatisk kan justere " "opførelsen af alle PAM-brugende programmer pÃ¥ systemet. Indiker venligst " "hvilke af disse profiler du ønsker at aktivere." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Inkompatible PAM-profiler valgt." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "De følgende PAM-profiler kan ikke bruges sammen:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Vælg venligst et andet sæt af moduler at aktivere." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Overskriv lokale ændringer til /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "En eller flere af filerne /etc/pam.d/common-{auth,account,password,session} " "er blevet overskrevet lokalt. Indiker venligst hvorvidt disse lokale " "ændringer skal overskrives med den systemtilbudte konfiguration. Hvis du " "afslÃ¥r denne indstilling, skal du pÃ¥ egen hÃ¥nd hÃ¥ndtere systemets " "godkendelseskonfiguration." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Ingen PAM-profiler er blevet valgt." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Ingen PAM-profiler er blevet valgt til brug pÃ¥ dette system. Dette vil " "tildele alle brugere adgang uden godkendelse, og er ikke tilladt. Vælg " "venligst mindst en PAM-profil fra den tilgængelige liste." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver og xlockmore skal genstartes før opgradering" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "En eller flere kørende instanser af xscreensaver eller xlockmore er blevet " "fundet pÃ¥ dette system. PÃ¥ grund af inkompatible biblioteksændringer vil " "opgradering af pakken libpam-modules gøre, at du ikke kan bekræfte ægtheden " "af disse programmer. Du skal sørge for at disse programmer bliver genstartet " "eller stoppet, før du fortsætter med opgraderingen, for at undgÃ¥ lÃ¥sning af " "dine brugere i deres aktuelle sessioner." pam/debian/po/de.po0000644000000000000000000002224113261244762011321 0ustar # German translation of pam debconf templates # Copyright (C) 2007, 2009, 2011 Sven Joachim . # Copyright (C) Helge Kreutzmann , 2011. # This file is distributed under the same license as the pam package. # msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-12-26 19:53+0100\n" "Last-Translator: Sven Joachim \n" "Language-Team: German \n" "Language: de\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Neu zu startende Dienste für das Upgrade der PAM-Bibliothek:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Die meisten Dienste, die PAM verwenden, müssen neu gestartet werden, um " "Module dieser neuen Version von libpam verwenden zu können. Bitte überprüfen " "Sie die folgende, Leerzeichen-getrennte Liste von init.d-Skripten für " "Dienste, die jetzt neu zu starten sind, und korrigieren Sie diese Liste " "falls notwendig." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Display-Manager müssen manuell neu gestartet werden" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Die Display-Manager wdm und xdm erfordern einen Neustart für die neue " "Version von libpam, aber auf Ihrem System sind X-Login-Sitzungen aktiv, die " "durch diesen Neustart beendet würden. Sie müssen diese Dienste daher von " "Hand neu starten, bevor Logins unter X wieder möglich sind." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Fehler beim Neustart einiger Dienste für das PAM-Upgrade" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Die folgenden Dienste konnten für das Upgrade der PAM-Bibliothek nicht neu " "gestartet werden:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Sie müssen diese manuell neu starten, indem Sie »/etc/init.d/ start« " "ausführen." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Dienste bei Paket-Upgrades ohne Rückfrage neu starten?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Auf Ihrem System sind Dienste installiert, die beim Upgrade bestimmter " "Bibliotheken, wie Libpam, Libc und Libssl, neu gestartet werden müssen. Da " "diese Neustarts zu Unterbrechungen der Dienste für dieses System führen " "können, werden Sie normalerweise bei jedem Upgrade über die Liste der neu zu " "startenden Dienste befragt. Sie können diese Option wählen, um diese Abfrage " "zu vermeiden; stattdessen werden alle notwendigen Dienste-Neustarts für Sie " "automatisch vorgenommen und die Beantwortung von Fragen bei jedem Upgrade " "von Bibliotheken vermieden." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM-Konfiguration" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Zu aktivierende PAM-Profile:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) bestimmen, wie Authentifizierung, " "Berechtigung und Passwort-Änderung auf dem System gehandhabt werden. Ebenso " "erlauben sie die Konfiguration zusätzlicher Maßnahmen, die beim Start von " "Benutzersitzungen vorgenommen werden." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Einige Pakete mit PAM-Modulen stellen Profile bereit, die das Verhalten " "aller Anwendungen, die PAM verwenden, automatisch anpassen können. Bitte " "geben Sie an, welche dieser Verhaltensweisen Sie aktivieren möchten." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Inkompatible PAM-Profile ausgewählt." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Die folgenden PAM-Profile können nicht gemeinsam verwendet werden:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "" "Bitte wählen Sie eine andere Zusammenstellung zu aktivierender Module aus." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Lokale Änderungen an /etc/pam.d/common-* außer Kraft setzen?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Eine oder mehrere der Dateien /etc/pam.d/common-{auth,account,password," "session} sind lokal verändert worden. Bitte geben Sie an, ob diese " "Änderungen durch die mitgelieferte Konfiguration außer Kraft gesetzt werden " "sollen. Falls Sie diese Option ablehnen, müssen Sie die Authentifizierungs-" "Konfiguration Ihres Systems von Hand verwalten." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Es wurden keine PAM-Profile ausgewählt." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Es wurden keine PAM-Profile für die Verwendung auf diesem System ausgewählt. " "Dies würde allen Benutzern Zugang ohne Authentifizierung gestatten und ist " "nicht erlaubt. Bitte wählen Sie mindestens ein PAM-Profil aus der " "verfügbaren Liste aus." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "Xscreensaver und xlockmore müssen vor dem Upgrade neu gestartet werden" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Eine oder mehrere laufende Instanzen von xscreensaver oder xlockmore sind " "auf diesem System entdeckt worden. Aufgrund inkompatibler Änderungen in " "Bibliotheken wird das Upgrade des libpam-modules-Paketes Sie außerstande " "setzen, sich gegenüber diesen Programmen zu authentifizieren. Sie sollten " "dafür sorgen, dass diese Programme neu gestartet oder beendet werden, bevor " "Sie dieses Upgrade fortsetzen, damit Ihre Benutzer nicht aus ihren laufenden " "Sitzungen ausgesperrt werden." pam/debian/po/es.po0000644000000000000000000002505413261244762011345 0ustar # pam po-debconf translation to Spanish # Copyright (C) 2007 Software in the Public Interest, SPI Inc. # This file is distributed under the same license as the pam package. # # Changes: # - Initial translation # Javier Fernández-Sanguino , 2007 # - Updates: # Steve Langasek, 2008 # Javier Fernández-Sanguino, 2009, 2012 # # Traductores, si no conoce el formato PO, merece la pena leer la # documentación de gettext, especialmente las secciones dedicadas a este # formato, por ejemplo ejecutando: # info -n '(gettext)PO Files' # info -n '(gettext)Header Entry' # # Equipo de traducción al español, por favor lean antes de traducir # los siguientes documentos: # # - El proyecto de traducción de Debian al español # http://www.debian.org/intl/spanish/ # especialmente las notas y normas de traducción en # http://www.debian.org/intl/spanish/notas # # - La guía de traducción de po's de debconf: # /usr/share/doc/po-debconf/README-trans # o http://www.debian.org/intl/l10n/po-debconf/README-trans # # Si tiene dudas o consultas sobre esta traducción consulte con el último # traductor (campo Last-Translator) y ponga en copia a la lista de # traducción de Debian al español () # msgid "" msgstr "" "Project-Id-Version: pam 0.79-4\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-02 01:41+0100\n" "Last-Translator: Javier Fernandez-Sanguino \n" "Language-Team: Debian Spanish \n" "Language: Spanish\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-POFile-SpellExtra: kdm gnome xscreensaver xdm xlockmore wdm start init\n" "X-POFile-SpellExtra: screensaver PAM libpam corríjala account vd runtime\n" "X-POFile-SpellExtra: Authentication auth Pluggable session insertables\n" "X-POFile-SpellExtra: password pam common libc sobreescribir sobreescriban\n" "X-POFile-SpellExtra: reinicios libssl\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Servicios a reiniciar para la actualización de la biblioteca de PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Es necesario reiniciar la mayoría de los servicios que utilizan PAM para que " "usen los módulos de esta versión de libpam. Por favor, revise la lista " "separada por espacios mostrada a continuación que indica los servicios a " "reiniciar ahora y corríjala si es necesario." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Debe reiniciar manualmente los gestores de pantalla" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Entre los servicios que deben reiniciarse debido a la nueva versión de " "libpam están los gestores de pantalla wdm y xdm. Sin embargo, hay sesiones " "de X ejecutándose en el sistema que se terminarían si se reiniciaran estos " "servicios. Debe reiniciarlos manualmente si desea que funcionen los accesos " "a través de una sesión X más adelante." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Fallo al reiniciar alguno de los servicios en la actualización de PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "No fue posible reiniciar los servicios indicados a continuación dentro la " "actualización de la biblioteca de PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Deberá arrancar manualmente estos servicios ejecutando «/etc/init.d/" " start»." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" "¿Reiniciar servicios durante la actualización de paquetes sin preguntar?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Su sistema tiene servicios instalados que deben reiniciarse cuando se " "actualicen ciertas librerías, como «libpam», «libc» o «libssl». Generalmente " "se le preguntará en cada actualización la lista de servicios que desea " "reiniciar dado que estos reinicios generalmente provocarán una interrupción " "del servicio. Puede seleccionar esta opción para que no se le pregunte. En " "lugar de hacerse estas preguntas, se reiniciarán de forma automática los " "servicios en cada actualización de librerías." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Configuración de PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Perfiles PAM a habilitar:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Los «Pluggable Authentication Modules» (PAM, o Módulos de autenticación " "insertables, N. del T.) determinan cómo se gestiona dentro del sistema la " "autenticación, autorización y modificación de contraseñas. También permiten " "la definición de acciones adicionales a realizar cuando se inicia la sesión " "de un usuario." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Algunos de los paquetes de módulos de PAM ofrecen perfiles que pueden " "utilizarse para ajustar automáticamente el comportamiento de todas las " "aplicaciones que utilicen PAM en el sistema. Indique qué comportamiento " "desea activar." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Se han seleccionado perfiles PAM incompatibles." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "" "No pueden utilizarse conjuntamente los perfiles de PAM indicados a " "continuación:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Seleccione un conjunto distinto de módulos a activar." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" "¿Desea sobreescribir los cambios locales realizados a «/etc/pam.d/common-*»?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Se ha modificado localmente alguno de los ficheros «/etc/pam.d/common-{auth," "account,password,session}». Indique si desea que estos cambios locales se " "sobreescriban con la configuración definida para el sistema. Deberá " "gestionar la configuración de autenticación de su sistema manualmente si " "rechaza esta opción." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "No ha seleccionado ningún perfil PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "No ha seleccionado ningún perfil de PAM para este sistema. Esto podría " "permitir que cualquier usuario accediera sin autenticación, lo que no está " "permitido. Debe seleccionar al menos un perfil de PAM de la lista." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "Debe reiniciar xscreensaver y xlockmore antes de la actualización" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Se han detectado una o más instancias de los programas xscreensaver o " "xlockmore. La actualización del paquete libpam-modules podría impedir que " "pueda autenticarse en estos programas debido a cambios incompatibles en las " "librerías. Debería procurar que estos programas se reinicien o se paren " "antes de continuar con la actualización. Así evitará que los usuarios queden " "bloqueados y no puedan reanudar sus sesiones actuales." pam/debian/po/eu.po0000644000000000000000000002025613261244762011346 0ustar # translation of pam_1.0.1-5_eu.po to Basque # Debconf questions for the Linux-PAM package. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # # Piarres Beobide , 2007, 2008. # Iñaki Larrañaga Murgoitio , 2009. msgid "" msgstr "" "Project-Id-Version: pam_1.0.1-5_eu\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2009-01-02 12:30+0100\n" "Last-Translator: Piarres Beobide \n" "Language-Team: debian-eu \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" "PAM liburutegia bertsio-berritzean berrabiarazi behar diren zerbitzuak:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "PAM erabiltzen duten zerbitzu gehienak berrabiarazi egin behar dira libpam " "bertsio honetako moduluak erabiltzeko. Mesedez gainbegiratu berrabiaraziko " "diren hurrengo zuriunez bereiziriko init.d script zerrenda hau eta zuzendu " "behar izanez gero." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Pantaila kudeatzailea eskuz berrabiarazi behar da" #. Type: error #. Description #: ../libpam0g.templates:2001 #, fuzzy msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Kdm, wdm, eta xdm pantaila kudeatzaileek berrabiaraztea behar dute libpam " "bertsio berria erabiltzeko. Baina berrabiarazteak eragin izan dezaken " "abiarazitako X saioak daude sistema honetan. Zerbitzu hori beranduago eskuz " "berrabiarazi beharko duzu X saioak hastea posible izateko." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Huts PAM bertsio-berritzeko zenbait zerbitzu berrabiaraztean" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Hurrengo zerbitzuak ezin izan dira berrabiarazi PAM liburutegia bertsio-" "berritzean:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Hauek eskuz berrabiarazi beharko dituzu '/etc/init.d/ start' " "exekutatuz." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Gaitu behar diren PAM profilak:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Autentifikazio modulu txertagarriak (PAM) ezartzen du zein autentifikazio, " "autorizazio eta psahitz aldaketa kudeatzen diren sisteman, baita " "erabiltzaile saioak hastekoan ekintza gehigarrien konfigurazioaren onarpena " "du." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Zenbait PAM modulu paketek sisteman PAM erbailtzen duten aplikazioak " "automatikoki doitzeko erabili daitezkeen profilak ekartzen dituzte. Mesedez " "profil hauetako zein gaitu nahi duzun." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "PAM profil bateraezinak hautatuak." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Hurrengo PAM profilak ezin dira elkarrekin erabili:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Mesedez hautatu gaitzeko beste modulu bilduma bat." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Gainidatzi aldaketa lokalak /etc/pam.d/common-* -era?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "/etc/pam.d/common-{auth,account,password,session} fitxategietako bat edo " "gehiago lokalki eraldatua izan da. Mesedez zehaztu aldaketa horiek sistemak-" "hornitutako konfigurazioaz gainidatzi behar diren ala ez. Aukera hau " "baztertzea hautatzen baduzu sistemaren autentifikazio konfigurazioa eskuz " "kudeatu behar duzu." #. Type: error #. Description #: ../libpam-runtime.templates:5001 #, fuzzy msgid "No PAM profiles have been selected." msgstr "PAM profil bateraezinak hautatuak." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "xscreensaver eta xlockmore berrabiarazi egin behar dira bertsio-berritu " "aurretik" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "xscreensaver edo xlockmore-ren instantzia bat edo gehiago exekutatzen " "dagoela detektatu da sisteman. Liburutegiaren aldaketaren " "bateraezintasunagatik libpam-modules paketearen bertsio-berritzeak programa " "horiekin ezin autentifikatzea eragingo dizu. Programa horiek berrabiarazi " "edop gelditu egin beharko zenituzke bertsio-berritzearekin jarraitu " "aurretik, sistemako erabiltzaileak beraien uneko saioan blokeatzea " "saihesteko." pam/debian/po/fi.po0000644000000000000000000002061513261244762011332 0ustar # Esko Arajärvi , 2010. msgid "" msgstr "" "Project-Id-Version: pam 0.99.7.1-4\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2010-10-18 22:46+0300\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" "Language: fi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Finnish\n" "X-Poedit-Country: FINLAND\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Palvelut, jotka käynnistetään uudelleen PAM-kirjastoa päivitettäessä:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Useimmat PAMia käyttävät palvelut pitää käynnistää uudelleen libpamin uuden " "version käyttöön ottamiseksi. Tarkista seuraava välilyönnein eroteltu lista " "niiden palveluiden init.d-komentotiedostoista, jotka käynnistetään " "uudelleen, ja muokkaa listaa tarvittaessa." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Näytönhallintaohjelma tulee käynnistää uudelleen käsin" #. Type: error #. Description #: ../libpam0g.templates:2001 #, fuzzy msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Näytönhallintaohjelma kdm, wdm tai xdm tulee käynnistää uudelleen, jotta " "libpamin uusi versio tulee käyttöön. Järjestelmässä on kuitenkin aktiivisia " "X-istuntoja, jotka lopetettaisiin uudelleenkäynnistyksen yhteydessä. Tästä " "syystä palvelu tulee käynnistää uudelleen käsin ennen kuin uusia X-istuntoja " "voidaan avata." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Virhe käynnistettäessä uudelleen palveluita PAMin päivitystä varten" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Seuraavia palveluita ei voitu käynnistää uudelleen PAM-kirjastoa " "päivitettäessä:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Nämä palvelut tulee käynnistää uudelleen ajamalla â€/etc/init.d/ " "startâ€." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Käyttöön otettavat PAM-profiilit:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) määrittää kuinka tunnistautuminen, " "oikeuksien hallinta ja salasanan vaihto tehdään järjestelmässä. Se " "mahdollistaa myös käyttäjäistuntojen käynnistyksen yhdessä suoritettavien " "lisätoimintojen asetusten muokkaamisen." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Eräiden PAMin moduulipakettien tarjoamien profiilien avulla voidaan " "automaattisesti muokata järjestelmän kaikkien PAMia käyttävien ohjelmien " "toimintaa. Valitse mitkä näistä toiminnoista otetaan käyttöön." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Epäyhteensopivia PAM-profiileita valittu" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Seuraavia PAM-profiileita ei voida käyttää yhdessä:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Valitse uusi käyttöön otettavien moduulien joukko." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" "Kirjoitetaanko paikallisten muutosten päälle tiedostoissa /etc/pam.d/common-" "*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Joitain tiedostoista /etc/pam.d/common-{auth,account,password,session} on " "muokattu paikallisesti. Valitse tulisiko paikalliset muutokset korvata " "järjestelmän tarjoamilla asetuksilla. Jos et valitse tätä vaihtoehtoa, " "järjestelmän tunnistautumisasetuksia täytyy hallinnoida käsin." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Yhtään PAM-profiilia ei ole valittu." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Yhtään PAM-profiilia ei ole valittu käytettäväksi tässä järjestelmässä. Tämä " "sallisi kaikille käyttäjille pääsyn ilman tunnistautumista, eikä siksi ole " "sallittua. Valitse ainakin yksi PAM-profiili annetulta listalta." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver ja xlockmore täytyy käynnistää uudelleen ennen päivitystä" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Järjestelmässä ajetaan parhaillaan yhtä tai useampaa xscreensaverin tai " "xlockmoren instanssia. Paketin libpam-modules kirjastot ovat muuttuneet " "niin, että päivityksen jälkeen näihin ohjelmiin ei voitaisi " "yhteensopivuussyistä enää tunnistautua. Nämä ohjelmat tulisi pysäyttää tai " "käynnistää uudelleen ennen päivityksen jatkamista, jotta käyttäjät eivät " "lukitse itseään ulos nykyisistä istunnoistaan." pam/debian/po/fr.po0000644000000000000000000002247513261244762011351 0ustar # Translation of pam to French # Copyright (C) 2007 Cyril Brulebois # Copyright (C) 2009, 2001 Jean-Baka Domelevo Entfellner # This file is distributed under the same license as the pam package. # Translators: # Cyril Brulebois , 2007 # Jean-Baka Domelevo Entfellner , 2009, 2011 # msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-11-11 20:19+0100\n" "Last-Translator: Jean-Baka Domelevo Entfellner \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Country: FRANCE\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" "Services à redémarrer lors de la mise à niveau de la bibliothèque PAM :" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "La plupart des services utilisant PAM doivent être redémarrés pour utiliser " "les modules compilés pour cette nouvelle version de libpam. Veuillez " "vérifier la liste suivante de scripts de démarrage à relancer maintenant, et " "la corriger si nécessaire." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Pas de redémarrage automatique du gestionnaire graphique de sessions" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Les gestionnaires graphiques de session wdm et xdm nécessitent un " "redémarrage lors de la mise à niveau de libpam, mais il existe des sessions " "X actives sur ce système, qui seraient fermées par ce redémarrage. Vous " "devez donc redémarrer ces services vous-même avant de pouvoir effectuer à " "nouveau une connexion au serveur graphique." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "" "Erreur du redémarrage de certains services pour la mise à niveau de PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Les services suivants n'ont pas pu être redémarrés lors de la mise à niveau " "de la bibliothèque PAM :" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Vous devez les démarrer vous-même avec la commande « /etc/init.d/ " "start »." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Redémarrer les services automatiquement lors des mises à jour ?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Certains services installés sur le système demandent à être redémarrés " "lors de la mise à jour de certaines bibliothèques (par exemple libpam, libc " "ou encore libssl). Puisque de tels redémarrages peuvent causer des " "interruptions de service, une confirmation est habituellement demandée lors " "de chaque mise à jour, en présentant la liste des services à redémarrer. " "Vous pouvez sélectionner cette option pour éviter ces demandes interactives " "de confirmation. Tous les redémarrages nécessaires seront alors effectués " "automatiquement lors de chaque mise à jour de bibliothèque." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Configuration de PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Profils PAM à activer :" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Les modules d'authentification PAM déterminent la façon dont le système gère " "l'authentification, les autorisations et les changements de mots de passe. " "PAM permet aussi de configurer des actions supplémentaires à effectuer au " "démarrage des sessions utilisateur." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Certains paquets de modules PAM fournissent des profils qui peuvent " "être utilisés pour ajuster automatiquement le comportement de toutes les " "applications utilisant PAM qui sont présentes sur le système." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Profils PAM incompatibles" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Les profils PAM suivants sont en conflit :" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Veuillez choisir un autre jeu de modules à activer." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Écraser les modifications locales sur /etc/pam.d/common-* ?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Au moins un des fichiers /etc/pam.d/common-{auth,account,password,session} " "a été modifié localement. Veuillez indiquer s'il faut abandonner ces " "changements locaux et revenir à la configuration standard du système. Dans " "le cas contraire, vous devrez configurer vous-même le système " "d'authentification." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Aucun profil PAM n'a été choisi." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Aucun profil PAM n'a été mis en place pour ce système. N'en utiliser aucun " "donnerait à tous les utilisateurs un accès sans authentification, ce qui " "n'est pas autorisé. Merci de bien vouloir choisir au moins un profil PAM " "dans la liste proposée." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "Redémarrage indispensable de xscreensaver et xlockmore avant la mise à niveau" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Une ou plusieurs instances de xscreensaver et/ou de xlockmore ont été " "détectées sur le système. À cause de la modification de certaines " "bibliothèques, la mise à niveau du paquet libpam-modules entrainera " "l'impossibilité de s'authentifier. Avant de poursuivre la mise à niveau, ces " "programmes doivent être redémarrés ou arrêtés pour éviter que des " "utilisateurs ne puissent plus accéder à leur session." pam/debian/po/gl.po0000644000000000000000000002061313261244762011334 0ustar # translation of pam_1.1.1-3_gl.po to Galician # Galician translation of pam's debconf templates # This file is distributed under the same license as the pam package. # # Jacobo Tarrio , 2007. # Marce Villarino , 2009. # Jorge Barreiro , 2010. msgid "" msgstr "" "Project-Id-Version: pam_1.1.1-3_gl\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-03-29 13:01-0700\n" "Last-Translator: Jorge Barreiro \n" "Language-Team: Galician \n" "Language: gl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Servizos a reiniciar para a actualización da biblioteca PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "A maioría dos servizos que empregan PAM deben reiniciarse para empregar os " "módulos compilados para esta versión de libpam. Revise a seguinte lista de " "scripts de init.d que se han reiniciar agora, e corríxaa se é preciso." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Débese reiniciar manualmente o xestor de pantallas" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "É necesario reiniciar os xestores de pantallas wdm e xdm para a nova versión " "de libpam, pero hai sesións de X activas no sistema que se pecharían co " "reinicio. Polo tanto, ha ter que reiniciar eses servizos manualmente para " "poder iniciar novas sesións mediante X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Fallou o reinicio de algúns servizos para a actualización de PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Non foi posíbel reiniciar os seguintes servizos para a actualización da " "biblioteca PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Ha ter que reinicialos manualmente executando «/etc/init.d/ start»." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Perfís de PAM a activar:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Os Pluggable Authentication Modules (PAM) determinan como se xestiona a " "autenticación, autorización e mudanza do contrasinal no sistema, e tamén " "permiten configurar accións adicionais a realizar cando se inician sesións " "de usuario." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Algúns paquetes de módulos de PAM fornecen perfís que poden empregarse para " "axustar automaticamente o comportamento de todos os programas do sistema que " "empregan PAM. Indique cais destes comportamentos desexa activar." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Escolléronse perfís de PAM incompatíbeis." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Non se poden empregar xuntos os seguintes perfís de PAM:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Escolla un conxunto diferente de módulos para activalos." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Desexa sobrepor as mudanzas locais a /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Modificouse localmente un ou varios dos ficheiros /etc/pam.d/common-{auth," "account,password,session}. Indique se estas modificacións locais deben " "sobrescribirse empregando a configuración fornecida polo sistema. Se rexeita " "esta opción deberá xestionar manualmente a configuración da autenticación do " "sistema." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Non se escolleu ningún perfil PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Non se escolleu ningún perfil PAM para este sistema. Esto daría acceso a " "todos os usuarios sen necesidade de autenticarse, e isto non está permitido. " "Escolla polo menos un perfil PAM desde a lista de perfís dispoñibeis." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver e xlockmore deben ser reiniciados antes da actualización" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Detectouse que se están a executar unha ou máis instancias de xscreensaver " "ou xlockmore no sistema. Por mor de modificacións incompatíbeis en " "bibliotecas, a actualización do paquete libpam-modules ha facer que non sexa " "quen de autenticarse nestes programas. Deber reiniciar ou deter estes " "programas antes de continuar coa actualización, para evitar deixar trancados " "os usuarios fora das súas sesións de traballo actuais." pam/debian/po/it.po0000644000000000000000000002103313261244762011343 0ustar # Debconf questions for the Linux-PAM package. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # # David Paleino , 2008, 2010. # Nicole B. , 2010. msgid "" msgstr "" "Project-Id-Version: pam 0.99.7.1-5\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2010-10-23 21:21+0200\n" "Last-Translator: Nicole B. \n" "Language-Team: Italiano \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Servizi da riavviare per l'aggiornamento della libreria PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "La maggior parte dei servizi che usano PAM hanno bisogno di essere riavviati " "per utilizzare i moduli compilati per questa nuova versione di libpam. " "Controllare e correggere, se necessario, il seguente elenco di script di " "init.d, separati da spazi, inerente i servizi da riavviare." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Il display manager deve essere riavviato manualmente" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "I display manager wdm e xdm richiedono di essere riavviati per la nuova " "versione di libpam, ma ci sono sessioni di login X attive sul sistema che " "verrebbero terminate da questo riavvio. Bisognerà riavviare questi servizi " "manualmente prima che sia possibile ogni altro login al server X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Fallito il riavvio di alcuni servizi per l'aggiornamento di PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Non è stato possibile il riavvio dei seguenti servizi per l'aggiornamento " "della libreria PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Bisognerà avviarli manualmente eseguendo '/etc/init.d/ start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Profili PAM abilitabili:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "PAM (Pluggable Authentication Modules) determina come le autenticazioni, le " "autorizzazioni e i cambiamenti di password siano gestite dal sistema. Allo " "stesso modo permette la configurazione di azioni addizionali da effettuarsi " "all'inizio di una sessione utente." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Alcuni pacchetti di moduli PAM forniscono profili che possono essere usati " "per modificare il comportamento di tutte le applicazioni presenti sul " "sistema che sfruttano PAM. Indicare quali di questi comportamenti devono " "essere abilitati." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Sono stati scelti dei profili PAM incompatibili." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "I seguenti profili PAM non possono essere usati contemporaneamente:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Selezionare una serie differente di moduli da abilitare." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Ignorare i cambiamenti in /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Uno o più dei file /etc/pam.d/common-{auth,account,password,session} sono " "stati modificati. Indicare se questi cambiamenti locali debbono essere " "annullati usando le configurazioni fornite dal sistema. Se questa opzione " "verrà annullata, sarà necessario gestire manualmente la configurazione di " "autenticazione del sistema." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Non è stato selezionato alcun profilo PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Non è stato selezonato alcun profilo PAM da usare su questo sistema. Questo " "non è permesso, in quanto si consentirebbe l'acceso a qualunque utente senza " "effettuare l'autenticazione. Selezionare come minimo un profilo PAM tra " "quelli disponibili nell'elenco." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "xscreensaver e xlockmore devono essere riavviati prima dell'aggiornamento" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Su questo sistema una o più istanze in esecuzione di xscreensaver o " "xlockmore sono state rilevate. A causa di cambiamenti incompatibili nelle " "librerie, l'aggiornamento del pacchetto libpam-modules renderà impossibile " "l'autenticazione a questi programmi. Si dovrebbe procedere con il riavvio o " "l'arresto di questi programmi prima di continuare con l'aggiornamento, al " "fine di evitare che gli utenti siano bloccati al di fuori delle proprie " "sessioni." pam/debian/po/ja.po0000644000000000000000000002351113261244762011324 0ustar # Debconf questions for the Linux-PAM package. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # FIRST AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: pam 1.3.6-1\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-22 10:47+0900\n" "Last-Translator: Kenshi Muto \n" "Language-Team: Japanese \n" "Language: ja\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "PAM ライブラリã®æ›´æ–°ã®ãŸã‚ã«å†èµ·å‹•ã™ã‚‹ã‚µãƒ¼ãƒ“ス:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "PAM を利用ã™ã‚‹ã»ã¨ã‚“ã©ã®ã‚µãƒ¼ãƒ“スã¯ã€ã“ã® libpam ã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ãƒ“ルドã•" "ã‚ŒãŸãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’使ã†ãŸã‚ã«å†èµ·å‹•ã‚’å¿…è¦ã¨ã—ã¾ã™ã€‚以下ã®ã€ã‚¹ãƒšãƒ¼ã‚¹ã§åŒºåˆ‡ã‚‰ã‚ŒãŸ" "今å†èµ·å‹•ã™ã‚‹ã‚µãƒ¼ãƒ“ス㮠init.d スクリプトã®ãƒªã‚¹ãƒˆã‚’見ã¦ã€å¿…è¦ãªã‚‰ä¿®æ­£ã—ã¦ãã " "ã•ã„。" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "ディスプレイマãƒãƒ¼ã‚¸ãƒ£ã¯æ‰‹å‹•ã§å†èµ·å‹•ã•ã‚Œãªã‘ã‚Œã°ãªã‚Šã¾ã›ã‚“" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "wdm ãŠã‚ˆã³ xdm ディスプレイマãƒãƒ¼ã‚¸ãƒ£ã¯ libpam ã®æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ãŸã‚ã«å†èµ·" "å‹•ãŒå¿…è¦ã§ã™ãŒã€ã‚ãªãŸã®ã‚·ã‚¹ãƒ†ãƒ ã«ã¯ã€ã“ã®å†èµ·å‹•ã§å¼·åˆ¶çµ‚了ã—ã¦ã—ã¾ã†å®Ÿè¡Œä¸­ã® " "X ログインセッションãŒå­˜åœ¨ã—ã¾ã™ã€‚ãã®ãŸã‚ã€ä»¥é™ã® X ã®ãƒ­ã‚°ã‚¤ãƒ³ãŒå¯èƒ½ãªçŠ¶æ…‹ã®" "ã†ã¡ã«ã€ã“れらã®ã‚µãƒ¼ãƒ“スを手動ã§å†èµ·å‹•ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "PAM æ›´æ–°ã®ãŸã‚ã®ã„ãã¤ã‹ã®ã‚µãƒ¼ãƒ“スã®å†èµ·å‹•ã§å¤±æ•—" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "PAM ライブラリ更新ã®ãŸã‚ã®ã€ä»¥ä¸‹ã®ã‚µãƒ¼ãƒ“スã®å†èµ·å‹•ãŒã§ãã¾ã›ã‚“ã§ã—ãŸ:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "/etc/init.d/<サービス> start' を実行ã™ã‚‹ã“ã¨ã§ã€ã“れらを手動ã§èµ·å‹•ã™ã‚‹å¿…è¦ãŒ" "ã‚ã‚Šã¾ã™ã€‚" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "パッケージã®æ›´æ–°ä¸­ã€è³ªå•ãªã—ã«ã‚µãƒ¼ãƒ“スをå†èµ·å‹•ã—ã¾ã™ã‹?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "ã‚ãªãŸã®ã‚·ã‚¹ãƒ†ãƒ ã«ã¯ã€libpamã€libcã€libssl ã®ã‚ˆã†ãªã”ã一部ã®ãƒ©ã‚¤ãƒ–ラリãŒæ›´æ–°" "ã•ã‚Œã‚‹éš›ã«ã€å†èµ·å‹•ã‚’å¿…è¦ã¨ã™ã‚‹ã‚µãƒ¼ãƒ“スãŒã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¦ã„ã¾ã™ã€‚ã“れらã®å†" "èµ·å‹•ã¯ã‚·ã‚¹ãƒ†ãƒ ã®ã‚µãƒ¼ãƒ“スã®åœæ­¢ã‚’引ãèµ·ã“ã™å¯èƒ½æ€§ãŒã‚ã‚‹ã®ã§ã€é€šå¸¸ã€æ›´æ–°ã®ãŸã³" "ã«å†èµ·å‹•ã—ãŸã„サービスã®ä¸€è¦§ãŒæ示ã•ã‚Œã¾ã™ã€‚ã“ã®é¸æŠžè‚¢ã«ã€Œã¯ã„ã€ã‚’é¸ã¶ã¨ã€ã" "ã®è³ªå•ã‚’ã—ã¾ã›ã‚“。ã™ã¹ã¦ã®å¿…è¦ãªå†èµ·å‹•ãŒè‡ªå‹•ã§è¡Œã‚れるã®ã§ã€ãƒ©ã‚¤ãƒ–ラリ更新ã®" "ãŸã³ã«è³ªå•ã•ã‚Œã‚‹ã“ã¨ã‹ã‚‰è§£æ”¾ã•ã‚Œã¾ã™ã€‚" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM ã®è¨­å®š" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "有効化ã™ã‚‹ PAM プロファイル:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "PAM (Pluggable Authentication Modules) ã¯ã€ãƒ¦ãƒ¼ã‚¶ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒé–‹å§‹ã—ãŸã¨ãã«" "èµ·ã“ã™è¿½åŠ ã®ã‚¢ã‚¯ã‚·ãƒ§ãƒ³è¨­å®šã®è¨±å¯ã¨å…±ã«ã€ã©ã®ã‚ˆã†ã«èªè¨¼ã€èªå¯ã€ãƒ‘スワード変更" "ãŒã‚·ã‚¹ãƒ†ãƒ ã§æ‰±ã‚れるã‹ã‚’決定ã—ã¾ã™ã€‚" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "ã„ãã¤ã‹ã® PAM モジュールパッケージã¯ã€ã‚·ã‚¹ãƒ†ãƒ ä¸Šã®ã™ã¹ã¦ã® PAM 利用アプリ" "ケーションã®æŒ™å‹•ã‚’自動ã§èª¿æ•´ã™ã‚‹ã®ã«åˆ©ç”¨ã§ãるプロファイルをæä¾›ã—ã¦ã„ã¾ã™ã€‚" "ã“れらã®æŒ™å‹•ã®ä¸­ã‹ã‚‰æœ‰åŠ¹åŒ–ã—ãŸã„ã‚‚ã®ã‚’指定ã—ã¦ãã ã•ã„。" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "矛盾ã™ã‚‹ PAM プロファイルãŒé¸æŠžã•ã‚Œã¾ã—ãŸã€‚" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "次㮠PAM プロファイルã¯ä¸€ç·’ã«åˆ©ç”¨ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "有効化ã™ã‚‹ãŸã‚ã«é•ã†ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚»ãƒƒãƒˆã‚’é¸æŠžã—ã¦ãã ã•ã„。" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "/etc/pam.d/common-* ã«ãƒ­ãƒ¼ã‚«ãƒ«ã®å¤‰æ›´ã‚’上書ãã—ã¾ã™ã‹?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "/etc/pam.d/common-{auth,account,password,session} ã®ãƒ•ã‚¡ã‚¤ãƒ«ã®ã†ã¡ã® 1 ã¤ä»¥ä¸Š" "ãŒãƒ­ãƒ¼ã‚«ãƒ«ã§å¤‰æ›´ã•ã‚Œã¦ã„ã¾ã™ã€‚ã“れらã®ãƒ­ãƒ¼ã‚«ãƒ«ã®å¤‰æ›´ã‚’システムã§æä¾›ã•ã‚Œã‚‹è¨­" "定を使ã£ã¦ä¸Šæ›¸ãã™ã¹ãã‹ã©ã†ã‹ã‚’指示ã—ã¦ãã ã•ã„。ã“ã®é¸æŠžè‚¢ã§ã€Œã„ã„ãˆã€ã¨ç­”" "ãˆã‚‹å ´åˆã€ã‚ãªãŸã®ã‚·ã‚¹ãƒ†ãƒ ã®èªè¨¼è¨­å®šã‚’手動ã§ç®¡ç†ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "PAM プロファイルãŒä½•ã‚‚é¸æŠžã•ã‚Œã¦ã„ã¾ã›ã‚“。" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "ã“ã®ã‚·ã‚¹ãƒ†ãƒ ã§åˆ©ç”¨ã™ã‚‹ PAM プロファイルãŒä½•ã‚‚é¸æŠžã•ã‚Œã¦ã„ã¾ã›ã‚“。ã“ã‚Œã¯ã€ã™ã¹" "ã¦ã®ãƒ¦ãƒ¼ã‚¶ãŒèªè¨¼ãªã—ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¦ã—ã¾ã†ã“ã¨ã«ãªã‚‹ã®ã§ã€èªã‚られã¾ã›ã‚“。利" "用å¯èƒ½ãªä¸€è¦§ã‹ã‚‰å°‘ãªãã¨ã‚‚ 1 ã¤ã® PAM プロファイルをé¸ã‚“ã§ãã ã•ã„。" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver 㨠xlockmore ã‚’æ›´æ–°å‰ã«å†èµ·å‹•ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "ã“ã®ã‚·ã‚¹ãƒ†ãƒ ã§ 1 ã¤ä»¥ä¸Šã® xscreensaver ã‚ã‚‹ã„㯠xlockmore ã®å‹•ä½œãŒæ¤œå‡ºã•ã‚Œã¾" "ã—ãŸã€‚éžäº’æ›ã®ãƒ©ã‚¤ãƒ–ラリ変更ã®ãŸã‚ã€libpam-modules パッケージã®æ›´æ–°ã¯ã“れらã®" "プログラムã§ã®èªè¨¼ãŒã§ããªããªã‚‹ã¨ã„ã†äº‹æ…‹ã«ã‚ãªãŸã‚’追ã„ã‚„ã‚Šã¾ã™ã€‚ユーザãŒç¾" "在ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å¤–ã«ç· ã‚出ã•ã‚Œã‚‹ã®ã‚’é¿ã‘ã‚‹ãŸã‚ã€ã“ã®ãƒ‘ッケージã®æ›´æ–°ã‚’継続ã™" "ã‚‹å‰ã«ã€ã“れらã®ãƒ—ログラムをå†èµ·å‹•ã™ã‚‹ã‹åœæ­¢ã™ã‚‹ã‚ˆã†ã«æ‰‹é…ã™ã¹ãã§ã™ã€‚" pam/debian/po/nl.po0000644000000000000000000002225313261244762011345 0ustar # Dutch translation of pam debconf templates. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # Bart Cornelis , 2007. # Eric Spreen , 2010. # Jeroen Schot , 2011. # msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-11-25 16:33+0100\n" "Last-Translator: Jeroen Schot \n" "Language-Team: Debian l10n Dutch \n" "Language: nl\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Bij de opwaardering van de PAM-bibliotheek te herstarten diensten:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "De meeste PAM-gebruikende diensten moeten herstart worden voor ze gebruik " "kunnen maken van modules die gebouwd zijn voor de nieuwe libpam-versie. De " "volgende, met spaties gescheiden, lijst van init.d scripts wordt herstart. " "Gelieve deze lijst te controleren en indien nodig aan te passen." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "De beeldschermbeheerder dient handmatig herstart te worden" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "De beelschermbeheerders wdm en xdm vereisen een herstart vanwege de nieuwe " "libpam-versie. Er zijn echter X-login-sessies actief op uw systeem die " "hierdoor afgesloten zouden worden. Nieuwe X-sessies starten via deze " "diensten is pas mogelijk eens u ze handmatig herstart heeft." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Herstarten van sommige diensten bij de PAM-opwaardering is mislukt" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "De volgende diensten konden niet herstart worden bij de opwaardering van de " "PAM-bibliotheek:." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "U dient deze diensten handmatig op te starten via het commando '/etc/init.d/" " start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Diensten zonder vragen herstarten bij het opwaarderen van pakketten?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Er zijn diensten op uw systeem geïnstalleerd die moeten worden herstart " "wanneer bepaalde bibliotheken, zoals libpam, libc en libssl, worden " "opgewaardeerd. Omdat deze herstarts dienstonderbrekingen op uw systeem " "kunnen veroorzaken wordt u normaal gesproken bij elke opwaardering gevraagd " "welke diensten u wilt herstarten. Als u voor deze optie kiest wordt dit niet " "meer aan u gevraagd. In plaats daarvan worden alle noodzakelijke herstarts " "automatisch gedaan zodat u geen vragen krijgt bij elke opwaardering van een " "bibliotheek." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM-configuratie" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "PAM-profielen die ingeschakeld moeten worden:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) bepalen hoe authenticatie, " "autorisatie en wachtwoordverandering worden behandeld op het systeem. Ook " "staat het het instellen van overige acties die moeten worden ondernomen bij " "het starten van gebruikerssessies toe." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Sommige PAM-modulepakketten leveren profielen die kunnen worden gebruikt om " "automatisch het gedrag van alle programma's die PAM gebruiken aan te passen. " "Geeft u alstublieft aan welk van deze instellingen u wilt gebruiken." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Strijdige PAM-profielen geselecteerd." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "De volgende PAM-profielen kunnen niet samen worden gebruikt:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Selecteer een andere set modules om in te schakelen." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Wilt u de locale veranderingen aan /etc/pam.d/common-* overschrijven?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Een of meer van de bestanden /etc/pam.d/common-{auth,account,password," "session} zijn lokaal aangepast. Geef aan of deze lokale veranderingen moeten " "worden overschreven, door de door het systeem geleverde configuratie te " "gebruiken. Als u dit weigert, zult u de configuratie van de authenticatie " "van uw systeem met de hand moeten onderhouden." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Er zijn geen PAM-profielen geselecteerd." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Er zijn geen PAM-profielen geselecteerd om gebruikt te worden op dit " "systeem. Dit zou alle gebruikers toegang geven zonder authenticatie, hetgeen " "niet is toegestaan. Selecteer minstens een PAM-profiel van de beschikbare " "lijst." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver en xlockmore moeten worden herstart voor u kunt upgraden" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Er zijn een of meer draaiende instanties van xscreensaver of xlockmore " "gedetecteerd op dit systeem. Wegens strijdige veranderingen in bibliotheken " "zal de upgrade van het pakket libpam-modules een systeem veroorzaken waarin " "u zich niet zult kunnen authenticeren tegenover deze programma's. U dient " "ervoor te zorgen dat deze programma's worden herstart of gestopt voordat u " "verder gaat met deze upgrade, om te voorkomen dat gebruikers worden " "uitgesloten van hun huidige sessies." pam/debian/po/pl.po0000644000000000000000000002165613261244762011355 0ustar # Copyright (C) 2011 # This file is distributed under the same license as the pam package. # # MichaÅ‚ KuÅ‚ach , 2012. msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-26 12:07+0100\n" "Last-Translator: MichaÅ‚ KuÅ‚ach \n" "Language-Team: Polish \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.2\n" "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 " "|| n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" "UsÅ‚ugi które majÄ… być zrestartowane, w zwiÄ…zku z aktualizacjÄ… biblioteki PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "WiÄ™kszość usÅ‚ug używajÄ…cych PAM musi być zrestartowana, aby używać modułów " "zbudowanych do tej nowej wersji libpam. ProszÄ™ przeglÄ…dnąć poniższÄ… listÄ™ " "skryptów init.d (oddzielonÄ… spacjami), pod kÄ…tem usÅ‚ug które majÄ… być teraz " "zrestartowane, i poprawić jÄ… jeÅ›li zachodzi taka potrzeba." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Menedżer logowania musi być zrestartowany rÄ™cznie" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Menedżery logowania wdm i xdm wymagajÄ… restartu z powodu nowej wersji " "libpam, ale wystÄ™pujÄ… aktywne sesje logowania X, które mogÄ… być przerwane " "przez ten restart. BÄ™dzie istniaÅ‚a potrzeba rÄ™cznego restartu tych usÅ‚ug, " "aby kolejne logowania X staÅ‚y siÄ™ możliwe." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Nie udaÅ‚o siÄ™ zrestartować niektórych usÅ‚ug w celu aktualizacji PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "NastÄ™pujÄ…ce usÅ‚ugi nie mogÅ‚y zostać zrestartowane z celu aktualizacji PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Należy zrestartować te usÅ‚ugi rÄ™cznie, przez wykonanie \"/etc/init.d/" " start\"" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Zrestartować usÅ‚ugi podczas aktualizacji pakietu bez pytania?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Niektóre z zainstalowanych usÅ‚ug wymagajÄ… restartu, gdy sÄ… aktualizowane " "okreÅ›lone biblioteki (np. libpam, libc i libss1). Ponieważ restarty mogÄ… " "spowodować przerwanie tych usÅ‚ug, użytkownik jest zwykle pytany podczas " "każdej aktualizacji o listÄ™ usÅ‚ug, które chce zrestartować. Można wybrać tÄ™ " "opcjÄ™, aby zapobiec takim pytaniom; wtedy wszystkie potrzebne restarty " "odbÄ™dÄ… siÄ™ automatycznie, a użytkownik uniknie pytania przy każdej " "aktualizacji biblioteki." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Konfiguracja PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Profile PAM do wÅ‚Ä…czenia:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) okreÅ›la, jak obsÅ‚ugiwane jest przez " "system uwierzytelnienie, autoryzacja i zmiana hasÅ‚a, jak również pozwala na " "konfiguracjÄ™ dodatkowych akcji do podjÄ™cia podczas uruchamiania sesji " "użytkownika." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Niektóre moduÅ‚y PAM dostarczajÄ… profile, które mogÄ… być użyte do " "automatycznego dostosowania zachowania wszystkich aplikacji używajÄ…cych PAM " "w systemie. ProszÄ™ okreÅ›lić, które z tych zachowaÅ„ majÄ… być wÅ‚Ä…czone." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Wybrano niezgodne profile PAM." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "NastÄ™pujÄ…ce profile PAM nie mogÄ… być używane razem:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "ProszÄ™ wybrać inny zestaw modułów do wÅ‚Ä…czenia." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Nadpisać lokalne zmiany w /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Jeden lub wiÄ™cej plików /etc/pam.d/common-{auth,account,password,session}, " "zostaÅ‚o lokalnie zmodyfikowanych. ProszÄ™ okreÅ›lić, czy zmiany te powinny " "zostać nadpisane przez konfiguracjÄ™ dostarczanÄ… z systemem. W przypadku " "braku zgody użytkownika, konieczne bÄ™dzie rÄ™czne zarzÄ…dzanie systemowÄ… " "konfiguracjÄ… uwierzytelniania." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Nie wybrano żadnych profili PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Nie wybrano żadnych profili PAM, które majÄ… być używane przez system. DaÅ‚oby " "to dostÄ™p wszystkim użytkownikom bez uwierzytelniania, co nie jest " "dozwolone. ProszÄ™ wybrać przynajmniej jeden profil PAM z dostÄ™pnej listy." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver i xlockmore muszÄ… zostać zrestartowane przed aktualizacjÄ…" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Wykryto jednÄ… lub wiÄ™cej dziaÅ‚ajÄ…cych kopii programu xscreensaver lub " "xlockmore. Z powodu niekompatybilnych zmian biblioteki, aktualizacja pakietu " "libpam-modules uniemożliwiÅ‚a by autoryzacjÄ™ użytkownika do tych programów. " "Należy zrestartować lub zatrzymać te programy przed aktualizacjÄ…, aby " "zapobiec utkniÄ™ciu użytkowników poza ich aktualnymi sesjami." pam/debian/po/pt.po0000644000000000000000000002213613261244762011357 0ustar # translation of pam debconf to Portuguese # Copyright (C) 2007 Américo Monteiro # This file is distributed under the same license as the pam package. # # Américo Monteiro , 2007, 2009. # Pedro Ribeiro , 2011. # msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-12-17 18:46+0000\n" "Last-Translator: Pedro Ribeiro \n" "Language-Team: Portuguese \n" "Language: pt\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Serviços a reiniciar para a actualização da biblioteca PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "A maioria dos serviços que usam PAM necessitam ser reiniciados para usarem " "os módulos construídos para esta nova versão do libpam. Por favor, reveja a " "seguinte lista de scripts init.d de serviços, separados por espaços, para " "serem reiniciados agora e corrija-a se for necessário." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "O gestor de sessão gráfica deverá ser reiniciado manualmente" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Os gestores de sessão gráfica wdm e xdm necessitam de reiniciar para a nova " "versão de libpam, mas existem sessões de login X activas no seu sistema que " "seriam terminadas por esta operação. Deverá reiniciar estes serviços " "manualmente para permitir novos logins X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Falha ao reiniciar alguns serviços para a actualização PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Os seguintes serviços não puderam ser reiniciados para a actualização da " "biblioteca PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Você precisa iniciar manualmente estes serviços fazendo '/etc/init.d/" " start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Reiniciar os serviços durante actualizações do pacote sem perguntar?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Há serviços instalados no seu sistema que necessitam de ser reiniciados " "quando certas bibliotecas, tais como libpam, libc e libssl, são " "actualizadas. Uma vez que estes reinícios podem causar interrupções de " "serviço do sistema, será normalmente questionado em cada actualização sobre " "a lista de serviços que deseja reiniciar. Pode escolher esta opção para " "evitar as questões; neste caso, todos os reinicios serão efectuados " "automaticamente e não será questionado em cada actualização das bibliotecas." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Configuração PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Perfis PAM para activar:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "O PAM (Pluggable Authentication Modules) determina como a autenticação, a " "autorização, e a mudança de palavras-chave são manuseadas no sistema, assim " "como permitir a configuração de acções adicionais a tomar quando arrancam " "sessões de utilizador." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Alguns pacotes de módulos do PAM disponibilizam perfis que podem ser usados " "para ajustar automaticamente o comportamento de todas as aplicações no " "sistema que usam o PAM. Por favor indique quais destes comportamentos deseja " "activar." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Seleccionados perfis PAM incompatíveis." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Os seguintes perfis do PAM não podem ser usados juntamente:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Por favor seleccione um conjunto diferente de módulos para activar." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Sobre-escrever as alterações locais em /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Um ou mais dos ficheiros /etc/pam.d/common-{auth,account,password,session} " "foi modificado localmente. Por favor indique se estas alterações locais " "deverão ser sobre-escritas usando a configuração disponibilizada pelo " "sistema. Se você recusar esta opção, terá que gerir a configuração de " "autenticação do sistema manualmente." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Nenhum perfil do PAM foi seleccionado." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Não foram seleccionados perfis do PAM para utilização neste sistema. Isto " "irá permitir acesso sem autenticação ao todos os utilizadores, e não é " "permitido. Por favor seleccione pelo menos um perfil PAM a partir da lista " "disponível." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver e xlockmore têm que ser reiniciados antes da actualização" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Uma ou mais instâncias do xscreensaver ou xlockmore foram detectadas a " "funcionar neste sistema. Devido a alterações incompatíveis em bibliotecas, a " "actualização do pacote libpam-modules irá deixá-lo incapaz de se autenticar " "nestes programas. Você deve fazer com que estes programas sejam reiniciados " "ou parados antes de continuar com esta actualização, para evitar trancar os " "seus utilizadores fora das suas sessões actuais." pam/debian/po/pt_BR.po0000644000000000000000000002076513261244762011750 0ustar # pam Brazilian Portuguese translation # Copyright (c) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # Eder L. Marques , 2007-2009. # msgid "" msgstr "" "Project-Id-Version: pam_0.99.7.1-5\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-03-29 13:01-0700\n" "Last-Translator: Eder L. Marques \n" "Language-Team: Brazilian Portuguese \n" "Language: pt_BR\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "pt_BR utf-8\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Serviços a serem reiniciados para a atualização de bibliotecas PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "A maioria dos serviços que utilizam PAM precisam ser reiniciados para usar " "os módulos construídos para esta nova versão da libpam. Por favor, revise a " "seguinte lista separada por espaços de seus scripts init.d para os serviços " "a serem reiniciados agora, e a corrija se necessário." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Gerenciadores de display devem ser reiniciados manualmente" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Os gerenciadores de display wdm e xdm precisam ser reiniciados para a nova " "versão da libpam, mas existem sessões de login X ativas em seu sistema que " "podem ser terminadas por este reinicio. Você consequentemente necessitará " "reiniciar estes serviços manualmente antes que logins X adicionais sejam " "possíveis." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Falha ao reiniciar alguns serviços para a atualização da PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Os seguintes serviços não puderam ser reiniciados para a atualização da " "biblioteca PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Você deverá iniciá-los manualmente executando '/etc/init.d/ start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Perfis PAM para habilitar:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "O PAM (\"Pluggable Authentication Modules\") determina como a autenticação, " "autorização e alteração de senha são tratados no sistema, assim como permite " "a configuração de ações adicionais a serem tomadas quando sessões de usuário " "são iniciadas." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Alguns pacotes de módulos PAM fornecem perfis que podem ser usados para " "ajustar automaticamente o comportamento de todas as aplicações que usam PAM " "no sistema. Por favor, indique quais destes comportamentos você deseja " "habilitar." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Perfis PAM incompatíveis foram selecionados." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Os seguintes perfis PAM não podem ser usados em conjunto:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Por favor, selecione um conjunto diferente de módulos para habilitar." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Sobrescrever as modificações locais de /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Um ou mais dos arquivos /etc/pam.d/common-{auth,account,password,session} " "foram modificados localmente. Por favor, indique quais destas modificações " "locais devem ser sobrescritas usando a configuração fornecida pelo sistema. " "Se você recusar esta opção, você precisará gerenciar a configuração de " "autenticação do seu sistema manualmente." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Nenhum perfil PAM foi selecionado." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Nenhum perfil PAM foi selecionado para uso neste sistema. Isto irá garantir " "a todos os usuários acesso sem autenticação, e isto não é permitido. Por " "favor, selecione no mínimo um perfil PAM da lista disponível." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "O xscreensaver e xlockmore precisam ser reiniciados antes de atualizar" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Uma ou mais instâncias do xscreensaver ou do xlockmore foram detectadas em " "execução neste sistema. Por causa de modificações incompatíveis de " "biblioteca a atualização do pacote libpam-modules impossibilitará você de se " "autenticar nestes programas. Você deve providenciar que estes programas " "sejam reiniciados ou parados antes de continuar com esta atualização, para " "evitar bloquear seus usuários fora de suas sessões atuais." pam/debian/po/ro.po0000644000000000000000000002056213261244762011355 0ustar # Romanian translation of pam debconf templates # Debconf questions for the Linux-PAM package. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # # Igor Stirbu , 2008. # Eddy PetriÈ™or , 2009. msgid "" msgstr "" "Project-Id-Version: pam 1.0.1-7\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-03-29 13:01-0700\n" "Last-Translator: Eddy PetriÈ™or \n" "Language-Team: Romanian \n" "Language: ro\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: KBabel 1.11.4\n" "Plural-Forms: nplurals=3; plural=n==1 ? 0 : (n==0 || (n%100 > 0 && n%100 < " "20)) ? 1 : 2;\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Serviciile repornite la actualizarea bibliotecii PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Majoritatea serviciilor ce folosesc PAM trebuie repornite pentru a folosi " "modulele pentru noua versiune de libpam. Următoarea listă foloseÈ™te ca " "separator spaÈ›iul È™i conÈ›ine script-uri init.d care urmează să fie repornite " "acum; verificaÈ›i-o È™i corectaÈ›i-o, dacă este necesar." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Administratorul de ecran trebuie repornit manual" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Administratorii de ecran wdm È™i xdm trebuie reporniÈ›i pentru ca să " "folosească noua versiune de libpam, dar sunt sesiuni active de X pe sistemul " "dumneavoastră care ar fi oprite odată cu această repornire. Drept urmare, " "trebuie să reporniÈ›i manual aceste servicii înainte ca autentificările X " "ulterioare să fie posibile." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "EÈ™ec la repornirea unor servicii la actualizarea PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Următoarele servicii nu au putut fi repornite la actualizarea bibliotecii " "PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Trebuie să reporniÈ›i manual aceste servicii rulând „/etc/init.d/ " "startâ€" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Profile PAM de activat:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Modulele de autentificare conectabile (PAM) definesc cum se manevrează în " "sistem autentificările, autorizaÈ›iile È™i schimbările de parole, dar permite " "È™i adăugarea de diverse acÈ›iuni ce se vor efectua la pornirea sesiunilor " "utilizatorilor." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Unele pachete de module PAM furnizează profile care pot fi folosite pentru " "ajustarea automată a comportamentului aplicaÈ›iilor din sistem care folosesc " "PAM. IndicaÈ›i pe care dintre aceste comportamente le doriÈ›i activate." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "SelecÈ›ie de profile PAM incompatibile." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Următoarele profile PAM nu pot fi folosite împreună:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "SelectaÈ›i un alt set de module de activat." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Se ignoră schimbările locale făcute în /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Există modificari locale într-unul sau mai multe dintre fiÈ™ierele /etc/pam.d/" "common-{auth,account,password,session}. PrecizaÈ›i dacă aceste schimbări " "locale trebuie suprascrise cu configuraÈ›ia oferită de sistem. Dacă refuzaÈ›i, " "va trebui să administraÈ›i manual configuraÈ›ia de autentificare a sistemului." #. Type: error #. Description #: ../libpam-runtime.templates:5001 #, fuzzy msgid "No PAM profiles have been selected." msgstr "SelecÈ›ie de profile PAM incompatibile." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver È™i xlockmore trebuie repornite înainte de înnoire" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "în sistem s-a detectat cel puÈ›in o instanță activa de xscreensaver sau " "xlockmore. Datorită unor schimbări de compatibilitate în biblioteci, " "înnoirea pachetului libpam-modules nu vă va mai permite să vă autentificaÈ›i " "în aceste programe. Va trebui să aranjaÈ›i lucrurile în aÈ™a fel încât aceste " "programe să fie repornite sau oprite înainte de a continua înnoirea pentru a " "evita blocarea utilizatorilor în afara sesiunilor lor curente." pam/debian/po/ru.po0000644000000000000000000002577213261244762011373 0ustar # translation of ru.po to Russian # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the pam package. # # Yuri Kozlov , 2007. # Max Kosmach , 2009. # Yuri Kozlov , 2009, 2011. msgid "" msgstr "" "Project-Id-Version: pam 1.1.3-6\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2011-12-04 09:00+0400\n" "Last-Translator: Yuri Kozlov \n" "Language-Team: Russian \n" "Language: ru\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Generator: Lokalize 1.0\n" "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Службы, которые будут перезапущены поÑле Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ Ð±Ð¸Ð±Ð»Ð¸Ð¾Ñ‚ÐµÐºÐ¸ PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Чтобы задейÑтвовать новые верÑии модулей из libpam нужно перезапуÑтить " "большинÑтво Ñлужб, иÑпользующих PAM. Внимательно проÑмотрите и, при " "необходимоÑти, отредактируйте ÑпиÑок Ñценариев из init.d Ð´Ð»Ñ Ñлужб, которые " "будут перезапущены. Элементы ÑпиÑка разделÑÑŽÑ‚ÑÑ Ð¿Ñ€Ð¾Ð±ÐµÐ»Ð¾Ð¼." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Программу входа в ÑиÑтему нужно перезапуÑтить вручную" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Ð”Ð»Ñ Ñ€Ð°Ð±Ð¾Ñ‚Ñ‹ Ñ Ð½Ð¾Ð²Ð¾Ð¹ верÑией libpam программам Ð´Ð»Ñ Ð²Ñ…Ð¾Ð´Ð° в ÑиÑтему wdm и xdm " "требуетÑÑ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿ÑƒÑк, но Ñто прервёт вÑе запущенные X-ÑеанÑÑ‹. ПоÑтому вам " "нужно перезапуÑтить Ñти Ñлужбы вручную Ð´Ð»Ñ Ñ‚Ð¾Ð³Ð¾, чтобы можно было Ñнова " "входить в ÑиÑтему через X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "При обновлении PAM перезапуÑк некоторых Ñлужб завершилÑÑ Ð½ÐµÑƒÐ´Ð°Ñ‡Ð½Ð¾" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "При обновлении библиотеки PAM не удалоÑÑŒ перезапуÑтить Ñледующие Ñлужбы:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "Вам нужно запуÑтить их вручную, выполнив '/etc/init.d/<Ñлужба> start'." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "ПерезапуÑкать Ñлужбы при обновлении пакета не Ð·Ð°Ð´Ð°Ð²Ð°Ñ Ð²Ð¾Ð¿Ñ€Ð¾Ñ?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Ð’ ÑиÑтеме уÑтановлены Ñлужбы, которые требуют перезапуÑка поÑле Ð¾Ð±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ñ " "определённых библиотек (например, libpam, libc и libssl). Так как Ñто может " "вызвать перерыв в работе Ñлужбы, обычно, при каждом обновлении выдаётÑÑ " "ÑпиÑок Ñлужб, которые нужно перезапуÑтить. Чтобы Ñтот Ð²Ð¾Ð¿Ñ€Ð¾Ñ Ð½Ðµ задавалÑÑ, " "вы можете ответить утвердительно; в Ñтом Ñлучае вÑе необходимые Ñлужбы будут " "перезапущены автоматичеÑки." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "ÐаÑтройка PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Ðктивируемые профили PAM:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Через подключаемые модули аутентификации (PAM) указываетÑÑ ÐºÐ°Ðº нужно " "проводить аутентификацию, авторизацию и Ñмену Ð¿Ð°Ñ€Ð¾Ð»Ñ Ð² ÑиÑтеме, а также " "можно назначать запуÑк дополнительных дейÑтвий при Ñтарте пользовательÑкого " "ÑеанÑа." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Ðекоторые пакеты модулей PAM предоÑтавлÑÑŽÑ‚ профили, которые можно " "иÑпользовать Ð´Ð»Ñ Ð°Ð²Ñ‚Ð¾Ð¼Ð°Ñ‚Ð¸Ñ‡ÐµÑкого Ñ€ÐµÐ³ÑƒÐ»Ð¸Ñ€Ð¾Ð²Ð°Ð½Ð¸Ñ Ð¿Ð¾Ð²ÐµÐ´ÐµÐ½Ð¸Ñ Ð²Ñех иÑпользующих " "PAM программ в ÑиÑтеме. Выберите профили, которые нужно применить." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Выбраны неÑовмеÑтимые профили PAM." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Следующие профили PAM Ð½ÐµÐ»ÑŒÐ·Ñ Ð¸Ñпользовать одновременно:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Выберите другой набор активируемых модулей." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Переопределить локальные Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð² /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Один или более файлов в /etc/pam.d/common-{auth,account,password,session} " "был изменён вручную. Заметьте, что данные локальные Ð¸Ð·Ð¼ÐµÐ½ÐµÐ½Ð¸Ñ Ð´Ð¾Ð»Ð¶Ð½Ñ‹ быть " "переопределены через ÑиÑтемные наÑтройки. ЕÑли вы ответите отрицательно, то " "вам придётÑÑ ÑƒÐ¿Ñ€Ð°Ð²Ð»ÑÑ‚ÑŒ наÑтройками аутентификации ÑиÑтемы вручную." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Профили PAM не выбраны." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Ð’ ÑиÑтеме Ð´Ð»Ñ Ñ€Ð°Ð±Ð¾Ñ‚Ñ‹ не выбрано ни одного Ð¿Ñ€Ð¾Ñ„Ð¸Ð»Ñ PAM. Это предоÑтавит " "полный доÑтуп вÑем пользователÑм без аутентификации, что нежелательно. " "Выберите, по крайней мере, один профиль PAM из доÑтупных." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "Перед обновлением требуетÑÑ Ð¿ÐµÑ€ÐµÐ·Ð°Ð¿ÑƒÑтить xscreensaver и xlockmore" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Обнаружено, что в ÑиÑтеме запущен один или неÑколько процеÑÑов xscreensaver " "или xlockmore. Из-за изменений в библиотеке, обновление пакета libpam-" "modules приведёт к невозможноÑти Ð²Ñ‹Ð¿Ð¾Ð»Ð½ÐµÐ½Ð¸Ñ Ð°ÑƒÑ‚ÐµÐ½Ñ‚Ð¸Ñ„Ð¸ÐºÐ°Ñ†Ð¸Ð¸ из Ñтих программ. " "Перед тем как продолжить обновление вам нужно перезапуÑтить или оÑтановить " "работу Ñтих программ, чтобы избежать блокировки пользователей в их активных " "ÑеанÑах." pam/debian/po/sk.po0000644000000000000000000002171113261244762011347 0ustar # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the pam package. # Ivan Masár , 2008, 2009, 2010, 2012. # msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2012-01-19 22:37+0100\n" "Last-Translator: Ivan Masár \n" "Language-Team: Slovak \n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Pri aktualizácii knižnice PAM reÅ¡tartovaÅ¥ nasledovné služby:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "VäÄÅ¡inu služieb využívajúcich PAM je potrebné reÅ¡tartovaÅ¥, aby zaÄali " "používaÅ¥ moduly zostavené pre túto novú verziu libpam. Prosím, skontrolujte " "nasledovný zoznam init.d skriptov (oddelené Äiarkami), ktoré sa majú teraz " "reÅ¡tartovaÅ¥ a ak je to potrebné, opravte ho." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Správcu obrazovky je potrebné reÅ¡tartovaÅ¥ ruÄne" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Správcovia obrazovky wdm a xdm vyžadujú reÅ¡tart kvôli novej verzii libpam, " "ale na vaÅ¡om systéme sú aktívne prihlasovacie relácie X, ktoré by tento " "reÅ¡tart ukonÄil. Preto tieto služby budete musieÅ¥ reÅ¡tartovaÅ¥ ruÄne predtým, " "než bude možné uskutoÄniÅ¥ ÄalÅ¡ie prihlásenie k X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Zlyhal reÅ¡tart niektorých služieb pri aktualizácii PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Nasledovné služby nebolo možné reÅ¡tartovaÅ¥ pri aktualizácii knižnice PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Budete ich musieÅ¥ reÅ¡tartovaÅ¥ ruÄne spustením „/etc/init.d/ startâ€." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "ReÅ¡tartovaÅ¥ služby poÄas aktualizácií balíka bez pýtania?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Na vaÅ¡om systéme bežia služby, ktoré ne potrebné reÅ¡tartovaÅ¥ pri " "aktualizácii urÄitých knižníc ako libpam, libc a libssl. Pretože tieto " "reÅ¡tarty môžu spôsobiÅ¥ preruÅ¡enia služby systému, za bežných okolností " "budete vyzvaní pri každej aktualizácie so zoznamom služieb, ktoré chcete " "reÅ¡tartovaÅ¥. Túto voľbu môžete vybraÅ¥, ak nechcete byÅ¥ vyzývaný, ale " "namiesto toho chcete, aby sa vÅ¡etky potrebné reÅ¡tarty vykonali automaticky " "za vás a tak sa vyhnúť kladeniu otázok pri každej aktualizácii knižnice." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "Konfigurácia PAM" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Zapnúř nasledovné profily PAM:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Zásuvné autentifikaÄné moduly (PAM) urÄujú ako systém pracuje s " "autentifikáciou, autorizáciou, zmenou hesiel a umožňuje tiež nastavenie " "Äalších operácií, ktoré sa majú vykonaÅ¥ pri prihlásení používateľa." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Niektoré balíky modulov PAM poskytujú profily, ktorými možno automaticky " "prisôpsobiÅ¥ správanie vÅ¡etkých aplikácií v systéme, ktoré používajú PAM. " "Prosím oznaÄte tie z nich, ktoré chcete zapnúť." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Boli vybrané nekompatibilné profily PAM." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Nasledovné profily PAM nemožno použiÅ¥ súÄasne:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Prosím, zmeňte množinu modulov, ktoré sa majú zapnúť." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "PrepísaÅ¥ lokálne zmeny v /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Jeden alebo viac zo súborov /etc/pam.d/common-{auth,account,password," "session} bolo na lokálnom systéme zmenených. UveÄte prosím, Äi sa majú tieto " "lokálne zmeny prepísaÅ¥ Å¡tandardnými konfiguraÄnými voľbami. Ak túto možnosÅ¥ " "zamietnete, budete musieÅ¥ spravovaÅ¥ nastavenia autentifikácie tohto systému " "ruÄne." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Neboli vybrané žiadne profily PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Pre tento systém neboli vybrané žiadne profily PAM. To by udelilo vÅ¡etkým " "používateľom prístup bez overovania a to nie je povolené. Prosím, vyberte " "aspoň jeden profil PAM zo zoznamu dostupných profilov." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "Pred aktualizáciou je potrebné reÅ¡tartovaÅ¥ xscreensaver a xlockmore" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Na tomto systéme bola zistená jedna alebo viacero bežiacich inÅ¡tancií " "programov xscreensaver alebo xlockmore. Z dôvodu nekomaptibilných zmien v " "knižniciach balíka libpam-modules by ste po aktualizácii neboli schopní " "overiÅ¥ sa týmto programom. Mali by ste zariadiÅ¥, aby sa tieto programy " "reÅ¡tartovali alebo zastavili predtým, než budete v tejto aktualizácii " "pokraÄovaÅ¥, aby ste prediÅ¡li tomu, že používatelia sa nebudú môcÅ¥ prihlásiÅ¥ " "zo svojich súÄasných relácií." pam/debian/po/sv.po0000644000000000000000000002554413261244762011372 0ustar # Debconf questions for the pam package translated to Swedish. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # # Martin Bagge , 2009, 2010, 2011 # Christer Andersson , 2007. msgid "" msgstr "" "Project-Id-Version: pam 0.99.7.1-5\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2014-04-08 11:37+0200\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" "Language: sv\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Poedit-Language: Swedish\n" "X-Poedit-Country: Sweden\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Tjänster att starta om efter uppgradering av PAM-biblioteket:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "De flesta tjänster som använder PAM behöver startas om för att använda " "moduler som byggts för denna nya libpam-version. GÃ¥ igenom följande lista av " "init.d-skript (separerade med mellanslag) för tjänster som nu kommer att " "startas om och korrigera den om nödvändigt." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Skärmhanterare mÃ¥ste startas om manuellt" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Skärmhanterarna wdm och xdm mÃ¥ste startas om för den nya versionen av libpam " "men det finns X-inloggningssessioner som skulle avslutas av en sÃ¥dan " "omstart. Du behöver därför starta om dessa tjänster manuellt innan " "ytterligare X-inloggningar är möjliga." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Misslyckades med att starta om vissa tjänster för PAM-uppgradering" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Följande tjänster kunde inte startas om efter uppgraderingen av PAM-" "biblioteket:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Du behöver starta om dessa manuellt genom att köra \"/etc/init.d/ " "start\"." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" "Ska tjänster startas om vid paketuppgraderingar utan att först frÃ¥ga om det?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Det finns tjänster installerade pÃ¥ systemet som behöver startas om när vissa " "bibliotek (ex. libpam, libc och libssl) uppdateras. Eftersom dessa omstarter " "kan innebära avbrott i tjänsterna pÃ¥ systemet kommer du vanligen att fÃ¥ en " "frÃ¥ga för varje uppgradering med en lista över tjänster som ska startas om. " "Du kan välja detta alternativ för att undvika att frÃ¥gan ställs. Istället " "kommer alla nödvändiga omstarter att skötas automatiskt och du undviker " "frÃ¥gor vid varje biblioteksuppgradering." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM-inställningar" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Aktivera följande PAM-profiler:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Pluggable Authentication Modules (PAM) hanterar hur autentisering, " "identifiering och byte av lösenord ska utföras pÃ¥ systemet. Dessutom " "hanteras särskilda Ã¥tgärder som ska vidtas vid uppstart av " "användarsessioner." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Vissa paket med PAM-moduler tillhandahÃ¥ller profiler som kan användas för " "att automatiskt justera hur applikationer som använder PAM fungerar pÃ¥ " "systemet. Ange vilka av dessa funktioner du önskar aktivera." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Inkompatibla PAM-profiler valdes." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Följande PAM-profiler kan inte användas tillsammans:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Ange en annan uppsättning med moduler som ska aktiveras." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Skriv över lokala förändringar i /etc/pam.d/common-*?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "En eller flera av filerna /etc/pam.d/common-{auth,account.password,session} " "har förändrats. Ange om dessa lokala förändringar ska skrivas över med " "standardinställningarna. Om du avböjer detta alternativ kommer du behöva " "hantera inställningarna för systemets autentisering manuellt." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Inga PAM-profiler valdes." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Inga PAM-profiler används pÃ¥ detta system. Detta skulle ge alla användare " "tillgÃ¥ng till systemet utan att behöva ange lösenord och det kan inte " "tillÃ¥tas. välj Ã¥tminstone en PAM-profil frÃ¥n listan med tillgängliga " "profiler." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "xscreensaver och xlockmore mÃ¥ste startas om innan uppgraderingen kan " "genomföras" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "En eller flera instanser av xscreensaver eller xlockmore körs pÃ¥ det här " "systemet. PÃ¥ grund av förändringar i biblioteket kan uppgraderingen av " "paketet libpam-modules innebära att du inte kan identifiera dig i dessa " "program. Programmen behöver startas om eller allra helst stängas av helt " "före uppgraderingen, resultatet kan annars innebära att du inte kan komma Ã¥t " "dina aktiva sessioner pÃ¥ systemet." #~ msgid "Your system allowed access without a password!" #~ msgstr "Ditt system tillät anslutningar utan lösenord!" #~ msgid "" #~ "A bug in a previous version of libpam-runtime resulted in no PAM profiles " #~ "being selected for use on this system. As a result, access was allowed " #~ "for a time to all accounts on your system, with or without a correct " #~ "password. Especially if this system can be accessed from the Internet, it " #~ "is likely that it has been compromised. Unless you are familiar with " #~ "recovering from security failures, viruses, and malicious software, you " #~ "should re-install this system from scratch or obtain the services of a " #~ "skilled system administrator. For more information, see:" #~ msgstr "" #~ "Ett fel i en tidigare version av libpam-runtime innebar att inga PAM-" #~ "profiler användes pÃ¥ systemet. Detta betydde i sin tur att alla konton pÃ¥ " #~ "systemet kunde använda skal, med eller utan ett korrekt lösenord. Om " #~ "detta system är Ã¥tkomligt via nätet är det mycket troligt att det kan ha " #~ "infiltrerats. Om du inte är säker pÃ¥ hur du ska Ã¥terställa eventuella fel " #~ "pÃ¥ grund av intrÃ¥ng, virus eller skadlig programvara bör du installera om " #~ "systemet frÃ¥n grunden eller inhämta hjälp av en erfaren " #~ "systemadministratör. Läs mer om detta pÃ¥:" #~ msgid "" #~ "The bug that allowed this wrong configuration is fixed in the current " #~ "version of libpam-runtime, and your configuration has now been corrected. " #~ "We apologize that previous versions of libpam-runtime did not detect and " #~ "prevent this situation." #~ msgstr "" #~ "Felet som orsakade dessa problem är Ã¥tgärdat i och med den aktuella " #~ "versionen av libpam-runtime och dina inställningar ha korrigerats. Vi ber " #~ "om ursäkt för att tidigare versioner av libpam-runtime inte upptäckte och " #~ "förhindrade att dessa fel uppstod." pam/debian/po/templates.pot0000644000000000000000000001305113261244762013112 0ustar # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" pam/debian/po/tr.po0000644000000000000000000002255213261244762011363 0ustar # Debconf questions for the Linux-PAM package. # Copyright (C) 2007 Steve Langasek # This file is distributed under the same license as the pam package. # Mert Dirik , 2008. # msgid "" msgstr "" "Project-Id-Version: pam 0.99.7.1-5\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2014-08-01 14:42+0200\n" "Last-Translator: Mert Dirik \n" "Language-Team: Debian L10n Turkish \n" "Language: tr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: Poedit 1.5.4\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "" "PAM kitaplığının yükseltilmesi için yeniden baÅŸlatılacak olan hizmetler:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "PAM kullanan çoÄŸu hizmet, libpam'ın bu yeni sürümü için derlenmiÅŸ " "modüllerden yararlanabilmek için yeniden baÅŸlatılmak zorunda. Lütfen " "yeniden baÅŸlatılacak hizmetlere iliÅŸkin init.d betiklerinin boÅŸluklarla " "ayrılmış aÅŸağıdaki listesini inceleyin ve gerekliyse listeyi düzeltin." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Görüntü yöneticisinin elle yeniden baÅŸlatılması gerekli" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "wdm ve xdm görüntü yöneticileri, libpam'ın yeni sürümünden yararlanabilmek " "için yeniden baÅŸlatılmalı; fakat sisteminizde etkin X oturumları var. " "Görüntü yöneticisi yeniden baÅŸlatılırsa bu oturumlar da kapatılır. Bu " "yüzden ileride yeni X oturumları açabilmek için bu hizmetleri elle yeniden " "baÅŸlatmanız gerekecek. " #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Bazı hizmetler PAM yükseltmesi için yeniden baÅŸlatılamadı" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "AÅŸağıdaki hizmetler PAM kitaplığının yükseltmesi için yeniden baÅŸlatılamadı:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Bu hizmetleri '/etc/init.d/ start' komutunu kullanarak elinizle " "baÅŸlatmanız gerekecek." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "Paket yükseltme esnasında hizmetler sorulmadan yeniden baÅŸlatılsın mı?" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" "Sisteminizde libpam, libc ve libssl gibi bazı kitaplıklar yükseltildiÄŸinde " "yeniden baÅŸlatılması gereken bazı hizmetler kurulu. Yeniden baÅŸlatma " "iÅŸlemleri sisteminizin sunduÄŸu hizmetlerde kesintilere neden olabileceÄŸinden " "dolayı her yükseltme iÅŸlemi esnasında yeniden baÅŸlatmak istediÄŸiniz " "hizmetler size sorulacaktır. EÄŸer bu sorunun sorulmasını istemiyorsanız bu " "seçeneÄŸi kullanabilirsiniz. Bu seçenek seçildiÄŸi takdirde bir kitaplık " "yükseltmesi yapılırken gereken tüm yeniden baÅŸlatma iÅŸlemleri size " "sorulmaksızın otomatik olarak yapılacaktır." #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "PAM yapılandırması" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "EtkinleÅŸtirilecek PAM profilleri:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Takılabilir DoÄŸrulama Modülleri (PAM), sistemdeki kimlik doÄŸrulama, izin " "verme ve parola deÄŸiÅŸtirme iÅŸlemlerinin ne ÅŸekilde idare edileceÄŸine karar " "veren ve ayrıca kullanıcı oturumları baÅŸlatılırken atılması gereken adımları " "yapılandırmaya yarayan bir sistemdir." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Bazı PAM modül paketleri, sistemde mevcut olan ve PAM kullanan tüm " "uygulamaların davranışlarını otomatik olarak ayarlamaya yarayan profiller " "saÄŸlar. Lütfen bu davranışlardan hangisini etkinleÅŸtirmek istediÄŸinizi " "belirtin." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Uyumsuz PAM profilleri seçildi" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Åžu PAM profilleri birarada kullanılamaz:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Lütfen farklı bir modül kümesi seçin." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" "/etc/pam.d/common-* konumundaki yerel deÄŸiÅŸiklikler görmezden gelinsin mi?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "/etc/pam.d/common-{auth,account,password,session} dosyalarından bir ya da " "daha fazlası yerel olarak deÄŸiÅŸtirilmiÅŸ. Lütfen bu yerel deÄŸiÅŸikliklerin " "sistem tarafından saÄŸlanan yapılandırma ile deÄŸiÅŸtirilmesine izin verip " "vermediÄŸinizi belirtin. Bu seçeneÄŸi kabul etmediÄŸiniz takdirde sistemin " "kimlik doÄŸrulama yapılandırmasını elinizle ayarlamanız gerekecektir." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "Hiçbir PAM profili seçilmedi." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "Sistemde kullanılmak üzere hiçbir PAM modülü seçilmedi. Bu durum tüm " "kullanıcılara hiçbir kimlik doÄŸrulamaya maruz kalmaksızın eriÅŸim izni " "verilmesi anlamına gelir ve bu duruma izin verilmemektedir. Lütfen mevcut " "profiller listesinden en az bir PAM profili seçin." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "" "Yükseltme iÅŸleminden önce xscreensaver ve xlockmore yeniden baÅŸlatılmalı" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Sisteminizde çalışmakta olan birden fazla xscreensaver ya da xlockmore " "örneÄŸine rastlandı. Uyumsuz kitaplık deÄŸiÅŸiklikleri yüzünden, libpam-modules " "paketinin yükseltilmesi bu programlarda kimlik doÄŸrulamasını olanaksız hale " "getirecek. Mevcut oturumların kilitlenmesi önlemek için, yükseltme iÅŸlemine " "devam etmeden önce bu programları durdurmalı ya da yeniden baÅŸlatmalısınız." pam/debian/po/vi.po0000644000000000000000000002627013261244762011355 0ustar # Vietnamese translation for PAM. # Copyright © 2010 Free Software Foundation, Inc. # Clytie Siddall , 2007-2010. # msgid "" msgstr "" "Project-Id-Version: pam 1.1.1-6.1\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2010-10-24 20:46+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n" "Language: vi\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=1; plural=0;\n" "X-Generator: LocFactoryEditor 1.8\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "Dịch vụ cần khởi chạy lại để nâng cấp thÆ° viện PAM:" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "Phần lá»›n dịch vụ sá»­ dụng PAM thì cÅ©ng cần phải được khởi chạy lại để sá»­ dụng " "những mô-Ä‘un được xây dá»±ng cho phiên bản libpam má»›i này. Hãy xem lại danh " "sách định giá»›i bằng dấu cách theo đây hiển thị những văn lệnh khởi Ä‘á»™ng " "(init.d) cho dịch vụ cần khởi chạy lại ngay bây giá», và sá»­a chữa nếu cần " "thiết." #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "Trình quản lý trình bày phải được khởi chạy bằng tay" #. Type: error #. Description #: ../libpam0g.templates:2001 #, fuzzy msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "Trình quản lý trình bày kdm, wdm, hay xdm cần thiết được khởi chạy lại để sá»­ " "dụng phiên bản má»›i của thÆ° viện libpam, nhÆ°ng việc khởi chạy lại sẽ cÅ©ng " "chấm dứt má»™t số buổi hợp Ä‘ang nhập X Ä‘ang chạy. Sau đó thì bạn cần phải tá»± " "khởi chạy lại những dịch vụ này để đăng nhập lại vào X." #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "Lá»—i khởi chạy lại má»™t số dịch vụ để nâng cấp PAM" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "" "Những dịch vụ theo đây không thể được khởi chạy lại để nâng cấp thÆ° viện PAM:" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "" "Bạn cần phải tá»± khởi chạy lại chúng bằng cách chạy câu lệnh « /etc/init.d/" " start »." #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "Các hồ sÆ¡ PAM cần bật:" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" "Mô-Ä‘un Xác thá»±c Dá»… kết hợp (PAM) quyết định quá trình xác thá»±c, cho phép và " "thay đổi mật khẩu được quản lý nhÆ° thế nào trên hệ thống, cÅ©ng nhÆ° cho phép " "cấu hình các hành vi bổ sung cần làm khi khởi chạy buổi hợp ngÆ°á»i dùng." #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" "Má»™t số mô-Ä‘un PAM nào đó cÅ©ng cung cấp các hồ sÆ¡ có thể được dùng để tá»± Ä‘á»™ng " "Ä‘iá»u chỉnh ứng xá»­ của tất cả các ứng dụng dùng PAM trên hệ thống. Hãy ngụ ý " "những ứng xá»­ nào bạn muốn hiệu lá»±c." #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "Bạn đã chá»n má»™t số hồ sÆ¡ PAM không tÆ°Æ¡ng thích vá»›i nhau." #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "Không thể sá»­ dụng vá»›i nhau những hồ sÆ¡ PAM theo đây:" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "Hãy chá»n má»™t tập hợp mô-Ä‘un khác để hiệu lá»±c." #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "Có quyá»n cao hÆ¡n thay đổi cục bá»™ trong « /etc/pam.d/common-* » không?" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" "Má»™t hay nhiá»u tập tin « /etc/pam.d/common-{auth,account,password,session} » " "đã bị sá»­a đổi cục bá»™. Hãy ngụ ý có nên ghi đè lên các thay đổi cục bá»™ này " "dùng cấu hình được hệ thống cung cấp, hay không. Không bật tuỳ chá»n này thì " "bạn cần phải tá»± quản lý cấu hình xác thá»±c của hệ thống này." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "ChÆ°a chá»n hồ sÆ¡ PAM." #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" "ChÆ°a chá»n hồ sÆ¡ PAM nào để sá»­ dụng trên hệ thống này. TrÆ°á»ng hợp này cho " "phép má»i ngÆ°á»i dùng truy cập đến hệ thống mà không xác thá»±c: không tốt ! Xin " "hãy chá»n ít nhất má»™t hồ sÆ¡ PAM trong danh sách sẵn sàng." #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "xscreensaver và xlockmore phải được khởi chạy lại trÆ°á»›c khi nâng cấp" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "Má»™t hai nhiá»u tiến trình xscreensaver hay xlockmore được phát hiện trên hệ " "thống này. Do thay đổi thÆ° viện không tÆ°Æ¡ng thích, việc nâng cấp gói libpam-" "modules sẽ để lại trÆ°á»ng hợp ngÆ°á»i dùng không thể xác thá»±c vá»›i những chÆ°Æ¡ng " "trình này. Vì thế bạn nên khởi chạy lại hoặc ngừng chạy những chÆ°Æ¡ng trình " "này trÆ°á»›c khi tiếp tục tiến trình nâng cấp, để tránh chặn ngÆ°á»i dùng đăng " "nhập vào buổi hợp Ä‘ang chạy." #~ msgid "Your system allowed access without a password!" #~ msgstr "Hệ thống này cho phép truy cập mà không nhập mật khẩu !" #~ msgid "" #~ "A bug in a previous version of libpam-runtime resulted in no PAM profiles " #~ "being selected for use on this system. As a result, access was allowed " #~ "for a time to all accounts on your system, with or without a correct " #~ "password. Especially if this system can be accessed from the Internet, it " #~ "is likely that it has been compromised. Unless you are familiar with " #~ "recovering from security failures, viruses, and malicious software, you " #~ "should re-install this system from scratch or obtain the services of a " #~ "skilled system administrator. For more information, see:" #~ msgstr "" #~ "Má»™t phiên bản libpam-runtime trÆ°á»›c chứa má»™t lá»—i dẫn đến không có hồ sÆ¡ " #~ "PAM nào được lá»±a chá»n để sá»­ dụng trên hệ thống này. Kết quả là trong má»™t " #~ "thá»i gian nào đó truy cập được phép đến má»i tài khoản trên hệ thống này, " #~ "bất chấp nhập mật khẩu đúng hay không. Äặc biệt nếu hệ thống này cho phép " #~ "truy cập từ Internet, rất có thể là hệ thống này bị hại thậm. Nếu bạn " #~ "không quen vá»›i tiến trình phục hồi sau sá»± thất bại bảo mật, vi-rút và " #~ "phần má»m hiểm Ä‘á»™c, bạn nên cài đặt lại hệ thống này từ số không, hoặc yêu " #~ "cầu dịch vụ của má»™t quản trị hệ thống thành thạo. Äể tìm thêm thông tin, " #~ "xem:" #~ msgid "" #~ "The bug that allowed this wrong configuration is fixed in the current " #~ "version of libpam-runtime, and your configuration has now been corrected. " #~ "We apologize that previous versions of libpam-runtime did not detect and " #~ "prevent this situation." #~ msgstr "" #~ "Lá»—i cho phép cấu hình sai này đã được sá»­a chữa trong phiên bản libpam-" #~ "runtime hiện thá»i, và cấu hình của bạn giỠđược sá»­a chữa. Chúng tôi xin " #~ "lá»—i vì phiên bản libpam-runtime trÆ°á»›c không phát hiện và ngăn cản trÆ°á»ng " #~ "hợp này." pam/debian/po/zh_CN.po0000644000000000000000000001607713261244762011744 0ustar # Simplified Chinese translation for debconf templates of the pam package # # The original English strings (msgid) are: # Copyright (C) 2007 Steve Langasek # The translations (msgstr) are: # Copyright (C) 2007 Ming Hua # Copyright (C) 2009 Deng Xiyue # # This file is distributed under the same license as the pam package. # msgid "" msgstr "" "Project-Id-Version: pam\n" "Report-Msgid-Bugs-To: pam@packages.debian.org\n" "POT-Creation-Date: 2011-10-30 15:05-0400\n" "PO-Revision-Date: 2009-01-01 12:30+0800\n" "Last-Translator: Deng Xiyue \n" "Language-Team: Debian Chinese [GB] \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "Services to restart for PAM library upgrade:" msgstr "å›  PAM 库å‡çº§è€Œéœ€è¦é‡æ–°å¯åŠ¨çš„æœåŠ¡ï¼š" #. Type: string #. Description #: ../libpam0g.templates:1001 msgid "" "Most services that use PAM need to be restarted to use modules built for " "this new version of libpam. Please review the following space-separated " "list of init.d scripts for services to be restarted now, and correct it if " "needed." msgstr "" "为了使用基于这个新版本 libpam 编译的模å—,ç»å¤§éƒ¨åˆ†ä½¿ç”¨ PAM çš„æœåŠ¡éƒ½éœ€è¦è¢«é‡æ–°" "å¯åŠ¨ã€‚请å¤æŸ¥ä¸‹é¢è¿™ä¸ªéœ€è¦é‡æ–°å¯åŠ¨çš„æœåŠ¡æ‰€å¯¹åº”çš„ init.d script 列表,script å" "称之间以åŠè§’空格分隔。如列表有误,请直接更正。" #. Type: error #. Description #: ../libpam0g.templates:2001 msgid "Display manager must be restarted manually" msgstr "必须手动é‡æ–°å¯åŠ¨æ˜¾ç¤ºç®¡ç†å™¨" #. Type: error #. Description #: ../libpam0g.templates:2001 #, fuzzy msgid "" "The wdm and xdm display managers require a restart for the new version of " "libpam, but there are X login sessions active on your system that would be " "terminated by this restart. You will therefore need to restart these " "services by hand before further X logins will be possible." msgstr "" "由于 lipam 更新到新版本,显示管ç†å™¨ kdmã€wdm å’Œ xdm 需è¦è¢«é‡æ–°å¯åŠ¨ã€‚但是您的" "系统上有正在è¿è¡Œçš„ X 登录会è¯ï¼Œè€Œå¦‚æžœé‡æ–°å¯åŠ¨æ˜¾ç¤ºç®¡ç†å™¨æœåŠ¡ï¼Œè¿™äº› X 会è¯å°±ä¼š" "被强行结æŸã€‚因此,您需è¦æ‰‹åŠ¨é‡æ–°å¯åŠ¨è¿™äº›æœåŠ¡ï¼Œå¦åˆ™æ‚¨å°†æ— æ³•å†ç™»å½•è¿› X 窗å£ç³»" "统。" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "Failure restarting some services for PAM upgrade" msgstr "为 PAM å‡çº§é‡æ–°å¯åŠ¨æŸäº›æœåŠ¡å¤±è´¥" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "The following services could not be restarted for the PAM library upgrade:" msgstr "å‡çº§ PAM 库时,下列æœåŠ¡æ— æ³•è¢«é‡æ–°å¯åŠ¨ï¼š" #. Type: error #. Description #: ../libpam0g.templates:3001 msgid "" "You will need to start these manually by running '/etc/init.d/ " "start'." msgstr "您需è¦è¿è¡Œâ€œ/etc/init.d/<æœåŠ¡> startâ€æ¥æ‰‹åŠ¨å¯åŠ¨è¿™äº›æœåŠ¡ã€‚" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "Restart services during package upgrades without asking?" msgstr "" #. Type: boolean #. Description #: ../libpam0g.templates:4001 msgid "" "There are services installed on your system which need to be restarted when " "certain libraries, such as libpam, libc, and libssl, are upgraded. Since " "these restarts may cause interruptions of service for the system, you will " "normally be prompted on each upgrade for the list of services you wish to " "restart. You can choose this option to avoid being prompted; instead, all " "necessary restarts will be done for you automatically so you can avoid being " "asked questions on each library upgrade." msgstr "" #. Type: title #. Description #: ../libpam-runtime.templates:1001 msgid "PAM configuration" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "PAM profiles to enable:" msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Pluggable Authentication Modules (PAM) determine how authentication, " "authorization, and password changing are handled on the system, as well as " "allowing configuration of additional actions to take when starting user " "sessions." msgstr "" #. Type: multiselect #. Description #: ../libpam-runtime.templates:2001 msgid "" "Some PAM module packages provide profiles that can be used to automatically " "adjust the behavior of all PAM-using applications on the system. Please " "indicate which of these behaviors you wish to enable." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Incompatible PAM profiles selected." msgstr "" #. Type: error #. Description #. This paragraph is followed by a (currently) non-translatable list of #. PAM profile names. #: ../libpam-runtime.templates:3001 msgid "The following PAM profiles cannot be used together:" msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:3001 msgid "Please select a different set of modules to enable." msgstr "" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "Override local changes to /etc/pam.d/common-*?" msgstr "" #. Type: boolean #. Description #: ../libpam-runtime.templates:4001 msgid "" "One or more of the files /etc/pam.d/common-{auth,account,password,session} " "have been locally modified. Please indicate whether these local changes " "should be overridden using the system-provided configuration. If you " "decline this option, you will need to manage your system's authentication " "configuration by hand." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "No PAM profiles have been selected." msgstr "" #. Type: error #. Description #: ../libpam-runtime.templates:5001 msgid "" "No PAM profiles have been selected for use on this system. This would grant " "all users access without authenticating, and is not allowed. Please select " "at least one PAM profile from the available list." msgstr "" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "xscreensaver and xlockmore must be restarted before upgrading" msgstr "在å‡çº§å‰å¿…é¡»é‡æ–°å¯åŠ¨ xscreensaver å’Œ xlockmore" #. Type: error #. Description #: ../libpam-modules.templates:1001 msgid "" "One or more running instances of xscreensaver or xlockmore have been " "detected on this system. Because of incompatible library changes, the " "upgrade of the libpam-modules package will leave you unable to authenticate " "to these programs. You should arrange for these programs to be restarted or " "stopped before continuing this upgrade, to avoid locking your users out of " "their current sessions." msgstr "" "检测到一个或多个 xscreensaver 或 xlockmore è¿è¡Œå®žä¾‹ã€‚因为ä¸å…¼å®¹çš„库的å˜åŒ–," "libpam-module 软件包的å‡çº§å°†ä½¿æ‚¨æ— æ³•å‘这些程åºè®¤è¯ã€‚您需è¦åœ¨ç»§ç»­æ­¤å‡çº§å‰å®‰æŽ’" "这些程åºé‡æ–°å¯åŠ¨æˆ–者åœæ­¢è¿è¡Œï¼Œä»¥é¿å…将您的用户é”在他们的当å‰ä¼šè¯ä¹‹å¤–。" pam/debian/rules0000755000000000000000000000435213261244762011036 0ustar #!/usr/bin/make -f DEB_LDFLAGS_MAINT_APPEND := -Wl,-z,defs DEB_CFLAGS_MAINT_APPEND := $(shell getconf LFS_CFLAGS) export DEB_LDFLAGS_MAINT_APPEND DEB_CFLAGS_MAINT_APPEND ifeq ($(shell dpkg-architecture -qDEB_BUILD_ARCH_OS),hurd) DEB_LDFLAGS_MAINT_APPEND += -lpthread endif DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) LC_COLLATE=C export LC_COLLATE export QUILT_PATCH_DIR = debian/patches-applied d = $(CURDIR)/debian dl = $(d)/local %: dh $@ --with quilt,autoreconf # avoid libaudit-dev when bootstrapping ifneq (,$(filter $(DEB_BUILD_PROFILE),stage1)) CONFIGURE_OPTS += --disable-audit endif override_dh_auto_configure: dh_auto_configure -- --enable-static --enable-shared \ --libdir=/lib/$(DEB_HOST_MULTIARCH) \ --enable-isadir=/lib/security \ $(CONFIGURE_OPTS) # .install files don't have "except for" handling, so we need to exclude # our module that doesn't match right here override_dh_install: sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.install.in > $(d)/libpam0g-dev.install ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) dh_install -plibpam-modules -Xpam_cracklib endif dh_install -Nlibpam-modules # again, excluding files by hand; also, build our local manpage for pam_getenv # from the XML override_dh_installman: pod2man --section 8 --release="Debian GNU/Linux" $(dl)/pam_getenv >$(dl)/pam_getenv.8 dh_installman rm -f $(d)/libpam-modules/usr/share/man/man5/pam.conf.5 rm -f $(d)/libpam-modules/usr/share/man/man8/pam_cracklib.8 rm -f $(d)/libpam-modules/usr/share/man/man8/pam_timestamp_check.8 # dh_link doesn't do wildcards, so we can't auto-link to the right per-arch # directory override_dh_link: sed -e"s/@DEB_HOST_MULTIARCH@/$(DEB_HOST_MULTIARCH)/g" $(d)/libpam0g-dev.links.in > $(d)/libpam0g-dev.links dh_link # using perms that differ from upstream (sgid instead of suid) /and/ that # dh_fixperms doesn't want override_dh_fixperms: dh_fixperms ifneq (,$(findstring libpam-modules, $(shell dh_listpackages))) chgrp shadow $(d)/libpam-modules-bin/sbin/unix_chkpwd chmod 02755 $(d)/libpam-modules-bin/sbin/unix_chkpwd chgrp shadow $(d)/libpam-modules-bin/sbin/pam_extrausers_chkpwd chmod 02755 $(d)/libpam-modules-bin/sbin/pam_extrausers_chkpwd endif pam/debian/source.lintian-overrides0000644000000000000000000000017113261244762014631 0ustar pam source: quilt-build-dep-but-no-series-file pam source: build-depends-on-1-revision build-depends: quilt (>= 0.48-1) pam/debian/update-motd.50000644000000000000000000000626313261244762012272 0ustar .TH update-motd 5 "13 April 2010" "update-motd" .SH NAME update-motd \- dynamic MOTD generation .SH SYNOPSIS .B /etc/update-motd.d/* .SH DESCRIPTION UNIX/Linux system adminstrators often communicate important information to console and remote users by maintaining text in the file \fI/etc/motd\fP, which is displayed by the \fBpam_motd\fP(8) module on interactive shell logins. Traditionally, this file is static text, typically installed by the distribution and only updated on release upgrades, or overwritten by the local administrator with pertinent information. Ubuntu introduced the \fBupdate-motd\fP framework, by which the \fBmotd\fP(5) is dynamically assembled from a collection of scripts at login. Executable scripts in \fI/etc/update-motd.d/*\fP are executed by \fBpam_motd\fP(8) as the root user at each login, and this information is concatenated in \fI/run/motd.dynamic\fP. The order of script execution is determined by the \fBrun-parts\fP(8) --lsbsysinit option (basically alphabetical order, with a few caveats). On Ubuntu systems, \fI/etc/motd\fP is typically a symbolic link to \fI/run/motd.dynamic\fP. .SH BEST PRACTICES MOTD fragments must be scripts in \fI/etc/update-motd.d\fP, must be executable, and must emit information on standard out. Scripts should be named named NN-xxxxxx where NN is a two digit number indicating their position in the MOTD, and xxxxxx is an appropriate name for the script. Scripts must not have filename extensions, per \fBrun-parts\fP(8) --lsbsysinit instructions. Packages should add scripts directly into \fI/etc/update-motd.d\fP, rather than symlinks to other scripts, such that administrators can modify or remove these scripts and upgrades will not wipe the local changes. Consider using a simple shell script that simply calls \fBexec\fP on the external utility. Long running operations (such as network calls) or resource intensive scripts should cache output, and only update that output if it is deemed expired. For instance: /etc/update-motd.d/50-news #!/bin/sh out=/run/foo script="w3m -dump http://news.google.com/" if [ -f "$out" ]; then # Output exists, print it echo cat "$out" # See if it's expired, and background update lastrun=$(stat -c %Y "$out") || lastrun=0 expiration=$(expr $lastrun + 86400) if [ $(date +%s) -ge $expiration ]; then $script > "$out" & fi else # No cache at all, so update in the background $script > "$out" & fi Scripts should emit a blank line before output, and end with a newline character. For instance: /etc/update-motd/05-lsb-release #!/bin/sh echo lsb-release -a .SH FILES \fI/etc/motd\fP, \fI/run/motd.dynamic\fP, \fI/etc/update-motd.d\fP .SH SEE ALSO \fBmotd\fP(5), \fBpam_motd\fP(8), \fBrun-parts\fP(8) .SH AUTHOR This manpage and the update-motd framework was written by Dustin Kirkland for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL. pam/debian/watch0000644000000000000000000000025513261244762011005 0ustar version=3 opts=uversionmangle=s/^(\S+-doc)/0.0.$1/ \ http://www.linux-pam.org/library/ \ (?:|.*/)Linux-PAM(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) pam/doc/0000755000000000000000000000000013261244762007275 5ustar pam/doc/Makefile.am0000644000000000000000000000103313261244762011326 0ustar # # Copyright (c) 2005, 2006 Thorsten Kukuk # SUBDIRS = man specs sag adg mwg CLEANFILES = *~ dist_html_DATA = index.html ####################################################### releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs cp -av specs/draft-morgan-pam-current.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/ cp -av $(srcdir)/specs/rfc86.0.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/ make -C sag releasedocs make -C adg releasedocs make -C mwg releasedocs pam/doc/Makefile.in0000644000000000000000000005147013261244762011351 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc DIST_COMMON = $(dist_html_DATA) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(htmldir)" DATA = $(dist_html_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = man specs sag adg mwg CLEANFILES = *~ dist_html_DATA = index.html all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-dist_htmlDATA: $(dist_html_DATA) @$(NORMAL_INSTALL) test -z "$(htmldir)" || $(MKDIR_P) "$(DESTDIR)$(htmldir)" @list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ done uninstall-dist_htmlDATA: @$(NORMAL_UNINSTALL) @list='$(dist_html_DATA)'; test -n "$(htmldir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(htmldir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(htmldir)" && rm -f $$files # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(DATA) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(htmldir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dist_htmlDATA install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-dist_htmlDATA .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dist_htmlDATA install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ installdirs-am maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-dist_htmlDATA ####################################################### releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs cp -av specs/draft-morgan-pam-current.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/ cp -av $(srcdir)/specs/rfc86.0.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/specs/ make -C sag releasedocs make -C adg releasedocs make -C mwg releasedocs # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/adg/0000755000000000000000000000000013261244762010030 5ustar pam/doc/adg/Linux-PAM_ADG.xml0000644000000000000000000010552113261244762012743 0ustar The Linux-PAM Application Developers' Guide Andrew G. Morgan morgan@kernel.org Thorsten Kukuk kukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what an application developer needs to know about the Linux-PAM library. It describes how an application might use the Linux-PAM library to authenticate users. In addition it contains a description of the functions to be found in libpam_misc library, that can be used in general applications. Finally, it contains some comments on PAM related security issues for the application developer. Introduction
Description Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the Linux-PAM library see the Linux-PAM System Administrators' Guide. It is the purpose of the Linux-PAM project to liberate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a documented library of functions that an application may use for all forms of user authentication management. This library dynamically loads locally configured authentication modules that actually perform the authentication tasks. From the perspective of an application developer the information contained in the local configuration of the PAM library should not be important. Indeed it is intended that an application treat the functions documented here as a 'black box' that will deal with all aspects of user authentication. 'All aspects' includes user verification, account management, session initialization/termination and also the resetting of passwords (authentication tokens).
Synopsis For general applications that wish to use the services provided by Linux-PAM the following is a summary of the relevant linking information: #include <security/pam_appl.h> cc -o application .... -lpam In addition to libpam, there is a library of miscellaneous functions that make the job of writing PAM-aware applications easier (this library is not covered in the DCE-RFC for PAM and is specific to the Linux-PAM distribution): #include <security/pam_appl.h> #include <security/pam_misc.h> cc -o application .... -lpam -lpam_misc
Overview Most service-giving applications are restricted. In other words, their service is not available to all and every prospective client. Instead, the applying client must jump through a number of hoops to convince the serving application that they are authorized to obtain service. The process of authenticating a client is what PAM is designed to manage. In addition to authentication, PAM provides account management, credential management, session management and authentication-token (password changing) management services. It is important to realize when writing a PAM based application that these services are provided in a manner that is transparent to the application. That is to say, when the application is written, no assumptions can be made about how the client will be authenticated. The process of authentication is performed by the PAM library via a call to pam_authenticate(). The return value of this function will indicate whether a named client (the user) has been authenticated. If the PAM library needs to prompt the user for any information, such as their name or a password then it will do so. If the PAM library is configured to authenticate the user using some silent protocol, it will do this too. (This latter case might be via some hardware interface for example.) It is important to note that the application must leave all decisions about when to prompt the user at the discretion of the PAM library. The PAM library, however, must work equally well for different styles of application. Some applications, like the familiar login and passwd are terminal based applications, exchanges of information with the client in these cases is as plain text messages. Graphically based applications, however, have a more sophisticated interface. They generally interact with the user via specially constructed dialogue boxes. Additionally, network based services require that text messages exchanged with the client are specially formatted for automated processing: one such example is ftpd which prefixes each exchanged message with a numeric identifier. The presentation of simple requests to a client is thus something very dependent on the protocol that the serving application will use. In spite of the fact that PAM demands that it drives the whole authentication process, it is not possible to leave such protocol subtleties up to the PAM library. To overcome this potential problem, the application provides the PAM library with a conversation function. This function is called from within the PAM library and enables the PAM to directly interact with the client. The sorts of things that this conversation function must be able to do are prompt the user with text and/or obtain textual input from the user for processing by the PAM library. The details of this function are provided in a later section. For example, the conversation function may be called by the PAM library with a request to prompt the user for a password. Its job is to reformat the prompt request into a form that the client will understand. In the case of ftpd, this might involve prefixing the string with the number 331 and sending the request over the network to a connected client. The conversation function will then obtain any reply and, after extracting the typed password, will return this string of text to the PAM library. Similar concerns need to be addressed in the case of an X-based graphical server. There are a number of issues that need to be addressed when one is porting an existing application to become PAM compliant. A section below has been devoted to this: Porting legacy applications. Besides authentication, PAM provides other forms of management. Session management is provided with calls to pam_open_session() and pam_close_session(). What these functions actually do is up to the local administrator. But typically, they could be used to log entry and exit from the system or for mounting and unmounting the user's home directory. If an application provides continuous service for a period of time, it should probably call these functions, first open after the user is authenticated and then close when the service is terminated. Account management is another area that an application developer should include with a call to pam_acct_mgmt(). This call will perform checks on the good health of the user's account (has it expired etc.). One of the things this function may check is whether the user's authentication token has expired - in such a case the application may choose to attempt to update it with a call to pam_chauthtok(), although some applications are not suited to this task (ftp for example) and in this case the application should deny access to the user. PAM is also capable of setting and deleting the users credentials with the call pam_setcred(). This function should always be called after the user is authenticated and before service is offered to the user. By convention, this should be the last call to the PAM library before the PAM session is opened. What exactly a credential is, is not well defined. However, some examples are given in the glossary below. The public interface to <emphasis remap='B'>Linux-PAM</emphasis> Firstly, the relevant include file for the Linux-PAM library is <security/pam_appl.h>. It contains the definitions for a number of functions. After listing these functions, we collect some guiding remarks for programmers.
What can be expected by the application
What is expected of an application
Programming notes Note, all of the authentication service function calls accept the token PAM_SILENT, which instructs the modules to not send messages to the application. This token can be logically OR'd with any one of the permitted tokens specific to the individual function calls. PAM_SILENT does not override the prompting of the user for passwords etc., it only stops informative messages from being generated.
Security issues of <emphasis remap='B'>Linux-PAM</emphasis> PAM, from the perspective of an application, is a convenient API for authenticating users. PAM modules generally have no increased privilege over that possessed by the application that is making use of it. For this reason, the application must take ultimate responsibility for protecting the environment in which PAM operates. A poorly (or maliciously) written application can defeat any Linux-PAM module's authentication mechanisms by simply ignoring it's return values. It is the applications task and responsibility to grant privileges and access to services. The Linux-PAM library simply assumes the responsibility of authenticating the user; ascertaining that the user is who they say they are. Care should be taken to anticipate all of the documented behavior of the Linux-PAM library functions. A failure to do this will most certainly lead to a future security breach.
Care about standard library calls In general, writers of authorization-granting applications should assume that each module is likely to call any or all 'libc' functions. For 'libc' functions that return pointers to static/dynamically allocated structures (ie. the library allocates the memory and the user is not expected to 'free()' it) any module call to this function is likely to corrupt a pointer previously obtained by the application. The application programmer should either re-call such a 'libc' function after a call to the Linux-PAM library, or copy the structure contents to some safe area of memory before passing control to the Linux-PAM library. Two important function classes that fall into this category are getpwnam3 and syslog3 .
Choice of a service name When picking the service-name that corresponds to the first entry in the Linux-PAM configuration file, the application programmer should avoid the temptation of choosing something related to argv[0]. It is a trivial matter for any user to invoke any application on a system under a different name and this should not be permitted to cause a security breach. In general, this is always the right advice if the program is setuid, or otherwise more privileged than the user that invokes it. In some cases, avoiding this advice is convenient, but as an author of such an application, you should consider well the ways in which your program will be installed and used. (Its often the case that programs are not intended to be setuid, but end up being installed that way for convenience. If your program falls into this category, don't fall into the trap of making this mistake.) To invoke some target application by another name, the user may symbolically link the target application with the desired name. To be precise all the user need do is, ln -s /target/application ./preferred_name and then run ./preferred_name. By studying the Linux-PAM configuration file(s), an attacker can choose the preferred_name to be that of a service enjoying minimal protection; for example a game which uses Linux-PAM to restrict access to certain hours of the day. If the service-name were to be linked to the filename under which the service was invoked, it is clear that the user is effectively in the position of dictating which authentication scheme the service uses. Needless to say, this is not a secure situation. The conclusion is that the application developer should carefully define the service-name of an application. The safest thing is to make it a single hard-wired name.
The conversation function Care should be taken to ensure that the conv() function is robust. Such a function is provided in the library libpam_misc (see below).
The identity of the user The Linux-PAM modules will need to determine the identity of the user who requests a service, and the identity of the user who grants the service. These two users will seldom be the same. Indeed there is generally a third user identity to be considered, the new (assumed) identity of the user once the service is granted. The need for keeping tabs on these identities is clearly an issue of security. One convention that is actively used by some modules is that the identity of the user requesting a service should be the current UID (user ID) of the running process; the identity of the privilege granting user is the EUID (effective user ID) of the running process; the identity of the user, under whose name the service will be executed, is given by the contents of the PAM_USER pam_get_item3 . Note, modules can change the values of PAM_USER and PAM_RUSER during any of the pam_*() library calls. For this reason, the application should take care to use the pam_get_item() every time it wishes to establish who the authenticated user is (or will currently be). For network-serving databases and other applications that provide their own security model (independent of the OS kernel) the above scheme is insufficient to identify the requesting user. A more portable solution to storing the identity of the requesting user is to use the PAM_RUSER pam_get_item3 . The application should supply this value before attempting to authenticate the user with pam_authenticate(). How well this name can be trusted will ultimately be at the discretion of the local administrator (who configures PAM for your application) and a selected module may attempt to override the value where it can obtain more reliable data. If an application is unable to determine the identity of the requesting entity/user, it should not call pam_set_item3 to set PAM_RUSER. In addition to the PAM_RUSER item, the application should supply the PAM_RHOST (requesting host) item. As a general rule, the following convention for its value can be assumed: NULL = unknown; localhost = invoked directly from the local system; other.place.xyz = some component of the user's connection originates from this remote/requesting host. At present, PAM has no established convention for indicating whether the application supports a trusted path to communication from this host.
Sufficient resources Care should be taken to ensure that the proper execution of an application is not compromised by a lack of system resources. If an application is unable to open sufficient files to perform its service, it should fail gracefully, or request additional resources. Specifically, the quantities manipulated by the setrlimit2 family of commands should be taken into consideration. This is also true of conversation prompts. The application should not accept prompts of arbitrary length with out checking for resource allocation failure and dealing with such extreme conditions gracefully and in a manner that preserves the PAM API. Such tolerance may be especially important when attempting to track a malicious adversary.
A library of miscellaneous helper functions To aid the work of the application developer a library of miscellaneous functions is provided. It is called libpam_misc, and contains a text based conversation function, and routines for enhancing the standard PAM-environment variable support. The functions, structures and macros, made available by this library can be defined by including <security/pam_misc.h>. It should be noted that this library is specific to Linux-PAM and is not referred to in the defining DCE-RFC (see See also) below.
Functions supplied
Porting legacy applications The point of PAM is that the application is not supposed to have any idea how the attached authentication modules will choose to authenticate the user. So all they can do is provide a conversation function that will talk directly to the user(client) on the modules' behalf. Consider the case that you plug a retinal scanner into the login program. In this situation the user would be prompted: "please look into the scanner". No username or password would be needed - all this information could be deduced from the scan and a database lookup. The point is that the retinal scanner is an ideal task for a "module". While it is true that a pop-daemon program is designed with the POP protocol in mind and no-one ever considered attaching a retinal scanner to it, it is also the case that the "clean" PAM'ification of such a daemon would allow for the possibility of a scanner module being be attached to it. The point being that the "standard" pop-authentication protocol(s) [which will be needed to satisfy inflexible/legacy clients] would be supported by inserting an appropriate pam_qpopper module(s). However, having rewritten popd once in this way any new protocols can be implemented in-situ. One simple test of a ported application would be to insert the pam_permit module and see if the application demands you type a password... In such a case, xlock would fail to lock the terminal - or would at best be a screen-saver, ftp would give password free access to all etc.. Neither of these is a very secure thing to do, but they do illustrate how much flexibility PAM puts in the hands of the local admin. The key issue, in doing things correctly, is identifying what is part of the authentication procedure (how many passwords etc..) the exchange protocol (prefixes to prompts etc., numbers like 331 in the case of ftpd) and what is part of the service that the application delivers. PAM really needs to have total control in the authentication "procedure", the conversation function should only deal with reformatting user prompts and extracting responses from raw input. Glossary of PAM related terms The following are a list of terms used within this document. Authentication token Generally, this is a password. However, a user can authenticate him/herself in a variety of ways. Updating the user's authentication token thus corresponds to refreshing the object they use to authenticate themself with the system. The word password is avoided to keep open the possibility that the authentication involves a retinal scan or other non-textual mode of challenge/response. Credentials Having successfully authenticated the user, PAM is able to establish certain characteristics/attributes of the user. These are termed credentials. Examples of which are group memberships to perform privileged tasks with, and tickets in the form of environment variables etc. . Some user-credentials, such as the user's UID and GID (plus default group memberships) are not deemed to be PAM-credentials. It is the responsibility of the application to grant these directly. An example application To get a flavor of the way a Linux-PAM application is written we include the following example. It prompts the user for their password and indicates whether their account is valid on the standard output, its return code also indicates the success (0 for success; 1 for failure). #include #include static struct pam_conv conv = { misc_conv, NULL }; int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; if(argc == 2) { user = argv[1]; } if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } retval = pam_start("check_user", user, &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) { fprintf(stdout, "Authenticated\n"); } else { fprintf(stdout, "Not Authenticated\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } ]]> Files /usr/include/security/pam_appl.h Header file with interfaces for Linux-PAM applications. /usr/include/security/pam_misc.h Header file for useful library functions for making applications easier to write. See also The Linux-PAM System Administrators' Guide. The Linux-PAM Module Writers' Guide. The V. Samar and R. Schemers (SunSoft), ``UNIFIED LOGIN WITH PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation Request For Comments 86.0, October 1995. Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) with many contributions from Chris Adams, Peter Allgeyer, Tim Baverstock, Tim Berger, Craig S. Bell, Derrick J. Brashear, Ben Buxton, Seth Chaiklin, Oliver Crow, Chris Dent, Marc Ewing, Cristian Gafton, Emmanuel Galanos, Brad M. Garcia, Eric Hester, Roger Hu, Eric Jacksch, Michael K. Johnson, David Kinchlea, Olaf Kirch, Marcin Korzonek, Thorsten Kukuk, Stephen Langasek, Nicolai Langfeldt, Elliot Lee, Luke Kenneth Casson Leighton, Al Longyear, Ingo Luetkebohle, Marek Michalkiewicz, Robert Milkowski, Aleph One, Martin Pool, Sean Reifschneider, Jan Rekorajski, Erik Troan, Theodore Ts'o, Jeff Uphoff, Myles Uyema, Savochkin Andrey Vladimirovich, Ronald Wahl, David Wood, John Wilmes, Joseph S. D. Yao and Alex O. Yuriev. Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of Linux-PAM. Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> Copyright (c) 1996-2002 Andrew G. Morgan <morgan@kernel.org> Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, and the entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. Alternatively, this product may be distributed under the terms of the GNU General Public License (GPL), in which case the provisions of the GNU GPL are required instead of the above restrictions. (This clause is necessary due to a potential bad interaction between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH pam/doc/adg/Makefile.am0000644000000000000000000000721213261244762012066 0ustar # # Copyright (c) 2006 Thorsten Kukuk # CLEANFILES = Linux-PAM_ADG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml) if ENABLE_REGENERATE_MAN MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo $(FO2PDF) Linux-PAM_ADG.fo $@ else echo "No fo2pdf processor installed, skip PDF generation" endif Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_ADG \ --stringparam use.id.as.filename 1 \ --stringparam chunk.first.sections 1 \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ --stringparam chunker.output.encoding UTF-8 \ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< distclean-local: -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf endif install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_ADG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_ADG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_ADG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html -rm $(DESTDIR)$(htmldir)/adg-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_ADG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_ADG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html test -f html/Linux-PAM_ADG.html || exit 0; \ cp -ap html/Linux-PAM_ADG.html html/adg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_ADG.html \ $(srcdir)/html/adg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ test -f Linux-PAM_ADG.txt || exit 0; \ cp -p Linux-PAM_ADG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ cp -p $(srcdir)/Linux-PAM_ADG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ test -f Linux-PAM_ADG.pdf || exit 0; \ cp -p Linux-PAM_ADG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ cp -p $(srcdir)/Linux-PAM_ADG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ pam/doc/adg/Makefile.in0000644000000000000000000004015513261244762012102 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/adg DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = Linux-PAM_ADG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_ADG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml) @ENABLE_REGENERATE_MAN_TRUE@MAINTAINERCLEANFILES = Linux-PAM_ADG.txt Linux-PAM_ADG.pdf html/*.html all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/adg/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/adg/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) @ENABLE_REGENERATE_MAN_FALSE@distclean-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distclean-local \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-data-local \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am uninstall uninstall-am uninstall-local @ENABLE_REGENERATE_MAN_TRUE@all: Linux-PAM_ADG.txt html/Linux-PAM_ADG.html Linux-PAM_ADG.pdf @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_ADG.pdf: $(XMLS) $(DEP_XMLS) @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_ADG.fo @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(FO2PDF) Linux-PAM_ADG.fo $@ @ENABLE_GENERATE_PDF_FALSE@@ENABLE_REGENERATE_MAN_TRUE@ echo "No fo2pdf processor installed, skip PDF generation" @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_ADG.txt: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ @ENABLE_REGENERATE_MAN_TRUE@html/Linux-PAM_ADG.html: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ @test -d html || mkdir -p html @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam base.dir html/ \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam root.filename Linux-PAM_ADG \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam use.id.as.filename 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunk.first.sections 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunker.output.encoding UTF-8 \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< @ENABLE_REGENERATE_MAN_TRUE@distclean-local: @ENABLE_REGENERATE_MAN_TRUE@ -rm -rf html Linux-PAM_ADG.txt Linux-PAM_ADG.pdf install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_ADG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_ADG.html html/adg-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_ADG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_ADG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_ADG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_ADG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_ADG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_ADG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_ADG.html -rm $(DESTDIR)$(htmldir)/adg-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_ADG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_ADG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html test -f html/Linux-PAM_ADG.html || exit 0; \ cp -ap html/Linux-PAM_ADG.html html/adg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_ADG.html \ $(srcdir)/html/adg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/html/ test -f Linux-PAM_ADG.txt || exit 0; \ cp -p Linux-PAM_ADG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ cp -p $(srcdir)/Linux-PAM_ADG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ test -f Linux-PAM_ADG.pdf || exit 0; \ cp -p Linux-PAM_ADG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ || \ cp -p $(srcdir)/Linux-PAM_ADG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/adg/ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/adg/pam_acct_mgmt.xml0000644000000000000000000000163513261244762013352 0ustar
Account validation management
pam/doc/adg/pam_authenticate.xml0000644000000000000000000000166213261244762014072 0ustar
Authenticating the user
pam/doc/adg/pam_chauthtok.xml0000644000000000000000000000163613261244762013407 0ustar
Updating authentication tokens
pam/doc/adg/pam_close_session.xml0000644000000000000000000000170613261244762014263 0ustar
terminating PAM session management
pam/doc/adg/pam_conv.xml0000644000000000000000000000227513261244762012362 0ustar
The conversation function struct pam_message { int msg_style; const char *msg; }; struct pam_response { char *resp; int resp_retcode; }; struct pam_conv { int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void *appdata_ptr; };
pam/doc/adg/pam_end.xml0000644000000000000000000000155013261244762012156 0ustar
Termination of PAM transaction
pam/doc/adg/pam_fail_delay.xml0000644000000000000000000000164313261244762013504 0ustar
Request a delay on failure
pam/doc/adg/pam_get_item.xml0000644000000000000000000000161013261244762013202 0ustar
Getting PAM items
pam/doc/adg/pam_getenv.xml0000644000000000000000000000160313261244762012677 0ustar
Get a PAM environment variable
pam/doc/adg/pam_getenvlist.xml0000644000000000000000000000164413261244762013600 0ustar
Getting the PAM environment
pam/doc/adg/pam_misc_conv.xml0000644000000000000000000000123713261244762013372 0ustar
Text based conversation function
pam/doc/adg/pam_misc_drop_env.xml0000644000000000000000000000132513261244762014237 0ustar
Liberating a locally saved environment
pam/doc/adg/pam_misc_paste_env.xml0000644000000000000000000000133713261244762014412 0ustar
Transcribing an environment to that of PAM
pam/doc/adg/pam_misc_setenv.xml0000644000000000000000000000131413261244762013725 0ustar
BSD like PAM environment variable setting
pam/doc/adg/pam_open_session.xml0000644000000000000000000000166713261244762014125 0ustar
Start PAM session management
pam/doc/adg/pam_putenv.xml0000644000000000000000000000161313261244762012731 0ustar
Set or change PAM environment variable
pam/doc/adg/pam_set_item.xml0000644000000000000000000000161013261244762013216 0ustar
Setting PAM items
pam/doc/adg/pam_setcred.xml0000644000000000000000000000160613261244762013043 0ustar
Setting user credentials
pam/doc/adg/pam_start.xml0000644000000000000000000000157513261244762012554 0ustar
Initialization of PAM transaction
pam/doc/adg/pam_strerror.xml0000644000000000000000000000163113261244762013272 0ustar
Strings describing PAM error codes
pam/doc/index.html0000644000000000000000000000106113261244762011270 0ustar The Linux-PAM Administration and Developer Guides

The Linux-PAM Guides

Here is the documentation for Linux-PAM. As you will see it is currently not complete.

pam/doc/man/0000755000000000000000000000000013261244762010050 5ustar pam/doc/man/Makefile.am0000644000000000000000000000435713261244762012115 0ustar # # Copyright (c) 2006, 2007 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) EXTRA_DIST = $(MANS) $(XMLS) man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ pam_acct_mgmt.3 pam_authenticate.3 \ pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ pam_end.3 pam_error.3 \ pam_fail_delay.3 pam_xauth_data.3 \ pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 \ pam_get_data.3 pam_get_item.3 pam_get_user.3 \ pam_getenv.3 pam_getenvlist.3 \ pam_info.3 \ pam_open_session.3 \ pam_prompt.3 pam_putenv.3 \ pam_set_data.3 pam_set_item.3 pam_syslog.3 \ pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \ pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \ pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \ pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \ misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \ pam_misc_setenv.3 XMLS = pam.3.xml pam.8.xml \ pam_acct_mgmt.3.xml pam_authenticate.3.xml \ pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ pam_end.3.xml pam_error.3.xml \ pam_fail_delay.3.xml pam_xauth_data.3 \ pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \ pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \ pam_info.3.xml \ pam_open_session.3.xml \ pam_prompt.3.xml pam_putenv.3.xml \ pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ pam_sm_chauthtok.3.xml \ pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ pam_misc_setenv.3.xml if ENABLE_REGENERATE_MAN PAM.8: pam.8 pam_get_authtok_noverify.3: pam_get_authtok.3 pam_get_authtok_verify.3: pam_get_authtok.3 pam.d.5: pam.conf.5 test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||: pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml -include $(top_srcdir)/Make.xml.rules endif pam/doc/man/Makefile.in0000644000000000000000000005076313261244762012130 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006, 2007 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/man DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' man3dir = $(mandir)/man3 am__installdirs = "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) EXTRA_DIST = $(MANS) $(XMLS) man_MANS = pam.3 PAM.8 pam.8 pam.conf.5 pam.d.5 \ pam_acct_mgmt.3 pam_authenticate.3 \ pam_chauthtok.3 pam_close_session.3 pam_conv.3 \ pam_end.3 pam_error.3 \ pam_fail_delay.3 pam_xauth_data.3 \ pam_get_authtok.3 pam_get_authtok_noverify.3 pam_get_authtok_verify.3 \ pam_get_data.3 pam_get_item.3 pam_get_user.3 \ pam_getenv.3 pam_getenvlist.3 \ pam_info.3 \ pam_open_session.3 \ pam_prompt.3 pam_putenv.3 \ pam_set_data.3 pam_set_item.3 pam_syslog.3 \ pam_setcred.3 pam_sm_acct_mgmt.3 pam_sm_authenticate.3 \ pam_sm_close_session.3 pam_sm_open_session.3 pam_sm_setcred.3 \ pam_sm_chauthtok.3 pam_start.3 pam_strerror.3 \ pam_verror.3 pam_vinfo.3 pam_vprompt.3 pam_vsyslog.3 \ misc_conv.3 pam_misc_paste_env.3 pam_misc_drop_env.3 \ pam_misc_setenv.3 XMLS = pam.3.xml pam.8.xml \ pam_acct_mgmt.3.xml pam_authenticate.3.xml \ pam_chauthtok.3.xml pam_close_session.3.xml pam_conv.3.xml \ pam_end.3.xml pam_error.3.xml \ pam_fail_delay.3.xml pam_xauth_data.3 \ pam_get_authtok.3.xml pam_get_data.3.xml pam_get_item.3.xml \ pam_get_user.3.xml pam_getenv.3.xml pam_getenvlist.3.xml \ pam_info.3.xml \ pam_open_session.3.xml \ pam_prompt.3.xml pam_putenv.3.xml \ pam_set_data.3.xml pam_set_item.3.xml pam_syslog.3.xml \ pam_setcred.3.xml pam_sm_acct_mgmt.3.xml pam_sm_authenticate.3.xml \ pam_sm_close_session.3.xml pam_sm_open_session.3.xml \ pam_sm_setcred.3.xml pam_start.3.xml pam_strerror.3.xml \ pam_sm_chauthtok.3.xml \ pam_item_types_std.inc.xml pam_item_types_ext.inc.xml \ pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml \ misc_conv.3.xml pam_misc_paste_env.3.xml pam_misc_drop_env.3.xml \ pam_misc_setenv.3.xml all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/man/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man3: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man3dir)" || $(MKDIR_P) "$(DESTDIR)$(man3dir)" @list=''; test -n "$(man3dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.3[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \ done; } uninstall-man3: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man3dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.3[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man3dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man3dir)" && rm -f $$files; } install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(MANS) installdirs: for dir in "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man3 install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man3 uninstall-man5 uninstall-man8 .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man3 \ install-man5 install-man8 install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am \ uninstall-man uninstall-man3 uninstall-man5 uninstall-man8 @ENABLE_REGENERATE_MAN_TRUE@PAM.8: pam.8 @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_noverify.3: pam_get_authtok.3 @ENABLE_REGENERATE_MAN_TRUE@pam_get_authtok_verify.3: pam_get_authtok.3 @ENABLE_REGENERATE_MAN_TRUE@pam.d.5: pam.conf.5 @ENABLE_REGENERATE_MAN_TRUE@ test -f $(srcdir)/pam\\.d.5 && mv $(srcdir)/pam\\.d.5 $(srcdir)/pam.d.5 ||: @ENABLE_REGENERATE_MAN_TRUE@pam_get_item.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml @ENABLE_REGENERATE_MAN_TRUE@pam_set_data.3: pam_item_types_std.inc.xml pam_item_types_ext.inc.xml @ENABLE_REGENERATE_MAN_TRUE@pam.conf.5: pam.conf-desc.xml pam.conf-dir.xml pam.conf-syntax.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/man/PAM.80000644000000000000000000001236213261244762010562 0ustar '\" t .\" Title: pam .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" PAM, pam \- Pluggable Authentication Modules for Linux .SH "DESCRIPTION" .PP This manual is intended to offer a quick introduction to \fBLinux\-PAM\fR\&. For more information the reader is directed to the \fBLinux\-PAM system administrators\*(Aq guide\fR\&. .PP \fBLinux\-PAM\fR is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as \fBlogin\fR(1) and \fBsu\fR(1)) defer to to perform standard authentication tasks\&. .PP The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable\&. In other words, the system administrator is free to choose how individual service\-providing applications will authenticate users\&. This dynamic configuration is set by the contents of the single \fBLinux\-PAM\fR configuration file /etc/pam\&.conf\&. Alternatively, the configuration can be set by individual configuration files located in the /etc/pam\&.d/ directory\&. The presence of this directory will cause \fBLinux\-PAM\fR to \fIignore\fR/etc/pam\&.conf\&. .PP From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the \fBLinux\-PAM\fR library\&. The important point to recognize is that the configuration file(s) \fIdefine\fR the connection between applications (\fBservices\fR) and the pluggable authentication modules (\fBPAM\fRs) that perform the actual authentication tasks\&. .PP \fBLinux\-PAM\fR separates the tasks of \fIauthentication\fR into four independent management groups: \fBaccount\fR management; \fBauth\fRentication management; \fBpassword\fR management; and \fBsession\fR management\&. (We highlight the abbreviations used for these groups in the configuration file\&.) .PP Simply put, these groups take care of different aspects of a typical user\*(Aqs request for a restricted service: .PP \fBaccount\fR \- provide account verification types of service: has the user\*(Aqs password expired?; is this user permitted access to the requested service? .PP \fBauth\fRentication \- authenticate a user and set up user credentials\&. Typically this is via some challenge\-response request that the user must satisfy: if you are who you claim to be please enter your password\&. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart\-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication \- such is the flexibility of \fBLinux\-PAM\fR\&. .PP \fBpassword\fR \- this group\*(Aqs responsibility is the task of updating authentication mechanisms\&. Typically, such services are strongly coupled to those of the \fBauth\fR group\&. Some authentication mechanisms lend themselves well to being updated with such a function\&. Standard UN*X password\-based access is the obvious example: please enter a replacement password\&. .PP \fBsession\fR \- this group of tasks cover things that should be done prior to a service being given and after it is withdrawn\&. Such tasks include the maintenance of audit trails and the mounting of the user\*(Aqs home directory\&. The \fBsession\fR management group is important as it provides both an opening and closing hook for modules to affect the services available to a user\&. .SH "FILES" .PP /etc/pam\&.conf .RS 4 the configuration file .RE .PP /etc/pam\&.d .RS 4 the \fBLinux\-PAM\fR configuration directory\&. Generally, if this directory is present, the /etc/pam\&.conf file is ignored\&. .RE .SH "ERRORS" .PP Typically errors generated by the \fBLinux\-PAM\fR system of libraries, will be written to \fBsyslog\fR(3)\&. .SH "CONFORMING TO" .PP DCE\-RFC 86\&.0, October 1995\&. Contains additional features, but remains backwardly compatible with this RFC\&. .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_authenticate\fR(3), \fBpam_sm_setcred\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/misc_conv.30000644000000000000000000001175613261244762012126 0ustar '\" t .\" Title: misc_conv .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "MISC_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" misc_conv \- text based conversation function .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ misc_conv('u .BI "int misc_conv(int\ " "num_msg" ", const\ struct\ pam_message\ **" "msgm" ", struct\ pam_response\ **" "response" ", void\ *" "appdata_ptr" ");" .SH "DESCRIPTION" .PP The \fBmisc_conv\fR function is part of \fBlibpam_misc\fR and not of the standard \fBlibpam\fR library\&. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules\&. .PP In addition to simply slotting into the appropriate \fBpam_conv\fR(3), this function provides some time\-out facilities\&. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something\&. The five variabls are as follows: .PP \fBtime_t\fR \fIpam_misc_conv_warn_time\fR; .RS 4 This variable contains the \fItime\fR (as returned by \fBtime\fR(2)) that the user should be first warned that the clock is ticking\&. By default it has the value 0, which indicates that no such warning will be given\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the \fILinux\-PAM\fR library\&. .RE .PP \fBconst char *\fR\fIpam_misc_conv_warn_line\fR; .RS 4 Used in conjuction with \fIpam_misc_conv_warn_time\fR, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching\&. Its default value is a translated version of \(lq\&.\&.\&.Time is running out\&.\&.\&.\(rq, but this can be changed by the application prior to passing control to \fILinux\-PAM\fR\&. .RE .PP \fBtime_t\fR \fIpam_misc_conv_die_time\fR; .RS 4 This variable contains the \fItime\fR (as returned by \fBtime\fR(2)) that the will time out\&. By default it has the value 0, which indicates that the conversation function will not timeout\&. The application may set its value to sometime in the future, but this should be done prior to passing control to the \fILinux\-PAM\fR library\&. .RE .PP \fBconst char *\fR\fIpam_misc_conv_die_line\fR; .RS 4 Used in conjuction with \fIpam_misc_conv_die_time\fR, this variable is a pointer to the string that will be displayed when the conversation times out\&. Its default value is a translated version of \(lq\&.\&.\&.Sorry, your time is up!\(rq, but this can be changed by the application prior to passing control to \fILinux\-PAM\fR\&. .RE .PP \fBint\fR \fIpam_misc_conv_died\fR; .RS 4 Following a return from the \fILinux\-PAM\fR libraray, the value of this variable indicates whether the conversation has timed out\&. A value of 1 indicates the time\-out occurred\&. .RE .PP The following two function pointers are available for supporting binary prompts in the conversation function\&. They are optimized for the current incarnation of the \fBlibpamc\fR library and are subject to change\&. .PP \fBint\fR \fI(*pam_binary_handler_fn)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIprompt_p\fR); .RS 4 This function pointer is initialized to NULL but can be filled with a function that provides machine\-machine (hidden) message exchange\&. It is intended for use with hidden authentication protocols such as RSA or Diffie\-Hellman key exchanges\&. (This is still under development\&.) .RE .PP \fBint\fR \fI(*pam_binary_handler_free)\fR(\fBvoid *\fR\fIappdata\fR, \fBpamc_bp_t *\fR\fIdelete_me\fR); .RS 4 This function pointer is initialized to \fBPAM_BP_RENEW(delete_me, 0, 0)\fR, but can be redefined as desired by the application\&. .RE .SH "SEE ALSO" .PP \fBpam_conv\fR(3), \fBpam\fR(8) .SH "STANDARDS" .PP The \fBmisc_conv\fR function is part of the \fBlibpam_misc\fR Library and not defined in any standard\&. pam/doc/man/misc_conv.3.xml0000644000000000000000000001664113261244762012723 0ustar misc_conv 3 Linux-PAM Manual misc_conv text based conversation function #include <security/pam_misc.h> int misc_conv int num_msg const struct pam_message **msgm struct pam_response **response void *appdata_ptr DESCRIPTION The misc_conv function is part of libpam_misc and not of the standard libpam library. This function will prompt the user with the appropriate comments and obtain the appropriate inputs as directed by authentication modules. In addition to simply slotting into the appropriate pam_conv3 , this function provides some time-out facilities. The function exports five variables that can be used by an application programmer to limit the amount of time this conversation function will spend waiting for the user to type something. The five variabls are as follows: time_t pam_misc_conv_warn_time; This variable contains the time (as returned by time2 ) that the user should be first warned that the clock is ticking. By default it has the value 0, which indicates that no such warning will be given. The application may set its value to sometime in the future, but this should be done prior to passing control to the Linux-PAM library. const char *pam_misc_conv_warn_line; Used in conjuction with pam_misc_conv_warn_time, this variable is a pointer to the string that will be displayed when it becomes time to warn the user that the timeout is approaching. Its default value is a translated version of ...Time is running out..., but this can be changed by the application prior to passing control to Linux-PAM. time_t pam_misc_conv_die_time; This variable contains the time (as returned by time2 ) that the will time out. By default it has the value 0, which indicates that the conversation function will not timeout. The application may set its value to sometime in the future, but this should be done prior to passing control to the Linux-PAM library. const char *pam_misc_conv_die_line; Used in conjuction with pam_misc_conv_die_time, this variable is a pointer to the string that will be displayed when the conversation times out. Its default value is a translated version of ...Sorry, your time is up!, but this can be changed by the application prior to passing control to Linux-PAM. int pam_misc_conv_died; Following a return from the Linux-PAM libraray, the value of this variable indicates whether the conversation has timed out. A value of 1 indicates the time-out occurred. The following two function pointers are available for supporting binary prompts in the conversation function. They are optimized for the current incarnation of the libpamc library and are subject to change. int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); This function pointer is initialized to NULL but can be filled with a function that provides machine-machine (hidden) message exchange. It is intended for use with hidden authentication protocols such as RSA or Diffie-Hellman key exchanges. (This is still under development.) int (*pam_binary_handler_free)(void *appdata, pamc_bp_t *delete_me); This function pointer is initialized to PAM_BP_RENEW(delete_me, 0, 0), but can be redefined as desired by the application. SEE ALSO pam_conv3 , pam8 STANDARDS The misc_conv function is part of the libpam_misc Library and not defined in any standard. pam/doc/man/pam.30000644000000000000000000001616713261244762010724 0ustar '\" t .\" Title: pam .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam \- Pluggable Authentication Modules Library .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .sp .ft B .nf #include .fi .ft .sp .ft B .nf #include .fi .ft .SH "DESCRIPTION" .PP \fBPAM\fR is a system of libraries that handle the authentication tasks of applications (services) on the system\&. The library provides a stable general interface (Application Programming Interface \- API) that privilege granting programs (such as \fBlogin\fR(1) and \fBsu\fR(1)) defer to to perform standard authentication tasks\&. .SS "Initialization and Cleanup" .PP The \fBpam_start\fR(3) function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&. .PP The \fBpam_end\fR(3) function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid\&. It can be called at any time to terminate a PAM transaction\&. .SS "Authentication" .PP The \fBpam_authenticate\fR(3) function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&. .PP The \fBpam_setcred\fR(3) function manages the userscredentials\&. .SS "Account Management" .PP The \fBpam_acct_mgmt\fR(3) function is used to determine if the users account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&. .SS "Password Management" .PP The \fBpam_chauthtok\fR(3) function is used to change the authentication token for a given user on request or because the token has expired\&. .SS "Session Management" .PP The \fBpam_open_session\fR(3) function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to \fBpam_close_session\fR(3)\&. .SS "Conversation" .PP The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the \fIstruct pam_conv\fR passed to \fBpam_start\fR(3) at the start of the transaction\&. See \fBpam_conv\fR(3) for details\&. .SS "Data Objects" .PP The \fBpam_set_item\fR(3) and \fBpam_get_item\fR(3) functions allows applications and PAM service modules to set and retrieve PAM informations\&. .PP The \fBpam_get_user\fR(3) function is the preferred method to obtain the username\&. .PP The \fBpam_set_data\fR(3) and \fBpam_get_data\fR(3) functions allows PAM service modules to set and retrieve free\-form data from one invocation to another\&. .SS "Environment and Error Management" .PP The \fBpam_putenv\fR(3), \fBpam_getenv\fR(3) and \fBpam_getenvlist\fR(3) functions are for maintaining a set of private environment variables\&. .PP The \fBpam_strerror\fR(3) function returns a pointer to a string describing the given PAM error code\&. .SH "RETURN VALUES" .PP The following return codes are known by PAM: .PP PAM_ABORT .RS 4 Critical error, immediate abort\&. .RE .PP PAM_ACCT_EXPIRED .RS 4 User account has expired\&. .RE .PP PAM_AUTHINFO_UNAVAIL .RS 4 Authentication service cannot retrieve authentication info\&. .RE .PP PAM_AUTHTOK_DISABLE_AGING .RS 4 Authentication token aging disabled\&. .RE .PP PAM_AUTHTOK_ERR .RS 4 Authentication token manipulation error\&. .RE .PP PAM_AUTHTOK_EXPIRED .RS 4 Authentication token expired\&. .RE .PP PAM_AUTHTOK_LOCK_BUSY .RS 4 Authentication token lock busy\&. .RE .PP PAM_AUTHTOK_RECOVERY_ERR .RS 4 Authentication information cannot be recovered\&. .RE .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CONV_ERR .RS 4 Conversation failure\&. .RE .PP PAM_CRED_ERR .RS 4 Failure setting user credentials\&. .RE .PP PAM_CRED_EXPIRED .RS 4 User credentials expired\&. .RE .PP PAM_CRED_INSUFFICIENT .RS 4 Insufficient credentials to access authentication data\&. .RE .PP PAM_CRED_UNAVAIL .RS 4 Authentication service cannot retrieve user credentials\&. .RE .PP PAM_IGNORE .RS 4 The return value should be ignored by PAM dispatch\&. .RE .PP PAM_MAXTRIES .RS 4 Have exhausted maximum number of retries for service\&. .RE .PP PAM_MODULE_UNKNOWN .RS 4 Module is unknown\&. .RE .PP PAM_NEW_AUTHTOK_REQD .RS 4 Authentication token is no longer valid; new one required\&. .RE .PP PAM_NO_MODULE_DATA .RS 4 No module specific data is present\&. .RE .PP PAM_OPEN_ERR .RS 4 Failed to load module\&. .RE .PP PAM_PERM_DENIED .RS 4 Permission denied\&. .RE .PP PAM_SERVICE_ERR .RS 4 Error in service module\&. .RE .PP PAM_SESSION_ERR .RS 4 Cannot make/remove an entry for the specified session\&. .RE .PP PAM_SUCCESS .RS 4 Success\&. .RE .PP PAM_SYMBOL_ERR .RS 4 Symbol not found\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error\&. .RE .PP PAM_TRY_AGAIN .RS 4 Failed preliminary check by password service\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known to the underlying authentication module\&. .RE .SH "SEE ALSO" .PP \fBpam_acct_mgmt\fR(3), \fBpam_authenticate\fR(3), \fBpam_chauthtok\fR(3), \fBpam_close_session\fR(3), \fBpam_conv\fR(3), \fBpam_end\fR(3), \fBpam_get_data\fR(3), \fBpam_getenv\fR(3), \fBpam_getenvlist\fR(3), \fBpam_get_item\fR(3), \fBpam_get_user\fR(3), \fBpam_open_session\fR(3), \fBpam_putenv\fR(3), \fBpam_set_data\fR(3), \fBpam_set_item\fR(3), \fBpam_setcred\fR(3), \fBpam_start\fR(3), \fBpam_strerror\fR(3) .SH "NOTES" .PP The \fIlibpam\fR interfaces are only thread\-safe if each thread within the multithreaded application uses its own PAM handle\&. pam/doc/man/pam.3.xml0000644000000000000000000003576313261244762011526 0ustar pam 3 Linux-PAM Manual pam Pluggable Authentication Modules Library #include <security/pam_appl.h> #include <security/pam_modules.h> #include <security/pam_ext.h> DESCRIPTION PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting programs (such as login1 and su1 ) defer to to perform standard authentication tasks. Initialization and Cleanup The pam_start3 function creates the PAM context and initiates the PAM transaction. It is the first of the PAM functions that needs to be called by an application. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel. But it is not possible to use the same handle for different transactions, a new one is needed for every new context. The pam_end3 function terminates the PAM transaction and is the last function an application should call in the PAM context. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid. It can be called at any time to terminate a PAM transaction. Authentication The pam_authenticate3 function is used to authenticate the user. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print. The pam_setcred3 function manages the userscredentials. Account Management The pam_acct_mgmt3 function is used to determine if the users account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated. Password Management The pam_chauthtok3 function is used to change the authentication token for a given user on request or because the token has expired. Session Management The pam_open_session3 function sets up a user session for a previously successful authenticated user. The session should later be terminated with a call to pam_close_session3 . Conversation The PAM library uses an application-defined callback to allow a direct communication between a loaded module and the application. This callback is specified by the struct pam_conv passed to pam_start3 at the start of the transaction. See pam_conv3 for details. Data Objects The pam_set_item3 and pam_get_item3 functions allows applications and PAM service modules to set and retrieve PAM informations. The pam_get_user3 function is the preferred method to obtain the username. The pam_set_data3 and pam_get_data3 functions allows PAM service modules to set and retrieve free-form data from one invocation to another. Environment and Error Management The pam_putenv3 , pam_getenv3 and pam_getenvlist3 functions are for maintaining a set of private environment variables. The pam_strerror3 function returns a pointer to a string describing the given PAM error code. RETURN VALUES The following return codes are known by PAM: PAM_ABORT Critical error, immediate abort. PAM_ACCT_EXPIRED User account has expired. PAM_AUTHINFO_UNAVAIL Authentication service cannot retrieve authentication info. PAM_AUTHTOK_DISABLE_AGING Authentication token aging disabled. PAM_AUTHTOK_ERR Authentication token manipulation error. PAM_AUTHTOK_EXPIRED Authentication token expired. PAM_AUTHTOK_LOCK_BUSY Authentication token lock busy. PAM_AUTHTOK_RECOVERY_ERR Authentication information cannot be recovered. PAM_AUTH_ERR Authentication failure. PAM_BUF_ERR Memory buffer error. PAM_CONV_ERR Conversation failure. PAM_CRED_ERR Failure setting user credentials. PAM_CRED_EXPIRED User credentials expired. PAM_CRED_INSUFFICIENT Insufficient credentials to access authentication data. PAM_CRED_UNAVAIL Authentication service cannot retrieve user credentials. PAM_IGNORE The return value should be ignored by PAM dispatch. PAM_MAXTRIES Have exhausted maximum number of retries for service. PAM_MODULE_UNKNOWN Module is unknown. PAM_NEW_AUTHTOK_REQD Authentication token is no longer valid; new one required. PAM_NO_MODULE_DATA No module specific data is present. PAM_OPEN_ERR Failed to load module. PAM_PERM_DENIED Permission denied. PAM_SERVICE_ERR Error in service module. PAM_SESSION_ERR Cannot make/remove an entry for the specified session. PAM_SUCCESS Success. PAM_SYMBOL_ERR Symbol not found. PAM_SYSTEM_ERR System error. PAM_TRY_AGAIN Failed preliminary check by password service. PAM_USER_UNKNOWN User not known to the underlying authentication module. SEE ALSO pam_acct_mgmt3 , pam_authenticate3 , pam_chauthtok3 , pam_close_session3 , pam_conv3 , pam_end3 , pam_get_data3 , pam_getenv3 , pam_getenvlist3 , pam_get_item3 , pam_get_user3 , pam_open_session3 , pam_putenv3 , pam_set_data3 , pam_set_item3 , pam_setcred3 , pam_start3 , pam_strerror3 NOTES The libpam interfaces are only thread-safe if each thread within the multithreaded application uses its own PAM handle. pam/doc/man/pam.80000644000000000000000000000001213261244762010707 0ustar .so PAM.8 pam/doc/man/pam.8.xml0000644000000000000000000001563013261244762011522 0ustar pam 8 Linux-PAM Manual PAM pam Pluggable Authentication Modules for Linux DESCRIPTION This manual is intended to offer a quick introduction to Linux-PAM. For more information the reader is directed to the Linux-PAM system administrators' guide. Linux-PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting programs (such as login1 and su1 ) defer to to perform standard authentication tasks. The principal feature of the PAM approach is that the nature of the authentication is dynamically configurable. In other words, the system administrator is free to choose how individual service-providing applications will authenticate users. This dynamic configuration is set by the contents of the single Linux-PAM configuration file /etc/pam.conf. Alternatively, the configuration can be set by individual configuration files located in the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to ignore /etc/pam.conf. From the point of view of the system administrator, for whom this manual is provided, it is not of primary importance to understand the internal behavior of the Linux-PAM library. The important point to recognize is that the configuration file(s) define the connection between applications (services) and the pluggable authentication modules (PAMs) that perform the actual authentication tasks. Linux-PAM separates the tasks of authentication into four independent management groups: account management; authentication management; password management; and session management. (We highlight the abbreviations used for these groups in the configuration file.) Simply put, these groups take care of different aspects of a typical user's request for a restricted service: account - provide account verification types of service: has the user's password expired?; is this user permitted access to the requested service? authentication - authenticate a user and set up user credentials. Typically this is via some challenge-response request that the user must satisfy: if you are who you claim to be please enter your password. Not all authentications are of this type, there exist hardware based authentication schemes (such as the use of smart-cards and biometric devices), with suitable modules, these may be substituted seamlessly for more standard approaches to authentication - such is the flexibility of Linux-PAM. password - this group's responsibility is the task of updating authentication mechanisms. Typically, such services are strongly coupled to those of the auth group. Some authentication mechanisms lend themselves well to being updated with such a function. Standard UN*X password-based access is the obvious example: please enter a replacement password. session - this group of tasks cover things that should be done prior to a service being given and after it is withdrawn. Such tasks include the maintenance of audit trails and the mounting of the user's home directory. The session management group is important as it provides both an opening and closing hook for modules to affect the services available to a user. FILES /etc/pam.conf the configuration file /etc/pam.d the Linux-PAM configuration directory. Generally, if this directory is present, the /etc/pam.conf file is ignored. ERRORS Typically errors generated by the Linux-PAM system of libraries, will be written to syslog3 . CONFORMING TO DCE-RFC 86.0, October 1995. Contains additional features, but remains backwardly compatible with this RFC. SEE ALSO pam3 , pam_authenticate3 , pam_sm_setcred3 , pam_strerror3 , PAM8 pam/doc/man/pam.conf-desc.xml0000644000000000000000000000173113261244762013211 0ustar
When a PAM aware privilege granting application is started, it activates its attachment to the PAM-API. This activation performs a number of tasks, the most important being the reading of the configuration file(s): /etc/pam.conf. Alternatively, this may be the contents of the /etc/pam.d/ directory. The presence of this directory will cause Linux-PAM to ignore /etc/pam.conf. These files list the PAMs that will do the authentication tasks required by this service, and the appropriate behavior of the PAM-API in the event that individual PAMs fail.
pam/doc/man/pam.conf-dir.xml0000644000000000000000000000226113261244762013050 0ustar
More flexible than the single configuration file is it to configure libpam via the contents of the /etc/pam.d/ directory. In this case the directory is filled with files each of which has a filename equal to a service-name (in lower-case): it is the personal configuration file for the named service. The syntax of each file in /etc/pam.d/ is similar to that of the /etc/pam.conf file and is made up of lines of the following form: type control module-path module-arguments The only difference being that the service-name is not present. The service-name is of course the name of the given configuration file. For example, /etc/pam.d/login contains the configuration for the login service.
pam/doc/man/pam.conf-syntax.xml0000644000000000000000000003753713261244762013636 0ustar
The syntax of the /etc/pam.conf configuration file is as follows. The file is made up of a list of rules, each rule is typically placed on a single line, but may be extended with an escaped end of line: `\<LF>'. Comments are preceded with `#' marks and extend to the next end of line. The format of each rule is a space separated collection of tokens, the first three being case-insensitive: service type control module-path module-arguments The syntax of files contained in the /etc/pam.d/ directory, are identical except for the absence of any service field. In this case, the service is the name of the file in the /etc/pam.d/ directory. This filename must be in lower case. An important feature of PAM, is that a number of rules may be stacked to combine the services of a number of PAMs for a given authentication task. The service is typically the familiar name of the corresponding application: login and su are good examples. The service-name, other, is reserved for giving default rules. Only lines that mention the current service (or in the absence of such, the other entries) will be associated with the given service-application. The type is the management group that the rule corresponds to. It is used to specify which of the management groups the subsequent module is to be associated with. Valid entries are: account this module type performs non-authentication based account management. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console. auth this module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other privileges through its credential granting properties. password this module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type. session this module type is associated with doing things that need to be done for the user before/after they can be given service. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc. If the type value from the list above is prepended with a - character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session. The third field, control, indicates the behavior of the PAM-API should the module fail to succeed in its authentication task. There are two types of syntax for this control field: the simple one has a single simple keyword; the more complicated one involves a square-bracketed selection of value=action pairs. For the simple (historical) syntax valid control values are: required failure of such a PAM will ultimately lead to the PAM-API returning failure but only after the remaining stacked modules (for this service and type) have been invoked. requisite like required, however, in the case that such a module returns a failure, control is directly returned to the application or to the superior PAM stack. The return value is that associated with the first required or requisite module to fail. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium. It is conceivable that such behavior might inform an attacker of valid accounts on a system. This possibility should be weighed against the not insignificant concerns of exposing a sensitive password in a hostile environment. sufficient if such a module succeeds and no prior required module has failed the PAM framework returns success to the application or to the superior PAM stack immediately without calling any further modules in the stack. A failure of a sufficient module is ignored and processing of the PAM module stack continues unaffected. optional the success or failure of this module is only important if it is the only module in the stack associated with this service+type. include include all lines of given type from the configuration file specified as an argument to this control. substack include all lines of given type from the configuration file specified as an argument to this control. This differs from include in that evaluation of the done and die actions in a substack does not cause skipping the rest of the complete module stack, but only of the substack. Jumps in a substack also can not make evaluation jump out of it, and the whole substack is counted as one module when the jump is done in a parent stack. The reset action will reset the state of a module stack to the state it was in as of beginning of the substack evaluation. For the more complicated syntax valid control values have the following form: [value1=action1 value2=action2 ...] Where valueN corresponds to the return code from the function invoked in the module for which the line is defined. It is selected from one of these: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete, and default. The last of these, default, implies 'all valueN's not mentioned explicitly. Note, the full list of PAM errors is available in /usr/include/security/_pam_types.h. The actionN can take one of the following forms: ignore when used with a stack of modules, the module's return status will not contribute to the return code the application obtains. bad this action indicates that the return code should be thought of as indicative of the module failing. If this module is the first in the stack to fail, its status value will be used for that of the whole stack. die equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application. ok this tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules. In other words, if the former state of the stack would lead to a return of PAM_SUCCESS, the module's return code will override this value. Note, if the former state of the stack holds some value that is indicative of a modules failure, this 'ok' value will not be used to override that value. done equivalent to ok with the side effect of terminating the module stack and PAM immediately returning to the application. N (an unsigned integer) equivalent to ok with the side effect of jumping over the next N modules in the stack. Note that N equal to 0 is not allowed (and it would be identical to ok in such case). reset clear all memory of the state of the module stack and start again with the next stacked module. Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in terms of the [...] syntax. They are as follows: required [success=ok new_authtok_reqd=ok ignore=ignore default=bad] requisite [success=ok new_authtok_reqd=ok ignore=ignore default=die] sufficient [success=done new_authtok_reqd=done default=ignore] optional [success=ok new_authtok_reqd=ok default=ignore] module-path is either the full filename of the PAM to be used by the application (it begins with a '/'), or a relative pathname from the default module location: /lib/security/ or /lib64/security/, depending on the architecture. module-arguments are a space separated list of tokens that can be used to modify the specific behavior of the given PAM. Such arguments will be documented for each individual module. Note, if you wish to include spaces in an argument, you should surround that argument with square brackets. squid auth required pam_mysql.so user=passwd_query passwd=mada \ db=eminence [query=select user_name from internet_service \ where user_name='%u' and password=PASSWORD('%p') and \ service='web_proxy'] When using this convention, you can include `[' characters inside the string, and if you wish to include a `]' character inside the string that will survive the argument parsing, you should use `\]'. In other words: [..[..\]..] --> ..[..].. Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail. A corresponding error is written to the system log files with a call to syslog3 .
pam/doc/man/pam.conf.50000644000000000000000000003141613261244762011644 0ustar '\" t .\" Title: pam.conf .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam.conf, pam.d \- PAM configuration files .SH "DESCRIPTION" .PP When a \fIPAM\fR aware privilege granting application is started, it activates its attachment to the PAM\-API\&. This activation performs a number of tasks, the most important being the reading of the configuration file(s): /etc/pam\&.conf\&. Alternatively, this may be the contents of the /etc/pam\&.d/ directory\&. The presence of this directory will cause Linux\-PAM to ignore /etc/pam\&.conf\&. .PP These files list the \fIPAM\fRs that will do the authentication tasks required by this service, and the appropriate behavior of the PAM\-API in the event that individual \fIPAM\fRs fail\&. .PP The syntax of the /etc/pam\&.conf configuration file is as follows\&. The file is made up of a list of rules, each rule is typically placed on a single line, but may be extended with an escaped end of line: `\e\*(Aq\&. Comments are preceded with `#\*(Aq marks and extend to the next end of line\&. .PP The format of each rule is a space separated collection of tokens, the first three being case\-insensitive: .PP \fB service type control module\-path module\-arguments\fR .PP The syntax of files contained in the /etc/pam\&.d/ directory, are identical except for the absence of any \fIservice\fR field\&. In this case, the \fIservice\fR is the name of the file in the /etc/pam\&.d/ directory\&. This filename must be in lower case\&. .PP An important feature of \fIPAM\fR, is that a number of rules may be \fIstacked\fR to combine the services of a number of PAMs for a given authentication task\&. .PP The \fIservice\fR is typically the familiar name of the corresponding application: \fIlogin\fR and \fIsu\fR are good examples\&. The \fIservice\fR\-name, \fIother\fR, is reserved for giving \fIdefault\fR rules\&. Only lines that mention the current service (or in the absence of such, the \fIother\fR entries) will be associated with the given service\-application\&. .PP The \fItype\fR is the management group that the rule corresponds to\&. It is used to specify which of the management groups the subsequent module is to be associated with\&. Valid entries are: .PP account .RS 4 this module type performs non\-authentication based account management\&. It is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user \-\- \*(Aqroot\*(Aq login only on the console\&. .RE .PP auth .RS 4 this module type provides two aspects of authenticating the user\&. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification\&. Secondly, the module can grant group membership or other privileges through its credential granting properties\&. .RE .PP password .RS 4 this module type is required for updating the authentication token associated with the user\&. Typically, there is one module for each \*(Aqchallenge/response\*(Aq based authentication (auth) type\&. .RE .PP session .RS 4 this module type is associated with doing things that need to be done for the user before/after they can be given service\&. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc\&. .RE .PP If the \fItype\fR value from the list above is prepended with a \fI\-\fR character the PAM library will not log to the system log if it is not possible to load the module because it is missing in the system\&. This can be useful especially for modules which are not always installed on the system and are not required for correct authentication and authorization of the login session\&. .PP The third field, \fIcontrol\fR, indicates the behavior of the PAM\-API should the module fail to succeed in its authentication task\&. There are two types of syntax for this control field: the simple one has a single simple keyword; the more complicated one involves a square\-bracketed selection of \fIvalue=action\fR pairs\&. .PP For the simple (historical) syntax valid \fIcontrol\fR values are: .PP required .RS 4 failure of such a PAM will ultimately lead to the PAM\-API returning failure but only after the remaining \fIstacked\fR modules (for this \fIservice\fR and \fItype\fR) have been invoked\&. .RE .PP requisite .RS 4 like \fIrequired\fR, however, in the case that such a module returns a failure, control is directly returned to the application or to the superior PAM stack\&. The return value is that associated with the first required or requisite module to fail\&. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium\&. It is conceivable that such behavior might inform an attacker of valid accounts on a system\&. This possibility should be weighed against the not insignificant concerns of exposing a sensitive password in a hostile environment\&. .RE .PP sufficient .RS 4 if such a module succeeds and no prior \fIrequired\fR module has failed the PAM framework returns success to the application or to the superior PAM stack immediately without calling any further modules in the stack\&. A failure of a \fIsufficient\fR module is ignored and processing of the PAM module stack continues unaffected\&. .RE .PP optional .RS 4 the success or failure of this module is only important if it is the only module in the stack associated with this \fIservice\fR+\fItype\fR\&. .RE .PP include .RS 4 include all lines of given type from the configuration file specified as an argument to this control\&. .RE .PP substack .RS 4 include all lines of given type from the configuration file specified as an argument to this control\&. This differs from \fIinclude\fR in that evaluation of the \fIdone\fR and \fIdie\fR actions in a substack does not cause skipping the rest of the complete module stack, but only of the substack\&. Jumps in a substack also can not make evaluation jump out of it, and the whole substack is counted as one module when the jump is done in a parent stack\&. The \fIreset\fR action will reset the state of a module stack to the state it was in as of beginning of the substack evaluation\&. .RE .PP For the more complicated syntax valid \fIcontrol\fR values have the following form: .sp .if n \{\ .RS 4 .\} .nf [value1=action1 value2=action2 \&.\&.\&.] .fi .if n \{\ .RE .\} .PP Where \fIvalueN\fR corresponds to the return code from the function invoked in the module for which the line is defined\&. It is selected from one of these: \fIsuccess\fR, \fIopen_err\fR, \fIsymbol_err\fR, \fIservice_err\fR, \fIsystem_err\fR, \fIbuf_err\fR, \fIperm_denied\fR, \fIauth_err\fR, \fIcred_insufficient\fR, \fIauthinfo_unavail\fR, \fIuser_unknown\fR, \fImaxtries\fR, \fInew_authtok_reqd\fR, \fIacct_expired\fR, \fIsession_err\fR, \fIcred_unavail\fR, \fIcred_expired\fR, \fIcred_err\fR, \fIno_module_data\fR, \fIconv_err\fR, \fIauthtok_err\fR, \fIauthtok_recover_err\fR, \fIauthtok_lock_busy\fR, \fIauthtok_disable_aging\fR, \fItry_again\fR, \fIignore\fR, \fIabort\fR, \fIauthtok_expired\fR, \fImodule_unknown\fR, \fIbad_item\fR, \fIconv_again\fR, \fIincomplete\fR, and \fIdefault\fR\&. .PP The last of these, \fIdefault\fR, implies \*(Aqall \fIvalueN\fR\*(Aqs not mentioned explicitly\&. Note, the full list of PAM errors is available in /usr/include/security/_pam_types\&.h\&. The \fIactionN\fR can take one of the following forms: .PP ignore .RS 4 when used with a stack of modules, the module\*(Aqs return status will not contribute to the return code the application obtains\&. .RE .PP bad .RS 4 this action indicates that the return code should be thought of as indicative of the module failing\&. If this module is the first in the stack to fail, its status value will be used for that of the whole stack\&. .RE .PP die .RS 4 equivalent to bad with the side effect of terminating the module stack and PAM immediately returning to the application\&. .RE .PP ok .RS 4 this tells PAM that the administrator thinks this return code should contribute directly to the return code of the full stack of modules\&. In other words, if the former state of the stack would lead to a return of \fIPAM_SUCCESS\fR, the module\*(Aqs return code will override this value\&. Note, if the former state of the stack holds some value that is indicative of a modules failure, this \*(Aqok\*(Aq value will not be used to override that value\&. .RE .PP done .RS 4 equivalent to ok with the side effect of terminating the module stack and PAM immediately returning to the application\&. .RE .PP N (an unsigned integer) .RS 4 equivalent to ok with the side effect of jumping over the next N modules in the stack\&. Note that N equal to 0 is not allowed (and it would be identical to ok in such case)\&. .RE .PP reset .RS 4 clear all memory of the state of the module stack and start again with the next stacked module\&. .RE .PP Each of the four keywords: required; requisite; sufficient; and optional, have an equivalent expression in terms of the [\&.\&.\&.] syntax\&. They are as follows: .PP required .RS 4 [success=ok new_authtok_reqd=ok ignore=ignore default=bad] .RE .PP requisite .RS 4 [success=ok new_authtok_reqd=ok ignore=ignore default=die] .RE .PP sufficient .RS 4 [success=done new_authtok_reqd=done default=ignore] .RE .PP optional .RS 4 [success=ok new_authtok_reqd=ok default=ignore] .RE .PP \fImodule\-path\fR is either the full filename of the PAM to be used by the application (it begins with a \*(Aq/\*(Aq), or a relative pathname from the default module location: /lib/security/ or /lib64/security/, depending on the architecture\&. .PP \fImodule\-arguments\fR are a space separated list of tokens that can be used to modify the specific behavior of the given PAM\&. Such arguments will be documented for each individual module\&. Note, if you wish to include spaces in an argument, you should surround that argument with square brackets\&. .sp .if n \{\ .RS 4 .\} .nf squid auth required pam_mysql\&.so user=passwd_query passwd=mada \e db=eminence [query=select user_name from internet_service \e where user_name=\*(Aq%u\*(Aq and password=PASSWORD(\*(Aq%p\*(Aq) and \e service=\*(Aqweb_proxy\*(Aq] .fi .if n \{\ .RE .\} .PP When using this convention, you can include `[\*(Aq characters inside the string, and if you wish to include a `]\*(Aq character inside the string that will survive the argument parsing, you should use `\e]\*(Aq\&. In other words: .sp .if n \{\ .RS 4 .\} .nf [\&.\&.[\&.\&.\e]\&.\&.] \-\-> \&.\&.[\&.\&.]\&.\&. .fi .if n \{\ .RE .\} .PP Any line in (one of) the configuration file(s), that is not formatted correctly, will generally tend (erring on the side of caution) to make the authentication process fail\&. A corresponding error is written to the system log files with a call to \fBsyslog\fR(3)\&. .PP More flexible than the single configuration file is it to configure libpam via the contents of the /etc/pam\&.d/ directory\&. In this case the directory is filled with files each of which has a filename equal to a service\-name (in lower\-case): it is the personal configuration file for the named service\&. .PP The syntax of each file in /etc/pam\&.d/ is similar to that of the /etc/pam\&.conf file and is made up of lines of the following form: .sp .if n \{\ .RS 4 .\} .nf type control module\-path module\-arguments .fi .if n \{\ .RE .\} .PP The only difference being that the service\-name is not present\&. The service\-name is of course the name of the given configuration file\&. For example, /etc/pam\&.d/login contains the configuration for the \fBlogin\fR service\&. .SH "SEE ALSO" .PP \fBpam\fR(3), \fBPAM\fR(8), \fBpam_start\fR(3) pam/doc/man/pam.d.50000644000000000000000000000001713261244762011133 0ustar .so pam.conf.5 pam/doc/man/pam_acct_mgmt.30000644000000000000000000000567413261244762012743 0ustar '\" t .\" Title: pam_acct_mgmt .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_acct_mgmt \- PAM account validation management .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_acct_mgmt('u .BI "int pam_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_acct_mgmt\fR function is used to determine if the users account is valid\&. It checks for authentication token and account expiration and verifies access restrictions\&. It is typically called after the user has been authenticated\&. .PP The \fIpamh\fR argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_DISALLOW_NULL_AUTHTOK .RS 4 The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token\&. .RE .SH "RETURN VALUES" .PP PAM_ACCT_EXPIRED .RS 4 User account has expired\&. .RE .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_NEW_AUTHTOK_REQD .RS 4 The user account is valid but their authentication token is \fIexpired\fR\&. The correct response to this return\-value is to require that the user satisfies the \fBpam_chauthtok()\fR function before obtaining service\&. It may not be possible for some applications to do this\&. In such cases, the user should be denied access until such time as they can update their password\&. .RE .PP PAM_PERM_DENIED .RS 4 Permission denied\&. .RE .PP PAM_SUCCESS .RS 4 The authentication token was successfully updated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User unknown to password service\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_authenticate\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), \fBpam\fR(8) pam/doc/man/pam_acct_mgmt.3.xml0000644000000000000000000001100113261244762013517 0ustar pam_acct_mgmt 3 Linux-PAM Manual pam_acct_mgmt PAM account validation management #include <security/pam_appl.h> int pam_acct_mgmt pam_handle_t *pamh int flags DESCRIPTION The pam_acct_mgmt function is used to determine if the users account is valid. It checks for authentication token and account expiration and verifies access restrictions. It is typically called after the user has been authenticated. The pamh argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more of the following values: PAM_SILENT Do not emit any messages. PAM_DISALLOW_NULL_AUTHTOK The PAM module service should return PAM_NEW_AUTHTOK_REQD if the user has a null authentication token. RETURN VALUES PAM_ACCT_EXPIRED User account has expired. PAM_AUTH_ERR Authentication failure. PAM_NEW_AUTHTOK_REQD The user account is valid but their authentication token is expired. The correct response to this return-value is to require that the user satisfies the pam_chauthtok() function before obtaining service. It may not be possible for some applications to do this. In such cases, the user should be denied access until such time as they can update their password. PAM_PERM_DENIED Permission denied. PAM_SUCCESS The authentication token was successfully updated. PAM_USER_UNKNOWN User unknown to password service. SEE ALSO pam_start3 , pam_authenticate3 , pam_chauthtok3 , pam_strerror3 , pam8 pam/doc/man/pam_authenticate.30000644000000000000000000000640213261244762013451 0ustar '\" t .\" Title: pam_authenticate .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_authenticate \- account authentication .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_authenticate('u .BI "int pam_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_authenticate\fR function is used to authenticate the user\&. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print\&. .PP The PAM service module may request that the user enter their username vio the the conversation mechanism (see \fBpam_start\fR(3) and \fBpam_conv\fR(3))\&. The name of the authenticated user will be present in the PAM item PAM_USER\&. This item may be recovered with a call to \fBpam_get_item\fR(3)\&. .PP The \fIpamh\fR argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_DISALLOW_NULL_AUTHTOK .RS 4 The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token\&. .RE .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 The application should exit immediately after calling \fBpam_end\fR(3) first\&. .RE .PP PAM_AUTH_ERR .RS 4 The user was not authenticated\&. .RE .PP PAM_CRED_INSUFFICIENT .RS 4 For some reason the application does not have sufficient credentials to authenticate the user\&. .RE .PP PAM_AUTHINFO_UNVAIL .RS 4 The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&. .RE .PP PAM_MAXTRIES .RS 4 One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&. .RE .PP PAM_SUCCESS .RS 4 The user was successfully authenticated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User unknown to authentication service\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_setcred\fR(3), \fBpam_chauthtok\fR(3), \fBpam_strerror\fR(3), \fBpam\fR(8) pam/doc/man/pam_authenticate.3.xml0000644000000000000000000001254313261244762014253 0ustar pam_authenticate 3 Linux-PAM Manual pam_authenticate account authentication #include <security/pam_appl.h> int pam_authenticate pam_handle_t *pamh int flags DESCRIPTION The pam_authenticate function is used to authenticate the user. The user is required to provide an authentication token depending upon the authentication service, usually this is a password, but could also be a finger print. The PAM service module may request that the user enter their username vio the the conversation mechanism (see pam_start3 and pam_conv3 ). The name of the authenticated user will be present in the PAM item PAM_USER. This item may be recovered with a call to pam_get_item3 . The pamh argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more of the following values: PAM_SILENT Do not emit any messages. PAM_DISALLOW_NULL_AUTHTOK The PAM module service should return PAM_AUTH_ERR if the user does not have a registered authentication token. RETURN VALUES PAM_ABORT The application should exit immediately after calling pam_end3 first. PAM_AUTH_ERR The user was not authenticated. PAM_CRED_INSUFFICIENT For some reason the application does not have sufficient credentials to authenticate the user. PAM_AUTHINFO_UNVAIL The modules were not able to access the authentication information. This might be due to a network or hardware failure etc. PAM_MAXTRIES One or more of the authentication modules has reached its limit of tries authenticating the user. Do not try again. PAM_SUCCESS The user was successfully authenticated. PAM_USER_UNKNOWN User unknown to authentication service. SEE ALSO pam_start3 , pam_setcred3 , pam_chauthtok3 , pam_strerror3 , pam8 pam/doc/man/pam_chauthtok.30000644000000000000000000000616213261244762012770 0ustar '\" t .\" Title: pam_chauthtok .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_chauthtok \- updating authentication tokens .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_chauthtok('u .BI "int pam_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_chauthtok\fR function is used to change the authentication token for a given user (as indicated by the state associated with the handle \fIpamh\fR)\&. .PP The \fIpamh\fR argument is an authentication handle obtained by a prior call to pam_start()\&. The flags argument is the binary or of zero or more of the following values: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_CHANGE_EXPIRED_AUTHTOK .RS 4 This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired\&. If this argument is not passed, the application requires that all authentication tokens are to be changed\&. .RE .SH "RETURN VALUES" .PP PAM_AUTHTOK_ERR .RS 4 A module was unable to obtain the new authentication token\&. .RE .PP PAM_AUTHTOK_RECOVERY_ERR .RS 4 A module was unable to obtain the old authentication token\&. .RE .PP PAM_AUTHTOK_LOCK_BUSY .RS 4 One or more of the modules was unable to change the authentication token since it is currently locked\&. .RE .PP PAM_AUTHTOK_DISABLE_AGING .RS 4 Authentication token aging has been disabled for at least one of the modules\&. .RE .PP PAM_PERM_DENIED .RS 4 Permission denied\&. .RE .PP PAM_SUCCESS .RS 4 The authentication token was successfully updated\&. .RE .PP PAM_TRY_AGAIN .RS 4 Not all of the modules were in a position to update the authentication token(s)\&. In such a case none of the user\*(Aqs authentication tokens are updated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User unknown to password service\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_authenticate\fR(3), \fBpam_setcred\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), \fBpam\fR(8) pam/doc/man/pam_chauthtok.3.xml0000644000000000000000000001205613261244762013566 0ustar pam_chauthtok 3 Linux-PAM Manual pam_chauthtok updating authentication tokens #include <security/pam_appl.h> int pam_chauthtok pam_handle_t *pamh int flags DESCRIPTION The pam_chauthtok function is used to change the authentication token for a given user (as indicated by the state associated with the handle pamh). The pamh argument is an authentication handle obtained by a prior call to pam_start(). The flags argument is the binary or of zero or more of the following values: PAM_SILENT Do not emit any messages. PAM_CHANGE_EXPIRED_AUTHTOK This argument indicates to the modules that the users authentication token (password) should only be changed if it has expired. If this argument is not passed, the application requires that all authentication tokens are to be changed. RETURN VALUES PAM_AUTHTOK_ERR A module was unable to obtain the new authentication token. PAM_AUTHTOK_RECOVERY_ERR A module was unable to obtain the old authentication token. PAM_AUTHTOK_LOCK_BUSY One or more of the modules was unable to change the authentication token since it is currently locked. PAM_AUTHTOK_DISABLE_AGING Authentication token aging has been disabled for at least one of the modules. PAM_PERM_DENIED Permission denied. PAM_SUCCESS The authentication token was successfully updated. PAM_TRY_AGAIN Not all of the modules were in a position to update the authentication token(s). In such a case none of the user's authentication tokens are updated. PAM_USER_UNKNOWN User unknown to password service. SEE ALSO pam_start3 , pam_authenticate3 , pam_setcred3 , pam_get_item3 , pam_strerror3 , pam8 pam/doc/man/pam_close_session.30000644000000000000000000000444513261244762013650 0ustar '\" t .\" Title: pam_close_session .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_close_session \- terminate PAM session management .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_close_session('u .BI "int pam_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_close_session\fR function is used to indicate that an authenticated session has ended\&. The session should have been created with a call to \fBpam_open_session\fR(3)\&. .PP It should be noted that the effective uid, \fBgeteuid\fR(2)\&. of the application should be of sufficient privilege to perform such tasks as unmounting the user\*(Aqs home directory for example\&. .PP The flags argument is the binary or of zero or more of the following values: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 General failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SESSION_ERR .RS 4 Session failure\&. .RE .PP PAM_SUCCESS .RS 4 Session was successful terminated\&. .RE .SH "SEE ALSO" .PP \fBpam_open_session\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_close_session.3.xml0000644000000000000000000000643313261244762014446 0ustar pam_close_session 3 Linux-PAM Manual pam_close_session terminate PAM session management #include <security/pam_appl.h> int pam_close_session pam_handle_t *pamh int flags DESCRIPTION The pam_close_session function is used to indicate that an authenticated session has ended. The session should have been created with a call to pam_open_session3 . It should be noted that the effective uid, geteuid2 . of the application should be of sufficient privilege to perform such tasks as unmounting the user's home directory for example. The flags argument is the binary or of zero or more of the following values: PAM_SILENT Do not emit any messages. RETURN VALUES PAM_ABORT General failure. PAM_BUF_ERR Memory buffer error. PAM_SESSION_ERR Session failure. PAM_SUCCESS Session was successful terminated. SEE ALSO pam_open_session3 , pam_strerror3 pam/doc/man/pam_conv.30000644000000000000000000001331613261244762011742 0ustar '\" t .\" Title: pam_conv .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_CONV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_conv \- PAM conversation function .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .sp .nf struct pam_message { int msg_style; const char *msg; }; struct pam_response { char *resp; int resp_retcode; }; struct pam_conv { int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void *appdata_ptr; }; .fi .SH "DESCRIPTION" .PP The PAM library uses an application\-defined callback to allow a direct communication between a loaded module and the application\&. This callback is specified by the \fIstruct pam_conv\fR passed to \fBpam_start\fR(3) at the start of the transaction\&. .PP When a module calls the referenced conv() function, the argument \fIappdata_ptr\fR is set to the second element of this structure\&. .PP The other arguments of a call to conv() concern the information exchanged by module and application\&. That is to say, \fInum_msg\fR holds the length of the array of pointers, \fImsg\fR\&. After a successful return, the pointer \fIresp\fR points to an array of pam_response structures, holding the application supplied text\&. The \fIresp_retcode\fR member of this struct is unused and should be set to zero\&. It is the caller\*(Aqs responsibility to release both, this array and the responses themselves, using \fBfree\fR(3)\&. Note, \fI*resp\fR is a \fIstruct pam_response\fR array and not an array of pointers\&. .PP The number of responses is always equal to the \fInum_msg\fR conversation function argument\&. This does require that the response array is \fBfree\fR(3)\*(Aqd after every call to the conversation function\&. The index of the responses corresponds directly to the prompt index in the pam_message array\&. .PP On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes\&. .PP Each message can have one of four types, specified by the \fImsg_style\fR member of \fIstruct pam_message\fR: .PP PAM_PROMPT_ECHO_OFF .RS 4 Obtain a string without echoing any text\&. .RE .PP PAM_PROMPT_ECHO_ON .RS 4 Obtain a string whilst echoing text\&. .RE .PP PAM_ERROR_MSG .RS 4 Display an error message\&. .RE .PP PAM_TEXT_INFO .RS 4 Display some text\&. .RE .PP The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module\&. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once\&. .PP In passing, it is worth noting that there is a descrepency between the way Linux\-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris\*(Aq PAM (and derivitives, known to include HP/UX, are there others?) does\&. Linux\-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[])\&. Said another way Linux\-PAM interprets the msg argument as a pointer to an array of num_msg read only \*(Aqstruct pam_message\*(Aq pointers\&. Solaris\*(Aq PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures\&. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent\&. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems\&. .PP For what its worth the two known module writer work\-arounds for trying to maintain source level compatibility with both PAM implementations are: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} never call the conversation function with num_msg greater than one\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} set up msg as doubly referenced so both types of conversation function can find the messages\&. That is, make .sp .if n \{\ .RS 4 .\} .nf msg[n] = & (( *msg )[n]) .fi .if n \{\ .RE .\} .RE .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CONV_ERR .RS 4 Conversation failure\&. The application should not set \fI*resp\fR\&. .RE .PP PAM_SUCCESS .RS 4 Success\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_set_item\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3), \fBpam\fR(8) pam/doc/man/pam_conv.3.xml0000644000000000000000000001724013261244762012541 0ustar pam_conv 3 Linux-PAM Manual pam_conv PAM conversation function #include <security/pam_appl.h> struct pam_message { int msg_style; const char *msg; }; struct pam_response { char *resp; int resp_retcode; }; struct pam_conv { int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void *appdata_ptr; }; DESCRIPTION The PAM library uses an application-defined callback to allow a direct communication between a loaded module and the application. This callback is specified by the struct pam_conv passed to pam_start3 at the start of the transaction. When a module calls the referenced conv() function, the argument appdata_ptr is set to the second element of this structure. The other arguments of a call to conv() concern the information exchanged by module and application. That is to say, num_msg holds the length of the array of pointers, msg. After a successful return, the pointer resp points to an array of pam_response structures, holding the application supplied text. The resp_retcode member of this struct is unused and should be set to zero. It is the caller's responsibility to release both, this array and the responses themselves, using free3 . Note, *resp is a struct pam_response array and not an array of pointers. The number of responses is always equal to the num_msg conversation function argument. This does require that the response array is free3 'd after every call to the conversation function. The index of the responses corresponds directly to the prompt index in the pam_message array. On failure, the conversation function should release any resources it has allocated, and return one of the predefined PAM error codes. Each message can have one of four types, specified by the msg_style member of struct pam_message: PAM_PROMPT_ECHO_OFF Obtain a string without echoing any text. PAM_PROMPT_ECHO_ON Obtain a string whilst echoing text. PAM_ERROR_MSG Display an error message. PAM_TEXT_INFO Display some text. The point of having an array of messages is that it becomes possible to pass a number of things to the application in a single call from the module. It can also be convenient for the application that related things come at once: a windows based application can then present a single form with many messages/prompts on at once. In passing, it is worth noting that there is a descrepency between the way Linux-PAM handles the const struct pam_message **msg conversation function argument from the way that Solaris' PAM (and derivitives, known to include HP/UX, are there others?) does. Linux-PAM interprets the msg argument as entirely equivalent to the following prototype const struct pam_message *msg[] (which, in spirit, is consistent with the commonly used prototypes for argv argument to the familiar main() function: char **argv; and char *argv[]). Said another way Linux-PAM interprets the msg argument as a pointer to an array of num_msg read only 'struct pam_message' pointers. Solaris' PAM implementation interprets this argument as a pointer to a pointer to an array of num_msg pam_message structures. Fortunately, perhaps, for most module/application developers when num_msg has a value of one these two definitions are entirely equivalent. Unfortunately, casually raising this number to two has led to unanticipated compatibility problems. For what its worth the two known module writer work-arounds for trying to maintain source level compatibility with both PAM implementations are: never call the conversation function with num_msg greater than one. set up msg as doubly referenced so both types of conversation function can find the messages. That is, make msg[n] = & (( *msg )[n]) RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CONV_ERR Conversation failure. The application should not set *resp. PAM_SUCCESS Success. SEE ALSO pam_start3 , pam_set_item3 , pam_get_item3 , pam_strerror3 , pam8 pam/doc/man/pam_end.30000644000000000000000000000613113261244762011540 0ustar '\" t .\" Title: pam_end .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_END" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_end \- termination of PAM transaction .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_end('u .BI "int pam_end(pam_handle_t\ *" "pamh" ", int\ " "pam_status" ");" .SH "DESCRIPTION" .PP The \fBpam_end\fR function terminates the PAM transaction and is the last function an application should call in the PAM context\&. Upon return the handle \fIpamh\fR is no longer valid and all memory associated with it will be invalid\&. .PP The \fIpam_status\fR argument should be set to the value returned to the application by the last PAM library call\&. .PP The value taken by \fIpam_status\fR is used as an argument to the module specific callback function, \fBcleanup()\fR (See \fBpam_set_data\fR(3) and \fBpam_get_data\fR(3))\&. In this way the module can be given notification of the pass/fail nature of the tear\-down process, and perform any last minute tasks that are appropriate to the module before it is unlinked\&. This argument can be logically OR\*(Aqd with \fIPAM_DATA_SILENT\fR to indicate to indicate that the module should not treat the call too seriously\&. It is generally used to indicate that the current closing of the library is in a \fBfork\fR(2)ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc\&.)\&. .PP This function \fIfree\fR\*(Aqs all memory for items associated with the \fBpam_set_item\fR(3) and \fBpam_get_item\fR(3) functions\&. Pointers associated with such objects are not valid anymore after \fBpam_end\fR was called\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Transaction was successful terminated\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error, for example a NULL pointer was submitted as PAM handle or the function was called by a module\&. .RE .SH "SEE ALSO" .PP \fBpam_get_data\fR(3), \fBpam_set_data\fR(3), \fBpam_start\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_end.3.xml0000644000000000000000000001044513261244762012342 0ustar pam_end 3 Linux-PAM Manual pam_end termination of PAM transaction #include <security/pam_appl.h> int pam_end pam_handle_t *pamh int pam_status DESCRIPTION The pam_end function terminates the PAM transaction and is the last function an application should call in the PAM context. Upon return the handle pamh is no longer valid and all memory associated with it will be invalid. The pam_status argument should be set to the value returned to the application by the last PAM library call. The value taken by pam_status is used as an argument to the module specific callback function, cleanup() (See pam_set_data3 and pam_get_data3 ). In this way the module can be given notification of the pass/fail nature of the tear-down process, and perform any last minute tasks that are appropriate to the module before it is unlinked. This argument can be logically OR'd with PAM_DATA_SILENT to indicate to indicate that the module should not treat the call too seriously. It is generally used to indicate that the current closing of the library is in a fork2 ed process, and that the parent will take care of cleaning up things that exist outside of the current process space (files etc.). This function free's all memory for items associated with the pam_set_item3 and pam_get_item3 functions. Pointers associated with such objects are not valid anymore after pam_end was called. RETURN VALUES PAM_SUCCESS Transaction was successful terminated. PAM_SYSTEM_ERR System error, for example a NULL pointer was submitted as PAM handle or the function was called by a module. SEE ALSO pam_get_data3 , pam_set_data3 , pam_start3 , pam_strerror3 pam/doc/man/pam_error.30000644000000000000000000000454213261244762012127 0ustar '\" t .\" Title: pam_error .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_error, pam_verror \- display error messages to the user .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_error('u .BI "int pam_error(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" .HP \w'int\ pam_verror('u .BI "int pam_verror(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" .SH "DESCRIPTION" .PP The \fBpam_error\fR function prints error messages through the conversation function to the user\&. .PP The \fBpam_verror\fR function performs the same task as \fBpam_error()\fR with the difference that it takes a set of arguments which have been obtained using the \fBstdarg\fR(3) variable argument list macros\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CONV_ERR .RS 4 Conversation failure\&. .RE .PP PAM_SUCCESS .RS 4 Error message was displayed\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error\&. .RE .SH "SEE ALSO" .PP \fBpam_info\fR(3), \fBpam_vinfo\fR(3), \fBpam_prompt\fR(3), \fBpam_vprompt\fR(3), \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_error\fR and \fBpam_verror\fR functions are Linux\-PAM extensions\&. pam/doc/man/pam_error.3.xml0000644000000000000000000000731413261244762012726 0ustar pam_error 3 Linux-PAM Manual pam_error pam_verror display error messages to the user #include <security/pam_ext.h> int pam_error pam_handle_t *pamh const char *fmt ... int pam_verror pam_handle_t *pamh const char *fmt va_list args DESCRIPTION The pam_error function prints error messages through the conversation function to the user. The pam_verror function performs the same task as pam_error() with the difference that it takes a set of arguments which have been obtained using the stdarg3 variable argument list macros. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CONV_ERR Conversation failure. PAM_SUCCESS Error message was displayed. PAM_SYSTEM_ERR System error. SEE ALSO pam_info3 , pam_vinfo3 , pam_prompt3 , pam_vprompt3 , pam8 STANDARDS The pam_error and pam_verror functions are Linux-PAM extensions. pam/doc/man/pam_fail_delay.30000644000000000000000000001314413261244762013065 0ustar '\" t .\" Title: pam_fail_delay .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_FAIL_DELAY" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_fail_delay \- request a delay on failure .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_fail_delay('u .BI "int pam_fail_delay(pam_handle_t\ *" "pamh" ", unsigned\ int\ " "usec" ");" .SH "DESCRIPTION" .PP The \fBpam_fail_delay\fR function provides a mechanism by which an application or module can suggest a minimum delay of \fIusec\fR micro\-seconds\&. The function keeps a record of the longest time requested with this function\&. Should \fBpam_authenticate\fR(3) fail, the failing return to the application is delayed by an amount of time randomly distributed (by up to 25%) about this longest value\&. .PP Independent of success, the delay time is reset to its zero default value when the PAM service module returns control to the application\&. The delay occurs \fIafter\fR all authentication modules have been called, but \fIbefore\fR control is returned to the service application\&. .PP When using this function the programmer should check if it is available with: .sp .if n \{\ .RS 4 .\} .nf #ifdef HAVE_PAM_FAIL_DELAY \&.\&.\&.\&. #endif /* HAVE_PAM_FAIL_DELAY */ .fi .if n \{\ .RE .\} .PP For applications written with a single thread that are event driven in nature, generating this delay may be undesirable\&. Instead, the application may want to register the delay in some other way\&. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires\&. For this reason the delay function can be changed with the \fIPAM_FAIL_DELAY\fR item\&. It can be queried and set with \fBpam_get_item\fR(3) and \fBpam_set_item \fR(3) respectively\&. The value used to set it should be a function pointer of the following prototype: .sp .if n \{\ .RS 4 .\} .nf void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); .fi .if n \{\ .RE .\} .sp The arguments being the \fIretval\fR return code of the module stack, the \fIusec_delay\fR micro\-second delay that libpam is requesting and the \fIappdata_ptr\fR that the application has associated with the current \fIpamh\fR\&. This last value was set by the application when it called \fBpam_start\fR(3) or explicitly with \fBpam_set_item\fR(3)\&. Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed\&. .SH "RATIONALE" .PP It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user\&. In cases of \fIshort\fR timeouts, it may prove possible to attempt a \fIbrute force\fR dictionary attack \-\- with an automated process, the attacker tries all possible passwords to gain access to the system\&. In other cases, where individual failures can take measurable amounts of time (indicating the nature of the failure), an attacker can obtain useful information about the authentication process\&. These latter attacks make use of procedural delays that constitute a \fIcovert channel\fR of useful information\&. .PP To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process\&. Preferable this value should be set by the application or a special PAM module\&. Standard PAM modules should not modify the delay unconditional\&. .SH "EXAMPLE" .PP For example, a login application may require a failure delay of roughly 3 seconds\&. It will contain the following code: .sp .if n \{\ .RS 4 .\} .nf pam_fail_delay (pamh, 3000000 /* micro\-seconds */ ); pam_authenticate (pamh, 0); .fi .if n \{\ .RE .\} .PP if the modules do not request a delay, the failure delay will be between 2\&.25 and 3\&.75 seconds\&. .PP However, the modules, invoked in the authentication process, may also request delays: .sp .if n \{\ .RS 4 .\} .nf module #1: pam_fail_delay (pamh, 2000000); module #2: pam_fail_delay (pamh, 4000000); .fi .if n \{\ .RE .\} .PP in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Delay was successful adjusted\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A NULL pointer was submitted as PAM handle\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_get_item\fR(3), \fBpam_strerror\fR(3) .SH "STANDARDS" .PP The \fBpam_fail_delay\fR function is an Linux\-PAM extension\&. pam/doc/man/pam_fail_delay.3.xml0000644000000000000000000001642113261244762013665 0ustar pam_fail_delay 3 Linux-PAM Manual pam_fail_delay request a delay on failure #include <security/pam_appl.h> int pam_fail_delay pam_handle_t *pamh unsigned int usec DESCRIPTION The pam_fail_delay function provides a mechanism by which an application or module can suggest a minimum delay of usec micro-seconds. The function keeps a record of the longest time requested with this function. Should pam_authenticate3 fail, the failing return to the application is delayed by an amount of time randomly distributed (by up to 25%) about this longest value. Independent of success, the delay time is reset to its zero default value when the PAM service module returns control to the application. The delay occurs after all authentication modules have been called, but before control is returned to the service application. When using this function the programmer should check if it is available with: #ifdef HAVE_PAM_FAIL_DELAY .... #endif /* HAVE_PAM_FAIL_DELAY */ For applications written with a single thread that are event driven in nature, generating this delay may be undesirable. Instead, the application may want to register the delay in some other way. For example, in a single threaded server that serves multiple authentication requests from a single event loop, the application might want to simply mark a given connection as blocked until an application timer expires. For this reason the delay function can be changed with the PAM_FAIL_DELAY item. It can be queried and set with pam_get_item3 and pam_set_item 3 respectively. The value used to set it should be a function pointer of the following prototype: void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr); The arguments being the retval return code of the module stack, the usec_delay micro-second delay that libpam is requesting and the appdata_ptr that the application has associated with the current pamh. This last value was set by the application when it called pam_start3 or explicitly with pam_set_item3 . Note, if PAM_FAIL_DELAY item is unset (or set to NULL), then no delay will be performed. RATIONALE It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user. In cases of short timeouts, it may prove possible to attempt a brute force dictionary attack -- with an automated process, the attacker tries all possible passwords to gain access to the system. In other cases, where individual failures can take measurable amounts of time (indicating the nature of the failure), an attacker can obtain useful information about the authentication process. These latter attacks make use of procedural delays that constitute a covert channel of useful information. To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process. Preferable this value should be set by the application or a special PAM module. Standard PAM modules should not modify the delay unconditional. EXAMPLE For example, a login application may require a failure delay of roughly 3 seconds. It will contain the following code: pam_fail_delay (pamh, 3000000 /* micro-seconds */ ); pam_authenticate (pamh, 0); if the modules do not request a delay, the failure delay will be between 2.25 and 3.75 seconds. However, the modules, invoked in the authentication process, may also request delays: module #1: pam_fail_delay (pamh, 2000000); module #2: pam_fail_delay (pamh, 4000000); in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds. RETURN VALUES PAM_SUCCESS Delay was successful adjusted. PAM_SYSTEM_ERR A NULL pointer was submitted as PAM handle. SEE ALSO pam_start3 , pam_get_item3 , pam_strerror3 STANDARDS The pam_fail_delay function is an Linux-PAM extension. pam/doc/man/pam_get_authtok.30000644000000000000000000001255313261244762013315 0ustar '\" t .\" Title: pam_get_authtok .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GET_AUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_get_authtok, pam_get_authtok_verify, pam_get_authtok_noverify \- get authentication token .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_get_authtok('u .BI "int pam_get_authtok(pam_handle_t\ *" "pamh" ", int\ " "item" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");" .HP \w'int\ pam_get_authtok_noverify('u .BI "int pam_get_authtok_noverify(pam_handle_t\ *" "pamh" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");" .HP \w'int\ pam_get_authtok_verify('u .BI "int pam_get_authtok_verify(pam_handle_t\ *" "pamh" ", const\ char\ **" "authtok" ", const\ char\ *" "prompt" ");" .SH "DESCRIPTION" .PP The \fBpam_get_authtok\fR function returns the cached authentication token, or prompts the user if no token is currently cached\&. It is intended for internal use by Linux\-PAM and PAM service modules\&. Upon successful return, \fIauthtok\fR contains a pointer to the value of the authentication token\&. Note, this is a pointer to the \fIactual\fR data and should \fBnot\fR be \fIfree()\fR\*(Aqed or over\-written! .PP The \fIprompt\fR argument specifies a prompt to use if no token is cached\&. If a NULL pointer is given, \fBpam_get_authtok\fR uses pre\-defined prompts\&. .PP The following values are supported for \fIitem\fR: .PP PAM_AUTHTOK .RS 4 Returns the current authentication token\&. Called from \fBpam_sm_chauthtok\fR(3)\fBpam_get_authtok\fR will ask the user to confirm the new token by retyping it\&. If a prompt was specified, "Retype" will be used as prefix\&. .RE .PP PAM_OLDAUTHTOK .RS 4 Returns the previous authentication token when changing authentication tokens\&. .RE .PP The \fBpam_get_authtok_noverify\fR function can only be used for changing the password (from \fBpam_sm_chauthtok\fR(3))\&. It returns the cached authentication token, or prompts the user if no token is currently cached\&. The difference to \fBpam_get_authtok\fR is, that this function does not ask a second time for the password to verify it\&. Upon successful return, \fIauthtok\fR contains a pointer to the value of the authentication token\&. Note, this is a pointer to the \fIactual\fR data and should \fBnot\fR be \fIfree()\fR\*(Aqed or over\-written! .PP The \fBpam_get_authtok_verify\fR function can only be used to verify a password for mistypes gotten by \fBpam_get_authtok_noverify\fR(3)\&. This function asks a second time for the password and verify it with the password provided by \fIauthtok\fR argument\&. In case of an error, the value of \fIauthtok\fR is undefined\&. Else this argument will point to the \fIactual\fR data and should \fBnot\fR be \fIfree()\fR\*(Aqed or over\-written! .SH "OPTIONS" .PP \fBpam_get_authtok\fR honours the following module options: .PP \fBtry_first_pass\fR .RS 4 Before prompting the user for their password, the module first tries the previous stacked module\*(Aqs password in case that satisfies this module as well\&. .RE .PP \fBuse_first_pass\fR .RS 4 The argument \fBuse_first_pass\fR forces the module to use a previous stacked modules password and will never prompt the user \- if no password is available or the password is not appropriate, the user will be denied access\&. .RE .PP \fBuse_authtok\fR .RS 4 When password changing enforce the module to set the new token to the one provided by a previously stacked \fBpassword\fR module\&. If no token is available token changing will fail\&. .RE .PP \fBauthtok_type=\fR\fB\fIXXX\fR\fR .RS 4 The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word \fIUNIX\fR can be replaced with this option, by default it is empty\&. .RE .SH "RETURN VALUES" .PP PAM_AUTH_ERR .RS 4 Authentication token could not be retrieved\&. .RE .PP PAM_AUTHTOK_ERR .RS 4 New authentication could not be retrieved\&. .RE .PP PAM_SUCCESS .RS 4 Authentication token was successfully retrieved\&. .RE .PP PAM_SYSTEM_ERR .RS 4 No space for an authentication token was provided\&. .RE .PP PAM_TRY_AGAIN .RS 4 New authentication tokens mismatch\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_get_authtok\fR function is a Linux\-PAM extensions\&. pam/doc/man/pam_get_authtok.3.xml0000644000000000000000000002126513261244762014114 0ustar pam_get_authtok 3 Linux-PAM Manual pam_get_authtok pam_get_authtok_verify pam_get_authtok_noverify get authentication token #include <security/pam_ext.h> int pam_get_authtok pam_handle_t *pamh int item const char **authtok const char *prompt int pam_get_authtok_noverify pam_handle_t *pamh const char **authtok const char *prompt int pam_get_authtok_verify pam_handle_t *pamh const char **authtok const char *prompt DESCRIPTION The pam_get_authtok function returns the cached authentication token, or prompts the user if no token is currently cached. It is intended for internal use by Linux-PAM and PAM service modules. Upon successful return, authtok contains a pointer to the value of the authentication token. Note, this is a pointer to the actual data and should not be free()'ed or over-written! The prompt argument specifies a prompt to use if no token is cached. If a NULL pointer is given, pam_get_authtok uses pre-defined prompts. The following values are supported for item: PAM_AUTHTOK Returns the current authentication token. Called from pam_sm_chauthtok3 pam_get_authtok will ask the user to confirm the new token by retyping it. If a prompt was specified, "Retype" will be used as prefix. PAM_OLDAUTHTOK Returns the previous authentication token when changing authentication tokens. The pam_get_authtok_noverify function can only be used for changing the password (from pam_sm_chauthtok3 ). It returns the cached authentication token, or prompts the user if no token is currently cached. The difference to pam_get_authtok is, that this function does not ask a second time for the password to verify it. Upon successful return, authtok contains a pointer to the value of the authentication token. Note, this is a pointer to the actual data and should not be free()'ed or over-written! The pam_get_authtok_verify function can only be used to verify a password for mistypes gotten by pam_get_authtok_noverify3 . This function asks a second time for the password and verify it with the password provided by authtok argument. In case of an error, the value of authtok is undefined. Else this argument will point to the actual data and should not be free()'ed or over-written! OPTIONS pam_get_authtok honours the following module options: Before prompting the user for their password, the module first tries the previous stacked module's password in case that satisfies this module as well. The argument forces the module to use a previous stacked modules password and will never prompt the user - if no password is available or the password is not appropriate, the user will be denied access. When password changing enforce the module to set the new token to the one provided by a previously stacked module. If no token is available token changing will fail. The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty. RETURN VALUES PAM_AUTH_ERR Authentication token could not be retrieved. PAM_AUTHTOK_ERR New authentication could not be retrieved. PAM_SUCCESS Authentication token was successfully retrieved. PAM_SYSTEM_ERR No space for an authentication token was provided. PAM_TRY_AGAIN New authentication tokens mismatch. SEE ALSO pam8 STANDARDS The pam_get_authtok function is a Linux-PAM extensions. pam/doc/man/pam_get_authtok_noverify.30000644000000000000000000000002613261244762015226 0ustar .so pam_get_authtok.3 pam/doc/man/pam_get_authtok_verify.30000644000000000000000000000002613261244762014671 0ustar .so pam_get_authtok.3 pam/doc/man/pam_get_data.30000644000000000000000000000463713261244762012553 0ustar '\" t .\" Title: pam_get_data .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_get_data \- get module internal data .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_get_data('u .BI "int pam_get_data(const\ pam_handle_t\ *" "pamh" ", const\ char\ *" "module_data_name" ", const\ void\ **" "data" ");" .SH "DESCRIPTION" .PP This function together with the \fBpam_set_data\fR(3) function is useful to manage module\-specific data meaningful only to the calling PAM module\&. .PP The \fBpam_get_data\fR function looks up the object associated with the (hopefully) unique string \fImodule_data_name\fR in the PAM context specified by the \fIpamh\fR argument\&. A successful call to \fBpam_get_data\fR will result in \fIdata\fR pointing to the object\&. Note, this data is \fInot\fR a copy and should be treated as \fIconstant\fR by the module\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Data was successful retrieved\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A NULL pointer was submitted as PAM handle or the function was called by an application\&. .RE .PP PAM_NO_MODULE_DATA .RS 4 Module data not found or there is an entry, but it has the value NULL\&. .RE .SH "SEE ALSO" .PP \fBpam_end\fR(3), \fBpam_set_data\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_get_data.3.xml0000644000000000000000000000640013261244762013340 0ustar pam_get_data 3 Linux-PAM Manual pam_get_data get module internal data #include <security/pam_modules.h> int pam_get_data const pam_handle_t *pamh const char *module_data_name const void **data DESCRIPTION This function together with the pam_set_data3 function is useful to manage module-specific data meaningful only to the calling PAM module. The pam_get_data function looks up the object associated with the (hopefully) unique string module_data_name in the PAM context specified by the pamh argument. A successful call to pam_get_data will result in data pointing to the object. Note, this data is not a copy and should be treated as constant by the module. RETURN VALUES PAM_SUCCESS Data was successful retrieved. PAM_SYSTEM_ERR A NULL pointer was submitted as PAM handle or the function was called by an application. PAM_NO_MODULE_DATA Module data not found or there is an entry, but it has the value NULL. SEE ALSO pam_end3 , pam_set_data3 , pam_strerror3 pam/doc/man/pam_get_item.30000644000000000000000000001422413261244762012571 0ustar '\" t .\" Title: pam_get_item .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_get_item \- getting PAM informations .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_get_item('u .BI "int pam_get_item(const\ pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ **" "item" ");" .SH "DESCRIPTION" .PP The \fBpam_get_item\fR function allows applications and PAM service modules to access and retrieve PAM informations of \fIitem_type\fR\&. Upon successful return, \fIitem\fR contains a pointer to the value of the corresponding item\&. Note, this is a pointer to the \fIactual\fR data and should \fBnot\fR be \fIfree()\fR\*(Aqed or over\-written! The following values are supported for \fIitem_type\fR: .PP PAM_SERVICE .RS 4 The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&. .RE .PP PAM_USER .RS 4 The username of the entity under whose identity service will be given\&. That is, following authentication, \fIPAM_USER\fR identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of \fIPAM_USER\fR after each call to a PAM function\&. .RE .PP PAM_USER_PROMPT .RS 4 The string used when prompting for a user\*(Aqs name\&. The default value for this string is a localized version of "login: "\&. .RE .PP PAM_TTY .RS 4 The terminal name: prefixed by /dev/ if it is a device file; for graphical, X\-based, applications the value for this item should be the \fI$DISPLAY\fR variable\&. .RE .PP PAM_RUSER .RS 4 The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&. .sp Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&. .sp \fIPAM_RUSER@PAM_RHOST\fR should always identify the requesting user\&. In some cases, \fIPAM_RUSER\fR may be NULL\&. In such situations, it is unclear who the requesting entity is\&. .RE .PP PAM_RHOST .RS 4 The requesting hostname (the hostname of the machine from which the \fIPAM_RUSER\fR entity is requesting service)\&. That is \fIPAM_RUSER@PAM_RHOST\fR does identify the requesting user\&. In some applications, \fIPAM_RHOST\fR may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&. .RE .PP PAM_AUTHTOK .RS 4 The authentication token (often a password)\&. This token should be ignored by all module functions besides \fBpam_sm_authenticate\fR(3) and \fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&. .RE .PP PAM_OLDAUTHTOK .RS 4 The old authentication token\&. This token should be ignored by all module functions except \fBpam_sm_chauthtok\fR(3)\&. .RE .PP PAM_CONV .RS 4 The pam_conv structure\&. See \fBpam_conv\fR(3)\&. .RE .PP The following additional items are specific to Linux\-PAM and should not be used in portable applications: .PP PAM_FAIL_DELAY .RS 4 A function pointer to redirect centrally managed failure delays\&. See \fBpam_fail_delay\fR(3)\&. .RE .PP PAM_XDISPLAY .RS 4 The name of the X display\&. For graphical, X\-based applications the value for this item should be the \fI$DISPLAY\fR variable\&. This value may be used independently of \fIPAM_TTY\fR for passing the name of the display\&. .RE .PP PAM_XAUTHDATA .RS 4 A pointer to a structure containing the X authentication data required to make a connection to the display specified by \fIPAM_XDISPLAY\fR, if such information is necessary\&. See \fBpam_xauth_data\fR(3)\&. .RE .PP PAM_AUTHTOK_TYPE .RS 4 The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word \fIUNIX\fR can be replaced with this item, by default it is empty\&. This item is used by \fBpam_get_authtok\fR(3)\&. .RE .PP If a service module wishes to obtain the name of the user, it should not use this function, but instead perform a call to \fBpam_get_user\fR(3)\&. .PP Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK\&. .SH "RETURN VALUES" .PP PAM_BAD_ITEM .RS 4 The application attempted to set an undefined or inaccessible item\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_PERM_DENIED .RS 4 The value of \fIitem\fR was NULL\&. .RE .PP PAM_SUCCESS .RS 4 Data was successful updated\&. .RE .PP PAM_SYSTEM_ERR .RS 4 The \fIpam_handle_t\fR passed as first argument was invalid\&. .RE .SH "SEE ALSO" .PP \fBpam_set_item\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_get_item.3.xml0000644000000000000000000001017113261244762013365 0ustar --> ]> pam_get_item 3 Linux-PAM Manual pam_get_item getting PAM informations #include <security/pam_modules.h> int pam_get_item const pam_handle_t *pamh int item_type const void **item DESCRIPTION The pam_get_item function allows applications and PAM service modules to access and retrieve PAM informations of item_type. Upon successful return, item contains a pointer to the value of the corresponding item. Note, this is a pointer to the actual data and should not be free()'ed or over-written! The following values are supported for item_type: The following additional items are specific to Linux-PAM and should not be used in portable applications: If a service module wishes to obtain the name of the user, it should not use this function, but instead perform a call to pam_get_user3 . Only a service module is privileged to read the authentication tokens, PAM_AUTHTOK and PAM_OLDAUTHTOK. RETURN VALUES PAM_BAD_ITEM The application attempted to set an undefined or inaccessible item. PAM_BUF_ERR Memory buffer error. PAM_PERM_DENIED The value of item was NULL. PAM_SUCCESS Data was successful updated. PAM_SYSTEM_ERR The pam_handle_t passed as first argument was invalid. SEE ALSO pam_set_item3 , pam_strerror3 pam/doc/man/pam_get_user.30000644000000000000000000000564013261244762012613 0ustar '\" t .\" Title: pam_get_user .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GET_USER" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_get_user \- get user name .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_get_user('u .BI "int pam_get_user(const\ pam_handle_t\ *" "pamh" ", const\ char\ **" "user" ", const\ char\ *" "prompt" ");" .SH "DESCRIPTION" .PP The \fBpam_get_user\fR function returns the name of the user specified by \fBpam_start\fR(3)\&. If no user was specified it what \fBpam_get_item (pamh, PAM_USER, \&.\&.\&. );\fR would have returned\&. If this is NULL it obtains the username via the \fBpam_conv\fR(3) mechanism, it prompts the user with the first non\-NULL string in the following list: .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The \fIprompt\fR argument passed to the function\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} What is returned by pam_get_item (pamh, PAM_USER_PROMPT, \&.\&.\&. ); .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} The default prompt: "login: " .RE .PP By whatever means the username is obtained, a pointer to it is returned as the contents of \fI*user\fR\&. Note, this memory should \fBnot\fR be \fIfree()\fR\*(Aqd or \fImodified\fR by the module\&. .PP This function sets the \fIPAM_USER\fR item associated with the \fBpam_set_item\fR(3) and \fBpam_get_item\fR(3) functions\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 User name was successful retrieved\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A NULL pointer was submitted\&. .RE .PP PAM_CONV_ERR .RS 4 The conversation method supplied by the application failed to obtain the username\&. .RE .SH "SEE ALSO" .PP \fBpam_end\fR(3), \fBpam_get_item\fR(3), \fBpam_set_item\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_get_user.3.xml0000644000000000000000000001024713261244762013411 0ustar pam_get_user 3 Linux-PAM Manual pam_get_user get user name #include <security/pam_modules.h> int pam_get_user const pam_handle_t *pamh const char **user const char *prompt DESCRIPTION The pam_get_user function returns the name of the user specified by pam_start3 . If no user was specified it what pam_get_item (pamh, PAM_USER, ... ); would have returned. If this is NULL it obtains the username via the pam_conv3 mechanism, it prompts the user with the first non-NULL string in the following list: The prompt argument passed to the function. What is returned by pam_get_item (pamh, PAM_USER_PROMPT, ... ); The default prompt: "login: " By whatever means the username is obtained, a pointer to it is returned as the contents of *user. Note, this memory should not be free()'d or modified by the module. This function sets the PAM_USER item associated with the pam_set_item3 and pam_get_item3 functions. RETURN VALUES PAM_SUCCESS User name was successful retrieved. PAM_SYSTEM_ERR A NULL pointer was submitted. PAM_CONV_ERR The conversation method supplied by the application failed to obtain the username. SEE ALSO pam_end3 , pam_get_item3 , pam_set_item3 , pam_strerror3 pam/doc/man/pam_getenv.30000644000000000000000000000367713261244762012276 0ustar '\" t .\" Title: pam_getenv .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_getenv \- get a PAM environment variable .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'const\ char\ *pam_getenv('u .BI "const char *pam_getenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ");" .SH "DESCRIPTION" .PP The \fBpam_getenv\fR function searches the PAM environment list as associated with the handle \fIpamh\fR for an item that matches the string pointed to by \fIname\fR and returns a pointer to the value of the environment variable\&. The application is not allowed to free the data\&. .SH "RETURN VALUES" .PP The \fBpam_getenv\fR function returns NULL on failure\&. .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_getenvlist\fR(3), \fBpam_putenv\fR(3), \fBpam\fR(8) pam/doc/man/pam_getenv.3.xml0000644000000000000000000000427613261244762013071 0ustar pam_getenv 3 Linux-PAM Manual pam_getenv get a PAM environment variable #include <security/pam_appl.h> const char *pam_getenv pam_handle_t *pamh const char *name DESCRIPTION The pam_getenv function searches the PAM environment list as associated with the handle pamh for an item that matches the string pointed to by name and returns a pointer to the value of the environment variable. The application is not allowed to free the data. RETURN VALUES The pam_getenv function returns NULL on failure. SEE ALSO pam_start3 , pam_getenvlist3 , pam_putenv3 , pam8 pam/doc/man/pam_getenvlist.30000644000000000000000000000503313261244762013156 0ustar '\" t .\" Title: pam_getenvlist .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GETENVLIST" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_getenvlist \- getting the PAM environment .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'char\ **pam_getenvlist('u .BI "char **pam_getenvlist(pam_handle_t\ *" "pamh" ");" .SH "DESCRIPTION" .PP The \fBpam_getenvlist\fR function returns a complete copy of the PAM environment as associated with the handle \fIpamh\fR\&. The PAM environment variables represent the contents of the regular environment variables of the authenticated user when service is granted\&. .PP The format of the memory is a malloc()\*(Aqd array of char pointers, the last element of which is set to NULL\&. Each of the non\-NULL entries in this array point to a NUL terminated and malloc()\*(Aqd char string of the form: "\fIname=value\fR"\&. .PP It should be noted that this memory will never be free()\*(Aqd by libpam\&. Once obtained by a call to \fBpam_getenvlist\fR, it is the responsibility of the calling application to free() this memory\&. .PP It is by design, and not a coincidence, that the format and contents of the returned array matches that required for the third argument of the \fBexecle\fR(3) function call\&. .SH "RETURN VALUES" .PP The \fBpam_getenvlist\fR function returns NULL on failure\&. .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_getenv\fR(3), \fBpam_putenv\fR(3), \fBpam\fR(8) pam/doc/man/pam_getenvlist.3.xml0000644000000000000000000000572313261244762013763 0ustar pam_getenvlist 3 Linux-PAM Manual pam_getenvlist getting the PAM environment #include <security/pam_appl.h> char **pam_getenvlist pam_handle_t *pamh DESCRIPTION The pam_getenvlist function returns a complete copy of the PAM environment as associated with the handle pamh. The PAM environment variables represent the contents of the regular environment variables of the authenticated user when service is granted. The format of the memory is a malloc()'d array of char pointers, the last element of which is set to NULL. Each of the non-NULL entries in this array point to a NUL terminated and malloc()'d char string of the form: "name=value". It should be noted that this memory will never be free()'d by libpam. Once obtained by a call to pam_getenvlist, it is the responsibility of the calling application to free() this memory. It is by design, and not a coincidence, that the format and contents of the returned array matches that required for the third argument of the execle3 function call. RETURN VALUES The pam_getenvlist function returns NULL on failure. SEE ALSO pam_start3 , pam_getenv3 , pam_putenv3 , pam8 pam/doc/man/pam_info.30000644000000000000000000000437613261244762011736 0ustar '\" t .\" Title: pam_info .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_INFO" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_info, pam_vinfo \- display messages to the user .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_info('u .BI "int pam_info(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" .HP \w'int\ pam_vinfo('u .BI "int pam_vinfo(pam_handle_t\ *" "pamh" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" .SH "DESCRIPTION" .PP The \fBpam_info\fR function prints messages through the conversation function to the user\&. .PP The \fBpam_vinfo\fR function performs the same task as \fBpam_info()\fR with the difference that it takes a set of arguments which have been obtained using the \fBstdarg\fR(3) variable argument list macros\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CONV_ERR .RS 4 Conversation failure\&. .RE .PP PAM_SUCCESS .RS 4 Transaction was successful created\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_info\fR and \fBpam_vinfo\fR functions are Linux\-PAM extensions\&. pam/doc/man/pam_info.3.xml0000644000000000000000000000634013261244762012526 0ustar pam_info 3 Linux-PAM Manual pam_info pam_vinfo display messages to the user #include <security/pam_ext.h> int pam_info pam_handle_t *pamh const char *fmt ... int pam_vinfo pam_handle_t *pamh const char *fmt va_list args DESCRIPTION The pam_info function prints messages through the conversation function to the user. The pam_vinfo function performs the same task as pam_info() with the difference that it takes a set of arguments which have been obtained using the stdarg3 variable argument list macros. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CONV_ERR Conversation failure. PAM_SUCCESS Transaction was successful created. PAM_SYSTEM_ERR System error. SEE ALSO pam8 STANDARDS The pam_info and pam_vinfo functions are Linux-PAM extensions. pam/doc/man/pam_item_types_ext.inc.xml0000644000000000000000000000401213261244762015236 0ustar PAM_FAIL_DELAY A function pointer to redirect centrally managed failure delays. See pam_fail_delay3 . PAM_XDISPLAY The name of the X display. For graphical, X-based applications the value for this item should be the $DISPLAY variable. This value may be used independently of PAM_TTY for passing the name of the display. PAM_XAUTHDATA A pointer to a structure containing the X authentication data required to make a connection to the display specified by PAM_XDISPLAY, if such information is necessary. See pam_xauth_data3 . PAM_AUTHTOK_TYPE The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this item, by default it is empty. This item is used by pam_get_authtok3 . pam/doc/man/pam_item_types_std.inc.xml0000644000000000000000000001156513261244762015243 0ustar PAM_SERVICE The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program). PAM_USER The username of the entity under whose identity service will be given. That is, following authentication, PAM_USER identifies the local entity that gets to use the service. Note, this value can be mapped from something (eg., "anonymous") to something else (eg. "guest119") by any module in the PAM stack. As such an application should consult the value of PAM_USER after each call to a PAM function. PAM_USER_PROMPT The string used when prompting for a user's name. The default value for this string is a localized version of "login: ". PAM_TTY The terminal name: prefixed by /dev/ if it is a device file; for graphical, X-based, applications the value for this item should be the $DISPLAY variable. PAM_RUSER The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user. Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator. PAM_RUSER@PAM_RHOST should always identify the requesting user. In some cases, PAM_RUSER may be NULL. In such situations, it is unclear who the requesting entity is. PAM_RHOST The requesting hostname (the hostname of the machine from which the PAM_RUSER entity is requesting service). That is PAM_RUSER@PAM_RHOST does identify the requesting user. In some applications, PAM_RHOST may be NULL. In such situations, it is unclear where the authentication request is originating from. PAM_AUTHTOK The authentication token (often a password). This token should be ignored by all module functions besides pam_sm_authenticate3 and pam_sm_chauthtok3 . In the former function it is used to pass the most recent authentication token from one stacked module to another. In the latter function the token is used for another purpose. It contains the currently active authentication token. PAM_OLDAUTHTOK The old authentication token. This token should be ignored by all module functions except pam_sm_chauthtok3 . PAM_CONV The pam_conv structure. See pam_conv3 . pam/doc/man/pam_misc_drop_env.30000644000000000000000000000356013261244762013624 0ustar '\" t .\" Title: pam_misc_drop_env .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MISC_DROP_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_misc_drop_env \- liberating a locally saved environment .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_misc_drop_env('u .BI "int pam_misc_drop_env(char\ **" "env" ");" .SH "DESCRIPTION" .PP This function is defined to complement the \fBpam_getenvlist\fR(3) function\&. It liberates the memory associated with \fIenv\fR, \fIoverwriting\fR with \fI0\fR all memory before \fBfree()\fRing it\&. .SH "SEE ALSO" .PP \fBpam_getenvlist\fR(3), \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_misc_drop_env\fR function is part of the \fBlibpam_misc\fR Library and not defined in any standard\&. pam/doc/man/pam_misc_drop_env.3.xml0000644000000000000000000000403013261244762014414 0ustar pam_misc_drop_env 3 Linux-PAM Manual pam_misc_drop_env liberating a locally saved environment #include <security/pam_misc.h> int pam_misc_drop_env char **env DESCRIPTION This function is defined to complement the pam_getenvlist3 function. It liberates the memory associated with env, overwriting with 0 all memory before free()ing it. SEE ALSO pam_getenvlist3 , pam8 STANDARDS The pam_misc_drop_env function is part of the libpam_misc Library and not defined in any standard. pam/doc/man/pam_misc_paste_env.30000644000000000000000000000356713261244762014003 0ustar '\" t .\" Title: pam_misc_paste_env .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MISC_PASTE_ENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_misc_paste_env \- transcribing an environment to that of PAM .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_misc_paste_env('u .BI "int pam_misc_paste_env(pam_handle_t\ *" "pamh" ", const\ char\ *\ const\ *" "user" ");" .SH "DESCRIPTION" .PP This function takes the supplied list of environment pointers and \fIuploads\fR its contents to the PAM environment\&. Success is indicated by PAM_SUCCESS\&. .SH "SEE ALSO" .PP \fBpam_putenv\fR(3), \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_misc_paste_env\fR function is part of the \fBlibpam_misc\fR Library and not defined in any standard\&. pam/doc/man/pam_misc_paste_env.3.xml0000644000000000000000000000372313261244762014574 0ustar pam_misc_paste_env 3 Linux-PAM Manual pam_misc_paste_env transcribing an environment to that of PAM #include <security/pam_misc.h> int pam_misc_paste_env pam_handle_t *pamh const char * const *user DESCRIPTION This function takes the supplied list of environment pointers and uploads its contents to the PAM environment. Success is indicated by PAM_SUCCESS. SEE ALSO pam_putenv3 , pam8 STANDARDS The pam_misc_paste_env function is part of the libpam_misc Library and not defined in any standard. pam/doc/man/pam_misc_setenv.30000644000000000000000000000417013261244762013312 0ustar '\" t .\" Title: pam_misc_setenv .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MISC_SETENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_misc_setenv \- BSD like PAM environment variable setting .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_misc_setenv('u .BI "int pam_misc_setenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name" ", const\ char\ *" "value" ", int" "readonly" ");" .SH "DESCRIPTION" .PP This function performs a task equivalent to \fBpam_putenv\fR(3), its syntax is, however, more like the BSD style function; \fBsetenv()\fR\&. The \fIname\fR and \fIvalue\fR are concatenated with an \*(Aq=\*(Aq to form a name=value and passed to \fBpam_putenv()\fR\&. If, however, the PAM variable is already set, the replacement will only be applied if the last argument, \fIreadonly\fR, is zero\&. .SH "SEE ALSO" .PP \fBpam_putenv\fR(3), \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_misc_setenv\fR function is part of the \fBlibpam_misc\fR Library and not defined in any standard\&. pam/doc/man/pam_misc_setenv.3.xml0000644000000000000000000000466313261244762014120 0ustar pam_misc_setenv 3 Linux-PAM Manual pam_misc_setenv BSD like PAM environment variable setting #include <security/pam_misc.h> int pam_misc_setenv pam_handle_t *pamh const char *name const char *value intreadonly DESCRIPTION This function performs a task equivalent to pam_putenv3 , its syntax is, however, more like the BSD style function; setenv(). The name and value are concatenated with an '=' to form a name=value and passed to pam_putenv(). If, however, the PAM variable is already set, the replacement will only be applied if the last argument, readonly, is zero. SEE ALSO pam_putenv3 , pam8 STANDARDS The pam_misc_setenv function is part of the libpam_misc Library and not defined in any standard. pam/doc/man/pam_open_session.30000644000000000000000000000446013261244762013501 0ustar '\" t .\" Title: pam_open_session .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_open_session \- start PAM session management .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_open_session('u .BI "int pam_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_open_session\fR function sets up a user session for a previously successful authenticated user\&. The session should later be terminated with a call to \fBpam_close_session\fR(3)\&. .PP It should be noted that the effective uid, \fBgeteuid\fR(2)\&. of the application should be of sufficient privilege to perform such tasks as creating or mounting the user\*(Aqs home directory for example\&. .PP The flags argument is the binary or of zero or more of the following values: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 General failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SESSION_ERR .RS 4 Session failure\&. .RE .PP PAM_SUCCESS .RS 4 Session was successful created\&. .RE .SH "SEE ALSO" .PP \fBpam_close_session\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_open_session.3.xml0000644000000000000000000000644313261244762014303 0ustar pam_open_session 3 Linux-PAM Manual pam_open_session start PAM session management #include <security/pam_appl.h> int pam_open_session pam_handle_t *pamh int flags DESCRIPTION The pam_open_session function sets up a user session for a previously successful authenticated user. The session should later be terminated with a call to pam_close_session3 . It should be noted that the effective uid, geteuid2 . of the application should be of sufficient privilege to perform such tasks as creating or mounting the user's home directory for example. The flags argument is the binary or of zero or more of the following values: PAM_SILENT Do not emit any messages. RETURN VALUES PAM_ABORT General failure. PAM_BUF_ERR Memory buffer error. PAM_SESSION_ERR Session failure. PAM_SUCCESS Session was successful created. SEE ALSO pam_close_session3 , pam_strerror3 pam/doc/man/pam_prompt.30000644000000000000000000000463513261244762012322 0ustar '\" t .\" Title: pam_prompt .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_PROMPT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_prompt, pam_vprompt \- interface to conversation function .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'void\ pam_prompt('u .BI "void pam_prompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" .HP \w'void\ pam_vprompt('u .BI "void pam_vprompt(pam_handle_t\ *" "pamh" ", int\ " "style" ", char\ **" "response" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" .SH "DESCRIPTION" .PP The \fBpam_prompt\fR function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service\&. Upon successful return, \fIresponse\fR is set to point to a string returned from the conversation function\&. This string is allocated on heap and should be freed\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CONV_ERR .RS 4 Conversation failure\&. .RE .PP PAM_SUCCESS .RS 4 Transaction was successful created\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(8), \fBpam_conv\fR(3) .SH "STANDARDS" .PP The \fBpam_prompt\fR and \fBpam_vprompt\fR functions are Linux\-PAM extensions\&. pam/doc/man/pam_prompt.3.xml0000644000000000000000000000703113261244762013112 0ustar pam_prompt 3 Linux-PAM Manual pam_prompt pam_vprompt interface to conversation function #include <security/pam_ext.h> void pam_prompt pam_handle_t *pamh int style char **response const char *fmt ... void pam_vprompt pam_handle_t *pamh int style char **response const char *fmt va_list args DESCRIPTION The pam_prompt function constructs a message from the specified format string and arguments and passes it to the conversation function as set by the service. Upon successful return, response is set to point to a string returned from the conversation function. This string is allocated on heap and should be freed. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CONV_ERR Conversation failure. PAM_SUCCESS Transaction was successful created. PAM_SYSTEM_ERR System error. SEE ALSO pam8 , pam_conv3 STANDARDS The pam_prompt and pam_vprompt functions are Linux-PAM extensions. pam/doc/man/pam_putenv.30000644000000000000000000000577413261244762012327 0ustar '\" t .\" Title: pam_putenv .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_PUTENV" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_putenv \- set or change PAM environment variable .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_putenv('u .BI "int pam_putenv(pam_handle_t\ *" "pamh" ", const\ char\ *" "name_value" ");" .SH "DESCRIPTION" .PP The \fBpam_putenv\fR function is used to add or change the value of PAM environment variables as associated with the \fIpamh\fR handle\&. .PP The \fIpamh\fR argument is an authentication handle obtained by a prior call to pam_start()\&. The \fIname_value\fR argument is a single NUL terminated string of one of the following forms: .PP NAME=value of variable .RS 4 In this case the environment variable of the given NAME is set to the indicated value: \fIvalue of variable\fR\&. If this variable is already known, it is overwritten\&. Otherwise it is added to the PAM environment\&. .RE .PP NAME= .RS 4 This function sets the variable to an empty value\&. It is listed separately to indicate that this is the correct way to achieve such a setting\&. .RE .PP NAME .RS 4 Without an \*(Aq=\*(Aq the \fBpam_putenv\fR() function will delete the corresponding variable from the PAM environment\&. .RE .PP \fBpam_putenv\fR() operates on a copy of \fIname_value\fR, which means in contrast to \fBputenv\fR(3), the application is responsible to free the data\&. .SH "RETURN VALUES" .PP PAM_PERM_DENIED .RS 4 Argument \fIname_value\fR given is a NULL pointer\&. .RE .PP PAM_BAD_ITEM .RS 4 Variable requested (for deletion) is not currently set\&. .RE .PP PAM_ABORT .RS 4 The \fIpamh\fR handle is corrupt\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SUCCESS .RS 4 The environment variable was successfully updated\&. .RE .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_getenv\fR(3), \fBpam_getenvlist\fR(3), \fBpam_strerror\fR(3), \fBpam\fR(8) pam/doc/man/pam_putenv.3.xml0000644000000000000000000001143113261244762013111 0ustar pam_putenv 3 Linux-PAM Manual pam_putenv set or change PAM environment variable #include <security/pam_appl.h> int pam_putenv pam_handle_t *pamh const char *name_value DESCRIPTION The pam_putenv function is used to add or change the value of PAM environment variables as associated with the pamh handle. The pamh argument is an authentication handle obtained by a prior call to pam_start(). The name_value argument is a single NUL terminated string of one of the following forms: NAME=value of variable In this case the environment variable of the given NAME is set to the indicated value: value of variable. If this variable is already known, it is overwritten. Otherwise it is added to the PAM environment. NAME= This function sets the variable to an empty value. It is listed separately to indicate that this is the correct way to achieve such a setting. NAME Without an '=' the pam_putenv() function will delete the corresponding variable from the PAM environment. pam_putenv() operates on a copy of name_value, which means in contrast to putenv3 , the application is responsible to free the data. RETURN VALUES PAM_PERM_DENIED Argument name_value given is a NULL pointer. PAM_BAD_ITEM Variable requested (for deletion) is not currently set. PAM_ABORT The pamh handle is corrupt. PAM_BUF_ERR Memory buffer error. PAM_SUCCESS The environment variable was successfully updated. SEE ALSO pam_start3 , pam_getenv3 , pam_getenvlist3 , pam_strerror3 , pam8 pam/doc/man/pam_set_data.30000644000000000000000000000755613261244762012572 0ustar '\" t .\" Title: pam_set_data .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SET_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_set_data \- set module internal data .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_set_data('u .BI "int pam_set_data(pam_handle_t\ *" "pamh" ", const\ char\ *" "module_data_name" ", void\ *" "data" ", void\ " "(*cleanup)(pam_handle_t\ *pamh,\ void\ *data,\ int\ error_status)" ");" .SH "DESCRIPTION" .PP The \fBpam_set_data\fR function associates a pointer to an object with the (hopefully) unique string \fImodule_data_name\fR in the PAM context specified by the \fIpamh\fR argument\&. .PP PAM modules may be dynamically loadable objects\&. In general such files should not contain \fIstatic\fR variables\&. This function and its counterpart \fBpam_get_data\fR(3), provide a mechanism for a module to associate some data with the handle \fIpamh\fR\&. Typically a module will call the \fBpam_set_data\fR function to register some data under a (hopefully) unique \fImodule_data_name\fR\&. The data is available for use by other modules too but \fInot\fR by an application\&. Since this functions stores only a pointer to the \fIdata\fR, the module should not modify or free the content of it\&. .PP The function \fBcleanup()\fR is associated with the \fIdata\fR and, if non\-NULL, it is called when this data is over\-written or following a call to \fBpam_end\fR(3)\&. .PP The \fIerror_status\fR argument is used to indicate to the module the sort of action it is to take in cleaning this data item\&. As an example, Kerberos creates a ticket file during the authentication phase, this file might be associated with a data item\&. When \fBpam_end\fR(3) is called by the module, the \fIerror_status\fR carries the return value of the \fBpam_authenticate\fR(3) or other \fIlibpam\fR function as appropriate\&. Based on this value the Kerberos module may choose to delete the ticket file (\fIauthentication failure\fR) or leave it in place\&. .PP The \fIerror_status\fR may have been logically OR\*(Aqd with either of the following two values: .PP PAM_DATA_REPLACE .RS 4 When a data item is being replaced (through a second call to \fBpam_set_data\fR) this mask is used\&. Otherwise, the call is assumed to be from \fBpam_end\fR(3)\&. .RE .PP PAM_DATA_SILENT .RS 4 Which indicates that the process would prefer to perform the \fBcleanup()\fR quietly\&. That is, discourages logging/messages to the user\&. .RE .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SUCCESS .RS 4 Data was successful stored\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A NULL pointer was submitted as PAM handle or the function was called by an application\&. .RE .SH "SEE ALSO" .PP \fBpam_end\fR(3), \fBpam_get_data\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_set_data.3.xml0000644000000000000000000001342613261244762013362 0ustar pam_set_data 3 Linux-PAM Manual pam_set_data set module internal data #include <security/pam_modules.h> int pam_set_data pam_handle_t *pamh const char *module_data_name void *data void (*cleanup)(pam_handle_t *pamh, void *data, int error_status) DESCRIPTION The pam_set_data function associates a pointer to an object with the (hopefully) unique string module_data_name in the PAM context specified by the pamh argument. PAM modules may be dynamically loadable objects. In general such files should not contain static variables. This function and its counterpart pam_get_data3 , provide a mechanism for a module to associate some data with the handle pamh. Typically a module will call the pam_set_data function to register some data under a (hopefully) unique module_data_name. The data is available for use by other modules too but not by an application. Since this functions stores only a pointer to the data, the module should not modify or free the content of it. The function cleanup() is associated with the data and, if non-NULL, it is called when this data is over-written or following a call to pam_end3 . The error_status argument is used to indicate to the module the sort of action it is to take in cleaning this data item. As an example, Kerberos creates a ticket file during the authentication phase, this file might be associated with a data item. When pam_end3 is called by the module, the error_status carries the return value of the pam_authenticate3 or other libpam function as appropriate. Based on this value the Kerberos module may choose to delete the ticket file (authentication failure) or leave it in place. The error_status may have been logically OR'd with either of the following two values: PAM_DATA_REPLACE When a data item is being replaced (through a second call to pam_set_data) this mask is used. Otherwise, the call is assumed to be from pam_end3 . PAM_DATA_SILENT Which indicates that the process would prefer to perform the cleanup() quietly. That is, discourages logging/messages to the user. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_SUCCESS Data was successful stored. PAM_SYSTEM_ERR A NULL pointer was submitted as PAM handle or the function was called by an application. SEE ALSO pam_end3 , pam_get_data3 , pam_strerror3 pam/doc/man/pam_set_item.30000644000000000000000000001434313261244762012607 0ustar '\" t .\" Title: pam_set_item .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SET_ITEM" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_set_item \- set and update PAM informations .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_set_item('u .BI "int pam_set_item(pam_handle_t\ *" "pamh" ", int\ " "item_type" ", const\ void\ *" "item" ");" .SH "DESCRIPTION" .PP The \fBpam_set_item\fR function allows applications and PAM service modules to access and to update PAM informations of \fIitem_type\fR\&. For this a copy of the object pointed to by the \fIitem\fR argument is created\&. The following \fIitem_type\fRs are supported: .PP PAM_SERVICE .RS 4 The service name (which identifies that PAM stack that the PAM functions will use to authenticate the program)\&. .RE .PP PAM_USER .RS 4 The username of the entity under whose identity service will be given\&. That is, following authentication, \fIPAM_USER\fR identifies the local entity that gets to use the service\&. Note, this value can be mapped from something (eg\&., "anonymous") to something else (eg\&. "guest119") by any module in the PAM stack\&. As such an application should consult the value of \fIPAM_USER\fR after each call to a PAM function\&. .RE .PP PAM_USER_PROMPT .RS 4 The string used when prompting for a user\*(Aqs name\&. The default value for this string is a localized version of "login: "\&. .RE .PP PAM_TTY .RS 4 The terminal name: prefixed by /dev/ if it is a device file; for graphical, X\-based, applications the value for this item should be the \fI$DISPLAY\fR variable\&. .RE .PP PAM_RUSER .RS 4 The requesting user name: local name for a locally requesting user or a remote user name for a remote requesting user\&. .sp Generally an application or module will attempt to supply the value that is most strongly authenticated (a local account before a remote one\&. The level of trust in this value is embodied in the actual authentication stack associated with the application, so it is ultimately at the discretion of the system administrator\&. .sp \fIPAM_RUSER@PAM_RHOST\fR should always identify the requesting user\&. In some cases, \fIPAM_RUSER\fR may be NULL\&. In such situations, it is unclear who the requesting entity is\&. .RE .PP PAM_RHOST .RS 4 The requesting hostname (the hostname of the machine from which the \fIPAM_RUSER\fR entity is requesting service)\&. That is \fIPAM_RUSER@PAM_RHOST\fR does identify the requesting user\&. In some applications, \fIPAM_RHOST\fR may be NULL\&. In such situations, it is unclear where the authentication request is originating from\&. .RE .PP PAM_AUTHTOK .RS 4 The authentication token (often a password)\&. This token should be ignored by all module functions besides \fBpam_sm_authenticate\fR(3) and \fBpam_sm_chauthtok\fR(3)\&. In the former function it is used to pass the most recent authentication token from one stacked module to another\&. In the latter function the token is used for another purpose\&. It contains the currently active authentication token\&. .RE .PP PAM_OLDAUTHTOK .RS 4 The old authentication token\&. This token should be ignored by all module functions except \fBpam_sm_chauthtok\fR(3)\&. .RE .PP PAM_CONV .RS 4 The pam_conv structure\&. See \fBpam_conv\fR(3)\&. .RE .PP The following additional items are specific to Linux\-PAM and should not be used in portable applications: .PP PAM_FAIL_DELAY .RS 4 A function pointer to redirect centrally managed failure delays\&. See \fBpam_fail_delay\fR(3)\&. .RE .PP PAM_XDISPLAY .RS 4 The name of the X display\&. For graphical, X\-based applications the value for this item should be the \fI$DISPLAY\fR variable\&. This value may be used independently of \fIPAM_TTY\fR for passing the name of the display\&. .RE .PP PAM_XAUTHDATA .RS 4 A pointer to a structure containing the X authentication data required to make a connection to the display specified by \fIPAM_XDISPLAY\fR, if such information is necessary\&. See \fBpam_xauth_data\fR(3)\&. .RE .PP PAM_AUTHTOK_TYPE .RS 4 The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word \fIUNIX\fR can be replaced with this item, by default it is empty\&. This item is used by \fBpam_get_authtok\fR(3)\&. .RE .PP For all \fIitem_type\fRs, other than PAM_CONV and PAM_FAIL_DELAY, \fIitem\fR is a pointer to a terminated character string\&. In the case of PAM_CONV, \fIitem\fR points to an initialized \fIpam_conv\fR structure\&. In the case of PAM_FAIL_DELAY, \fIitem\fR is a function pointer: \fBvoid (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr)\fR .PP Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application\&. Which means an application is not able to access the authentication tokens\&. .SH "RETURN VALUES" .PP PAM_BAD_ITEM .RS 4 The application attempted to set an undefined or inaccessible item\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SUCCESS .RS 4 Data was successful updated\&. .RE .PP PAM_SYSTEM_ERR .RS 4 The \fIpam_handle_t\fR passed as first argument was invalid\&. .RE .SH "SEE ALSO" .PP \fBpam_get_item\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_set_item.3.xml0000644000000000000000000001001613261244762013377 0ustar --> ]> pam_set_item 3 Linux-PAM Manual pam_set_item set and update PAM informations #include <security/pam_modules.h> int pam_set_item pam_handle_t *pamh int item_type const void *item DESCRIPTION The pam_set_item function allows applications and PAM service modules to access and to update PAM informations of item_type. For this a copy of the object pointed to by the item argument is created. The following item_types are supported: The following additional items are specific to Linux-PAM and should not be used in portable applications: For all item_types, other than PAM_CONV and PAM_FAIL_DELAY, item is a pointer to a <NUL> terminated character string. In the case of PAM_CONV, item points to an initialized pam_conv structure. In the case of PAM_FAIL_DELAY, item is a function pointer: void (*delay_fn)(int retval, unsigned usec_delay, void *appdata_ptr) Both, PAM_AUTHTOK and PAM_OLDAUTHTOK, will be reseted before returning to the application. Which means an application is not able to access the authentication tokens. RETURN VALUES PAM_BAD_ITEM The application attempted to set an undefined or inaccessible item. PAM_BUF_ERR Memory buffer error. PAM_SUCCESS Data was successful updated. PAM_SYSTEM_ERR The pam_handle_t passed as first argument was invalid. SEE ALSO pam_get_item3 , pam_strerror3 pam/doc/man/pam_setcred.30000644000000000000000000000702613261244762012427 0ustar '\" t .\" Title: pam_setcred .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_setcred \- establish / delete user credentials .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_setcred('u .BI "int pam_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ");" .SH "DESCRIPTION" .PP The \fBpam_setcred\fR function is used to establish, maintain and delete the credentials of a user\&. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with \fBpam_open_session\fR(3))\&. The credentials should be deleted after the session has been closed (with \fBpam_close_session\fR(3))\&. .PP A credential is something that the user possesses\&. It is some property, such as a \fIKerberos\fR ticket, or a supplementary group membership that make up the uniqueness of a given user\&. On a Linux system the user\*(Aqs \fIUID\fR and \fIGID\fR\*(Aqs are credentials too\&. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM\&. Such credentials should be established, by the application, prior to a call to this function\&. For example, \fBinitgroups\fR(2) (or equivalent) should have been performed\&. .PP Valid \fIflags\fR, any one of which, may be logically OR\*(Aqd with \fBPAM_SILENT\fR, are: .PP PAM_ESTABLISH_CRED .RS 4 Initialize the credentials for the user\&. .RE .PP PAM_DELETE_CRED .RS 4 Delete the user\*(Aqs credentials\&. .RE .PP PAM_REINITIALIZE_CRED .RS 4 Fully reinitialize the user\*(Aqs credentials\&. .RE .PP PAM_REFRESH_CRED .RS 4 Extend the lifetime of the existing credentials\&. .RE .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CRED_ERR .RS 4 Failed to set user credentials\&. .RE .PP PAM_CRED_EXPIRED .RS 4 User credentials are expired\&. .RE .PP PAM_CRED_UNAVAIL .RS 4 Failed to retrieve user credentials\&. .RE .PP PAM_SUCCESS .RS 4 Data was successful stored\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User is not known to an authentication module\&. .RE .SH "SEE ALSO" .PP \fBpam_authenticate\fR(3), \fBpam_open_session\fR(3), \fBpam_close_session\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_setcred.3.xml0000644000000000000000000001332113261244762013221 0ustar pam_setcred 3 Linux-PAM Manual pam_setcred establish / delete user credentials #include <security/pam_appl.h> int pam_setcred pam_handle_t *pamh int flags DESCRIPTION The pam_setcred function is used to establish, maintain and delete the credentials of a user. It should be called to set the credentials after a user has been authenticated and before a session is opened for the user (with pam_open_session3 ). The credentials should be deleted after the session has been closed (with pam_close_session3 ). A credential is something that the user possesses. It is some property, such as a Kerberos ticket, or a supplementary group membership that make up the uniqueness of a given user. On a Linux system the user's UID and GID's are credentials too. However, it has been decided that these properties (along with the default supplementary groups of which the user is a member) are credentials that should be set directly by the application and not by PAM. Such credentials should be established, by the application, prior to a call to this function. For example, initgroups2 (or equivalent) should have been performed. Valid flags, any one of which, may be logically OR'd with , are: PAM_ESTABLISH_CRED Initialize the credentials for the user. PAM_DELETE_CRED Delete the user's credentials. PAM_REINITIALIZE_CRED Fully reinitialize the user's credentials. PAM_REFRESH_CRED Extend the lifetime of the existing credentials. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CRED_ERR Failed to set user credentials. PAM_CRED_EXPIRED User credentials are expired. PAM_CRED_UNAVAIL Failed to retrieve user credentials. PAM_SUCCESS Data was successful stored. PAM_SYSTEM_ERR A NULL pointer was submitted as PAM handle, the function was called by a module or another system error occured. PAM_USER_UNKNOWN User is not known to an authentication module. SEE ALSO pam_authenticate3 , pam_open_session3 , pam_close_session3 , pam_strerror3 pam/doc/man/pam_sm_acct_mgmt.30000644000000000000000000000627113261244762013434 0ustar '\" t .\" Title: pam_sm_acct_mgmt .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_ACCT_MGMT" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_acct_mgmt \- PAM service function for account management .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_ACCOUNT .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_acct_mgmt('u .BI "PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_acct_mgmt\fR function is the service module\*(Aqs implementation of the \fBpam_acct_mgmt\fR(3) interface\&. .PP This function performs the task of establishing whether the user is permitted to gain access at this time\&. It should be understood that the user has previously been validated by an authentication module\&. This function checks for other things\&. Such things might be: the time of day or the date, the terminal line, remote hostname, etc\&. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing\&. .PP Valid flags, which may be logically OR\*(Aqd with \fIPAM_SILENT\fR, are: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_DISALLOW_NULL_AUTHTOK .RS 4 Return \fBPAM_AUTH_ERR\fR if the database of authentication tokens for this authentication mechanism has a \fINULL\fR entry for the user\&. .RE .SH "RETURN VALUES" .PP PAM_ACCT_EXPIRED .RS 4 User account has expired\&. .RE .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_NEW_AUTHTOK_REQD .RS 4 The user\*(Aqs authentication token has expired\&. Before calling this function again the application will arrange for a new one to be given\&. This will likely result in a call to \fBpam_sm_chauthtok()\fR\&. .RE .PP PAM_PERM_DENIED .RS 4 Permission denied\&. .RE .PP PAM_SUCCESS .RS 4 The authentication token was successfully updated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User unknown to password service\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_acct_mgmt\fR(3), \fBpam_sm_chauthtok\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_acct_mgmt.3.xml0000644000000000000000000001174713261244762014237 0ustar pam_sm_acct_mgmt 3 Linux-PAM Manual pam_sm_acct_mgmt PAM service function for account management #define PAM_SM_ACCOUNT #include <security/pam_modules.h> PAM_EXTERN int pam_sm_acct_mgmt pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_acct_mgmt function is the service module's implementation of the pam_acct_mgmt3 interface. This function performs the task of establishing whether the user is permitted to gain access at this time. It should be understood that the user has previously been validated by an authentication module. This function checks for other things. Such things might be: the time of day or the date, the terminal line, remote hostname, etc. This function may also determine things like the expiration on passwords, and respond that the user change it before continuing. Valid flags, which may be logically OR'd with PAM_SILENT, are: PAM_SILENT Do not emit any messages. PAM_DISALLOW_NULL_AUTHTOK Return PAM_AUTH_ERR if the database of authentication tokens for this authentication mechanism has a NULL entry for the user. RETURN VALUES PAM_ACCT_EXPIRED User account has expired. PAM_AUTH_ERR Authentication failure. PAM_NEW_AUTHTOK_REQD The user's authentication token has expired. Before calling this function again the application will arrange for a new one to be given. This will likely result in a call to pam_sm_chauthtok(). PAM_PERM_DENIED Permission denied. PAM_SUCCESS The authentication token was successfully updated. PAM_USER_UNKNOWN User unknown to password service. SEE ALSO pam3 , pam_acct_mgmt3 , pam_sm_chauthtok3 , pam_strerror3 , PAM8 pam/doc/man/pam_sm_authenticate.30000644000000000000000000000601713261244762014152 0ustar '\" t .\" Title: pam_sm_authenticate .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_AUTHENTICATE" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_authenticate \- PAM service function for user authentication .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_AUTH .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_authenticate('u .BI "PAM_EXTERN int pam_sm_authenticate(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_authenticate\fR function is the service module\*(Aqs implementation of the \fBpam_authenticate\fR(3) interface\&. .PP This function performs the task of authenticating the user\&. .PP Valid flags, which may be logically OR\*(Aqd with \fIPAM_SILENT\fR, are: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_DISALLOW_NULL_AUTHTOK .RS 4 Return \fBPAM_AUTH_ERR\fR if the database of authentication tokens for this authentication mechanism has a \fINULL\fR entry for the user\&. Without this flag, such a \fINULL\fR token will lead to a success without the user being prompted\&. .RE .SH "RETURN VALUES" .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_CRED_INSUFFICIENT .RS 4 For some reason the application does not have sufficient credentials to authenticate the user\&. .RE .PP PAM_AUTHINFO_UNAVAIL .RS 4 The modules were not able to access the authentication information\&. This might be due to a network or hardware failure etc\&. .RE .PP PAM_SUCCESS .RS 4 The authentication token was successfully updated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The supplied username is not known to the authentication service\&. .RE .PP PAM_MAXTRIES .RS 4 One or more of the authentication modules has reached its limit of tries authenticating the user\&. Do not try again\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_authenticate\fR(3), \fBpam_sm_setcred\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_authenticate.3.xml0000644000000000000000000001153413261244762014751 0ustar pam_sm_authenticate 3 Linux-PAM Manual pam_sm_authenticate PAM service function for user authentication #define PAM_SM_AUTH #include <security/pam_modules.h> PAM_EXTERN int pam_sm_authenticate pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_authenticate function is the service module's implementation of the pam_authenticate3 interface. This function performs the task of authenticating the user. Valid flags, which may be logically OR'd with PAM_SILENT, are: PAM_SILENT Do not emit any messages. PAM_DISALLOW_NULL_AUTHTOK Return PAM_AUTH_ERR if the database of authentication tokens for this authentication mechanism has a NULL entry for the user. Without this flag, such a NULL token will lead to a success without the user being prompted. RETURN VALUES PAM_AUTH_ERR Authentication failure. PAM_CRED_INSUFFICIENT For some reason the application does not have sufficient credentials to authenticate the user. PAM_AUTHINFO_UNAVAIL The modules were not able to access the authentication information. This might be due to a network or hardware failure etc. PAM_SUCCESS The authentication token was successfully updated. PAM_USER_UNKNOWN The supplied username is not known to the authentication service. PAM_MAXTRIES One or more of the authentication modules has reached its limit of tries authenticating the user. Do not try again. SEE ALSO pam3 , pam_authenticate3 , pam_sm_setcred3 , pam_strerror3 , PAM8 pam/doc/man/pam_sm_chauthtok.30000644000000000000000000001046513261244762013470 0ustar '\" t .\" Title: pam_sm_chauthtok .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_CHAUTHTOK" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_chauthtok \- PAM service function for authentication token management .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_PASSWORD .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_chauthtok('u .BI "PAM_EXTERN int pam_sm_chauthtok(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_chauthtok\fR function is the service module\*(Aqs implementation of the \fBpam_chauthtok\fR(3) interface\&. .PP This function is used to (re\-)set the authentication token of the user\&. .PP Valid flags, which may be logically OR\*(Aqd with \fIPAM_SILENT\fR, are: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_CHANGE_EXPIRED_AUTHTOK .RS 4 This argument indicates to the module that the users authentication token (password) should only be changed if it has expired\&. This flag is optional and \fImust\fR be combined with one of the following two flags\&. Note, however, the following two options are \fImutually exclusive\fR\&. .RE .PP PAM_PRELIM_CHECK .RS 4 This indicates that the modules are being probed as to their ready status for altering the user\*(Aqs authentication token\&. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag\&. If a module cannot establish it is ready to update the user\*(Aqs authentication token it should return \fBPAM_TRY_AGAIN\fR, this information will be passed back to the application\&. .sp If the control value \fIsufficient\fR is used in the password stack, the \fIPAM_PRELIM_CHECK\fR section of the modules following that control value is not always executed\&. .RE .PP PAM_UPDATE_AUTHTOK .RS 4 This informs the module that this is the call it should change the authorization tokens\&. If the flag is logically OR\*(Aqd with \fBPAM_CHANGE_EXPIRED_AUTHTOK\fR, the token is only changed if it has actually expired\&. .RE .PP The PAM library calls this function twice in succession\&. The first time with \fBPAM_PRELIM_CHECK\fR and then, if the module does not return \fBPAM_TRY_AGAIN\fR, subsequently with \fBPAM_UPDATE_AUTHTOK\fR\&. It is only on the second call that the authorization token is (possibly) changed\&. .SH "RETURN VALUES" .PP PAM_AUTHTOK_ERR .RS 4 The module was unable to obtain the new authentication token\&. .RE .PP PAM_AUTHTOK_RECOVERY_ERR .RS 4 The module was unable to obtain the old authentication token\&. .RE .PP PAM_AUTHTOK_LOCK_BUSY .RS 4 Cannot change the authentication token since it is currently locked\&. .RE .PP PAM_AUTHTOK_DISABLE_AGING .RS 4 Authentication token aging has been disabled\&. .RE .PP PAM_PERM_DENIED .RS 4 Permission denied\&. .RE .PP PAM_TRY_AGAIN .RS 4 Preliminary check was unsuccessful\&. Signals an immediate return to the application is desired\&. .RE .PP PAM_SUCCESS .RS 4 The authentication token was successfully updated\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User unknown to password service\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_chauthtok\fR(3), \fBpam_sm_chauthtok\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_chauthtok.3.xml0000644000000000000000000001572413261244762014272 0ustar pam_sm_chauthtok 3 Linux-PAM Manual pam_sm_chauthtok PAM service function for authentication token management #define PAM_SM_PASSWORD #include <security/pam_modules.h> PAM_EXTERN int pam_sm_chauthtok pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_chauthtok function is the service module's implementation of the pam_chauthtok3 interface. This function is used to (re-)set the authentication token of the user. Valid flags, which may be logically OR'd with PAM_SILENT, are: PAM_SILENT Do not emit any messages. PAM_CHANGE_EXPIRED_AUTHTOK This argument indicates to the module that the users authentication token (password) should only be changed if it has expired. This flag is optional and must be combined with one of the following two flags. Note, however, the following two options are mutually exclusive. PAM_PRELIM_CHECK This indicates that the modules are being probed as to their ready status for altering the user's authentication token. If the module requires access to another system over some network it should attempt to verify it can connect to this system on receiving this flag. If a module cannot establish it is ready to update the user's authentication token it should return PAM_TRY_AGAIN, this information will be passed back to the application. If the control value sufficient is used in the password stack, the PAM_PRELIM_CHECK section of the modules following that control value is not always executed. PAM_UPDATE_AUTHTOK This informs the module that this is the call it should change the authorization tokens. If the flag is logically OR'd with PAM_CHANGE_EXPIRED_AUTHTOK, the token is only changed if it has actually expired. The PAM library calls this function twice in succession. The first time with PAM_PRELIM_CHECK and then, if the module does not return PAM_TRY_AGAIN, subsequently with PAM_UPDATE_AUTHTOK. It is only on the second call that the authorization token is (possibly) changed. RETURN VALUES PAM_AUTHTOK_ERR The module was unable to obtain the new authentication token. PAM_AUTHTOK_RECOVERY_ERR The module was unable to obtain the old authentication token. PAM_AUTHTOK_LOCK_BUSY Cannot change the authentication token since it is currently locked. PAM_AUTHTOK_DISABLE_AGING Authentication token aging has been disabled. PAM_PERM_DENIED Permission denied. PAM_TRY_AGAIN Preliminary check was unsuccessful. Signals an immediate return to the application is desired. PAM_SUCCESS The authentication token was successfully updated. PAM_USER_UNKNOWN User unknown to password service. SEE ALSO pam3 , pam_chauthtok3 , pam_sm_chauthtok3 , pam_strerror3 , PAM8 pam/doc/man/pam_sm_close_session.30000644000000000000000000000434113261244762014342 0ustar '\" t .\" Title: pam_sm_close_session .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_CLOSE_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_close_session \- PAM service function to terminate session management .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_SESSION .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_close_session('u .BI "PAM_EXTERN int pam_sm_close_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_close_session\fR function is the service module\*(Aqs implementation of the \fBpam_close_session\fR(3) interface\&. .PP This function is called to terminate a session\&. The only valid value for \fIflags\fR is zero or: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .SH "RETURN VALUES" .PP PAM_SESSION_ERR .RS 4 Cannot make/remove an entry for the specified session\&. .RE .PP PAM_SUCCESS .RS 4 The session was successfully terminated\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_close_session\fR(3), \fBpam_sm_close_session\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_close_session.3.xml0000644000000000000000000000636013261244762015144 0ustar pam_sm_close_session 3 Linux-PAM Manual pam_sm_close_session PAM service function to terminate session management #define PAM_SM_SESSION #include <security/pam_modules.h> PAM_EXTERN int pam_sm_close_session pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_close_session function is the service module's implementation of the pam_close_session3 interface. This function is called to terminate a session. The only valid value for flags is zero or: PAM_SILENT Do not emit any messages. RETURN VALUES PAM_SESSION_ERR Cannot make/remove an entry for the specified session. PAM_SUCCESS The session was successfully terminated. SEE ALSO pam3 , pam_close_session3 , pam_sm_close_session3 , pam_strerror3 , PAM8 pam/doc/man/pam_sm_open_session.30000644000000000000000000000432113261244762014174 0ustar '\" t .\" Title: pam_sm_open_session .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_OPEN_SESSION" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_open_session \- PAM service function to start session management .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_SESSION .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_open_session('u .BI "PAM_EXTERN int pam_sm_open_session(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_open_session\fR function is the service module\*(Aqs implementation of the \fBpam_open_session\fR(3) interface\&. .PP This function is called to commence a session\&. The only valid value for \fIflags\fR is zero or: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .SH "RETURN VALUES" .PP PAM_SESSION_ERR .RS 4 Cannot make/remove an entry for the specified session\&. .RE .PP PAM_SUCCESS .RS 4 The session was successfully started\&. .RE .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_open_session\fR(3), \fBpam_sm_close_session\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_open_session.3.xml0000644000000000000000000000633313261244762015000 0ustar pam_sm_open_session 3 Linux-PAM Manual pam_sm_open_session PAM service function to start session management #define PAM_SM_SESSION #include <security/pam_modules.h> PAM_EXTERN int pam_sm_open_session pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_open_session function is the service module's implementation of the pam_open_session3 interface. This function is called to commence a session. The only valid value for flags is zero or: PAM_SILENT Do not emit any messages. RETURN VALUES PAM_SESSION_ERR Cannot make/remove an entry for the specified session. PAM_SUCCESS The session was successfully started. SEE ALSO pam3 , pam_open_session3 , pam_sm_close_session3 , pam_strerror3 , PAM8 pam/doc/man/pam_sm_setcred.30000644000000000000000000000760413261244762013130 0ustar '\" t .\" Title: pam_sm_setcred .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SM_SETCRED" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sm_setcred \- PAM service function to alter credentials .SH "SYNOPSIS" .sp .ft B .nf #define PAM_SM_AUTH .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'PAM_EXTERN\ int\ pam_sm_setcred('u .BI "PAM_EXTERN int pam_sm_setcred(pam_handle_t\ *" "pamh" ", int\ " "flags" ", int\ " "argc" ", const\ char\ **" "argv" ");" .SH "DESCRIPTION" .PP The \fBpam_sm_setcred\fR function is the service module\*(Aqs implementation of the \fBpam_setcred\fR(3) interface\&. .PP This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme\&. Generally, an authentication module may have access to more information about a user than their authentication token\&. This function is used to make such information available to the application\&. It should only be called \fIafter\fR the user has been authenticated but before a session has been established\&. .PP Valid flags, which may be logically OR\*(Aqd with \fIPAM_SILENT\fR, are: .PP PAM_SILENT .RS 4 Do not emit any messages\&. .RE .PP PAM_ESTABLISH_CRED .RS 4 Initialize the credentials for the user\&. .RE .PP PAM_DELETE_CRED .RS 4 Delete the credentials associated with the authentication service\&. .RE .PP PAM_REINITIALIZE_CRED .RS 4 Reinitialize the user credentials\&. .RE .PP PAM_REFRESH_CRED .RS 4 Extend the lifetime of the user credentials\&. .RE .PP The way the \fBauth\fR stack is navigated in order to evaluate the \fBpam_setcred\fR() function call, independent of the \fBpam_sm_setcred\fR() return codes, is exactly the same way that it was navigated when evaluating the \fBpam_authenticate\fR() library call\&. Typically, if a stack entry was ignored in evaluating \fBpam_authenticate\fR(), it will be ignored when libpam evaluates the \fBpam_setcred\fR() function call\&. Otherwise, the return codes from each module specific \fBpam_sm_setcred\fR() call are treated as \fBrequired\fR\&. .SH "RETURN VALUES" .PP PAM_CRED_UNAVAIL .RS 4 This module cannot retrieve the user\*(Aqs credentials\&. .RE .PP PAM_CRED_EXPIRED .RS 4 The user\*(Aqs credentials have expired\&. .RE .PP PAM_CRED_ERR .RS 4 This module was unable to set the credentials of the user\&. .RE .PP PAM_SUCCESS .RS 4 The user credential was successfully set\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The user is not known to this authentication module\&. .RE .PP These, non\-\fIPAM_SUCCESS\fR, return values will typically lead to the credential stack \fIfailing\fR\&. The first such error will dominate in the return value of \fBpam_setcred\fR()\&. .SH "SEE ALSO" .PP \fBpam\fR(3), \fBpam_authenticate\fR(3), \fBpam_setcred\fR(3), \fBpam_sm_authenticate\fR(3), \fBpam_strerror\fR(3), \fBPAM\fR(8) pam/doc/man/pam_sm_setcred.3.xml0000644000000000000000000001431013261244762013717 0ustar pam_sm_setcred 3 Linux-PAM Manual pam_sm_setcred PAM service function to alter credentials #define PAM_SM_AUTH #include <security/pam_modules.h> PAM_EXTERN int pam_sm_setcred pam_handle_t *pamh int flags int argc const char **argv DESCRIPTION The pam_sm_setcred function is the service module's implementation of the pam_setcred3 interface. This function performs the task of altering the credentials of the user with respect to the corresponding authorization scheme. Generally, an authentication module may have access to more information about a user than their authentication token. This function is used to make such information available to the application. It should only be called after the user has been authenticated but before a session has been established. Valid flags, which may be logically OR'd with PAM_SILENT, are: PAM_SILENT Do not emit any messages. PAM_ESTABLISH_CRED Initialize the credentials for the user. PAM_DELETE_CRED Delete the credentials associated with the authentication service. PAM_REINITIALIZE_CRED Reinitialize the user credentials. PAM_REFRESH_CRED Extend the lifetime of the user credentials. The way the auth stack is navigated in order to evaluate the pam_setcred() function call, independent of the pam_sm_setcred() return codes, is exactly the same way that it was navigated when evaluating the pam_authenticate() library call. Typically, if a stack entry was ignored in evaluating pam_authenticate(), it will be ignored when libpam evaluates the pam_setcred() function call. Otherwise, the return codes from each module specific pam_sm_setcred() call are treated as required. RETURN VALUES PAM_CRED_UNAVAIL This module cannot retrieve the user's credentials. PAM_CRED_EXPIRED The user's credentials have expired. PAM_CRED_ERR This module was unable to set the credentials of the user. PAM_SUCCESS The user credential was successfully set. PAM_USER_UNKNOWN The user is not known to this authentication module. These, non-PAM_SUCCESS, return values will typically lead to the credential stack failing. The first such error will dominate in the return value of pam_setcred(). SEE ALSO pam3 , pam_authenticate3 , pam_setcred3 , pam_sm_authenticate3 , pam_strerror3 , PAM8 pam/doc/man/pam_start.30000644000000000000000000000716013261244762012132 0ustar '\" t .\" Title: pam_start .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_START" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_start \- initialization of PAM transaction .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'int\ pam_start('u .BI "int pam_start(const\ char\ *" "service_name" ", const\ char\ *" "user" ", const\ struct\ pam_conv\ *" "pam_conversation" ", pam_handle_t\ **" "pamh" ");" .SH "DESCRIPTION" .PP The \fBpam_start\fR function creates the PAM context and initiates the PAM transaction\&. It is the first of the PAM functions that needs to be called by an application\&. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel\&. But it is not possible to use the same handle for different transactions, a new one is needed for every new context\&. .PP The \fIservice_name\fR argument specifies the name of the service to apply and will be stored as PAM_SERVICE item in the new context\&. The policy for the service will be read from the file /etc/pam\&.d/service_name or, if that file does not exist, from /etc/pam\&.conf\&. .PP The \fIuser\fR argument can specify the name of the target user and will be stored as PAM_USER item\&. If the argument is NULL, the module has to ask for this item if necessary\&. .PP The \fIpam_conversation\fR argument points to a \fIstruct pam_conv\fR describing the conversation function to use\&. An application must provide this for direct communication between a loaded module and the application\&. .PP Following a successful return (PAM_SUCCESS) the contents of \fIpamh\fR is a handle that contains the PAM context for successive calls to the PAM functions\&. In an error case is the content of \fIpamh\fR undefined\&. .PP The \fIpam_handle_t\fR is a blind structure and the application should not attempt to probe it directly for information\&. Instead the PAM library provides the functions \fBpam_set_item\fR(3) and \fBpam_get_item\fR(3)\&. The PAM handle cannot be used for mulitiple authentications at the same time as long as \fBpam_end\fR was not called on it before\&. .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 General failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SUCCESS .RS 4 Transaction was successful created\&. .RE .PP PAM_SYSTEM_ERR .RS 4 System error, for example a NULL pointer was submitted instead of a pointer to data\&. .RE .SH "SEE ALSO" .PP \fBpam_get_data\fR(3), \fBpam_set_data\fR(3), \fBpam_end\fR(3), \fBpam_strerror\fR(3) pam/doc/man/pam_start.3.xml0000644000000000000000000001204513261244762012727 0ustar pam_start 3 Linux-PAM Manual pam_start initialization of PAM transaction #include <security/pam_appl.h> int pam_start const char *service_name const char *user const struct pam_conv *pam_conversation pam_handle_t **pamh DESCRIPTION The pam_start function creates the PAM context and initiates the PAM transaction. It is the first of the PAM functions that needs to be called by an application. The transaction state is contained entirely within the structure identified by this handle, so it is possible to have multiple transactions in parallel. But it is not possible to use the same handle for different transactions, a new one is needed for every new context. The service_name argument specifies the name of the service to apply and will be stored as PAM_SERVICE item in the new context. The policy for the service will be read from the file /etc/pam.d/service_name or, if that file does not exist, from /etc/pam.conf. The user argument can specify the name of the target user and will be stored as PAM_USER item. If the argument is NULL, the module has to ask for this item if necessary. The pam_conversation argument points to a struct pam_conv describing the conversation function to use. An application must provide this for direct communication between a loaded module and the application. Following a successful return (PAM_SUCCESS) the contents of pamh is a handle that contains the PAM context for successive calls to the PAM functions. In an error case is the content of pamh undefined. The pam_handle_t is a blind structure and the application should not attempt to probe it directly for information. Instead the PAM library provides the functions pam_set_item3 and pam_get_item3 . The PAM handle cannot be used for mulitiple authentications at the same time as long as pam_end was not called on it before. RETURN VALUES PAM_ABORT General failure. PAM_BUF_ERR Memory buffer error. PAM_SUCCESS Transaction was successful created. PAM_SYSTEM_ERR System error, for example a NULL pointer was submitted instead of a pointer to data. SEE ALSO pam_get_data3 , pam_set_data3 , pam_end3 , pam_strerror3 pam/doc/man/pam_strerror.30000644000000000000000000000365613261244762012665 0ustar '\" t .\" Title: pam_strerror .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_STRERROR" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_strerror \- return string describing PAM error code .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .HP \w'const\ char\ *pam_strerror('u .BI "const char *pam_strerror(pam_handle_t\ *" "pamh" ", int\ " "errnum" ");" .SH "DESCRIPTION" .PP The \fBpam_strerror\fR function returns a pointer to a string describing the error code passed in the argument \fIerrnum\fR, possibly using the LC_MESSAGES part of the current locale to select the appropriate language\&. This string must not be modified by the application\&. No library function will modify this string\&. .SH "RETURN VALUES" .PP This function returns always a pointer to a string\&. .SH "SEE ALSO" .PP \fBpam\fR(8) pam/doc/man/pam_strerror.3.xml0000644000000000000000000000356513261244762013463 0ustar pam_strerror 3 Linux-PAM Manual pam_strerror return string describing PAM error code #include <security/pam_appl.h> const char *pam_strerror pam_handle_t *pamh int errnum DESCRIPTION The pam_strerror function returns a pointer to a string describing the error code passed in the argument errnum, possibly using the LC_MESSAGES part of the current locale to select the appropriate language. This string must not be modified by the application. No library function will modify this string. RETURN VALUES This function returns always a pointer to a string. SEE ALSO pam8 pam/doc/man/pam_syslog.30000644000000000000000000000450513261244762012315 0ustar '\" t .\" Title: pam_syslog .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SYSLOG" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_syslog, pam_vsyslog \- send messages to the system logger .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .sp .ft B .nf #include .fi .ft .HP \w'void\ pam_syslog('u .BI "void pam_syslog(pam_handle_t\ *" "pamh" ", int\ " "priority" ", const\ char\ *" "fmt" ", " "\&.\&.\&." ");" .HP \w'void\ pam_vsyslog('u .BI "void pam_vsyslog(pam_handle_t\ *" "pamh" ", int\ " "priority" ", const\ char\ *" "fmt" ", va_list\ " "args" ");" .SH "DESCRIPTION" .PP The \fBpam_syslog\fR function logs messages using \fBsyslog\fR(3) and is intended for internal use by Linux\-PAM and PAM service modules\&. The \fIpriority\fR argument is formed by ORing the facility and the level values as documented in the \fBsyslog\fR(3) manual page\&. .PP The \fBpam_vsyslog\fR function performs the same task as \fBpam_syslog()\fR with the difference that it takes a set of arguments which have been obtained using the \fBstdarg\fR(3) variable argument list macros\&. .SH "SEE ALSO" .PP \fBpam\fR(8) .SH "STANDARDS" .PP The \fBpam_syslog\fR and \fBpam_vsyslog\fR functions are Linux\-PAM extensions\&. pam/doc/man/pam_syslog.3.xml0000644000000000000000000000574213261244762013120 0ustar pam_syslog 3 Linux-PAM Manual pam_syslog pam_vsyslog send messages to the system logger #include <syslog.h> #include <security/pam_ext.h> void pam_syslog pam_handle_t *pamh int priority const char *fmt ... void pam_vsyslog pam_handle_t *pamh int priority const char *fmt va_list args DESCRIPTION The pam_syslog function logs messages using syslog3 and is intended for internal use by Linux-PAM and PAM service modules. The priority argument is formed by ORing the facility and the level values as documented in the syslog3 manual page. The pam_vsyslog function performs the same task as pam_syslog() with the difference that it takes a set of arguments which have been obtained using the stdarg3 variable argument list macros. SEE ALSO pam8 STANDARDS The pam_syslog and pam_vsyslog functions are Linux-PAM extensions. pam/doc/man/pam_verror.30000644000000000000000000000002013261244762012300 0ustar .so pam_error.3 pam/doc/man/pam_vinfo.30000644000000000000000000000001713261244762012110 0ustar .so pam_info.3 pam/doc/man/pam_vprompt.30000644000000000000000000000002113261244762012471 0ustar .so pam_prompt.3 pam/doc/man/pam_vsyslog.30000644000000000000000000000002113261244762012470 0ustar .so pam_syslog.3 pam/doc/man/pam_xauth_data.30000644000000000000000000000542213261244762013116 0ustar '\" t .\" Title: pam_xauth_data .\" Author: [FIXME: author] [see http://docbook.sf.net/el/author] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_XAUTH_DATA" "3" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_xauth_data \- structure containing X authentication data .SH "SYNOPSIS" .sp .ft B .nf #include .fi .ft .sp .nf struct pam_xauth_data { int namelen; char *name; int datalen; char *data; }; .fi .SH "DESCRIPTION" .PP The \fBpam_xauth_data\fR structure contains X authentication data used to make a connection to an X display\&. Using this mechanism, an application can communicate X authentication data to PAM service modules\&. This allows modules to make a connection to the user\*(Aqs X display in order to label the user\*(Aqs session on login, display visual feedback or for other purposes\&. .PP The \fIname\fR field contains the name of the authentication method, such as "MIT\-MAGIC\-COOKIE\-1"\&. The \fInamelen\fR field contains the length of this string, not including the trailing NUL character\&. .PP The \fIdata\fR field contains the authentication method\-specific data corresponding to the specified name\&. The \fIdatalen\fR field contains its length in bytes\&. .PP The X authentication data can be changed with the \fIPAM_XAUTH_DATA\fR item\&. It can be queried and set with \fBpam_get_item\fR(3) and \fBpam_set_item \fR(3) respectively\&. The value used to set it should be a pointer to a pam_xauth_data structure\&. An internal copy of both the structure itself and its fields is made by PAM when setting the item\&. .SH "SEE ALSO" .PP \fBpam_start\fR(3), \fBpam_get_item\fR(3), .SH "STANDARDS" .PP The \fBpam_xauth_data\fR structure and \fIPAM_XAUTH_DATA\fR item are Linux\-PAM extensions\&. pam/doc/mwg/0000755000000000000000000000000013261244762010067 5ustar pam/doc/mwg/Linux-PAM_MWG.xml0000644000000000000000000007060713261244762013047 0ustar The Linux-PAM Module Writers' Guide Andrew G. Morgan morgan@kernel.org Thorsten Kukuk kukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what a programmer needs to know in order to write a module that conforms to the Linux-PAM standard.It also discusses some security issues from the point of view of the module programmer. Introduction
Description Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the Linux-PAM library see the Linux-PAM System Administrators' Guide. A Linux-PAM module is a single executable binary file that can be loaded by the Linux-PAM interface library. This PAM library is configured locally with a system file, /etc/pam.conf, to authenticate a user request via the locally available authentication modules. The modules themselves will usually be located in the directory /lib/security (or /lib64/security, depending on the architecture) and take the form of dynamically loadable object files (see dlopen3 . Alternatively, the modules can be statically linked into the Linux-PAM library; this is mostly to allow Linux-PAM to be used on platforms without dynamic linking available, but this is a deprecated functionality. It is the Linux-PAM interface that is called by an application and it is the responsibility of the library to locate, load and call the appropriate functions in a Linux-PAM-module. Except for the immediate purpose of interacting with the user (entering a password etc..) the module should never call the application directly. This exception requires a "conversation mechanism" which is documented below.
Synopsis #include <security/pam_modules.h> gcc -fPIC -c pam_module.c gcc -shared -o pam_module.so pam_module.o -lpam
What can be expected by the module Here we list the interface that the conventions that all Linux-PAM modules must adhere to.
Getting and setting <emphasis>PAM_ITEM</emphasis>s and <emphasis>data</emphasis> First, we cover what the module should expect from the Linux-PAM library and a Linux-PAM aware application. Essentially this is the libpam.* library.
Other functions provided by <filename>libpam</filename>
What is expected of a module The module must supply a sub-set of the six functions listed below. Together they define the function of a Linux-PAM module. Module developers are strongly urged to read the comments on security that follow this list.
Overview The six module functions are grouped into four independent management groups. These groups are as follows: authentication, account, session and password. To be properly defined, a module must define all functions within at least one of these groups. A single module may contain the necessary functions for all four groups.
Functional independence The independence of the four groups of service a module can offer means that the module should allow for the possibility that any one of these four services may legitimately be called in any order. Thus, the module writer should consider the appropriateness of performing a service without the prior success of some other part of the module. As an informative example, consider the possibility that an application applies to change a user's authentication token, without having first requested that Linux-PAM authenticate the user. In some cases this may be deemed appropriate: when root wants to change the authentication token of some lesser user. In other cases it may not be appropriate: when joe maliciously wants to reset alice's password; or when anyone other than the user themself wishes to reset their KERBEROS authentication token. A policy for this action should be defined by any reasonable authentication scheme, the module writer should consider this when implementing a given module.
Minimizing administration problems To avoid system administration problems and the poor construction of a /etc/pam.conf file, the module developer may define all six of the following functions. For those functions that would not be called, the module should return PAM_SERVICE_ERR and write an appropriate message to the system log. When this action is deemed inappropriate, the function would simply return PAM_IGNORE.
Arguments supplied to the module The flags argument of each of the following functions can be logically OR'd with PAM_SILENT, which is used to inform the module to not pass any text (errors or warnings) application. The argc and argv arguments are taken from the line appropriate to this module---that is, with the service_name matching that of the application---in the configuration file (see the Linux-PAM System Administrators' Guide). Together these two parameters provide the number of arguments and an array of pointers to the individual argument tokens. This will be familiar to C programmers as the ubiquitous method of passing command arguments to the function main(). Note, however, that the first argument (argv[0]) is a true argument and not the name of the module.
Authentication management To be correctly initialized, PAM_SM_AUTH must be #define'd prior to including <security/pam_modules.h>. This will ensure that the prototypes for static modules are properly declared.
Account management To be correctly initialized, PAM_SM_ACCOUNT must be #define'd prior to including <security/pam_modules.h>. This will ensure that the prototypes for static modules are properly declared.
Session management To be correctly initialized, PAM_SM_SESSION must be #define'd prior to including <security/pam_modules.h>. This will ensure that the prototypes for static modules are properly declared.
Authentication token management To be correctly initialized, PAM_SM_PASSWORD must be #define'd prior to including <security/pam_modules.h>. This will ensure that the prototypes for static modules are properly declared.
Generic optional arguments Here we list the generic arguments that all modules can expect to be passed. They are not mandatory, and their absence should be accepted without comment by the module. debug Use the pam_syslog3 call to log debugging information to the system log files. use_first_pass The module should not prompt the user for a password. Instead, it should obtain the previously typed password (by a call to pam_get_item() for the PAM_AUTHTOK item), and use that. If that doesn't work, then the user will not be authenticated. (This option is intended for auth and passwd modules only). Programming notes Here we collect some pointers for the module writer to bear in mind when writing/developing a Linux-PAM compatible module.
Security issues for module creation
Sufficient resources Care should be taken to ensure that the proper execution of a module is not compromised by a lack of system resources. If a module is unable to open sufficient files to perform its task, it should fail gracefully, or request additional resources. Specifically, the quantities manipulated by the setrlimit2 family of commands should be taken into consideration.
Who´s who? Generally, the module may wish to establish the identity of the user requesting a service. This may not be the same as the username returned by pam_get_user(). Indeed, that is only going to be the name of the user under whose identity the service will be given. This is not necessarily the user that requests the service. In other words, user X runs a program that is setuid-Y, it grants the user to have the permissions of Z. A specific example of this sort of service request is the su program: user joe executes su to become the user jane. In this situation X=joe, Y=root and Z=jane. Clearly, it is important that the module does not confuse these different users and grant an inappropriate level of privilege. The following is the convention to be adhered to when juggling user-identities. X, the identity of the user invoking the service request. This is the user identifier; returned by the function getuid2 . Y, the privileged identity of the application used to grant the requested service. This is the effective user identifier; returned by the function geteuid2 . Z, the user under whose identity the service will be granted. This is the username returned by pam_get_user() and also stored in the Linux-PAM item, PAM_USER. Linux-PAM has a place for an additional user identity that a module may care to make use of. This is the PAM_RUSER item. Generally, network sensitive modules/applications may wish to set/read this item to establish the identity of the user requesting a service from a remote location. Note, if a module wishes to modify the identity of either the uid or euid of the running process, it should take care to restore the original values prior to returning control to the Linux-PAM library.
Using the conversation function Prior to calling the conversation function, the module should reset the contents of the pointer that will return the applications response. This is a good idea since the application may fail to fill the pointer and the module should be in a position to notice! The module should be prepared for a failure from the conversation. The generic error would be PAM_CONV_ERR, but anything other than PAM_SUCCESS should be treated as indicating failure.
Authentication tokens To ensure that the authentication tokens are not left lying around the items, PAM_AUTHTOK and PAM_OLDAUTHTOK, are not available to the application: they are defined in <security/pam_modules.h>. This is ostensibly for security reasons, but a maliciously programmed application will always have access to all memory of the process, so it is only superficially enforced. As a general rule the module should overwrite authentication tokens as soon as they are no longer needed. Especially before free()'ing them. The Linux-PAM library is required to do this when either of these authentication token items are (re)set. Not to dwell too little on this concern; should the module store the authentication tokens either as (automatic) function variables or using pam_[gs]et_data() the associated memory should be over-written explicitly before it is released. In the case of the latter storage mechanism, the associated cleanup() function should explicitly overwrite the *data before free()'ing it: for example, /* * An example cleanup() function for releasing memory that was used to * store a password. */ int cleanup(pam_handle_t *pamh, void *data, int error_status) { char *xx; if ((xx = data)) { while (*xx) *xx++ = '\0'; free(data); } return PAM_SUCCESS; }
Use of <citerefentry> <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> </citerefentry> Only rarely should error information be directed to the user. Usually, this is to be limited to sorry you cannot login now type messages. Information concerning errors in the configuration file, /etc/pam.conf, or due to some system failure encountered by the module, should be written to syslog3 with facility-type LOG_AUTHPRIV. With a few exceptions, the level of logging is, at the discretion of the module developer. Here is the recommended usage of different logging levels: As a general rule, errors encountered by a module should be logged at the LOG_ERR level. However, information regarding an unrecognized argument, passed to a module from an entry in the /etc/pam.conf file, is required to be logged at the LOG_ERR level. Debugging information, as activated by the debug argument to the module in /etc/pam.conf, should be logged at the LOG_DEBUG level. If a module discovers that its personal configuration file or some system file it uses for information is corrupted or somehow unusable, it should indicate this by logging messages at level, LOG_ALERT. Shortages of system resources, such as a failure to manipulate a file or malloc() failures should be logged at level LOG_CRIT. Authentication failures, associated with an incorrectly typed password should be logged at level, LOG_NOTICE.
Modules that require system libraries Writing a module is much like writing an application. You have to provide the "conventional hooks" for it to work correctly, like pam_sm_authenticate() etc., which would correspond to the main() function in a normal function. Typically, the author may want to link against some standard system libraries. As when one compiles a normal program, this can be done for modules too: you simply append the -lXXX arguments for the desired libraries when you create the shared module object. To make sure a module is linked to the libwhatever.so library when it is dlopen()ed, try: % gcc -shared -o pam_module.so pam_module.o -lwhatever
An example module At some point, we may include a fully commented example of a module in this document. For now, please look at the modules directory of the Linux-PAM sources. See also The Linux-PAM System Administrators' Guide. The Linux-PAM Application Developers' Guide. The V. Samar and R. Schemers (SunSoft), ``UNIFIED LOGIN WITH PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation Request For Comments 86.0, October 1995. Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) with many contributions from Chris Adams, Peter Allgeyer, Tim Baverstock, Tim Berger, Craig S. Bell, Derrick J. Brashear, Ben Buxton, Seth Chaiklin, Oliver Crow, Chris Dent, Marc Ewing, Cristian Gafton, Emmanuel Galanos, Brad M. Garcia, Eric Hester, Roger Hu, Eric Jacksch, Michael K. Johnson, David Kinchlea, Olaf Kirch, Marcin Korzonek, Thorsten Kukuk, Stephen Langasek, Nicolai Langfeldt, Elliot Lee, Luke Kenneth Casson Leighton, Al Longyear, Ingo Luetkebohle, Marek Michalkiewicz, Robert Milkowski, Aleph One, Martin Pool, Sean Reifschneider, Jan Rekorajski, Erik Troan, Theodore Ts'o, Jeff Uphoff, Myles Uyema, Savochkin Andrey Vladimirovich, Ronald Wahl, David Wood, John Wilmes, Joseph S. D. Yao and Alex O. Yuriev. Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of Linux-PAM. Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> Copyright (c) 1996-2002 Andrew G. Morgan <morgan@kernel.org> Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, and the entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. Alternatively, this product may be distributed under the terms of the GNU General Public License (GPL), in which case the provisions of the GNU GPL are required instead of the above restrictions. (This clause is necessary due to a potential bad interaction between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH pam/doc/mwg/Makefile.am0000644000000000000000000000721213261244762012125 0ustar # # Copyright (c) 2006 Thorsten Kukuk # CLEANFILES = Linux-PAM_MWG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_MWG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml) if ENABLE_REGENERATE_MAN MAINTAINERCLEANFILES = Linux-PAM_MWG.txt Linux-PAM_MWG.pdf html/*.html all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf Linux-PAM_MWG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_MWG.fo $(FO2PDF) Linux-PAM_MWG.fo $@ else echo "No fo2pdf processor installed, skip PDF generation" endif Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_MWG \ --stringparam use.id.as.filename 1 \ --stringparam chunk.first.sections 1 \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 3 --xinclude --nonet \ --stringparam chunker.output.encoding UTF-8 \ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< distclean-local: -rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf endif install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_MWG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_MWG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_MWG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_MWG.html -rm $(DESTDIR)$(htmldir)/mwg-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_MWG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_MWG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html test -f html/Linux-PAM_MWG.html || exit 0; \ cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_MWG.html \ $(srcdir)/html/mwg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ test -f Linux-PAM_MWG.txt || exit 0; \ cp -p Linux-PAM_MWG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ cp -p $(srcdir)/Linux-PAM_MWG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ test -f Linux-PAM_MWG.pdf || exit 0; \ cp -p Linux-PAM_MWG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ cp -p $(srcdir)/Linux-PAM_MWG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ pam/doc/mwg/Makefile.in0000644000000000000000000004015513261244762012141 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/mwg DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = Linux-PAM_MWG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_MWG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/doc/man/pam_*.xml) @ENABLE_REGENERATE_MAN_TRUE@MAINTAINERCLEANFILES = Linux-PAM_MWG.txt Linux-PAM_MWG.pdf html/*.html all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/mwg/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/mwg/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) @ENABLE_REGENERATE_MAN_FALSE@distclean-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distclean-local \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-data-local \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am uninstall uninstall-am uninstall-local @ENABLE_REGENERATE_MAN_TRUE@all: Linux-PAM_MWG.txt html/Linux-PAM_MWG.html Linux-PAM_MWG.pdf @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_MWG.pdf: $(XMLS) $(DEP_XMLS) @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_MWG.fo @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(FO2PDF) Linux-PAM_MWG.fo $@ @ENABLE_GENERATE_PDF_FALSE@@ENABLE_REGENERATE_MAN_TRUE@ echo "No fo2pdf processor installed, skip PDF generation" @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_MWG.txt: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ @ENABLE_REGENERATE_MAN_TRUE@html/Linux-PAM_MWG.html: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ @test -d html || mkdir -p html @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam base.dir html/ \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam root.filename Linux-PAM_MWG \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam use.id.as.filename 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunk.first.sections 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 3 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunker.output.encoding UTF-8 \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< @ENABLE_REGENERATE_MAN_TRUE@distclean-local: @ENABLE_REGENERATE_MAN_TRUE@ -rm -rf html Linux-PAM_MWG.txt Linux-PAM_MWG.pdf install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_MWG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_MWG.html html/mwg-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_MWG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_MWG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_MWG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_MWG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_MWG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_MWG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_MWG.html -rm $(DESTDIR)$(htmldir)/mwg-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_MWG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_MWG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html test -f html/Linux-PAM_MWG.html || exit 0; \ cp -ap html/Linux-PAM_MWG.html html/mwg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_MWG.html \ $(srcdir)/html/mwg-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/html/ test -f Linux-PAM_MWG.txt || exit 0; \ cp -p Linux-PAM_MWG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ cp -p $(srcdir)/Linux-PAM_MWG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ test -f Linux-PAM_MWG.pdf || exit 0; \ cp -p Linux-PAM_MWG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ || \ cp -p $(srcdir)/Linux-PAM_MWG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/mwg/ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/mwg/pam_conv.xml0000644000000000000000000000227513261244762012421 0ustar
The conversation function struct pam_message { int msg_style; const char *msg; }; struct pam_response { char *resp; int resp_retcode; }; struct pam_conv { int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void *appdata_ptr; };
pam/doc/mwg/pam_fail_delay.xml0000644000000000000000000000164313261244762013543 0ustar
Request a delay on failure
pam/doc/mwg/pam_get_data.xml0000644000000000000000000000161713261244762013223 0ustar
Get module internal data
pam/doc/mwg/pam_get_item.xml0000644000000000000000000000161013261244762013241 0ustar
Getting PAM items
pam/doc/mwg/pam_get_user.xml0000644000000000000000000000160413261244762013264 0ustar
Get user name
pam/doc/mwg/pam_getenv.xml0000644000000000000000000000160313261244762012736 0ustar
Get a PAM environment variable
pam/doc/mwg/pam_getenvlist.xml0000644000000000000000000000164413261244762013637 0ustar
Getting the PAM environment
pam/doc/mwg/pam_putenv.xml0000644000000000000000000000161313261244762012770 0ustar
Set or change PAM environment variable
pam/doc/mwg/pam_set_data.xml0000644000000000000000000000161713261244762013237 0ustar
Set module internal data
pam/doc/mwg/pam_set_item.xml0000644000000000000000000000161013261244762013255 0ustar
Setting PAM items
pam/doc/mwg/pam_sm_acct_mgmt.xml0000644000000000000000000000170213261244762014103 0ustar
Service function for account management
pam/doc/mwg/pam_sm_authenticate.xml0000644000000000000000000000173613261244762014632 0ustar
Service function for user authentication
pam/doc/mwg/pam_sm_chauthtok.xml0000644000000000000000000000171113261244762014137 0ustar
Service function to alter authentication token
pam/doc/mwg/pam_sm_close_session.xml0000644000000000000000000000176013261244762015021 0ustar
Service function to terminate session management
pam/doc/mwg/pam_sm_open_session.xml0000644000000000000000000000174213261244762014655 0ustar
Service function to start session management
pam/doc/mwg/pam_sm_setcred.xml0000644000000000000000000000165613261244762013606 0ustar
Service function to alter credentials
pam/doc/mwg/pam_strerror.xml0000644000000000000000000000163113261244762013331 0ustar
Strings describing PAM error codes
pam/doc/sag/0000755000000000000000000000000013261244762010047 5ustar pam/doc/sag/Linux-PAM_SAG.xml0000644000000000000000000006231713261244762013006 0ustar The Linux-PAM System Administrators' Guide Andrew G. Morgan morgan@kernel.org Thorsten Kukuk kukuk@thkukuk.de Version 1.1.2, 31. August 2010 This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system. Introduction Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users. In other words, without (rewriting and) recompiling a PAM-aware application, it is possible to switch between the authentication mechanism(s) it uses. Indeed, one may entirely upgrade the local authentication system without touching the applications themselves. Historically an application that has required a given user to be authenticated, has had to be compiled to use a specific authentication mechanism. For example, in the case of traditional UN*X systems, the identity of the user is verified by the user entering a correct password. This password, after being prefixed by a two character ``salt'', is encrypted (with crypt(3)). The user is then authenticated if this encrypted password is identical to the second field of the user's entry in the system password database (the /etc/passwd file). On such systems, most if not all forms of privileges are granted based on this single authentication scheme. Privilege comes in the form of a personal user-identifier (UID) and membership of various groups. Services and applications are available based on the personal and group identity of the user. Traditionally, group membership has been assigned based on entries in the /etc/group file. It is the purpose of the Linux-PAM project to separate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a library of functions that an application may use to request that a user be authenticated. This PAM library is configured locally with a system file, /etc/pam.conf (or a series of configuration files located in /etc/pam.d/) to authenticate a user request via the locally available authentication modules. The modules themselves will usually be located in the directory /lib/security or /lib64/security and take the form of dynamically loadable object files (see dlopen3 ). Some comments on the text Before proceeding to read the rest of this document, it should be noted that the text assumes that certain files are placed in certain directories. Where they have been specified, the conventions we adopt here for locating these files are those of the relevant RFC (RFC-86.0, see bibliography"). If you are using a distribution of Linux (or some other operating system) that supports PAM but chooses to distribute these files in a different way you should be careful when copying examples directly from the text. As an example of the above, where it is explicit, the text assumes that PAM loadable object files (the modules) are to be located in the following directory: /lib/security/ or /lib64/security depending on the architecture. This is generally the location that seems to be compatible with the Filesystem Hierarchy Standard (FHS). On Solaris, which has its own licensed version of PAM, and some other implementations of UN*X, these files can be found in /usr/lib/security. Please be careful to perform the necessary transcription when using the examples from the text. Overview For the uninitiated, we begin by considering an example. We take an application that grants some service to users; login is one such program. Login does two things, it first establishes that the requesting user is whom they claim to be and second provides them with the requested service: in the case of login the service is a command shell (bash, tcsh, zsh, etc.) running with the identity of the user. Traditionally, the former step is achieved by the login application prompting the user for a password and then verifying that it agrees with that located on the system; hence verifying that as far as the system is concerned the user is who they claim to be. This is the task that is delegated to Linux-PAM. From the perspective of the application programmer (in this case the person that wrote the login application), Linux-PAM takes care of this authentication task -- verifying the identity of the user. The flexibility of Linux-PAM is that you, the system administrator, have the freedom to stipulate which authentication scheme is to be used. You have the freedom to set the scheme for any/all PAM-aware applications on your Linux system. That is, you can authenticate from anything as naive as simple trust (pam_permit) to something as paranoid as a combination of a retinal scan, a voice print and a one-time password! To illustrate the flexibility you face, consider the following situation: a system administrator (parent) wishes to improve the mathematical ability of her users (children). She can configure their favorite ``Shoot 'em up game'' (PAM-aware of course) to authenticate them with a request for the product of a couple of random numbers less than 12. It is clear that if the game is any good they will soon learn their multiplication tables. As they mature, the authentication can be upgraded to include (long) division! Linux-PAM deals with four separate types of (management) task. These are: authentication management; account management; session management; and password management. The association of the preferred management scheme with the behavior of an application is made with entries in the relevant Linux-PAM configuration file. The management functions are performed by modules specified in the configuration file. The syntax for this file is discussed in the section below. Here is a figure that describes the overall organization of Linux-PAM: +----------------+ | application: X | +----------------+ / +----------+ +================+ | authentication-[---->--\--] Linux- |--<--| PAM config file| | + [----<--/--] PAM | |================| |[conversation()][--+ \ | | | X auth .. a.so | +----------------+ | / +-n--n-----+ | X auth .. b.so | | | | __| | | _____/ | service user | A | | |____,-----' | | | V A +----------------+ +------|-----|---------+ -----+------+ +---u-----u----+ | | | | auth.... |--[ a ]--[ b ]--[ c ] +--------------+ | acct.... |--[ b ]--[ d ] +--------------+ | password |--[ b ]--[ c ] +--------------+ | session |--[ e ]--[ c ] +--------------+ By way of explanation, the left of the figure represents the application; application X. Such an application interfaces with the Linux-PAM library and knows none of the specifics of its configured authentication method. The Linux-PAM library (in the center) consults the contents of the PAM configuration file and loads the modules that are appropriate for application-X. These modules fall into one of four management groups (lower-center) and are stacked in the order they appear in the configuration file. These modules, when called by Linux-PAM, perform the various authentication tasks for the application. Textual information, required from/or offered to the user, can be exchanged through the use of the application-supplied conversation function. If a program is going to use PAM, then it has to have PAM functions explicitly coded into the program. If you have access to the source code you can add the appropriate PAM functions. If you do not have access to the source code, and the binary does not have the PAM functions included, then it is not possible to use PAM. The Linux-PAM configuration file
Configuration file syntax
Directory based configuration
Example configuration file entries In this section, we give some examples of entries that can be present in the Linux-PAM configuration file. As a first attempt at configuring your system you could do worse than to implement these. If a system is to be considered secure, it had better have a reasonably secure 'other entry. The following is a paranoid setting (which is not a bad place to start!): # # default; deny access # other auth required pam_deny.so other account required pam_deny.so other password required pam_deny.so other session required pam_deny.so Whilst fundamentally a secure default, this is not very sympathetic to a misconfigured system. For example, such a system is vulnerable to locking everyone out should the rest of the file become badly written. The module pam_deny (documented in a later section) is not very sophisticated. For example, it logs no information when it is invoked so unless the users of a system contact the administrator when failing to execute a service application, the administrator may go for a long while in ignorance of the fact that his system is misconfigured. The addition of the following line before those in the above example would provide a suitable warning to the administrator. # # default; wake up! This application is not configured # other auth required pam_warn.so other password required pam_warn.so Having two 'other auth' lines is an example of stacking. On a system that uses the /etc/pam.d/ configuration, the corresponding default setup would be achieved with the following file: # # default configuration: /etc/pam.d/other # auth required pam_warn.so auth required pam_deny.so account required pam_deny.so password required pam_warn.so password required pam_deny.so session required pam_deny.so This is the only explicit example we give for an /etc/pam.d/ file. In general, it should be clear how to transpose the remaining examples to this configuration scheme. On a less sensitive computer, one on which the system administrator wishes to remain ignorant of much of the power of Linux-PAM, the following selection of lines (in /etc/pam.d/other) is likely to mimic the historically familiar Linux setup. # # default; standard UN*X access # auth required pam_unix.so account required pam_unix.so password required pam_unix.so session required pam_unix.so In general this will provide a starting place for most applications.
Security issues
If something goes wrong Linux-PAM has the potential to seriously change the security of your system. You can choose to have no security or absolute security (no access permitted). In general, Linux-PAM errs towards the latter. Any number of configuration errors can disable access to your system partially, or completely. The most dramatic problem that is likely to be encountered when configuring Linux-PAM is that of deleting the configuration file(s): /etc/pam.d/* and/or /etc/pam.conf. This will lock you out of your own system! To recover, your best bet is to restore the system from a backup or boot the system into a rescue system and correct things from there.
Avoid having a weak `other' configuration It is not a good thing to have a weak default (other) entry. This service is the default configuration for all PAM aware applications and if it is weak, your system is likely to be vulnerable to attack. Here is a sample "other" configuration file. The pam_deny module will deny access and the pam_warn module will send a syslog message to auth.notice: # # The PAM configuration file for the `other' service # auth required pam_deny.so auth required pam_warn.so account required pam_deny.so account required pam_warn.so password required pam_deny.so password required pam_warn.so session required pam_deny.so session required pam_warn.so
A reference guide for available modules Here, we collect together the descriptions of the various modules coming with Linux-PAM. See also The Linux-PAM Application Writers' Guide. The Linux-PAM Module Writers' Guide. The V. Samar and R. Schemers (SunSoft), ``UNIFIED LOGIN WITH PLUGGABLE AUTHENTICATION MODULES'', Open Software Foundation Request For Comments 86.0, October 1995. Author/acknowledgments This document was written by Andrew G. Morgan (morgan@kernel.org) with many contributions from Chris Adams, Peter Allgeyer, Tim Baverstock, Tim Berger, Craig S. Bell, Derrick J. Brashear, Ben Buxton, Seth Chaiklin, Oliver Crow, Chris Dent, Marc Ewing, Cristian Gafton, Emmanuel Galanos, Brad M. Garcia, Eric Hester, Michel D'Hooge, Roger Hu, Eric Jacksch, Michael K. Johnson, David Kinchlea, Olaf Kirch, Marcin Korzonek, Thorsten Kukuk, Stephen Langasek, Nicolai Langfeldt, Elliot Lee, Luke Kenneth Casson Leighton, Al Longyear, Ingo Luetkebohle, Marek Michalkiewicz, Robert Milkowski, Aleph One, Martin Pool, Sean Reifschneider, Jan Rekorajski, Erik Troan, Theodore Ts'o, Jeff Uphoff, Myles Uyema, Savochkin Andrey Vladimirovich, Ronald Wahl, David Wood, John Wilmes, Joseph S. D. Yao and Alex O. Yuriev. Thanks are also due to Sun Microsystems, especially to Vipin Samar and Charlie Lai for their advice. At an early stage in the development of Linux-PAM, Sun graciously made the documentation for their implementation of PAM available. This act greatly accelerated the development of Linux-PAM. Copyright information for this document Copyright (c) 2006 Thorsten Kukuk <kukuk@thkukuk.de> Copyright (c) 1996-2002 Andrew G. Morgan <morgan@kernel.org> Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, and the entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. Alternatively, this product may be distributed under the terms of the GNU General Public License (GPL), in which case the provisions of the GNU GPL are required instead of the above restrictions. (This clause is necessary due to a potential bad interaction between the GNU GPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH pam/doc/sag/Makefile.am0000644000000000000000000000722013261244762012104 0ustar # # Copyright (c) 2006 Thorsten Kukuk # CLEANFILES = Linux-PAM_SAG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml) if ENABLE_REGENERATE_MAN MAINTAINERCLEANFILES = Linux-PAM_SAG.txt Linux-PAM_SAG.pdf html/*.html all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf Linux-PAM_SAG.pdf: $(XMLS) $(DEP_XMLS) if ENABLE_GENERATE_PDF $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 2 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_SAG.fo $(FO2PDF) Linux-PAM_SAG.fo $@ else echo "No fo2pdf processor installed, skip PDF generation" endif Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam generate.toc "book toc" \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 2 --xinclude --nonet \ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) @test -d html || mkdir -p html $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< $(XSLTPROC) --stringparam base.dir html/ \ --stringparam root.filename Linux-PAM_SAG \ --stringparam use.id.as.filename 1 \ --stringparam chunk.first.sections 1 \ --stringparam section.autolabel 1 \ --stringparam section.label.includes.component.label 1 \ --stringparam toc.max.depth 2 --xinclude --nonet \ --stringparam chunker.output.encoding UTF-8 \ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< distclean-local: -rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf endif install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_SAG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_SAG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_SAG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_SAG.html -rm $(DESTDIR)$(htmldir)/sag-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_SAG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_SAG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html test -f html/Linux-PAM_SAG.html || exit 0; \ cp -ap html/Linux-PAM_SAG.html html/sag-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_SAG.html \ $(srcdir)/html/sag-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ test -f Linux-PAM_SAG.txt || exit 0; \ cp -p Linux-PAM_SAG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ cp -p $(srcdir)/Linux-PAM_SAG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ test -f Linux-PAM_SAG.pdf || exit 0; \ cp -p Linux-PAM_SAG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ cp -p $(srcdir)/Linux-PAM_SAG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ pam/doc/sag/Makefile.in0000644000000000000000000004016313261244762012120 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/sag DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = Linux-PAM_SAG.fo *~ EXTRA_DIST = $(XMLS) XMLS = Linux-PAM_SAG.xml $(shell ls $(srcdir)/pam_*.xml) DEP_XMLS = $(shell ls $(top_srcdir)/modules/pam_*/pam_*.xml) @ENABLE_REGENERATE_MAN_TRUE@MAINTAINERCLEANFILES = Linux-PAM_SAG.txt Linux-PAM_SAG.pdf html/*.html all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/sag/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/sag/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) @ENABLE_REGENERATE_MAN_FALSE@distclean-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic distclean-local dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-local .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distclean-local \ distdir dvi dvi-am html html-am info info-am install \ install-am install-data install-data-am install-data-local \ install-dvi install-dvi-am install-exec install-exec-am \ install-html install-html-am install-info install-info-am \ install-man install-pdf install-pdf-am install-ps \ install-ps-am install-strip installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am uninstall uninstall-am uninstall-local @ENABLE_REGENERATE_MAN_TRUE@all: Linux-PAM_SAG.txt html/Linux-PAM_SAG.html Linux-PAM_SAG.pdf @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_SAG.pdf: $(XMLS) $(DEP_XMLS) @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 2 --xinclude --nonet \ @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/fo/docbook.xsl $< > Linux-PAM_SAG.fo @ENABLE_GENERATE_PDF_TRUE@@ENABLE_REGENERATE_MAN_TRUE@ $(FO2PDF) Linux-PAM_SAG.fo $@ @ENABLE_GENERATE_PDF_FALSE@@ENABLE_REGENERATE_MAN_TRUE@ echo "No fo2pdf processor installed, skip PDF generation" @ENABLE_REGENERATE_MAN_TRUE@Linux-PAM_SAG.txt: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam generate.toc "book toc" \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 2 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl $< | $(BROWSER) > $@ @ENABLE_REGENERATE_MAN_TRUE@html/Linux-PAM_SAG.html: $(XMLS) $(DEP_XMLS) @ENABLE_REGENERATE_MAN_TRUE@ @test -d html || mkdir -p html @ENABLE_REGENERATE_MAN_TRUE@ $(XMLLINT) --nonet --xinclude --postvalid --noent --noout $< @ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam base.dir html/ \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam root.filename Linux-PAM_SAG \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam use.id.as.filename 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunk.first.sections 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.autolabel 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam section.label.includes.component.label 1 \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam toc.max.depth 2 --xinclude --nonet \ @ENABLE_REGENERATE_MAN_TRUE@ --stringparam chunker.output.encoding UTF-8 \ @ENABLE_REGENERATE_MAN_TRUE@ http://docbook.sourceforge.net/release/xsl/current/html/chunk.xsl $< @ENABLE_REGENERATE_MAN_TRUE@distclean-local: @ENABLE_REGENERATE_MAN_TRUE@ -rm -rf html Linux-PAM_SAG.txt Linux-PAM_SAG.pdf install-data-local: $(mkinstalldirs) $(DESTDIR)$(docdir) $(mkinstalldirs) $(DESTDIR)$(pdfdir) $(mkinstalldirs) $(DESTDIR)$(htmldir) test -f html/Linux-PAM_SAG.html || exit 0; \ $(install_sh_DATA) html/Linux-PAM_SAG.html html/sag-*.html \ $(DESTDIR)$(htmldir)/ || \ $(install_sh_DATA) $(srcdir)/html/Linux-PAM_SAG.html \ $(srcdir)/html/sag-*.html \ $(DESTDIR)$(htmldir)/ test -f Linux-PAM_SAG.txt || exit 0; \ $(install_sh_DATA) Linux-PAM_SAG.txt $(DESTDIR)$(docdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.txt \ $(DESTDIR)$(docdir)/ test -f Linux-PAM_SAG.pdf || exit 0; \ $(install_sh_DATA) Linux-PAM_SAG.pdf $(DESTDIR)$(pdfdir)/ || \ $(install_sh_DATA) $(srcdir)/Linux-PAM_SAG.pdf \ $(DESTDIR)$(pdfdir)/ uninstall-local: -rm $(DESTDIR)$(htmldir)/Linux-PAM_SAG.html -rm $(DESTDIR)$(htmldir)/sag-*.html -rm $(DESTDIR)$(docdir)/Linux-PAM_SAG.txt -rm $(DESTDIR)$(pdfdir)/Linux-PAM_SAG.pdf releasedocs: all $(mkinstalldirs) $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html test -f html/Linux-PAM_SAG.html || exit 0; \ cp -ap html/Linux-PAM_SAG.html html/sag-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ || \ cp -ap $(srcdir)/html/Linux-PAM_SAG.html \ $(srcdir)/html/sag-*.html \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/html/ test -f Linux-PAM_SAG.txt || exit 0; \ cp -p Linux-PAM_SAG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ cp -p $(srcdir)/Linux-PAM_SAG.txt \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ test -f Linux-PAM_SAG.pdf || exit 0; \ cp -p Linux-PAM_SAG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ || \ cp -p $(srcdir)/Linux-PAM_SAG.pdf \ $(top_builddir)/Linux-PAM-$(VERSION)/doc/sag/ # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/sag/pam_access.xml0000644000000000000000000000447013261244762012674 0ustar
pam_access - logdaemon style login access control
pam/doc/sag/pam_cracklib.xml0000644000000000000000000000364213261244762013205 0ustar
pam_cracklib - checks the password against dictionary words
pam/doc/sag/pam_debug.xml0000644000000000000000000000346213261244762012521 0ustar
pam_debug - debug the PAM stack
pam/doc/sag/pam_deny.xml0000644000000000000000000000343013261244762012365 0ustar
pam_deny - locking-out PAM module
pam/doc/sag/pam_echo.xml0000644000000000000000000000342513261244762012350 0ustar
pam_echo - print text messages
pam/doc/sag/pam_env.xml0000644000000000000000000000433413261244762012222 0ustar
pam_env - set/unset environment variables
pam/doc/sag/pam_exec.xml0000644000000000000000000000343213261244762012354 0ustar
pam_exec - call an external command
pam/doc/sag/pam_faildelay.xml0000644000000000000000000000367613261244762013374 0ustar
pam_faildelay - change the delay on failure per-application
pam/doc/sag/pam_filter.xml0000644000000000000000000000351113261244762012713 0ustar
pam_filter - filter module
pam/doc/sag/pam_ftp.xml0000644000000000000000000000340013261244762012214 0ustar
pam_ftp - module for anonymous access
pam/doc/sag/pam_group.xml0000644000000000000000000000441413261244762012565 0ustar
pam_group - module to modify group access
pam/doc/sag/pam_issue.xml0000644000000000000000000000347413261244762012566 0ustar
pam_issue - add issue file to user prompt
pam/doc/sag/pam_keyinit.xml0000644000000000000000000000356113261244762013107 0ustar
pam_keyinit - display the keyinit file
pam/doc/sag/pam_lastlog.xml0000644000000000000000000000356313261244762013102 0ustar
pam_lastlog - display date of last login
pam/doc/sag/pam_limits.xml0000644000000000000000000000444313261244762012734 0ustar
pam_limits - limit resources
pam/doc/sag/pam_listfile.xml0000644000000000000000000000364713261244762013253 0ustar
pam_listfile - deny or allow services based on an arbitrary file
pam/doc/sag/pam_localuser.xml0000644000000000000000000000367413261244762013431 0ustar
pam_localuser - require users to be listed in /etc/passwd
pam/doc/sag/pam_loginuid.xml0000644000000000000000000000364613261244762013251 0ustar
pam_loginuid - record user's login uid to the process attribute
pam/doc/sag/pam_mail.xml0000644000000000000000000000343513261244762012355 0ustar
pam_mail - inform about available mail
pam/doc/sag/pam_mkhomedir.xml0000644000000000000000000000365613261244762013417 0ustar
pam_mkhomedir - create users home directory
pam/doc/sag/pam_motd.xml0000644000000000000000000000342713261244762012377 0ustar
pam_motd - display the motd file
pam/doc/sag/pam_namespace.xml0000644000000000000000000000463413261244762013371 0ustar
pam_namespace - setup a private namespace
pam/doc/sag/pam_nologin.xml0000644000000000000000000000357213261244762013102 0ustar
pam_nologin - prevent non-root users from login
pam/doc/sag/pam_permit.xml0000644000000000000000000000352213261244762012730 0ustar
pam_permit - the promiscuous module
pam/doc/sag/pam_pwhistory.xml0000644000000000000000000000424313261244762013501 0ustar
pam_pwhistory - grant access using .pwhistory file
pam/doc/sag/pam_rhosts.xml0000644000000000000000000000353313261244762012754 0ustar
pam_rhosts - grant access using .rhosts file
pam/doc/sag/pam_rootok.xml0000644000000000000000000000352113261244762012744 0ustar
pam_rootok - gain only root access
pam/doc/sag/pam_securetty.xml0000644000000000000000000000366613261244762013470 0ustar
pam_securetty - limit root login to special devices
pam/doc/sag/pam_selinux.xml0000644000000000000000000000357113261244762013123 0ustar
pam_selinux - set the default security context
pam/doc/sag/pam_sepermit.xml0000644000000000000000000000421113261244762013254 0ustar
pam_sepermit - allow/reject access based on SELinux mode
pam/doc/sag/pam_shells.xml0000644000000000000000000000352713261244762012727 0ustar
pam_shells - check for valid login shell
pam/doc/sag/pam_succeed_if.xml0000644000000000000000000000371413261244762013524 0ustar
pam_succeed_if - test account characteristics
pam/doc/sag/pam_tally.xml0000644000000000000000000000402613261244762012555 0ustar
pam_tally - login counter (tallying) module
pam/doc/sag/pam_tally2.xml0000644000000000000000000000477213261244762012647 0ustar
pam_tally2 - login counter (tallying) module
pam/doc/sag/pam_time.xml0000644000000000000000000000433713261244762012373 0ustar
pam_time - time controled access
pam/doc/sag/pam_timestamp.xml0000644000000000000000000000465313261244762013441 0ustar
pam_timestamp - authenticate using cached successful authentication attempts
pam/doc/sag/pam_tty_audit.xml0000644000000000000000000000423413261244762013437 0ustar
pam_tty_audit - enable/disable tty auditing
pam/doc/sag/pam_umask.xml0000644000000000000000000000347613261244762012560 0ustar
pam_umask - set the file mode creation mask
pam/doc/sag/pam_unix.xml0000644000000000000000000000344513261244762012417 0ustar
pam_unix - traditional password authentication
pam/doc/sag/pam_userdb.xml0000644000000000000000000000353613261244762012721 0ustar
pam_userdb - authenticate against a db database
pam/doc/sag/pam_warn.xml0000644000000000000000000000342413261244762012400 0ustar
pam_warn - logs all PAM items
pam/doc/sag/pam_wheel.xml0000644000000000000000000000352013261244762012532 0ustar
pam_wheel - only permit root access to members of group wheel
pam/doc/sag/pam_xauth.xml0000644000000000000000000000347713261244762012572 0ustar
pam_xauth - forward xauth keys between users
pam/doc/specs/0000755000000000000000000000000013261244762010412 5ustar pam/doc/specs/Makefile.am0000644000000000000000000000106713261244762012452 0ustar # # Copyright (c) 2005, 2006, 2010 Thorsten Kukuk # CLEANFILES = draft-morgan-pam-current.txt *~ EXTRA_DIST = draft-morgan-pam.raw std-agent-id.raw rfc86.0.txt draft-morgan-pam-current.txt: padout draft-morgan-pam.raw ./padout < $(srcdir)/draft-morgan-pam.raw > draft-morgan-pam-current.txt AM_YFLAGS = -d CC = @CC_FOR_BUILD@ CFLAGS = @BUILD_CFLAGS@ LDFLAGS = @BUILD_LDFLAGS@ BUILT_SOURCES = parse_y.h noinst_PROGRAMS = padout padout_SOURCES = parse_l.l parse_y.y padout_LDADD = @LEXLIB@ doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt pam/doc/specs/Makefile.in0000644000000000000000000004603313261244762012465 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2010 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = padout$(EXEEXT) subdir = doc/specs DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in parse_l.c \ parse_y.c parse_y.h ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) am_padout_OBJECTS = parse_l.$(OBJEXT) parse_y.$(OBJEXT) padout_OBJECTS = $(am_padout_OBJECTS) padout_DEPENDENCIES = DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ LEXCOMPILE = $(LEX) $(LFLAGS) $(AM_LFLAGS) LTLEXCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(LEX) $(LFLAGS) $(AM_LFLAGS) YLWRAP = $(top_srcdir)/build-aux/ylwrap YACCCOMPILE = $(YACC) $(YFLAGS) $(AM_YFLAGS) LTYACCCOMPILE = $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(YACC) $(YFLAGS) $(AM_YFLAGS) SOURCES = $(padout_SOURCES) DIST_SOURCES = $(padout_SOURCES) am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(docdir)" DATA = $(doc_DATA) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC_FOR_BUILD@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @BUILD_CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @BUILD_LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = draft-morgan-pam-current.txt *~ EXTRA_DIST = draft-morgan-pam.raw std-agent-id.raw rfc86.0.txt AM_YFLAGS = -d BUILT_SOURCES = parse_y.h padout_SOURCES = parse_l.l parse_y.y padout_LDADD = @LEXLIB@ doc_DATA = draft-morgan-pam-current.txt rfc86.0.txt all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am .SUFFIXES: .SUFFIXES: .c .l .lo .o .obj .y $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/specs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/specs/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list parse_y.h: parse_y.c @if test ! -f $@; then \ rm -f parse_y.c; \ $(MAKE) $(AM_MAKEFLAGS) parse_y.c; \ else :; fi padout$(EXEEXT): $(padout_OBJECTS) $(padout_DEPENDENCIES) @rm -f padout$(EXEEXT) $(LINK) $(padout_OBJECTS) $(padout_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_l.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse_y.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< .l.c: $(am__skiplex) $(SHELL) $(YLWRAP) $< $(LEX_OUTPUT_ROOT).c $@ -- $(LEXCOMPILE) .y.c: $(am__skipyacc) $(SHELL) $(YLWRAP) $< y.tab.c $@ y.tab.h $*.h y.output $*.output -- $(YACCCOMPILE) mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-docDATA: $(doc_DATA) @$(NORMAL_INSTALL) test -z "$(docdir)" || $(MKDIR_P) "$(DESTDIR)$(docdir)" @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(docdir)" || exit $$?; \ done uninstall-docDATA: @$(NORMAL_UNINSTALL) @list='$(doc_DATA)'; test -n "$(docdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(docdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(docdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am all-am: Makefile $(PROGRAMS) $(DATA) installdirs: for dir in "$(DESTDIR)$(docdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -rm -f parse_l.c -rm -f parse_y.c -rm -f parse_y.h -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-docDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-docDATA .MAKE: all check install install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am \ install-docDATA install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-docDATA draft-morgan-pam-current.txt: padout draft-morgan-pam.raw ./padout < $(srcdir)/draft-morgan-pam.raw > draft-morgan-pam-current.txt # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/doc/specs/draft-morgan-pam.raw0000644000000000000000000007153413261244762014273 0ustar Open-PAM working group ## A.G. Morgan Internet Draft: ## Dec 8, 2001 Document: draft-morgan-pam-08.txt ## Expires: June 8, 2002 ## Obsoletes: draft-morgan-pam-07.txt## ## Pluggable Authentication Modules (PAM) ## #$ Status of this memo This document is a draft specification. Its contents are subject to change with revision. The latest version of this draft may be obtained from here: http://www.kernel.org/pub/linux/libs/pam/pre/doc/ As Linux-PAM-'version'-docs.tar.gz It is also contained in the Linux-PAM tar ball. #$ Abstract This document is concerned with the definition of a general infrastructure for module based authentication. The infrastructure is named Pluggable Authentication Modules (PAM for short). #$ Introduction Computers are tools. They provide services to people and other computers (collectively we shall call these _users_ entities). In order to provide convenient, reliable and individual service to different entities, it is common for entities to be labelled. Having defined a label as referring to a some specific entity, the label is used for the purpose of protecting and allocating data resources. All modern operating systems have a notion of labelled entities and all modern operating systems face a common problem: how to authenticate the association of a predefined label with applicant entities. There are as many authentication methods as one might care to count. None of them are perfect and none of them are invulnerable. In general, any given authentication method becomes weaker over time. It is common then for new authentication methods to be developed in response to newly discovered weaknesses in the old authentication methods. The problem with inventing new authentication methods is the fact that old applications do not support them. This contributes to an inertia that discourages the overhaul of weakly protected systems. Another problem is that individuals (people) are frequently powerless to layer the protective authentication around their systems. They are forced to rely on single (lowest common denominator) authentication schemes even in situations where this is far from appropriate. PAM, as discussed in this document, is a generalization of the approach first introduced in [#$R#{OSF_RFC_PAM}]. In short, it is a general framework of interfaces that abstract the process of authentication. With PAM, a service provider can custom protect individual services to the level that they deem is appropriate. PAM has nothing explicit to say about transport layer encryption. Within the context of this document encryption and/or compression of data exchanges are application specific (strictly between client and server) and orthogonal to the process of authentication. #$ Definitions Here we pose the authentication problem as one of configuring defined interfaces between two entities. #$$#{players} Players in the authentication process PAM reserves the following words to specify unique entities in the authentication process: applicant the entity (user) initiating an application for service [PAM associates the PAM_RUSER _item_ with this requesting user]. arbitrator the entity (user) under whose identity the service application is negotiated and with whose authority service is granted. user the entity (user) whose identity is being authenticated [PAM associates the PAM_USER _item_ with this identity]. server the application that provides service, or acts as an authenticated gateway to the requested service. This application is completely responsible for the server end of the transport layer connecting the server to the client. PAM makes no assumptions about how data is encapsulated for exchanges between the server and the client, only that full octet sequences can be freely exchanged without corruption. client application providing the direct/primary interface to applicant. This application is completely responsible for the client end of the transport layer connecting the server to the client. PAM makes no assumptions about how data is encapsulated for exchanges between the server and the client, only that full octet sequences can be freely exchanged without corruption. module authentication binary that provides server-side support for some (arbitrary) authentication method. agent authentication binary that provides client-side support for some (arbitrary) authentication method. Here is a diagram to help orient the reader: ## +-------+ +--------+ ## ## . . . . .| agent | .| module | ## ## . +-------+ .+--------+ ## ## V | . | ## ## . | V | ## ## +---------+ +-------+ . +------+ ## ## | | |libpamc| . |libpam| ## ## | | +-------+ . +------+ ## ## |applicant| | . | ## ## | | +--------+ +----------+ ## ## | |---| client |-----------| server | ## ## +---------+ +--------+ +----------+ ## Solid lines connecting the boxes represent two-way interaction. The dotted-directed lines indicate an optional connection beteween the plugin module (agent) and the server (applicant). In the case of the module, this represents the module invoking the 'conversation' callback function provided to libpam by the server application when it inititializes the libpam library. In the case of the agent, this may be some out-of-PAM API interaction (for example directly displaying a dialog box under X). #$$ Defined Data Types In this draft, we define two composite data types, the text string and the binary prompt. They are the data types used to communicate authentication requests and responses. #$$$#{text_string} text string The text string is a simple sequence of non-NUL (NUL = 0x00) octets. Terminated with a single NUL (0x00) octet. The character set employed in the octet sequence may be negotiated out of band, but defaults to utf-8. ## --------------------------- ## ## [ character data | NUL ] ## ## [ octet sequence | 0x00 ] ## ## --------------------------- ## Within the rest of this text, PAM text strings are delimited with a pair of double quotes. Example, "this" = {'t';'h';'i';'s';0x00}. #$$$#{binary_prompt} binary prompt A binary prompt consists of a stream of octets arranged as follows: ## ---------------------------------------- ## ## [ u32 | u8 | (length-5 octets) ] ## ## [ length | control | data ] ## ## ---------------------------------------- ## That is, a 32-bit unsigned integer in network byte order, a single unsigned byte of control information and a sequence of octets of length (length-5). The composition of the _data_ is context dependent but is generally not a concern for either the server or the client. It is very much the concern of modules and agents. For purposes of interoperability, we define the following control characters as legal. ## value symbol description ## ## ------------------------------------------------- ## ## 0x01 PAM_BPC_OK - continuation packet ## ## 0x02 PAM_BPC_SELECT - initialization packet ## ## 0x03 PAM_BPC_DONE - termination packet ## ## 0x04 PAM_BPC_FAIL - unable to execute ## The following control characters are only legal for exchanges between an agent and a client (it is the responsibility of the client to enforce this rule in the face of a rogue server): ## 0x41 PAM_BPC_GETENV - obtain client env.var ## ## 0x42 PAM_BPC_PUTENV - set client env.var ## ## 0x43 PAM_BPC_TEXT - display message ## ## 0x44 PAM_BPC_ERROR - display error message ## ## 0x45 PAM_BPC_PROMPT - echo'd text prompt ## ## 0x46 PAM_BPC_PASS - non-echo'd text prompt ## ## 0x46 PAM_BPC_STATUS - ping all active clients## ## 0x47 PAM_BPC_ABORT - please abort session ## Note, length is always equal to the total length of the binary prompt and represented by a network ordered unsigned 32 bit integer. #$$$$#{agent_ids} PAM_BPC_SELECT binary prompts Binary prompts of control type PAM_BPC_SELECT have a defined data part. It is composed of three elements: {agent_id;'/';data} The agent_id is a sequence of characters satisfying the following regexp: /^[a-z0-9\_]+(@[a-z0-9\_.]+)?$/ and has a specific form for each independent agent. o Agent_ids that do not contain an at-sign (@) are to be considered as representing some authentication mode that is a "public standard" see reference [#$R#{PAM_STD_AGENTIDS}]. Registered names MUST NOT contain an at-sign (@). o Anyone can define additional agents by using names in the format name@domainname, e.g. "ouragent@example.com". The part following the at-sign MUST be a valid fully qualified internet domain name [RFC-1034] controlled by the person or organization defining the name. (Said another way, if you control the email address that your agent has as an identifier, they you are entitled to use this identifier.) It is up to each domain how it manages its local namespace. The '/' character is a mandatory delimiter, indicating the end of the agent_id. The trailing data is of a format specific to the agent with the given agent_id. #$$ Special cases In a previous section (#{players}) we identified the most general selection of authentication participants. In the case of network authentication, it is straightforward to ascribe identities to the defined participants. However, there are also special (less general) cases that we recognize here. The primary authentication step, when a user is directly introduced into a computer system (log's on to a workstation) is a special case. In this situation, the client and the server are generally one application. Before authenticating such a user, the applicant is formally unknown: PAM_RUSER is NULL. Some client-server implementations (telnet for example) provide effective full tty connections. In these cases, the four simple text string prompting cases (see below) can be handled as in the primary login step. In other words, the server absorbs most of the overhead of propagating authentication messages. In these cases, there needs to be special client/server support for handling binary prompts. In some circumstances, a legacy network transfer protocol can carry authentication information. In such cases, a desire to support legacy clients (with no client-side support for PAM) will neccessitate the 'hardcoding' of an agent protocol into the server application. Whilst against the spirit of PAM, this special casing can be managed by the server's 'conversation function' (see below). The guiding principle when implementing such support is for the application developer to relegate the authentication process to the PAM module -- simply performing a transcription of data from binary-prompt to legacy network 'packet' and visa-versa for propagating replies back to the driving PAM module. A common case of this is with network protocols that define an initialization packet of "user+password". In such cases one should attempt to support the "userpass" agent-id and its defined protocol. #$ Defined interfaces for information flow Here, we discuss the information exchange interfaces between the players in the authentication process. It should be understood that the server side is responsible for driving the authentication of the applicant. Notably, every request received by the client from the server must be matched with a single response from the client to the server. #$$#{applicant_client} Applicant <-> client Once the client is invoked, requests to the applicant entity are initiated by the client application. General clients are able to make the following requests directly to an applicant: echo text string echo error text string prompt with text string for echo'd text string input prompt with text string for concealed text string input the nature of the interface provided by the client for the benefit of the applicant entity is client specific and not defined by PAM. #$$#{client_agent} Client <-> agent In general, authentication schemes require more modes of exchange than the four defined in the previous section (#{applicant_client}). This provides a role for client-loadable agents. The client and agent exchange binary-messages that can have one of the following forms: client -> agent binary prompt agent expecting binary prompt reply to client agent -> client binary prompt reply from agent to clients binary prompt Following the acceptance of a binary prompt by the agent, the agent may attempt to exchange information with the client before returning its binary prompt reply. Permitted exchanges are binary prompts of the following types: agent -> client set environment variable (A) get environment variable (B) echo text string (C) echo error text string (D) prompt for echo'd text string input (E) prompt for concealed text string input (F) In response to these prompts, the client must legitimately respond with a corresponding binary prompt reply. We list a complete set of example exchanges, including each type of legitimate response (passes and a single fail): ## Type | Agent request | Client response ## ## --------------------------------------------------------------- ## ## (A) | {13;PAM_BPC_PUTENV;"FOO=BAR"} | {5;PAM_BPC_OK;} ## ## | {10;PAM_BPC_PUTENV;"FOO="} | {5;PAM_BPC_OK;} ## ## | {9;PAM_BPC_PUTENV;"FOO"} (*) | {5;PAM_BPC_OK;} ## ## | {9;PAM_BPC_PUTENV;"BAR"} (*) | {5;PAM_BPC_FAIL;} ## ## --------------------------------------------------------------- ## ## (B) | {10;PAM_BPC_GETENV;"TERM"} | {11;PAM_BPC_OK;"vt100"} ## ## | {9;PAM_BPC_GETENV;"FOO"} | {5;PAM_BPC_FAIL;} ## ## --------------------------------------------------------------- ## ## (C) | {12;PAM_BPC_TEXT;"hello!"} | {5;PAM_BPC_OK;} ## ## | {12;PAM_BPC_TEXT;"hello!"} | {5;PAM_BPC_FAIL;} ## ## --------------------------------------------------------------- ## ## (D) | {11;PAM_BPC_ERROR;"ouch!"} | {5;PAM_BPC_OK;} ## ## | {11;PAM_BPC_ERROR;"ouch!"} | {5;PAM_BPC_FAIL;} ## ## --------------------------------------------------------------- ## ## (E) | {13;PAM_BPC_PROMPT;"login: "} | {9;PAM_BPC_OK;"joe"} ## ## | {13;PAM_BPC_PROMPT;"login: "} | {6;PAM_BPC_OK;""} ## ## | {13;PAM_BPC_PROMPT;"login: "} | {5;PAM_BPC_FAIL;} ## ## --------------------------------------------------------------- ## ## (F) | {16;PAM_BPC_PASS;"password: "} | {9;PAM_BPC_OK;"XYZ"} ## ## | {16;PAM_BPC_PASS;"password: "} | {6;PAM_BPC_OK;""} ## ## | {16;PAM_BPC_PASS;"password: "} | {5;PAM_BPC_FAIL;} ## (*) Used to attempt the removal of a pre-existing environment variable. #$$ Client <-> server Once the client has established a connection with the server (the nature of the transport protocol is not specified by PAM), the server is responsible for driving the authentication process. General servers can request the following from the client: (to be forwarded by the client to the applicant) echo text string echo error text string prompt for echo'd text string response prompt for concealed text string response (to be forwarded by the client to the appropriate agent) binary prompt for a binary prompt response Client side agents are required to process binary prompts. The agents' binary prompt responses are returned to the server. #$$ Server <-> module Modules drive the authentication process. The server provides a conversation function with which it encapsulates module-generated requests and exchanges them with the client. Every message sent by a module should be acknowledged. General conversation functions can support the following five conversation requests: echo text string echo error string prompt for echo'd text string response prompt for concealed text string response binary prompt for binary prompt response The server is responsible for redirecting these requests to the client. #$ C API for application interfaces (client and server) #$$ Applicant <-> client No API is defined for this interface. The interface is considered to be specific to the client application. Example applications include terminal login, (X)windows login, machine file transfer applications. All that is important is that the client application is able to present the applicant with textual output and to receive textual input from the applicant. The forms of textual exchange are listed in an earlier section (#{applicant_client}). Other methods of data input/output are better suited to being handled via an authentication agent. #$$ Client <-> agent The client makes use of a general API for communicating with agents. The client is not required to communicate directly with available agents, instead a layer of abstraction (in the form of a library: libpamc) takes care of loading and maintaining communication with all requested agents. This layer of abstraction will choose which agents to interact with based on the content of binary prompts it receives that have the control type PAM_BPC_SELECT. #$$$ Client <-> libpamc #$$$$ Compilation information The C-header file provided for client-agent abstraction is included with the following source line: \#include The library providing the corresponding client-agent abstraction functions is, libpamc. cc .... -lpamc #$$$$ Initializing libpamc The libpamc library is initialized with a call to the following function: pamc_handle_t pamc_start(void); This function is responsible for configuring the library and registering the location of available agents. The location of the available agents on the system is implementation specific. pamc_start() function returns NULL on failure. Otherwise, the return value is a pointer to an opaque data type which provides a handle to the libpamc library. On systems where threading is available, the libpamc libraray is thread safe provided a single (pamc_handler_t *) is used by each thread. #$$$$ Client (Applicant) selection of agents For the purpose of applicant and client review of available agents, the following function is provided. char **pamc_list_agents(pamc_handle_t pch); This returns a list of pointers to the agent_id's of the agents which are available on the system. The list is terminated by a NULL pointer. It is the clients responsibility to free this memory area by calling free() on each agent id and the block of agent_id pointers in the result. PAM represents a server-driven authentication model, so by default any available agent may be invoked in the authentication process. #$$$$$ Client demands agent If the client requires that a specific authentication agent is satisfied during the authentication process, then the client should call the following function, immediately after obtaining a pamc_handle_t from pamc_start(). int pamc_load(pamc_handle_t pch, const char *agent_id); agent_id is a PAM text string (see section #{agent_ids}) and is not suffixed with a '/' delimiter. The return value for this function is: PAM_BPC_TRUE - agent located and loaded. PAM_BPC_FALSE - agent is not available. Note, although the agent is loaded, no data is fed to it. The agent's opportunity to inform the client that it does not trust the server is when the agent is shutdown. #$$$$$ Client marks agent as unusable The applicant might prefer that a named agent is marked as not available. To do this, the client would invoke the following function immediately after obtaining a pamc_handle_t from pam_start(). int pamc_disable(pamc_handle_t pch, const char *agent_id); here agent_id is a PAM text string containing an agent_id (section #{agent_ids}). The return value for this function is: PAM_BPC_TRUE - agent is disabled. This is the response independent of whether the agent is locally available. PAM_BPC_FALSE - agent cannot be disabled (this may be because it has already been invoked). #$$$$ Allocating and manipulating binary prompts All conversation between an client and an agent takes place with respect to binary prompts. A binary prompt (see section #{binary_prompt}), is obtained, resized and deleted via the following C-macro: CREATION of a binary prompt with control X1 and data length Y1: pamc_bp_t prompt = NULL; PAM_BP_RENEW(&prompt, X1, Y1); REPLACEMENT of a binary prompt with a control X2 and data length Y2: PAM_BP_RENEW(&prompt, X2, Y2); DELETION of a binary prompt (the referenced prompt is scrubbed): PAM_BP_RENEW(&prompt, 0, 0); Note, the PAM_BP_RENEW macro always overwrites any prompt that you call it with, deleting and liberating the old contents in a secure fashion. Also note that PAM_BP_RENEW, when returning a prompt of data size Y1>0, will always append a '\0' byte to the end of the prompt (at data offset Y1). It is thus, by definition, acceptable to treat the data contents of a binary packet as a text string (see #{text_string}). FILLING a binary prompt from a memory pointer U1 from offset O1 of length L1: PAM_BP_FILL(prompt, O1, L1, U1); the CONTROL type for the packet can be obtained as follows: control = PAM_PB_CONTROL(prompt); the LENGTH of a data within the prompt (_excluding_ its header information) can be obtained as follows: length = PAM_BP_LENGTH(prompt); the total SIZE of the prompt (_including_ its header information) can be obtained as follows: size = PAM_BP_SIZE(prompt); EXTRACTING data from a binary prompt from offset O2 of length L2 to a memory pointer U2: PAM_BP_EXTRACT(prompt, O2, L2, U2); If you require direct access to the raw prompt DATA, you should use the following macro: __u8 *raw_data = PAM_BP_DATA(prompt); #$$$$ Client<->agent conversations All exchanges of binary prompts with agents are handled with the single function: int pamc_converse(pamc_handle_t *pch, pamc_bp_t *prompt_p); The return value for pamc_converse(...) is PAM_BPC_TRUE when there is a response packet and PAM_BPC_FALSE when the client is unable to handle the request represented by the original prompt. In this latter case, *prompt_p is set to NULL. This function takes a binary prompt and returns a replacement binary prompt that is either a request from an agent to be acted upon by the client or the 'result' which should be forwarded to the server. In the former case, the following macro will return 1 (PAM_BPC_TRUE) and in all other cases, 0 (PAM_BPC_FALSE): PAM_BPC_FOR_CLIENT(/* pamc_bp_t */ prompt) Note, all non-NULL binary prompts returned by pamc_converse(...), are terminated with a '\0', even when the full length of the prompt (as returned by the agent) does not contain this delimiter. This is a defined property of the PAM_BP_RENEW macro, and can be relied upon. Important security note: in certain implementations, agents are implemented by executable binaries, which are transparently loaded and managed by the PAM client library. To ensure there is never a leakage of elevated privilege to an unprivileged agent, the client application should go to some effort to lower its level of privilege. It remains the responsibility of the applicant and the client to ensure that it is not compromised by a rogue agent. #$$$$ Status of agents int pamc_status(pamc_handle_t *pch, pamc_bp_t *prompt_p); At any time, the client may ping all active agents for their status (with a PAM_BPC_STATUS binary prompt). If any agent replies with PAM_BPC_ABORT, the client is responsible for terminating the connection to the server and then terminating all agents with a call to pamc_end(). In such cases, the return value of pamc_status() is PAM_BPC_FALSE. If the return status of pamc_status() is PAM_BPC_TRUE and *prompt_p is non-NULL, then an agent is requesting access to a server module. XXX - how this information gets propagated to the server, and ultimately to the server's module is yet to be determined. #$$$$ Termination of agents When closing the authentication session and severing the connection between a client and a selection of agents, the following function is used: int pamc_end(pamc_handle_t *pch); Following a call to pamc_end, the pamc_handle_t will be invalid. The return value for this function is one of the following: PAM_BPC_TRUE - all invoked agents are content with authentication (the server is _not_ judged _un_trustworthy by any agent) PAM_BPC_FALSE - one or more agents were unsatisfied at being terminated. In general, the client should terminate its connection to the server and indicate to the applicant that the server is untrusted. #$$$ libpamc <-> agents The agents are manipulated from within libpamc. Each agent is an executable in its own right. This permits the agent to have access to sensitive data not accessible directly from the client. The mode of communication between libpamc and an agent is through a pair of pipes. The agent reads binary prompts (section #{binary_prompt}) through its standard input file descriptor and writes response (to the server) binary prompts and instruction binary prompts (instructions for the client) through its standard output file descriptor. #$$ Client <-> server This interface is concerned with the exchange of text and binary prompts between the client application and the server application. No API is provided for this as it is considered specific to the transport protocol shared by the client and the server. #$$ Server <-> modules The server makes use of a general API for communicating with modules. The client is not required to communicate directly with available modules. By abstracting the authentication interface, it becomes possible for the local administrator to make a run time decision about the authentication method adopted by the server. #$$$ Functions and definitions available to servers and modules [This section will document the following functions pam_set_item() pam_get_item() pam_fail_delay(pam_handle_t *pamh, unsigned int micro_sec) pam_get_env(pam_handle_t *pamh, const char *varname) pam_strerror(pam_handle_t *pamh, int pam_errno) Event driven support (XXX work in progress) pam_register_event() - app or module associates an event poller/handler pam_select_event() - query for any outstanding event and act on any ] #$$$ Server <-> libpam [This section will document the following pam_ calls: pam_start pam_end pam_authenticate (*) pam_setcred pam_acct_mgmt pam_open_session pam_close_session pam_chauthtok (*) The asterisked functions may return PAM_INCOMPLETE. In such cases, the application should be aware that the conversation function was called and that it returned PAM_CONV_AGAIN to a module. The correct action for the application to take in response to receiving PAM_INCOMPLETE, is to acquire the replies so that the next time the conversation function is called it will be able to provide the desired responses. And then recall pam_authenticate (pam_chauthtok) with the same arguments. Libpam will arrange that the module stack is resumed from the module that returned before. This functionality is required for programs whose user interface is maintained by an event loop. ] #$$$ libpam <-> modules [This section will document the following pam_ and pam_sm_ calls: functions provided by libpam pam_set_data pam_get_data functions provided to libpam by each module groups: AUTHENTICATION pam_sm_authenticate pam_sm_setcred ACCOUNT pam_sm_acct_mgmt SESSION pam_sm_open_session pam_sm_close_session AUTHENTICATION TOKEN MANAGEMENT pam_sm_chauthtok ] #$$$ The conversation function The server application, as part of its initialization of libpam, provides a conversation function for use by modules and libpam. The purpose of the conversation function is to enable direct communication to the applicant ultimately via the client and selected agents. [ this section will contain a definition for the conversation function, the conversation structure (appdata etc), and legitimate return codes for the application supplied function. PAM_SUCCESS - ok conversation completed PAM_CONV_ERR - conversation failed PAM_CONV_AGAIN - application needs control to complete conv PAM_CONV_RECONSIDER - application believes module should check if it still needs to converse for this info ] #$ Security considerations This document is devoted to standardizing authentication infrastructure: everything in this document has implications for security. #$ Contact The email list for discussing issues related to this document is . #$ References [#{OSF_RFC_PAM}] OSF RFC 86.0, "Unified Login with Pluggable Authentication Modules (PAM)", October 1995 [#{PAM_STD_AGENTIDS}] Definitions for standard agents, "REGISTERED AGENTS AND THEIR AGENT-ID'S", to be found here: ## http://www.kernel.org/pub/linux/libs/pam/pre/doc/std-agent-ids.txt ## #$ Author's Address Andrew G. Morgan Email: morgan@kernel.org ## $Id$ ## pam/doc/specs/parse_l.c0000644000000000000000000012754113261244762012215 0ustar #line 3 "parse_l.c" #define YY_INT_ALIGNED short int /* A lexical scanner generated by flex */ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 #define YY_FLEX_MINOR_VERSION 5 #define YY_FLEX_SUBMINOR_VERSION 35 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif /* First, we deal with platform-specific or compiler-specific issues. */ /* begin standard C headers. */ #include #include #include #include /* end standard C headers. */ /* flex integer type definitions */ #ifndef FLEXINT_H #define FLEXINT_H /* C99 systems have . Non-C99 systems may or may not. */ #if defined (__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 says to define __STDC_LIMIT_MACROS before including stdint.h, * if you want the limit (max/min) macros for int types. */ #ifndef __STDC_LIMIT_MACROS #define __STDC_LIMIT_MACROS 1 #endif #include typedef int8_t flex_int8_t; typedef uint8_t flex_uint8_t; typedef int16_t flex_int16_t; typedef uint16_t flex_uint16_t; typedef int32_t flex_int32_t; typedef uint32_t flex_uint32_t; #else typedef signed char flex_int8_t; typedef short int flex_int16_t; typedef int flex_int32_t; typedef unsigned char flex_uint8_t; typedef unsigned short int flex_uint16_t; typedef unsigned int flex_uint32_t; #endif /* ! C99 */ /* Limits of integral types. */ #ifndef INT8_MIN #define INT8_MIN (-128) #endif #ifndef INT16_MIN #define INT16_MIN (-32767-1) #endif #ifndef INT32_MIN #define INT32_MIN (-2147483647-1) #endif #ifndef INT8_MAX #define INT8_MAX (127) #endif #ifndef INT16_MAX #define INT16_MAX (32767) #endif #ifndef INT32_MAX #define INT32_MAX (2147483647) #endif #ifndef UINT8_MAX #define UINT8_MAX (255U) #endif #ifndef UINT16_MAX #define UINT16_MAX (65535U) #endif #ifndef UINT32_MAX #define UINT32_MAX (4294967295U) #endif #endif /* ! FLEXINT_H */ #ifdef __cplusplus /* The "const" storage-class-modifier is valid. */ #define YY_USE_CONST #else /* ! __cplusplus */ /* C99 requires __STDC__ to be defined as 1. */ #if defined (__STDC__) #define YY_USE_CONST #endif /* defined (__STDC__) */ #endif /* ! __cplusplus */ #ifdef YY_USE_CONST #define yyconst const #else #define yyconst #endif /* Returned upon end-of-file. */ #define YY_NULL 0 /* Promotes a possibly negative, possibly signed char to an unsigned * integer for use as an array index. If the signed char is negative, * we want to instead treat it as an 8-bit unsigned char, hence the * double cast. */ #define YY_SC_TO_UI(c) ((unsigned int) (unsigned char) c) /* Enter a start condition. This macro really ought to take a parameter, * but we do it the disgusting crufty way forced on us by the ()-less * definition of BEGIN. */ #define BEGIN (yy_start) = 1 + 2 * /* Translate the current start state into a value that can be later handed * to BEGIN to return to the state. The YYSTATE alias is for lex * compatibility. */ #define YY_START (((yy_start) - 1) / 2) #define YYSTATE YY_START /* Action number for EOF rule of a given start state. */ #define YY_STATE_EOF(state) (YY_END_OF_BUFFER + state + 1) /* Special action meaning "start processing a new file". */ #define YY_NEW_FILE yyrestart(yyin ) #define YY_END_OF_BUFFER_CHAR 0 /* Size of default input buffer. */ #ifndef YY_BUF_SIZE #define YY_BUF_SIZE 16384 #endif /* The state buf must be large enough to hold one state per character in the main buffer. */ #define YY_STATE_BUF_SIZE ((YY_BUF_SIZE + 2) * sizeof(yy_state_type)) #ifndef YY_TYPEDEF_YY_BUFFER_STATE #define YY_TYPEDEF_YY_BUFFER_STATE typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif extern int yyleng; extern FILE *yyin, *yyout; #define EOB_ACT_CONTINUE_SCAN 0 #define EOB_ACT_END_OF_FILE 1 #define EOB_ACT_LAST_MATCH 2 #define YY_LESS_LINENO(n) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ *yy_cp = (yy_hold_char); \ YY_RESTORE_YY_MORE_OFFSET \ (yy_c_buf_p) = yy_cp = yy_bp + yyless_macro_arg - YY_MORE_ADJ; \ YY_DO_BEFORE_ACTION; /* set up yytext again */ \ } \ while ( 0 ) #define unput(c) yyunput( c, (yytext_ptr) ) #ifndef YY_TYPEDEF_YY_SIZE_T #define YY_TYPEDEF_YY_SIZE_T typedef size_t yy_size_t; #endif #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state { FILE *yy_input_file; char *yy_ch_buf; /* input buffer */ char *yy_buf_pos; /* current position in input buffer */ /* Size of input buffer in bytes, not including room for EOB * characters. */ yy_size_t yy_buf_size; /* Number of characters read into yy_ch_buf, not including EOB * characters. */ int yy_n_chars; /* Whether we "own" the buffer - i.e., we know we created it, * and can realloc() it to grow it, and should free() it to * delete it. */ int yy_is_our_buffer; /* Whether this is an "interactive" input source; if so, and * if we're using stdio for input, then we want to use getc() * instead of fread(), to make sure we stop fetching input after * each newline. */ int yy_is_interactive; /* Whether we're considered to be at the beginning of a line. * If so, '^' rules will be active on the next match, otherwise * not. */ int yy_at_bol; int yy_bs_lineno; /**< The line count. */ int yy_bs_column; /**< The column count. */ /* Whether to try to fill the input buffer when we reach the * end of it. */ int yy_fill_buffer; int yy_buffer_status; #define YY_BUFFER_NEW 0 #define YY_BUFFER_NORMAL 1 /* When an EOF's been seen but there's still some text to process * then we mark the buffer as YY_EOF_PENDING, to indicate that we * shouldn't try reading from the input source any more. We might * still have a bunch of tokens to match, though, because of * possible backing-up. * * When we actually see the EOF, we change the status to "new" * (via yyrestart()), so that the user can continue scanning by * just pointing yyin at a new input file. */ #define YY_BUFFER_EOF_PENDING 2 }; #endif /* !YY_STRUCT_YY_BUFFER_STATE */ /* Stack of input buffers. */ static size_t yy_buffer_stack_top = 0; /**< index of top of stack. */ static size_t yy_buffer_stack_max = 0; /**< capacity of stack. */ static YY_BUFFER_STATE * yy_buffer_stack = 0; /**< Stack as an array. */ /* We provide macros for accessing buffer states in case in the * future we want to put the buffer states in a more general * "scanner state". * * Returns the top of the stack, or NULL. */ #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ : NULL) /* Same as previous macro, but useful when we know that the buffer stack is not * NULL or when we need an lvalue. For internal use only. */ #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] /* yy_hold_char holds the character lost when yytext is formed. */ static char yy_hold_char; static int yy_n_chars; /* number of characters read into yy_ch_buf */ int yyleng; /* Points to current character in buffer. */ static char *yy_c_buf_p = (char *) 0; static int yy_init = 0; /* whether we need to initialize */ static int yy_start = 0; /* start state number */ /* Flag which is used to allow yywrap()'s to do buffer switches * instead of setting up a fresh yyin. A bit of a hack ... */ static int yy_did_buffer_switch_on_eof; void yyrestart (FILE *input_file ); void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ); YY_BUFFER_STATE yy_create_buffer (FILE *file,int size ); void yy_delete_buffer (YY_BUFFER_STATE b ); void yy_flush_buffer (YY_BUFFER_STATE b ); void yypush_buffer_state (YY_BUFFER_STATE new_buffer ); void yypop_buffer_state (void ); static void yyensure_buffer_stack (void ); static void yy_load_buffer_state (void ); static void yy_init_buffer (YY_BUFFER_STATE b,FILE *file ); #define YY_FLUSH_BUFFER yy_flush_buffer(YY_CURRENT_BUFFER ) YY_BUFFER_STATE yy_scan_buffer (char *base,yy_size_t size ); YY_BUFFER_STATE yy_scan_string (yyconst char *yy_str ); YY_BUFFER_STATE yy_scan_bytes (yyconst char *bytes,int len ); void *yyalloc (yy_size_t ); void *yyrealloc (void *,yy_size_t ); void yyfree (void * ); #define yy_new_buffer yy_create_buffer #define yy_set_interactive(is_interactive) \ { \ if ( ! YY_CURRENT_BUFFER ){ \ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_is_interactive = is_interactive; \ } #define yy_set_bol(at_bol) \ { \ if ( ! YY_CURRENT_BUFFER ){\ yyensure_buffer_stack (); \ YY_CURRENT_BUFFER_LVALUE = \ yy_create_buffer(yyin,YY_BUF_SIZE ); \ } \ YY_CURRENT_BUFFER_LVALUE->yy_at_bol = at_bol; \ } #define YY_AT_BOL() (YY_CURRENT_BUFFER_LVALUE->yy_at_bol) /* Begin user sect3 */ typedef unsigned char YY_CHAR; FILE *yyin = (FILE *) 0, *yyout = (FILE *) 0; typedef int yy_state_type; extern int yylineno; int yylineno = 1; extern char *yytext; #define yytext_ptr yytext static yy_state_type yy_get_previous_state (void ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ); static int yy_get_next_buffer (void ); static void yy_fatal_error (yyconst char msg[] ); /* Done after the current pattern has been matched and before the * corresponding action - sets up yytext. */ #define YY_DO_BEFORE_ACTION \ (yytext_ptr) = yy_bp; \ yyleng = (size_t) (yy_cp - yy_bp); \ (yy_hold_char) = *yy_cp; \ *yy_cp = '\0'; \ (yy_c_buf_p) = yy_cp; #define YY_NUM_RULES 8 #define YY_END_OF_BUFFER 9 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info { flex_int32_t yy_verify; flex_int32_t yy_nxt; }; static yyconst flex_int16_t yy_accept[19] = { 0, 0, 0, 9, 6, 7, 3, 6, 4, 1, 0, 5, 0, 1, 0, 1, 0, 2, 0 } ; static yyconst flex_int32_t yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 3, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 1, 1, 1, 6, 1, 1, 1, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 1, 8, 1, 1, 9, 1, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 10, 1, 11, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; static yyconst flex_int32_t yy_meta[12] = { 0, 1, 1, 1, 1, 2, 1, 2, 1, 2, 1, 2 } ; static yyconst flex_int16_t yy_base[21] = { 0, 0, 7, 21, 30, 30, 13, 17, 30, 20, 12, 30, 13, 10, 2, 7, 0, 30, 30, 27, 2 } ; static yyconst flex_int16_t yy_def[21] = { 0, 19, 19, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 9, 20, 18, 20, 18, 0, 18, 18 } ; static yyconst flex_int16_t yy_nxt[42] = { 0, 18, 5, 6, 16, 18, 18, 18, 7, 5, 6, 17, 15, 17, 18, 7, 8, 9, 15, 14, 11, 18, 18, 10, 9, 18, 12, 13, 4, 4, 3, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 } ; static yyconst flex_int16_t yy_chk[42] = { 0, 0, 1, 1, 20, 0, 0, 0, 1, 2, 2, 16, 15, 14, 13, 2, 6, 6, 12, 10, 7, 3, 0, 6, 9, 0, 9, 9, 19, 19, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 } ; static yy_state_type yy_last_accepting_state; static char *yy_last_accepting_cpos; extern int yy_flex_debug; int yy_flex_debug = 0; /* The intent behind this definition is that it'll catch * any uses of REJECT which flex missed. */ #define REJECT reject_used_but_not_detected #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET char *yytext; #line 1 "parse_l.l" #line 2 "parse_l.l" #ifdef HAVE_CONFIG_H # include #endif #include #include "parse_y.h" #line 469 "parse_l.c" #define INITIAL 0 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ #include #endif #ifndef YY_EXTRA_TYPE #define YY_EXTRA_TYPE void * #endif static int yy_init_globals (void ); /* Accessor methods to globals. These are made visible to non-reentrant scanners for convenience. */ int yylex_destroy (void ); int yyget_debug (void ); void yyset_debug (int debug_flag ); YY_EXTRA_TYPE yyget_extra (void ); void yyset_extra (YY_EXTRA_TYPE user_defined ); FILE *yyget_in (void ); void yyset_in (FILE * in_str ); FILE *yyget_out (void ); void yyset_out (FILE * out_str ); int yyget_leng (void ); char *yyget_text (void ); int yyget_lineno (void ); void yyset_lineno (int line_number ); /* Macros after this point can all be overridden by user definitions in * section 1. */ #ifndef YY_SKIP_YYWRAP #ifdef __cplusplus extern "C" int yywrap (void ); #else extern int yywrap (void ); #endif #endif static void yyunput (int c,char *buf_ptr ); #ifndef yytext_ptr static void yy_flex_strncpy (char *,yyconst char *,int ); #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * ); #endif #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void ); #else static int input (void ); #endif #endif /* Amount of stuff to slurp up with each read. */ #ifndef YY_READ_BUF_SIZE #define YY_READ_BUF_SIZE 8192 #endif /* Copy whatever the last rule matched to the standard output. */ #ifndef ECHO /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ #define ECHO fwrite( yytext, yyleng, 1, yyout ) #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, * is returned in "result". */ #ifndef YY_INPUT #define YY_INPUT(buf,result,max_size) \ if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ { \ int c = '*'; \ int n; \ for ( n = 0; n < max_size && \ (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ buf[n] = (char) c; \ if ( c == '\n' ) \ buf[n++] = (char) c; \ if ( c == EOF && ferror( yyin ) ) \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ result = n; \ } \ else \ { \ errno=0; \ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \ { \ if( errno != EINTR) \ { \ YY_FATAL_ERROR( "input in flex scanner failed" ); \ break; \ } \ errno=0; \ clearerr(yyin); \ } \ }\ \ #endif /* No semi-colon after return; correct usage is to write "yyterminate();" - * we don't want an extra ';' after the "return" because that will cause * some compilers to complain about unreachable statements. */ #ifndef yyterminate #define yyterminate() return YY_NULL #endif /* Number of entries by which start-condition stack grows. */ #ifndef YY_START_STACK_INCR #define YY_START_STACK_INCR 25 #endif /* Report a fatal error. */ #ifndef YY_FATAL_ERROR #define YY_FATAL_ERROR(msg) yy_fatal_error( msg ) #endif /* end tables serialization structures and prototypes */ /* Default declaration of generated scanner - a define so the user can * easily add parameters. */ #ifndef YY_DECL #define YY_DECL_IS_OURS 1 extern int yylex (void); #define YY_DECL int yylex (void) #endif /* !YY_DECL */ /* Code executed at the beginning of each rule, after yytext and yyleng * have been set up. */ #ifndef YY_USER_ACTION #define YY_USER_ACTION #endif /* Code executed at the end of each rule. */ #ifndef YY_BREAK #define YY_BREAK break; #endif #define YY_RULE_SETUP \ YY_USER_ACTION /** The main scanner function which does all the work. */ YY_DECL { register yy_state_type yy_current_state; register char *yy_cp, *yy_bp; register int yy_act; #line 11 "parse_l.l" #line 654 "parse_l.c" if ( !(yy_init) ) { (yy_init) = 1; #ifdef YY_USER_INIT YY_USER_INIT; #endif if ( ! (yy_start) ) (yy_start) = 1; /* first start state */ if ( ! yyin ) yyin = stdin; if ( ! yyout ) yyout = stdout; if ( ! YY_CURRENT_BUFFER ) { yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_load_buffer_state( ); } while ( 1 ) /* loops until end-of-file is reached */ { yy_cp = (yy_c_buf_p); /* Support of yytext. */ *yy_cp = (yy_hold_char); /* yy_bp points to the position in yy_ch_buf of the start of * the current run. */ yy_bp = yy_cp; yy_current_state = (yy_start); yy_match: do { register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 19 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } while ( yy_base[yy_current_state] != 30 ); yy_find_action: yy_act = yy_accept[yy_current_state]; if ( yy_act == 0 ) { /* have to back up */ yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); yy_act = yy_accept[yy_current_state]; } YY_DO_BEFORE_ACTION; do_action: /* This label is used only to access EOF actions. */ switch ( yy_act ) { /* beginning of action switch */ case 0: /* must back up */ /* undo the effects of YY_DO_BEFORE_ACTION */ *yy_cp = (yy_hold_char); yy_cp = (yy_last_accepting_cpos); yy_current_state = (yy_last_accepting_state); goto yy_find_action; case 1: YY_RULE_SETUP #line 13 "parse_l.l" return NEW_COUNTER; YY_BREAK case 2: YY_RULE_SETUP #line 14 "parse_l.l" return LABEL; YY_BREAK case 3: YY_RULE_SETUP #line 15 "parse_l.l" return NO_INDENT; YY_BREAK case 4: YY_RULE_SETUP #line 16 "parse_l.l" return RIGHT; YY_BREAK case 5: YY_RULE_SETUP #line 17 "parse_l.l" return HASH; YY_BREAK case 6: YY_RULE_SETUP #line 18 "parse_l.l" return CHAR; YY_BREAK case 7: /* rule 7 can match eol */ YY_RULE_SETUP #line 19 "parse_l.l" return NEWLINE; YY_BREAK case 8: YY_RULE_SETUP #line 21 "parse_l.l" ECHO; YY_BREAK #line 778 "parse_l.c" case YY_STATE_EOF(INITIAL): yyterminate(); case YY_END_OF_BUFFER: { /* Amount of text matched not including the EOB char. */ int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; /* Undo the effects of YY_DO_BEFORE_ACTION. */ *yy_cp = (yy_hold_char); YY_RESTORE_YY_MORE_OFFSET if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW ) { /* We're scanning a new file or input source. It's * possible that this happened because the user * just pointed yyin at a new source and called * yylex(). If so, then we have to assure * consistency between YY_CURRENT_BUFFER and our * globals. Here is the right place to do so, because * this is the first action (other than possibly a * back-up) that will match for the new input source. */ (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } /* Note that here we test for yy_c_buf_p "<=" to the position * of the first EOB in the buffer, since yy_c_buf_p will * already have been incremented past the NUL character * (since all states make transitions on EOB to the * end-of-buffer state). Contrast this with the test * in input(). */ if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) { /* This was really a NUL. */ yy_state_type yy_next_state; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); /* Okay, we're now positioned to make the NUL * transition. We couldn't have * yy_get_previous_state() go ahead and do it * for us because it doesn't know how to deal * with the possibility of jamming (and we don't * want to build jamming into it because then it * will run more slowly). */ yy_next_state = yy_try_NUL_trans( yy_current_state ); yy_bp = (yytext_ptr) + YY_MORE_ADJ; if ( yy_next_state ) { /* Consume the NUL. */ yy_cp = ++(yy_c_buf_p); yy_current_state = yy_next_state; goto yy_match; } else { yy_cp = (yy_c_buf_p); goto yy_find_action; } } else switch ( yy_get_next_buffer( ) ) { case EOB_ACT_END_OF_FILE: { (yy_did_buffer_switch_on_eof) = 0; if ( yywrap( ) ) { /* Note: because we've taken care in * yy_get_next_buffer() to have set up * yytext, we can now set up * yy_c_buf_p so that if some total * hoser (like flex itself) wants to * call the scanner after we return the * YY_NULL, it'll still work - another * YY_NULL will get returned. */ (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_act = YY_STATE_EOF(YY_START); goto do_action; } else { if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; } break; } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_match; case EOB_ACT_LAST_MATCH: (yy_c_buf_p) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)]; yy_current_state = yy_get_previous_state( ); yy_cp = (yy_c_buf_p); yy_bp = (yytext_ptr) + YY_MORE_ADJ; goto yy_find_action; } break; } default: YY_FATAL_ERROR( "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ } /* end of yylex */ /* yy_get_next_buffer - try to read in a new buffer * * Returns a code representing an action: * EOB_ACT_LAST_MATCH - * EOB_ACT_CONTINUE_SCAN - continue scanning from current position * EOB_ACT_END_OF_FILE - end of file */ static int yy_get_next_buffer (void) { register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; register char *source = (yytext_ptr); register int number_to_move, i; int ret_val; if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) YY_FATAL_ERROR( "fatal flex scanner internal error--end of buffer missed" ); if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) { /* Don't try to fill the buffer, so this is an EOF. */ if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) { /* We matched a single character, the EOB, so * treat this as a final EOF. */ return EOB_ACT_END_OF_FILE; } else { /* We matched some text prior to the EOB, first * process it. */ return EOB_ACT_LAST_MATCH; } } /* Try to read more data. */ /* First move last chars to start of buffer. */ number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) /* don't do the read, it's not guaranteed to return an EOF, * just force an EOF */ YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; else { int num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ YY_BUFFER_STATE b = YY_CURRENT_BUFFER; int yy_c_buf_p_offset = (int) ((yy_c_buf_p) - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { int new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; else b->yy_buf_size *= 2; b->yy_ch_buf = (char *) /* Include room in for 2 EOB chars. */ yyrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); } else /* Can't grow it, we don't own it. */ b->yy_ch_buf = 0; if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "fatal error - scanner input buffer overflow" ); (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; } if ( num_to_read > YY_READ_BUF_SIZE ) num_to_read = YY_READ_BUF_SIZE; /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), (yy_n_chars), (size_t) num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } if ( (yy_n_chars) == 0 ) { if ( number_to_move == YY_MORE_ADJ ) { ret_val = EOB_ACT_END_OF_FILE; yyrestart(yyin ); } else { ret_val = EOB_ACT_LAST_MATCH; YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_EOF_PENDING; } } else ret_val = EOB_ACT_CONTINUE_SCAN; if ((yy_size_t) ((yy_n_chars) + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ yy_size_t new_size = (yy_n_chars) + number_to_move + ((yy_n_chars) >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); } (yy_n_chars) += number_to_move; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] = YY_END_OF_BUFFER_CHAR; YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] = YY_END_OF_BUFFER_CHAR; (yytext_ptr) = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[0]; return ret_val; } /* yy_get_previous_state - get the state just before the EOB char was reached */ static yy_state_type yy_get_previous_state (void) { register yy_state_type yy_current_state; register char *yy_cp; yy_current_state = (yy_start); for ( yy_cp = (yytext_ptr) + YY_MORE_ADJ; yy_cp < (yy_c_buf_p); ++yy_cp ) { register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 19 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; } return yy_current_state; } /* yy_try_NUL_trans - try to make a transition on the NUL character * * synopsis * next_state = yy_try_NUL_trans( current_state ); */ static yy_state_type yy_try_NUL_trans (yy_state_type yy_current_state ) { register int yy_is_jam; register char *yy_cp = (yy_c_buf_p); register YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { (yy_last_accepting_state) = yy_current_state; (yy_last_accepting_cpos) = yy_cp; } while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; if ( yy_current_state >= 19 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 18); return yy_is_jam ? 0 : yy_current_state; } static void yyunput (int c, register char * yy_bp ) { register char *yy_cp; yy_cp = (yy_c_buf_p); /* undo effects of setting up yytext */ *yy_cp = (yy_hold_char); if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ register int number_to_move = (yy_n_chars) + 2; register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; register char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) *--dest = *--source; yy_cp += (int) (dest - source); yy_bp += (int) (dest - source); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_buf_size; if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) YY_FATAL_ERROR( "flex scanner push-back overflow" ); } *--yy_cp = (char) c; (yytext_ptr) = yy_bp; (yy_hold_char) = *yy_cp; (yy_c_buf_p) = yy_cp; } #ifndef YY_NO_INPUT #ifdef __cplusplus static int yyinput (void) #else static int input (void) #endif { int c; *(yy_c_buf_p) = (yy_hold_char); if ( *(yy_c_buf_p) == YY_END_OF_BUFFER_CHAR ) { /* yy_c_buf_p now points to the character we want to return. * If this occurs *before* the EOB characters, then it's a * valid NUL; if not, then we've hit the end of the buffer. */ if ( (yy_c_buf_p) < &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] ) /* This was really a NUL. */ *(yy_c_buf_p) = '\0'; else { /* need more input */ int offset = (yy_c_buf_p) - (yytext_ptr); ++(yy_c_buf_p); switch ( yy_get_next_buffer( ) ) { case EOB_ACT_LAST_MATCH: /* This happens because yy_g_n_b() * sees that we've accumulated a * token and flags that we need to * try matching the token before * proceeding. But for input(), * there's no matching to consider. * So convert the EOB_ACT_LAST_MATCH * to EOB_ACT_END_OF_FILE. */ /* Reset buffer status. */ yyrestart(yyin ); /*FALLTHROUGH*/ case EOB_ACT_END_OF_FILE: { if ( yywrap( ) ) return EOF; if ( ! (yy_did_buffer_switch_on_eof) ) YY_NEW_FILE; #ifdef __cplusplus return yyinput(); #else return input(); #endif } case EOB_ACT_CONTINUE_SCAN: (yy_c_buf_p) = (yytext_ptr) + offset; break; } } } c = *(unsigned char *) (yy_c_buf_p); /* cast for 8-bit char's */ *(yy_c_buf_p) = '\0'; /* preserve yytext */ (yy_hold_char) = *++(yy_c_buf_p); return c; } #endif /* ifndef YY_NO_INPUT */ /** Immediately switch to a different input stream. * @param input_file A readable stream. * * @note This function does not reset the start condition to @c INITIAL . */ void yyrestart (FILE * input_file ) { if ( ! YY_CURRENT_BUFFER ){ yyensure_buffer_stack (); YY_CURRENT_BUFFER_LVALUE = yy_create_buffer(yyin,YY_BUF_SIZE ); } yy_init_buffer(YY_CURRENT_BUFFER,input_file ); yy_load_buffer_state( ); } /** Switch to a different input buffer. * @param new_buffer The new input buffer. * */ void yy_switch_to_buffer (YY_BUFFER_STATE new_buffer ) { /* TODO. We should be able to replace this entire function body * with * yypop_buffer_state(); * yypush_buffer_state(new_buffer); */ yyensure_buffer_stack (); if ( YY_CURRENT_BUFFER == new_buffer ) return; if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } YY_CURRENT_BUFFER_LVALUE = new_buffer; yy_load_buffer_state( ); /* We don't actually know whether we did this switch during * EOF (yywrap()) processing, but the only time this flag * is looked at is after yywrap() is called, so it's safe * to go ahead and always set it. */ (yy_did_buffer_switch_on_eof) = 1; } static void yy_load_buffer_state (void) { (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; (yytext_ptr) = (yy_c_buf_p) = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; (yy_hold_char) = *(yy_c_buf_p); } /** Allocate and initialize an input buffer state. * @param file A readable stream. * @param size The character buffer size in bytes. When in doubt, use @c YY_BUF_SIZE. * * @return the allocated buffer state. */ YY_BUFFER_STATE yy_create_buffer (FILE * file, int size ) { YY_BUFFER_STATE b; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_buf_size = size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. */ b->yy_ch_buf = (char *) yyalloc(b->yy_buf_size + 2 ); if ( ! b->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); b->yy_is_our_buffer = 1; yy_init_buffer(b,file ); return b; } /** Destroy the buffer. * @param b a buffer created with yy_create_buffer() * */ void yy_delete_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; if ( b == YY_CURRENT_BUFFER ) /* Not sure if we should pop here. */ YY_CURRENT_BUFFER_LVALUE = (YY_BUFFER_STATE) 0; if ( b->yy_is_our_buffer ) yyfree((void *) b->yy_ch_buf ); yyfree((void *) b ); } #ifndef __cplusplus extern int isatty (int ); #endif /* __cplusplus */ /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a yyrestart() or at EOF. */ static void yy_init_buffer (YY_BUFFER_STATE b, FILE * file ) { int oerrno = errno; yy_flush_buffer(b ); b->yy_input_file = file; b->yy_fill_buffer = 1; /* If b is the current buffer, then yy_init_buffer was _probably_ * called from yyrestart() or through yy_get_next_buffer. * In that case, we don't want to reset the lineno or column. */ if (b != YY_CURRENT_BUFFER){ b->yy_bs_lineno = 1; b->yy_bs_column = 0; } b->yy_is_interactive = file ? (isatty( fileno(file) ) > 0) : 0; errno = oerrno; } /** Discard all buffered characters. On the next scan, YY_INPUT will be called. * @param b the buffer state to be flushed, usually @c YY_CURRENT_BUFFER. * */ void yy_flush_buffer (YY_BUFFER_STATE b ) { if ( ! b ) return; b->yy_n_chars = 0; /* We always need two end-of-buffer characters. The first causes * a transition to the end-of-buffer state. The second causes * a jam in that state. */ b->yy_ch_buf[0] = YY_END_OF_BUFFER_CHAR; b->yy_ch_buf[1] = YY_END_OF_BUFFER_CHAR; b->yy_buf_pos = &b->yy_ch_buf[0]; b->yy_at_bol = 1; b->yy_buffer_status = YY_BUFFER_NEW; if ( b == YY_CURRENT_BUFFER ) yy_load_buffer_state( ); } /** Pushes the new state onto the stack. The new state becomes * the current state. This function will allocate the stack * if necessary. * @param new_buffer The new state. * */ void yypush_buffer_state (YY_BUFFER_STATE new_buffer ) { if (new_buffer == NULL) return; yyensure_buffer_stack(); /* This block is copied from yy_switch_to_buffer. */ if ( YY_CURRENT_BUFFER ) { /* Flush out information for old buffer. */ *(yy_c_buf_p) = (yy_hold_char); YY_CURRENT_BUFFER_LVALUE->yy_buf_pos = (yy_c_buf_p); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars); } /* Only push if top exists. Otherwise, replace top. */ if (YY_CURRENT_BUFFER) (yy_buffer_stack_top)++; YY_CURRENT_BUFFER_LVALUE = new_buffer; /* copied from yy_switch_to_buffer. */ yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } /** Removes and deletes the top of the stack, if present. * The next element becomes the new top. * */ void yypop_buffer_state (void) { if (!YY_CURRENT_BUFFER) return; yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; if ((yy_buffer_stack_top) > 0) --(yy_buffer_stack_top); if (YY_CURRENT_BUFFER) { yy_load_buffer_state( ); (yy_did_buffer_switch_on_eof) = 1; } } /* Allocates the stack if it does not exist. * Guarantees space for at least one push. */ static void yyensure_buffer_stack (void) { int num_to_alloc; if (!(yy_buffer_stack)) { /* First allocation is just for 2 elements, since we don't know if this * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ num_to_alloc = 1; (yy_buffer_stack) = (struct yy_buffer_state**)yyalloc (num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; (yy_buffer_stack_top) = 0; return; } if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ /* Increase the buffer to prepare for a possible push. */ int grow_size = 8 /* arbitrary grow size */; num_to_alloc = (yy_buffer_stack_max) + grow_size; (yy_buffer_stack) = (struct yy_buffer_state**)yyrealloc ((yy_buffer_stack), num_to_alloc * sizeof(struct yy_buffer_state*) ); if ( ! (yy_buffer_stack) ) YY_FATAL_ERROR( "out of dynamic memory in yyensure_buffer_stack()" ); /* zero only the new slots.*/ memset((yy_buffer_stack) + (yy_buffer_stack_max), 0, grow_size * sizeof(struct yy_buffer_state*)); (yy_buffer_stack_max) = num_to_alloc; } } /** Setup the input buffer state to scan directly from a user-specified character buffer. * @param base the character buffer * @param size the size in bytes of the character buffer * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_buffer (char * base, yy_size_t size ) { YY_BUFFER_STATE b; if ( size < 2 || base[size-2] != YY_END_OF_BUFFER_CHAR || base[size-1] != YY_END_OF_BUFFER_CHAR ) /* They forgot to leave room for the EOB's. */ return 0; b = (YY_BUFFER_STATE) yyalloc(sizeof( struct yy_buffer_state ) ); if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_buffer()" ); b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */ b->yy_buf_pos = b->yy_ch_buf = base; b->yy_is_our_buffer = 0; b->yy_input_file = 0; b->yy_n_chars = b->yy_buf_size; b->yy_is_interactive = 0; b->yy_at_bol = 1; b->yy_fill_buffer = 0; b->yy_buffer_status = YY_BUFFER_NEW; yy_switch_to_buffer(b ); return b; } /** Setup the input buffer state to scan a string. The next call to yylex() will * scan from a @e copy of @a str. * @param yystr a NUL-terminated string to scan * * @return the newly allocated buffer state object. * @note If you want to scan bytes that may contain NUL values, then use * yy_scan_bytes() instead. */ YY_BUFFER_STATE yy_scan_string (yyconst char * yystr ) { return yy_scan_bytes(yystr,strlen(yystr) ); } /** Setup the input buffer state to scan the given bytes. The next call to yylex() will * scan from a @e copy of @a bytes. * @param bytes the byte buffer to scan * @param len the number of bytes in the buffer pointed to by @a bytes. * * @return the newly allocated buffer state object. */ YY_BUFFER_STATE yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ) { YY_BUFFER_STATE b; char *buf; yy_size_t n; int i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; buf = (char *) yyalloc(n ); if ( ! buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_scan_bytes()" ); for ( i = 0; i < _yybytes_len; ++i ) buf[i] = yybytes[i]; buf[_yybytes_len] = buf[_yybytes_len+1] = YY_END_OF_BUFFER_CHAR; b = yy_scan_buffer(buf,n ); if ( ! b ) YY_FATAL_ERROR( "bad buffer in yy_scan_bytes()" ); /* It's okay to grow etc. this buffer, and we should throw it * away when we're done. */ b->yy_is_our_buffer = 1; return b; } #ifndef YY_EXIT_FAILURE #define YY_EXIT_FAILURE 2 #endif static void yy_fatal_error (yyconst char* msg ) { (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* Redefine yyless() so it works in section 3 code. */ #undef yyless #define yyless(n) \ do \ { \ /* Undo effects of setting up yytext. */ \ int yyless_macro_arg = (n); \ YY_LESS_LINENO(yyless_macro_arg);\ yytext[yyleng] = (yy_hold_char); \ (yy_c_buf_p) = yytext + yyless_macro_arg; \ (yy_hold_char) = *(yy_c_buf_p); \ *(yy_c_buf_p) = '\0'; \ yyleng = yyless_macro_arg; \ } \ while ( 0 ) /* Accessor methods (get/set functions) to struct members. */ /** Get the current line number. * */ int yyget_lineno (void) { return yylineno; } /** Get the input stream. * */ FILE *yyget_in (void) { return yyin; } /** Get the output stream. * */ FILE *yyget_out (void) { return yyout; } /** Get the length of the current token. * */ int yyget_leng (void) { return yyleng; } /** Get the current token. * */ char *yyget_text (void) { return yytext; } /** Set the current line number. * @param line_number * */ void yyset_lineno (int line_number ) { yylineno = line_number; } /** Set the input stream. This does not discard the current * input buffer. * @param in_str A readable stream. * * @see yy_switch_to_buffer */ void yyset_in (FILE * in_str ) { yyin = in_str ; } void yyset_out (FILE * out_str ) { yyout = out_str ; } int yyget_debug (void) { return yy_flex_debug; } void yyset_debug (int bdebug ) { yy_flex_debug = bdebug ; } static int yy_init_globals (void) { /* Initialization is the same as for the non-reentrant scanner. * This function is called from yylex_destroy(), so don't allocate here. */ (yy_buffer_stack) = 0; (yy_buffer_stack_top) = 0; (yy_buffer_stack_max) = 0; (yy_c_buf_p) = (char *) 0; (yy_init) = 0; (yy_start) = 0; /* Defined in main.c */ #ifdef YY_STDINIT yyin = stdin; yyout = stdout; #else yyin = (FILE *) 0; yyout = (FILE *) 0; #endif /* For future reference: Set errno on error, since we are called by * yylex_init() */ return 0; } /* yylex_destroy is for both reentrant and non-reentrant scanners. */ int yylex_destroy (void) { /* Pop the buffer stack, destroying each element. */ while(YY_CURRENT_BUFFER){ yy_delete_buffer(YY_CURRENT_BUFFER ); YY_CURRENT_BUFFER_LVALUE = NULL; yypop_buffer_state(); } /* Destroy the stack itself. */ yyfree((yy_buffer_stack) ); (yy_buffer_stack) = NULL; /* Reset the globals. This is important in a non-reentrant scanner so the next time * yylex() is called, initialization will occur. */ yy_init_globals( ); return 0; } /* * Internal utility routines. */ #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n ) { register int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } #endif #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s ) { register int n; for ( n = 0; s[n]; ++n ) ; return n; } #endif void *yyalloc (yy_size_t size ) { return (void *) malloc( size ); } void *yyrealloc (void * ptr, yy_size_t size ) { /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter * because both ANSI C and C++ allow castless assignment from * any pointer type to void*, and deal with argument conversions * as though doing an assignment. */ return (void *) realloc( (char *) ptr, size ); } void yyfree (void * ptr ) { free( (char *) ptr ); /* see yyrealloc() for (char *) cast */ } #define YYTABLES_NAME "yytables" #line 21 "parse_l.l" pam/doc/specs/parse_l.l0000644000000000000000000000073213261244762012216 0ustar %{ #ifdef HAVE_CONFIG_H # include #endif #include #include "parse_y.h" %} %% \#[\$]+[a-zA-Z]*(\=[0-9]+)? return NEW_COUNTER; \#\{[a-zA-Z][a-zA-Z0-9\_]*\} return LABEL; \# return NO_INDENT; \#\# return RIGHT; \\\# return HASH; [^\n] return CHAR; [\n] return NEWLINE; %% pam/doc/specs/parse_y.c0000644000000000000000000013475413261244762012236 0ustar /* A Bison parser, made by GNU Bison 2.3. */ /* Skeleton implementation for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* C LALR(1) parser skeleton written by Richard Stallman, by simplifying the original so-called "semantic" parser. */ /* All symbols defined below should begin with yy or YY, to avoid infringing on user name space. This should be done even for local variables, as they might otherwise be expanded by user macros. There are some unavoidable exceptions within include files to define necessary library symbols; they are noted "INFRINGES ON USER NAME SPACE" below. */ /* Identify Bison output. */ #define YYBISON 1 /* Bison version. */ #define YYBISON_VERSION "2.3" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" /* Pure parsers. */ #define YYPURE 0 /* Using locations. */ #define YYLSP_NEEDED 0 /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { NEW_COUNTER = 258, LABEL = 259, HASH = 260, CHAR = 261, NEWLINE = 262, NO_INDENT = 263, RIGHT = 264 }; #endif /* Tokens. */ #define NEW_COUNTER 258 #define LABEL 259 #define HASH 260 #define CHAR 261 #define NEWLINE 262 #define NO_INDENT 263 #define RIGHT 264 /* Copy the first part of user declarations. */ #line 2 "parse_y.y" #ifdef HAVE_CONFIG_H # include #endif #include #include #include #define MAXLINE 1000 #define INDENT_STRING " " #define PAPER_WIDTH 74 int indent=0; int line=1; char *last_label=NULL; extern int yylex(void); extern char *yytext; extern void yyerror(const char *x); extern char *get_label(const char *label); extern void set_label(const char *label, const char *target); char *new_counter(const char *key); /* Enabling traces. */ #ifndef YYDEBUG # define YYDEBUG 0 #endif /* Enabling verbose error messages. */ #ifdef YYERROR_VERBOSE # undef YYERROR_VERBOSE # define YYERROR_VERBOSE 1 #else # define YYERROR_VERBOSE 0 #endif /* Enabling the token table. */ #ifndef YYTOKEN_TABLE # define YYTOKEN_TABLE 0 #endif #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE #line 27 "parse_y.y" { int def; char *string; } /* Line 187 of yacc.c. */ #line 144 "parse_y.c" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 #endif /* Copy the second part of user declarations. */ /* Line 216 of yacc.c. */ #line 157 "parse_y.c" #ifdef short # undef short #endif #ifdef YYTYPE_UINT8 typedef YYTYPE_UINT8 yytype_uint8; #else typedef unsigned char yytype_uint8; #endif #ifdef YYTYPE_INT8 typedef YYTYPE_INT8 yytype_int8; #elif (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) typedef signed char yytype_int8; #else typedef short int yytype_int8; #endif #ifdef YYTYPE_UINT16 typedef YYTYPE_UINT16 yytype_uint16; #else typedef unsigned short int yytype_uint16; #endif #ifdef YYTYPE_INT16 typedef YYTYPE_INT16 yytype_int16; #else typedef short int yytype_int16; #endif #ifndef YYSIZE_T # ifdef __SIZE_TYPE__ # define YYSIZE_T __SIZE_TYPE__ # elif defined size_t # define YYSIZE_T size_t # elif ! defined YYSIZE_T && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # define YYSIZE_T size_t # else # define YYSIZE_T unsigned int # endif #endif #define YYSIZE_MAXIMUM ((YYSIZE_T) -1) #ifndef YY_ # if YYENABLE_NLS # if ENABLE_NLS # include /* INFRINGES ON USER NAME SPACE */ # define YY_(msgid) dgettext ("bison-runtime", msgid) # endif # endif # ifndef YY_ # define YY_(msgid) msgid # endif #endif /* Suppress unused-variable warnings by "using" E. */ #if ! defined lint || defined __GNUC__ # define YYUSE(e) ((void) (e)) #else # define YYUSE(e) /* empty */ #endif /* Identity function, used to suppress warnings about constant conditions. */ #ifndef lint # define YYID(n) (n) #else #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static int YYID (int i) #else static int YYID (i) int i; #endif { return i; } #endif #if ! defined yyoverflow || YYERROR_VERBOSE /* The parser invokes alloca or malloc; define the necessary symbols. */ # ifdef YYSTACK_USE_ALLOCA # if YYSTACK_USE_ALLOCA # ifdef __GNUC__ # define YYSTACK_ALLOC __builtin_alloca # elif defined __BUILTIN_VA_ARG_INCR # include /* INFRINGES ON USER NAME SPACE */ # elif defined _AIX # define YYSTACK_ALLOC __alloca # elif defined _MSC_VER # include /* INFRINGES ON USER NAME SPACE */ # define alloca _alloca # else # define YYSTACK_ALLOC alloca # if ! defined _ALLOCA_H && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # endif # endif # endif # ifdef YYSTACK_ALLOC /* Pacify GCC's `empty if-body' warning. */ # define YYSTACK_FREE(Ptr) do { /* empty */; } while (YYID (0)) # ifndef YYSTACK_ALLOC_MAXIMUM /* The OS might guarantee only one guard page at the bottom of the stack, and a page size can be as small as 4096 bytes. So we cannot safely invoke alloca (N) if N exceeds 4096. Use a slightly smaller number to allow for a few compiler-allocated temporary stack slots. */ # define YYSTACK_ALLOC_MAXIMUM 4032 /* reasonable circa 2006 */ # endif # else # define YYSTACK_ALLOC YYMALLOC # define YYSTACK_FREE YYFREE # ifndef YYSTACK_ALLOC_MAXIMUM # define YYSTACK_ALLOC_MAXIMUM YYSIZE_MAXIMUM # endif # if (defined __cplusplus && ! defined _STDLIB_H \ && ! ((defined YYMALLOC || defined malloc) \ && (defined YYFREE || defined free))) # include /* INFRINGES ON USER NAME SPACE */ # ifndef _STDLIB_H # define _STDLIB_H 1 # endif # endif # ifndef YYMALLOC # define YYMALLOC malloc # if ! defined malloc && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void *malloc (YYSIZE_T); /* INFRINGES ON USER NAME SPACE */ # endif # endif # ifndef YYFREE # define YYFREE free # if ! defined free && ! defined _STDLIB_H && (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) void free (void *); /* INFRINGES ON USER NAME SPACE */ # endif # endif # endif #endif /* ! defined yyoverflow || YYERROR_VERBOSE */ #if (! defined yyoverflow \ && (! defined __cplusplus \ || (defined YYSTYPE_IS_TRIVIAL && YYSTYPE_IS_TRIVIAL))) /* A type that is properly aligned for any stack member. */ union yyalloc { yytype_int16 yyss; YYSTYPE yyvs; }; /* The size of the maximum gap between one aligned stack and the next. */ # define YYSTACK_GAP_MAXIMUM (sizeof (union yyalloc) - 1) /* The size of an array large to enough to hold all stacks, each with N elements. */ # define YYSTACK_BYTES(N) \ ((N) * (sizeof (yytype_int16) + sizeof (YYSTYPE)) \ + YYSTACK_GAP_MAXIMUM) /* Copy COUNT objects from FROM to TO. The source and destination do not overlap. */ # ifndef YYCOPY # if defined __GNUC__ && 1 < __GNUC__ # define YYCOPY(To, From, Count) \ __builtin_memcpy (To, From, (Count) * sizeof (*(From))) # else # define YYCOPY(To, From, Count) \ do \ { \ YYSIZE_T yyi; \ for (yyi = 0; yyi < (Count); yyi++) \ (To)[yyi] = (From)[yyi]; \ } \ while (YYID (0)) # endif # endif /* Relocate STACK from its old location to the new one. The local variables YYSIZE and YYSTACKSIZE give the old and new number of elements in the stack, and YYPTR gives the new location of the stack. Advance YYPTR to a properly aligned location for the next stack. */ # define YYSTACK_RELOCATE(Stack) \ do \ { \ YYSIZE_T yynewbytes; \ YYCOPY (&yyptr->Stack, Stack, yysize); \ Stack = &yyptr->Stack; \ yynewbytes = yystacksize * sizeof (*Stack) + YYSTACK_GAP_MAXIMUM; \ yyptr += yynewbytes / sizeof (*yyptr); \ } \ while (YYID (0)) #endif /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ #define YYLAST 27 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 10 /* YYNNTS -- Number of nonterminals. */ #define YYNNTS 4 /* YYNRULES -- Number of rules. */ #define YYNRULES 15 /* YYNRULES -- Number of states. */ #define YYNSTATES 19 /* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */ #define YYUNDEFTOK 2 #define YYMAXUTOK 264 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) /* YYTRANSLATE[YYLEX] -- Bison symbol number corresponding to YYLEX. */ static const yytype_uint8 yytranslate[] = { 0, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; #if YYDEBUG /* YYPRHS[YYN] -- Index of the first RHS symbol of rule number YYN in YYRHS. */ static const yytype_uint8 yyprhs[] = { 0, 0, 3, 4, 7, 11, 17, 25, 33, 34, 37, 39, 42, 44, 46, 48 }; /* YYRHS -- A `-1'-separated list of the rules' RHS. */ static const yytype_int8 yyrhs[] = { 11, 0, -1, -1, 11, 7, -1, 11, 12, 7, -1, 11, 12, 9, 12, 7, -1, 11, 12, 9, 12, 9, 12, 7, -1, 11, 12, 9, 12, 9, 12, 7, -1, -1, 12, 13, -1, 6, -1, 13, 6, -1, 8, -1, 5, -1, 4, -1, 3, -1 }; /* YYRLINE[YYN] -- source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { 0, 39, 39, 40, 44, 53, 72, 99, 128, 131, 139, 142, 147, 151, 154, 160 }; #endif #if YYDEBUG || YYERROR_VERBOSE || YYTOKEN_TABLE /* YYTNAME[SYMBOL-NUM] -- String name of the symbol SYMBOL-NUM. First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { "$end", "error", "$undefined", "NEW_COUNTER", "LABEL", "HASH", "CHAR", "NEWLINE", "NO_INDENT", "RIGHT", "$accept", "doc", "stuff", "text", 0 }; #endif # ifdef YYPRINT /* YYTOKNUM[YYLEX-NUM] -- Internal token number corresponding to token YYLEX-NUM. */ static const yytype_uint16 yytoknum[] = { 0, 256, 257, 258, 259, 260, 261, 262, 263, 264 }; # endif /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint8 yyr1[] = { 0, 10, 11, 11, 11, 11, 11, 11, 12, 12, 13, 13, 13, 13, 13, 13 }; /* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { 0, 2, 0, 2, 3, 5, 7, 7, 0, 2, 1, 2, 1, 1, 1, 1 }; /* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state STATE-NUM when YYTABLE doesn't specify something else to do. Zero means the default is an error. */ static const yytype_uint8 yydefact[] = { 2, 8, 1, 3, 0, 15, 14, 13, 10, 4, 12, 8, 9, 0, 11, 5, 8, 0, 6 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { -1, 1, 4, 12 }; /* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing STATE-NUM. */ #define YYPACT_NINF -3 static const yytype_int8 yypact[] = { -3, 0, -3, -3, 5, -3, -3, -3, -3, -3, -3, -3, 17, 12, -3, -3, -3, -2, -3 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { -3, -3, 11, -3 }; /* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If positive, shift that token. If negative, reduce the rule which number is the opposite. If zero, do what YYDEFACT says. If YYTABLE_NINF, syntax error. */ #define YYTABLE_NINF -1 static const yytype_uint8 yytable[] = { 2, 5, 6, 7, 8, 18, 10, 3, 5, 6, 7, 8, 9, 10, 11, 5, 6, 7, 8, 15, 10, 16, 13, 14, 0, 0, 0, 17 }; static const yytype_int8 yycheck[] = { 0, 3, 4, 5, 6, 7, 8, 7, 3, 4, 5, 6, 7, 8, 9, 3, 4, 5, 6, 7, 8, 9, 11, 6, -1, -1, -1, 16 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { 0, 11, 0, 7, 12, 3, 4, 5, 6, 7, 8, 9, 13, 12, 6, 7, 9, 12, 7 }; #define yyerrok (yyerrstatus = 0) #define yyclearin (yychar = YYEMPTY) #define YYEMPTY (-2) #define YYEOF 0 #define YYACCEPT goto yyacceptlab #define YYABORT goto yyabortlab #define YYERROR goto yyerrorlab /* Like YYERROR except do call yyerror. This remains here temporarily to ease the transition to the new meaning of YYERROR, for GCC. Once GCC version 2 has supplanted version 1, this can go. */ #define YYFAIL goto yyerrlab #define YYRECOVERING() (!!yyerrstatus) #define YYBACKUP(Token, Value) \ do \ if (yychar == YYEMPTY && yylen == 1) \ { \ yychar = (Token); \ yylval = (Value); \ yytoken = YYTRANSLATE (yychar); \ YYPOPSTACK (1); \ goto yybackup; \ } \ else \ { \ yyerror (YY_("syntax error: cannot back up")); \ YYERROR; \ } \ while (YYID (0)) #define YYTERROR 1 #define YYERRCODE 256 /* YYLLOC_DEFAULT -- Set CURRENT to span from RHS[1] to RHS[N]. If N is 0, then set CURRENT to the empty location which ends the previous symbol: RHS[0] (always defined). */ #define YYRHSLOC(Rhs, K) ((Rhs)[K]) #ifndef YYLLOC_DEFAULT # define YYLLOC_DEFAULT(Current, Rhs, N) \ do \ if (YYID (N)) \ { \ (Current).first_line = YYRHSLOC (Rhs, 1).first_line; \ (Current).first_column = YYRHSLOC (Rhs, 1).first_column; \ (Current).last_line = YYRHSLOC (Rhs, N).last_line; \ (Current).last_column = YYRHSLOC (Rhs, N).last_column; \ } \ else \ { \ (Current).first_line = (Current).last_line = \ YYRHSLOC (Rhs, 0).last_line; \ (Current).first_column = (Current).last_column = \ YYRHSLOC (Rhs, 0).last_column; \ } \ while (YYID (0)) #endif /* YY_LOCATION_PRINT -- Print the location on the stream. This macro was not mandated originally: define only if we know we won't break user code: when these are the locations we know. */ #ifndef YY_LOCATION_PRINT # if YYLTYPE_IS_TRIVIAL # define YY_LOCATION_PRINT(File, Loc) \ fprintf (File, "%d.%d-%d.%d", \ (Loc).first_line, (Loc).first_column, \ (Loc).last_line, (Loc).last_column) # else # define YY_LOCATION_PRINT(File, Loc) ((void) 0) # endif #endif /* YYLEX -- calling `yylex' with the right arguments. */ #ifdef YYLEX_PARAM # define YYLEX yylex (YYLEX_PARAM) #else # define YYLEX yylex () #endif /* Enable debugging if requested. */ #if YYDEBUG # ifndef YYFPRINTF # include /* INFRINGES ON USER NAME SPACE */ # define YYFPRINTF fprintf # endif # define YYDPRINTF(Args) \ do { \ if (yydebug) \ YYFPRINTF Args; \ } while (YYID (0)) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) \ do { \ if (yydebug) \ { \ YYFPRINTF (stderr, "%s ", Title); \ yy_symbol_print (stderr, \ Type, Value); \ YYFPRINTF (stderr, "\n"); \ } \ } while (YYID (0)) /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_value_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) #else static void yy_symbol_value_print (yyoutput, yytype, yyvaluep) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; #endif { if (!yyvaluep) return; # ifdef YYPRINT if (yytype < YYNTOKENS) YYPRINT (yyoutput, yytoknum[yytype], *yyvaluep); # else YYUSE (yyoutput); # endif switch (yytype) { default: break; } } /*--------------------------------. | Print this symbol on YYOUTPUT. | `--------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_symbol_print (FILE *yyoutput, int yytype, YYSTYPE const * const yyvaluep) #else static void yy_symbol_print (yyoutput, yytype, yyvaluep) FILE *yyoutput; int yytype; YYSTYPE const * const yyvaluep; #endif { if (yytype < YYNTOKENS) YYFPRINTF (yyoutput, "token %s (", yytname[yytype]); else YYFPRINTF (yyoutput, "nterm %s (", yytname[yytype]); yy_symbol_value_print (yyoutput, yytype, yyvaluep); YYFPRINTF (yyoutput, ")"); } /*------------------------------------------------------------------. | yy_stack_print -- Print the state stack from its BOTTOM up to its | | TOP (included). | `------------------------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_stack_print (yytype_int16 *bottom, yytype_int16 *top) #else static void yy_stack_print (bottom, top) yytype_int16 *bottom; yytype_int16 *top; #endif { YYFPRINTF (stderr, "Stack now"); for (; bottom <= top; ++bottom) YYFPRINTF (stderr, " %d", *bottom); YYFPRINTF (stderr, "\n"); } # define YY_STACK_PRINT(Bottom, Top) \ do { \ if (yydebug) \ yy_stack_print ((Bottom), (Top)); \ } while (YYID (0)) /*------------------------------------------------. | Report that the YYRULE is going to be reduced. | `------------------------------------------------*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yy_reduce_print (YYSTYPE *yyvsp, int yyrule) #else static void yy_reduce_print (yyvsp, yyrule) YYSTYPE *yyvsp; int yyrule; #endif { int yynrhs = yyr2[yyrule]; int yyi; unsigned long int yylno = yyrline[yyrule]; YYFPRINTF (stderr, "Reducing stack by rule %d (line %lu):\n", yyrule - 1, yylno); /* The symbols being reduced. */ for (yyi = 0; yyi < yynrhs; yyi++) { fprintf (stderr, " $%d = ", yyi + 1); yy_symbol_print (stderr, yyrhs[yyprhs[yyrule] + yyi], &(yyvsp[(yyi + 1) - (yynrhs)]) ); fprintf (stderr, "\n"); } } # define YY_REDUCE_PRINT(Rule) \ do { \ if (yydebug) \ yy_reduce_print (yyvsp, Rule); \ } while (YYID (0)) /* Nonzero means print parse trace. It is left uninitialized so that multiple parsers can coexist. */ int yydebug; #else /* !YYDEBUG */ # define YYDPRINTF(Args) # define YY_SYMBOL_PRINT(Title, Type, Value, Location) # define YY_STACK_PRINT(Bottom, Top) # define YY_REDUCE_PRINT(Rule) #endif /* !YYDEBUG */ /* YYINITDEPTH -- initial size of the parser's stacks. */ #ifndef YYINITDEPTH # define YYINITDEPTH 200 #endif /* YYMAXDEPTH -- maximum size the stacks can grow to (effective only if the built-in stack extension method is used). Do not make this value too large; the results are undefined if YYSTACK_ALLOC_MAXIMUM < YYSTACK_BYTES (YYMAXDEPTH) evaluated with infinite-precision integer arithmetic. */ #ifndef YYMAXDEPTH # define YYMAXDEPTH 10000 #endif #if YYERROR_VERBOSE # ifndef yystrlen # if defined __GLIBC__ && defined _STRING_H # define yystrlen strlen # else /* Return the length of YYSTR. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static YYSIZE_T yystrlen (const char *yystr) #else static YYSIZE_T yystrlen (yystr) const char *yystr; #endif { YYSIZE_T yylen; for (yylen = 0; yystr[yylen]; yylen++) continue; return yylen; } # endif # endif # ifndef yystpcpy # if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in YYDEST. */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static char * yystpcpy (char *yydest, const char *yysrc) #else static char * yystpcpy (yydest, yysrc) char *yydest; const char *yysrc; #endif { char *yyd = yydest; const char *yys = yysrc; while ((*yyd++ = *yys++) != '\0') continue; return yyd - 1; } # endif # endif # ifndef yytnamerr /* Copy to YYRES the contents of YYSTR after stripping away unnecessary quotes and backslashes, so that it's suitable for yyerror. The heuristic is that double-quoting is unnecessary unless the string contains an apostrophe, a comma, or backslash (other than backslash-backslash). YYSTR is taken from yytname. If YYRES is null, do not copy; instead, return the length of what the result would have been. */ static YYSIZE_T yytnamerr (char *yyres, const char *yystr) { if (*yystr == '"') { YYSIZE_T yyn = 0; char const *yyp = yystr; for (;;) switch (*++yyp) { case '\'': case ',': goto do_not_strip_quotes; case '\\': if (*++yyp != '\\') goto do_not_strip_quotes; /* Fall through. */ default: if (yyres) yyres[yyn] = *yyp; yyn++; break; case '"': if (yyres) yyres[yyn] = '\0'; return yyn; } do_not_strip_quotes: ; } if (! yyres) return yystrlen (yystr); return yystpcpy (yyres, yystr) - yyres; } # endif /* Copy into YYRESULT an error message about the unexpected token YYCHAR while in state YYSTATE. Return the number of bytes copied, including the terminating null byte. If YYRESULT is null, do not copy anything; just return the number of bytes that would be copied. As a special case, return 0 if an ordinary "syntax error" message will do. Return YYSIZE_MAXIMUM if overflow occurs during size calculation. */ static YYSIZE_T yysyntax_error (char *yyresult, int yystate, int yychar) { int yyn = yypact[yystate]; if (! (YYPACT_NINF < yyn && yyn <= YYLAST)) return 0; else { int yytype = YYTRANSLATE (yychar); YYSIZE_T yysize0 = yytnamerr (0, yytname[yytype]); YYSIZE_T yysize = yysize0; YYSIZE_T yysize1; int yysize_overflow = 0; enum { YYERROR_VERBOSE_ARGS_MAXIMUM = 5 }; char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; int yyx; # if 0 /* This is so xgettext sees the translatable formats that are constructed on the fly. */ YY_("syntax error, unexpected %s"); YY_("syntax error, unexpected %s, expecting %s"); YY_("syntax error, unexpected %s, expecting %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s"); YY_("syntax error, unexpected %s, expecting %s or %s or %s or %s"); # endif char *yyfmt; char const *yyf; static char const yyunexpected[] = "syntax error, unexpected %s"; static char const yyexpecting[] = ", expecting %s"; static char const yyor[] = " or %s"; char yyformat[sizeof yyunexpected + sizeof yyexpecting - 1 + ((YYERROR_VERBOSE_ARGS_MAXIMUM - 2) * (sizeof yyor - 1))]; char const *yyprefix = yyexpecting; /* Start YYX at -YYN if negative to avoid negative indexes in YYCHECK. */ int yyxbegin = yyn < 0 ? -yyn : 0; /* Stay within bounds of both yycheck and yytname. */ int yychecklim = YYLAST - yyn + 1; int yyxend = yychecklim < YYNTOKENS ? yychecklim : YYNTOKENS; int yycount = 1; yyarg[0] = yytname[yytype]; yyfmt = yystpcpy (yyformat, yyunexpected); for (yyx = yyxbegin; yyx < yyxend; ++yyx) if (yycheck[yyx + yyn] == yyx && yyx != YYTERROR) { if (yycount == YYERROR_VERBOSE_ARGS_MAXIMUM) { yycount = 1; yysize = yysize0; yyformat[sizeof yyunexpected - 1] = '\0'; break; } yyarg[yycount++] = yytname[yyx]; yysize1 = yysize + yytnamerr (0, yytname[yyx]); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; yyfmt = yystpcpy (yyfmt, yyprefix); yyprefix = yyor; } yyf = YY_(yyformat); yysize1 = yysize + yystrlen (yyf); yysize_overflow |= (yysize1 < yysize); yysize = yysize1; if (yysize_overflow) return YYSIZE_MAXIMUM; if (yyresult) { /* Avoid sprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ char *yyp = yyresult; int yyi = 0; while ((*yyp = *yyf) != '\0') { if (*yyp == '%' && yyf[1] == 's' && yyi < yycount) { yyp += yytnamerr (yyp, yyarg[yyi++]); yyf += 2; } else { yyp++; yyf++; } } } return yysize; } } #endif /* YYERROR_VERBOSE */ /*-----------------------------------------------. | Release the memory associated to this symbol. | `-----------------------------------------------*/ /*ARGSUSED*/ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) static void yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep) #else static void yydestruct (yymsg, yytype, yyvaluep) const char *yymsg; int yytype; YYSTYPE *yyvaluep; #endif { YYUSE (yyvaluep); if (!yymsg) yymsg = "Deleting"; YY_SYMBOL_PRINT (yymsg, yytype, yyvaluep, yylocationp); switch (yytype) { default: break; } } /* Prevent warnings from -Wmissing-prototypes. */ #ifdef YYPARSE_PARAM #if defined __STDC__ || defined __cplusplus int yyparse (void *YYPARSE_PARAM); #else int yyparse (); #endif #else /* ! YYPARSE_PARAM */ #if defined __STDC__ || defined __cplusplus int yyparse (void); #else int yyparse (); #endif #endif /* ! YYPARSE_PARAM */ /* The look-ahead symbol. */ int yychar; /* The semantic value of the look-ahead symbol. */ YYSTYPE yylval; /* Number of syntax errors so far. */ int yynerrs; /*----------. | yyparse. | `----------*/ #ifdef YYPARSE_PARAM #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (void *YYPARSE_PARAM) #else int yyparse (YYPARSE_PARAM) void *YYPARSE_PARAM; #endif #else /* ! YYPARSE_PARAM */ #if (defined __STDC__ || defined __C99__FUNC__ \ || defined __cplusplus || defined _MSC_VER) int yyparse (void) #else int yyparse () #endif #endif { int yystate; int yyn; int yyresult; /* Number of tokens to shift before error messages enabled. */ int yyerrstatus; /* Look-ahead token as an internal (translated) token number. */ int yytoken = 0; #if YYERROR_VERBOSE /* Buffer for error messages, and its allocated size. */ char yymsgbuf[128]; char *yymsg = yymsgbuf; YYSIZE_T yymsg_alloc = sizeof yymsgbuf; #endif /* Three stacks and their tools: `yyss': related to states, `yyvs': related to semantic values, `yyls': related to locations. Refer to the stacks thru separate pointers, to allow yyoverflow to reallocate them elsewhere. */ /* The state stack. */ yytype_int16 yyssa[YYINITDEPTH]; yytype_int16 *yyss = yyssa; yytype_int16 *yyssp; /* The semantic value stack. */ YYSTYPE yyvsa[YYINITDEPTH]; YYSTYPE *yyvs = yyvsa; YYSTYPE *yyvsp; #define YYPOPSTACK(N) (yyvsp -= (N), yyssp -= (N)) YYSIZE_T yystacksize = YYINITDEPTH; /* The variables used to return semantic value and location from the action routines. */ YYSTYPE yyval; /* The number of symbols on the RHS of the reduced rule. Keep to zero when no symbol should be popped. */ int yylen = 0; YYDPRINTF ((stderr, "Starting parse\n")); yystate = 0; yyerrstatus = 0; yynerrs = 0; yychar = YYEMPTY; /* Cause a token to be read. */ /* Initialize stack pointers. Waste one element of value and location stack so that they stay on the same level as the state stack. The wasted elements are never initialized. */ yyssp = yyss; yyvsp = yyvs; goto yysetstate; /*------------------------------------------------------------. | yynewstate -- Push a new state, which is found in yystate. | `------------------------------------------------------------*/ yynewstate: /* In all cases, when you get here, the value and location stacks have just been pushed. So pushing a state here evens the stacks. */ yyssp++; yysetstate: *yyssp = yystate; if (yyss + yystacksize - 1 <= yyssp) { /* Get the current used size of the three stacks, in elements. */ YYSIZE_T yysize = yyssp - yyss + 1; #ifdef yyoverflow { /* Give user a chance to reallocate the stack. Use copies of these so that the &'s don't force the real ones into memory. */ YYSTYPE *yyvs1 = yyvs; yytype_int16 *yyss1 = yyss; /* Each stack pointer address is followed by the size of the data in use in that stack, in bytes. This used to be a conditional around just the two extra args, but that might be undefined if yyoverflow is a macro. */ yyoverflow (YY_("memory exhausted"), &yyss1, yysize * sizeof (*yyssp), &yyvs1, yysize * sizeof (*yyvsp), &yystacksize); yyss = yyss1; yyvs = yyvs1; } #else /* no yyoverflow */ # ifndef YYSTACK_RELOCATE goto yyexhaustedlab; # else /* Extend the stack our own way. */ if (YYMAXDEPTH <= yystacksize) goto yyexhaustedlab; yystacksize *= 2; if (YYMAXDEPTH < yystacksize) yystacksize = YYMAXDEPTH; { yytype_int16 *yyss1 = yyss; union yyalloc *yyptr = (union yyalloc *) YYSTACK_ALLOC (YYSTACK_BYTES (yystacksize)); if (! yyptr) goto yyexhaustedlab; YYSTACK_RELOCATE (yyss); YYSTACK_RELOCATE (yyvs); # undef YYSTACK_RELOCATE if (yyss1 != yyssa) YYSTACK_FREE (yyss1); } # endif #endif /* no yyoverflow */ yyssp = yyss + yysize - 1; yyvsp = yyvs + yysize - 1; YYDPRINTF ((stderr, "Stack size increased to %lu\n", (unsigned long int) yystacksize)); if (yyss + yystacksize - 1 <= yyssp) YYABORT; } YYDPRINTF ((stderr, "Entering state %d\n", yystate)); goto yybackup; /*-----------. | yybackup. | `-----------*/ yybackup: /* Do appropriate processing given the current state. Read a look-ahead token if we need one and don't already have one. */ /* First try to decide what to do without reference to look-ahead token. */ yyn = yypact[yystate]; if (yyn == YYPACT_NINF) goto yydefault; /* Not known => get a look-ahead token if don't already have one. */ /* YYCHAR is either YYEMPTY or YYEOF or a valid look-ahead symbol. */ if (yychar == YYEMPTY) { YYDPRINTF ((stderr, "Reading a token: ")); yychar = YYLEX; } if (yychar <= YYEOF) { yychar = yytoken = YYEOF; YYDPRINTF ((stderr, "Now at end of input.\n")); } else { yytoken = YYTRANSLATE (yychar); YY_SYMBOL_PRINT ("Next token is", yytoken, &yylval, &yylloc); } /* If the proper action on seeing token YYTOKEN is to reduce or to detect an error, take that action. */ yyn += yytoken; if (yyn < 0 || YYLAST < yyn || yycheck[yyn] != yytoken) goto yydefault; yyn = yytable[yyn]; if (yyn <= 0) { if (yyn == 0 || yyn == YYTABLE_NINF) goto yyerrlab; yyn = -yyn; goto yyreduce; } if (yyn == YYFINAL) YYACCEPT; /* Count tokens shifted since error; after three, turn off error status. */ if (yyerrstatus) yyerrstatus--; /* Shift the look-ahead token. */ YY_SYMBOL_PRINT ("Shifting", yytoken, &yylval, &yylloc); /* Discard the shifted token unless it is eof. */ if (yychar != YYEOF) yychar = YYEMPTY; yystate = yyn; *++yyvsp = yylval; goto yynewstate; /*-----------------------------------------------------------. | yydefault -- do the default action for the current state. | `-----------------------------------------------------------*/ yydefault: yyn = yydefact[yystate]; if (yyn == 0) goto yyerrlab; goto yyreduce; /*-----------------------------. | yyreduce -- Do a reduction. | `-----------------------------*/ yyreduce: /* yyn is the number of a rule to reduce with. */ yylen = yyr2[yyn]; /* If YYLEN is nonzero, implement the default value of the action: `$$ = $1'. Otherwise, the following line sets YYVAL to garbage. This behavior is undocumented and Bison users should not rely upon it. Assigning to YYVAL unconditionally makes the parser a bit smaller, and it avoids a GCC warning that YYVAL may be used uninitialized. */ yyval = yyvsp[1-yylen]; YY_REDUCE_PRINT (yyn); switch (yyn) { case 3: #line 40 "parse_y.y" { printf("\n"); ++line; } break; case 4: #line 44 "parse_y.y" { if (strlen((yyvsp[(2) - (3)].string)) > (PAPER_WIDTH-(indent ? strlen(INDENT_STRING):0))) { yyerror("line too long"); } printf("%s%s\n", indent ? INDENT_STRING:"", (yyvsp[(2) - (3)].string)); free((yyvsp[(2) - (3)].string)); indent = 1; ++line; } break; case 5: #line 53 "parse_y.y" { char fixed[PAPER_WIDTH+1]; int len; len = PAPER_WIDTH-(strlen((yyvsp[(2) - (5)].string))+strlen((yyvsp[(4) - (5)].string))); if (len >= 0) { memset(fixed, ' ', len); fixed[len] = '\0'; } else { yyerror("line too wide"); fixed[0] = '\0'; } printf("%s%s%s\n", (yyvsp[(2) - (5)].string), fixed, (yyvsp[(4) - (5)].string)); free((yyvsp[(2) - (5)].string)); free((yyvsp[(4) - (5)].string)); indent = 1; ++line; } break; case 6: #line 72 "parse_y.y" { char fixed[PAPER_WIDTH+1]; int len, l; len = PAPER_WIDTH-(strlen((yyvsp[(2) - (7)].string))+strlen((yyvsp[(4) - (7)].string))); if (len < 0) { len = 0; yyerror("line too wide"); } l = len/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s%s", (yyvsp[(2) - (7)].string), fixed, (yyvsp[(4) - (7)].string)); free((yyvsp[(2) - (7)].string)); free((yyvsp[(4) - (7)].string)); l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s\n", fixed, (yyvsp[(6) - (7)].string)); free((yyvsp[(6) - (7)].string)); indent = 1; ++line; } break; case 7: #line 99 "parse_y.y" { char fixed[PAPER_WIDTH+1]; int len, l; len = PAPER_WIDTH-(strlen((yyvsp[(2) - (7)].string))+strlen((yyvsp[(4) - (7)].string))); if (len < 0) { len = 0; yyerror("line too wide"); } l = len/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s%s", (yyvsp[(2) - (7)].string), fixed, (yyvsp[(4) - (7)].string)); free((yyvsp[(2) - (7)].string)); free((yyvsp[(4) - (7)].string)); l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s\n", fixed, (yyvsp[(6) - (7)].string)); free((yyvsp[(6) - (7)].string)); indent = 1; ++line; } break; case 8: #line 128 "parse_y.y" { (yyval.string) = strdup(""); } break; case 9: #line 131 "parse_y.y" { (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+strlen((yyvsp[(2) - (2)].string))+1); sprintf((yyval.string),"%s%s", (yyvsp[(1) - (2)].string), (yyvsp[(2) - (2)].string)); free((yyvsp[(1) - (2)].string)); free((yyvsp[(2) - (2)].string)); } break; case 10: #line 139 "parse_y.y" { (yyval.string) = strdup(yytext); } break; case 11: #line 142 "parse_y.y" { (yyval.string) = malloc(strlen((yyvsp[(1) - (2)].string))+2); sprintf((yyval.string),"%s%s", (yyvsp[(1) - (2)].string), yytext); free((yyvsp[(1) - (2)].string)); } break; case 12: #line 147 "parse_y.y" { (yyval.string) = strdup(""); indent = 0; } break; case 13: #line 151 "parse_y.y" { (yyval.string) = strdup("#"); } break; case 14: #line 154 "parse_y.y" { if (((yyval.string) = get_label(yytext)) == NULL) { set_label(yytext, last_label); (yyval.string) = strdup(""); } } break; case 15: #line 160 "parse_y.y" { (yyval.string) = new_counter(yytext); } break; /* Line 1267 of yacc.c. */ #line 1523 "parse_y.c" default: break; } YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc); YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); *++yyvsp = yyval; /* Now `shift' the result of the reduction. Determine what state that goes to, based on the state we popped back to and the rule number reduced by. */ yyn = yyr1[yyn]; yystate = yypgoto[yyn - YYNTOKENS] + *yyssp; if (0 <= yystate && yystate <= YYLAST && yycheck[yystate] == *yyssp) yystate = yytable[yystate]; else yystate = yydefgoto[yyn - YYNTOKENS]; goto yynewstate; /*------------------------------------. | yyerrlab -- here on detecting error | `------------------------------------*/ yyerrlab: /* If not already recovering from an error, report this error. */ if (!yyerrstatus) { ++yynerrs; #if ! YYERROR_VERBOSE yyerror (YY_("syntax error")); #else { YYSIZE_T yysize = yysyntax_error (0, yystate, yychar); if (yymsg_alloc < yysize && yymsg_alloc < YYSTACK_ALLOC_MAXIMUM) { YYSIZE_T yyalloc = 2 * yysize; if (! (yysize <= yyalloc && yyalloc <= YYSTACK_ALLOC_MAXIMUM)) yyalloc = YYSTACK_ALLOC_MAXIMUM; if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); yymsg = (char *) YYSTACK_ALLOC (yyalloc); if (yymsg) yymsg_alloc = yyalloc; else { yymsg = yymsgbuf; yymsg_alloc = sizeof yymsgbuf; } } if (0 < yysize && yysize <= yymsg_alloc) { (void) yysyntax_error (yymsg, yystate, yychar); yyerror (yymsg); } else { yyerror (YY_("syntax error")); if (yysize != 0) goto yyexhaustedlab; } } #endif } if (yyerrstatus == 3) { /* If just tried and failed to reuse look-ahead token after an error, discard it. */ if (yychar <= YYEOF) { /* Return failure if at end of input. */ if (yychar == YYEOF) YYABORT; } else { yydestruct ("Error: discarding", yytoken, &yylval); yychar = YYEMPTY; } } /* Else will try to reuse look-ahead token after shifting the error token. */ goto yyerrlab1; /*---------------------------------------------------. | yyerrorlab -- error raised explicitly by YYERROR. | `---------------------------------------------------*/ yyerrorlab: /* Pacify compilers like GCC when the user code never invokes YYERROR and the label yyerrorlab therefore never appears in user code. */ if (/*CONSTCOND*/ 0) goto yyerrorlab; /* Do not reclaim the symbols of the rule which action triggered this YYERROR. */ YYPOPSTACK (yylen); yylen = 0; YY_STACK_PRINT (yyss, yyssp); yystate = *yyssp; goto yyerrlab1; /*-------------------------------------------------------------. | yyerrlab1 -- common code for both syntax error and YYERROR. | `-------------------------------------------------------------*/ yyerrlab1: yyerrstatus = 3; /* Each real token shifted decrements this. */ for (;;) { yyn = yypact[yystate]; if (yyn != YYPACT_NINF) { yyn += YYTERROR; if (0 <= yyn && yyn <= YYLAST && yycheck[yyn] == YYTERROR) { yyn = yytable[yyn]; if (0 < yyn) break; } } /* Pop the current state because it cannot handle the error token. */ if (yyssp == yyss) YYABORT; yydestruct ("Error: popping", yystos[yystate], yyvsp); YYPOPSTACK (1); yystate = *yyssp; YY_STACK_PRINT (yyss, yyssp); } if (yyn == YYFINAL) YYACCEPT; *++yyvsp = yylval; /* Shift the error token. */ YY_SYMBOL_PRINT ("Shifting", yystos[yyn], yyvsp, yylsp); yystate = yyn; goto yynewstate; /*-------------------------------------. | yyacceptlab -- YYACCEPT comes here. | `-------------------------------------*/ yyacceptlab: yyresult = 0; goto yyreturn; /*-----------------------------------. | yyabortlab -- YYABORT comes here. | `-----------------------------------*/ yyabortlab: yyresult = 1; goto yyreturn; #ifndef yyoverflow /*-------------------------------------------------. | yyexhaustedlab -- memory exhaustion comes here. | `-------------------------------------------------*/ yyexhaustedlab: yyerror (YY_("memory exhausted")); yyresult = 2; /* Fall through. */ #endif yyreturn: if (yychar != YYEOF && yychar != YYEMPTY) yydestruct ("Cleanup: discarding lookahead", yytoken, &yylval); /* Do not reclaim the symbols of the rule which action triggered this YYABORT or YYACCEPT. */ YYPOPSTACK (yylen); YY_STACK_PRINT (yyss, yyssp); while (yyssp != yyss) { yydestruct ("Cleanup: popping", yystos[*yyssp], yyvsp); YYPOPSTACK (1); } #ifndef yyoverflow if (yyss != yyssa) YYSTACK_FREE (yyss); #endif #if YYERROR_VERBOSE if (yymsg != yymsgbuf) YYSTACK_FREE (yymsg); #endif /* Make sure YYID is used. */ return YYID (yyresult); } #line 165 "parse_y.y" typedef struct node_s { struct node_s *left, *right; const char *key; char *value; } *node_t; node_t label_root = NULL; node_t counter_root = NULL; static const char *find_key(node_t root, const char *key) { while (root) { int cmp = strcmp(key, root->key); if (cmp > 0) { root = root->right; } else if (cmp) { root = root->left; } else { return root->value; } } return NULL; } static node_t set_key(node_t root, const char *key, const char *value) { if (root) { int cmp = strcmp(key, root->key); if (cmp > 0) { root->right = set_key(root->right, key, value); } else if (cmp) { root->left = set_key(root->left, key, value); } else { free(root->value); root->value = strdup(value); } } else { root = malloc(sizeof(struct node_s)); root->right = root->left = NULL; root->key = strdup(key); root->value = strdup(value); } return root; } void yyerror(const char *x) { fprintf(stderr, "line %d: %s\n", line, x); } char *get_label(const char *label) { const char *found = find_key(label_root, label); if (found) { return strdup(found); } return NULL; } void set_label(const char *label, const char *target) { if (target == NULL) { yyerror("no hanging value for label"); target = ""; /* avoid trigraph warning */ } label_root = set_key(label_root, label, target); } char *new_counter(const char *key) { int i=0, j, ndollars = 0; const char *old; char *new; if (key[i++] != '#') { yyerror("bad index"); return strdup(""); /* avoid trigraph warning */ } while (key[i] == '$') { ++ndollars; ++i; } key += i; old = find_key(counter_root, key); new = malloc(20*ndollars); if (old) { for (j=0; ndollars > 1 && old[j]; ) { if (old[j++] == '.' && --ndollars <= 0) { break; } } if (j) { strncpy(new, old, j); } if (old[j]) { i = atoi(old+j); } else { new[j++] = '.'; i = 0; } } else { j=0; while (--ndollars > 0) { new[j++] = '0'; new[j++] = '.'; } i = 0; } new[j] = '\0'; sprintf(new+j, "%d", ++i); counter_root = set_key(counter_root, key, new); if (last_label) { free(last_label); } last_label = strdup(new); return new; } int main(void) { return yyparse(); } pam/doc/specs/parse_y.h0000644000000000000000000000462113261244762012230 0ustar /* A Bison parser, made by GNU Bison 2.3. */ /* Skeleton interface for Bison's Yacc-like parsers in C Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ /* As a special exception, you may create a larger work that contains part or all of the Bison parser skeleton and distribute that work under terms of your choice, so long as that work isn't itself a parser generator using the skeleton or a modified version thereof as a parser skeleton. Alternatively, if you modify or redistribute the parser skeleton itself, you may (at your option) remove this special exception, which will cause the skeleton and the resulting Bison output files to be licensed under the GNU General Public License without this special exception. This special exception was added by the Free Software Foundation in version 2.2 of Bison. */ /* Tokens. */ #ifndef YYTOKENTYPE # define YYTOKENTYPE /* Put the tokens into the symbol table, so that GDB and other debuggers know about them. */ enum yytokentype { NEW_COUNTER = 258, LABEL = 259, HASH = 260, CHAR = 261, NEWLINE = 262, NO_INDENT = 263, RIGHT = 264 }; #endif /* Tokens. */ #define NEW_COUNTER 258 #define LABEL 259 #define HASH 260 #define CHAR 261 #define NEWLINE 262 #define NO_INDENT 263 #define RIGHT 264 #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED typedef union YYSTYPE #line 27 "parse_y.y" { int def; char *string; } /* Line 1489 of yacc.c. */ #line 72 "parse_y.h" YYSTYPE; # define yystype YYSTYPE /* obsolescent; will be withdrawn */ # define YYSTYPE_IS_DECLARED 1 # define YYSTYPE_IS_TRIVIAL 1 #endif extern YYSTYPE yylval; pam/doc/specs/parse_y.y0000644000000000000000000001201013261244762012240 0ustar %{ #ifdef HAVE_CONFIG_H # include #endif #include #include #include #define MAXLINE 1000 #define INDENT_STRING " " #define PAPER_WIDTH 74 int indent=0; int line=1; char *last_label=NULL; extern int yylex(void); extern char *yytext; extern void yyerror(const char *x); extern char *get_label(const char *label); extern void set_label(const char *label, const char *target); char *new_counter(const char *key); %} %union { int def; char *string; } %token NEW_COUNTER LABEL HASH CHAR NEWLINE NO_INDENT RIGHT %type stuff text %start doc %% doc: | doc NEWLINE { printf("\n"); ++line; } | doc stuff NEWLINE { if (strlen($2) > (PAPER_WIDTH-(indent ? strlen(INDENT_STRING):0))) { yyerror("line too long"); } printf("%s%s\n", indent ? INDENT_STRING:"", $2); free($2); indent = 1; ++line; } | doc stuff RIGHT stuff NEWLINE { char fixed[PAPER_WIDTH+1]; int len; len = PAPER_WIDTH-(strlen($2)+strlen($4)); if (len >= 0) { memset(fixed, ' ', len); fixed[len] = '\0'; } else { yyerror("line too wide"); fixed[0] = '\0'; } printf("%s%s%s\n", $2, fixed, $4); free($2); free($4); indent = 1; ++line; } | doc stuff RIGHT stuff RIGHT stuff NEWLINE { char fixed[PAPER_WIDTH+1]; int len, l; len = PAPER_WIDTH-(strlen($2)+strlen($4)); if (len < 0) { len = 0; yyerror("line too wide"); } l = len/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s%s", $2, fixed, $4); free($2); free($4); l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s\n", fixed, $6); free($6); indent = 1; ++line; } | doc stuff RIGHT stuff RIGHT stuff NEWLINE { char fixed[PAPER_WIDTH+1]; int len, l; len = PAPER_WIDTH-(strlen($2)+strlen($4)); if (len < 0) { len = 0; yyerror("line too wide"); } l = len/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s%s", $2, fixed, $4); free($2); free($4); l = (len+1)/2; memset(fixed, ' ', l); fixed[l] = '\0'; printf("%s%s\n", fixed, $6); free($6); indent = 1; ++line; } ; stuff: { $$ = strdup(""); } | stuff text { $$ = malloc(strlen($1)+strlen($2)+1); sprintf($$,"%s%s", $1, $2); free($1); free($2); } ; text: CHAR { $$ = strdup(yytext); } | text CHAR { $$ = malloc(strlen($1)+2); sprintf($$,"%s%s", $1, yytext); free($1); } | NO_INDENT { $$ = strdup(""); indent = 0; } | HASH { $$ = strdup("#"); } | LABEL { if (($$ = get_label(yytext)) == NULL) { set_label(yytext, last_label); $$ = strdup(""); } } | NEW_COUNTER { $$ = new_counter(yytext); } ; %% typedef struct node_s { struct node_s *left, *right; const char *key; char *value; } *node_t; node_t label_root = NULL; node_t counter_root = NULL; static const char *find_key(node_t root, const char *key) { while (root) { int cmp = strcmp(key, root->key); if (cmp > 0) { root = root->right; } else if (cmp) { root = root->left; } else { return root->value; } } return NULL; } static node_t set_key(node_t root, const char *key, const char *value) { if (root) { int cmp = strcmp(key, root->key); if (cmp > 0) { root->right = set_key(root->right, key, value); } else if (cmp) { root->left = set_key(root->left, key, value); } else { free(root->value); root->value = strdup(value); } } else { root = malloc(sizeof(struct node_s)); root->right = root->left = NULL; root->key = strdup(key); root->value = strdup(value); } return root; } void yyerror(const char *x) { fprintf(stderr, "line %d: %s\n", line, x); } char *get_label(const char *label) { const char *found = find_key(label_root, label); if (found) { return strdup(found); } return NULL; } void set_label(const char *label, const char *target) { if (target == NULL) { yyerror("no hanging value for label"); target = ""; /* avoid trigraph warning */ } label_root = set_key(label_root, label, target); } char *new_counter(const char *key) { int i=0, j, ndollars = 0; const char *old; char *new; if (key[i++] != '#') { yyerror("bad index"); return strdup(""); /* avoid trigraph warning */ } while (key[i] == '$') { ++ndollars; ++i; } key += i; old = find_key(counter_root, key); new = malloc(20*ndollars); if (old) { for (j=0; ndollars > 1 && old[j]; ) { if (old[j++] == '.' && --ndollars <= 0) { break; } } if (j) { strncpy(new, old, j); } if (old[j]) { i = atoi(old+j); } else { new[j++] = '.'; i = 0; } } else { j=0; while (--ndollars > 0) { new[j++] = '0'; new[j++] = '.'; } i = 0; } new[j] = '\0'; sprintf(new+j, "%d", ++i); counter_root = set_key(counter_root, key, new); if (last_label) { free(last_label); } last_label = strdup(new); return new; } int main(void) { return yyparse(); } pam/doc/specs/rfc86.0.txt0000644000000000000000000020455413261244762012253 0ustar Open Software Foundation V. Samar (SunSoft) Request For Comments: 86.0 R. Schemers (SunSoft) October 1995 UNIFIED LOGIN WITH PLUGGABLE AUTHENTICATION MODULES (PAM) 1. INTRODUCTION Since low-level authentication mechanisms constantly evolve, it is important to shield the high-level consumers of these mechanisms (system-entry services and users) from such low-level changes. With the Pluggable Authentication Module (PAM) framework, we can provide pluggability for a variety of system-entry services -- not just system authentication _per se_, but also for account, session and password management. PAM's ability to _stack_ authentication modules can be used to integrate `login' with different authentication mechanisms such as RSA, DCE, and Kerberos, and thus unify login mechanisms. The PAM framework can also provide easy integration of smart cards into the system. Modular design and pluggability have become important for users who want ease of use. In the PC hardware arena, no one wants to set the interrupt vector numbers or resolve the addressing conflict between various devices. In the software arena, people also want to be able to replace components easily for easy customization, maintenance, and upgrades. Authentication software deserves special attention because authentication forms a very critical component of any secure computer system. The authentication infrastructure and its components may have to be modified or replaced either because some deficiencies have been found in the current algorithms, or because sites want to enforce a different security policy than what was provided by the system vendor. The replacement and modification should be done in such a way that the user is not affected by these changes. The solution has to address not just how the applications use the new authentication mechanisms in a generic fashion, but also how the user will be authenticated to these mechanisms in a generic way. The former is addressed by GSS-API [Linn 93], while this RFC addresses the later; these two efforts are complementary to each other. Since most system-entry services (for example, `login', `dtlogin', `rlogin', `ftp', `rsh') may want to be independent of the specific authentication mechanisms used by the machine, it is important that there be a framework for _plugging_ in various mechanisms. This requires that the system applications use a standard API to interact Samar, Schemers Page 1 OSF-RFC 86.0 PAM October 1995 with the authentication services. If these system-entry services remain independent of the actual mechanism used on that machine, the system administrator can install suitable authentication modules without requiring changes to these applications. For any security system to be successful, it has to be easy to use. In the case of authentication, the single most important ease-of-use characteristic is that the user should not be required to learn about various ways of authentication and remember multiple passwords. Ideally, there should be one all-encompassing authentication system where there is only one password, but for heterogeneous sites, multiple authentication mechanisms have to co-exist. The problem of integrating multiple authentication mechanisms such as Kerberos [Steiner 88], RSA [Rivest 78], and Diffie-Hellman [Diffie 76, Taylor 88], is also referred to as _integrated login_, or _unified login_ problem. Even if the user has to use multiple authentication mechanisms, the user should not be forced to type multiple passwords. Furthermore, the user should be able to use the new network identity without taking any further actions. The key here is in modular integration of the network authentication technologies with `login' and other system-entry services. In this RFC we discuss the architecture and design of pluggable authentication modules. This design gives the capability to use field-replaceable authentication modules along with unified login capability. It thus provides for both _pluggability_ and _ease-of- use_. The RFC is organized as follows. We first motivate the need for a generic way to authenticate the user by various system-entry services within the operating system. We describe the goals and constraints of the design. This leads to the architecture, description of the interfaces, and _stacking_ of modules to get unified login functionality. We then describe our experience with the design, and end with a description of future work. 2. OVERVIEW OF IDENTIFICATION AND AUTHENTICATION MECHANISMS An identification and authentication ("I&A") mechanism is used to establish a user's identity the system (i.e., to a local machine's operating system) and to other principals on the network. On a typical UNIX system, there are various ports of entry into the system, such as `login', `dtlogin', `rlogin', `ftp', `rsh', `su', and `telnet'. In all cases, the user has to be identified and authenticated before granting appropriate access rights to the user. The user identification and authentication for all these entry points needs to be coordinated to ensure a secure system. In most of the current UNIX systems, the login mechanism is based upon verification of the password using the modified DES algorithm. Samar, Schemers Page 2 OSF-RFC 86.0 PAM October 1995 The security of the implementation assumes that the password cannot be guessed, and that the password does not go over the wire in the clear. These assumptions, however, are not universally valid. Various programs are now available freely on the Internet that can run dictionary attack against the encrypted password. Further, some of the network services (for example, `rlogin', `ftp', `telnet') send the password over in clear, and there are "sniffer" programs freely available to steal these passwords. The classical assumptions may be acceptable on a trusted network, but in an open environment there is a need to use more restrictive and stronger authentication mechanisms. Examples of such mechanisms include Kerberos, RSA, Diffie-Hellman, one-time password [Skey 94], and challenge-response based smart card authentication systems. Since this list will continue to evolve, it is important that the system-entry services do not have hard-coded dependencies on any of these authentication mechanisms. 3. DESIGN GOALS The goals of the PAM framework are as follows: (a) The system administrator should be able to choose the default authentication mechanism for the machine. This can range from a simple password-based mechanism to a biometric or a smart card based system. (b) It should be possible to configure the user authentication mechanism on a per application basis. For example, a site may require S/Key password authentication for `telnet' access, while allowing machine `login' sessions with just UNIX password authentication. (c) The framework should support the display requirements of the applications. For example, for a graphical login session such as `dtlogin', the user name and the password may have to be entered in a new window. For networking system-entry applications such as `ftp' and `telnet', the user name and password has to be transmitted over the network to the client machine. (d) It should be possible to configure multiple authentication protocols for each of those applications. For example, one may want the users to get authenticated by both Kerberos and RSA authentication systems. (e) The system administrator should be able to _stack_ multiple user authentication mechanisms such that the user is authenticated with all authentication protocols without retyping the password. Samar, Schemers Page 3 OSF-RFC 86.0 PAM October 1995 (f) The architecture should allow for multiple passwords if necessary to achieve higher security for users with specific security requirements. (g) The system-entry services should not be required to change when the underlying mechanism changes. This can be very useful for third-party developers because they often do not have the source code for these services. (h) The architecture should provide for a _pluggable_ model for system authentication, as well as for other related tasks such as password, account, and session management. (i) For backward-compatibility reasons, the PAM API should support the authentication requirements of the current system-entry services. There are certain issues that the PAM framework does not specifically address: (a) We focus only on providing a generic scheme through which users use passwords to establish their identities to the machine. Once the identity is established, how the identity is communicated to other interested parties is outside the scope of this design. There are efforts underway at IETF [Linn 93] to develop a Generic Security Services Application Interface (GSSAPI) that can be used by applications for secure and authenticated communication without knowing the underlying mechanism. (b) The _single-signon_ problem of securely transferring the identity of the caller to a remote site is not addressed. For example, the problem of delegating credentials from the `rlogin' client to the other machine without typing the password is not addressed by our work. We also do not address the problem of sending the passwords over the network in the clear. (c) We do not address the source of information obtained from the "`getXbyY()'" family of calls (e.g., `getpwnam()'). Different operating systems address this problem differently. For example, Solaris uses the name service switch (NSS) to determine the source of information for the "`getXbyY()'" calls. It is expected that data which is stored in multiple sources (such as passwd entries in NIS+ and the DCE registry) is kept in sync using the appropriate commands (such as `passwd_export'). Samar, Schemers Page 4 OSF-RFC 86.0 PAM October 1995 4. OVERVIEW OF THE PAM FRAMEWORK We propose that the goals listed above can be met through a framework in which authentication modules can be _plugged_ independently of the application. We call this the _Pluggable Authentication Modules_ (PAM) framework. The core components of the PAM framework are the authentication library API (the front end) and the authentication mechanism-specific modules (the back end), connected through the Service Provider Interface (SPI). Applications write to the PAM API, while the authentication-system providers write to the PAM SPI and supply the back end modules that are independent of the application. ftp telnet login (Applications) | | | | | | +--------+--------+ | +-----+-----+ | PAM API | <-- pam.conf file +-----+-----+ | +--------+--------+ UNIX Kerberos Smart Cards (Mechanisms) Figure 1: The Basic PAM Architecture Figure 1 illustrates the relationship between the application, the PAM library, and the authentication modules. Three applications (`login', `telnet' and `ftp') are shown which use the PAM authentication interfaces. When an application makes a call to the PAM API, it loads the appropriate authentication module as determined by the configuration file, `pam.conf'. The request is forwarded to the underlying authentication module (for example, UNIX password, Kerberos, smart cards) to perform the specified operation. The PAM layer then returns the response from the authentication module to the application. PAM unifies system authentication and access control for the system, and allows plugging of associated authentication modules through well defined interfaces. The plugging can be defined through various means, one of which uses a configuration file, such as the one in Table 1. For each of the system applications, the file specifies the authentication module that should be loaded. In the example below, `login' uses the UNIX password module, while `ftp' and `telnet' use the S/Key module. Samar, Schemers Page 5 OSF-RFC 86.0 PAM October 1995 Table 1: A Simplified View of a Sample PAM Configuration File. service module_path ------- ----------- login pam_unix.so ftp pam_skey.so telnet pam_skey.so Authentication configuration is only one aspect of this interface. Other critical components include account management, session management, and password management. For example, the `login' program may want to verify not only the password but also whether the account has aged or expired. Generic interfaces also need to be provided so that the password can be changed according to the requirements of the module. Furthermore, the application may want to log information about the current session as determined by the module. Not all applications or services may need all of the above components, and not each authentication module may need to provide support for all of the interfaces. For example, while `login' may need access to all four components, `su' may need access to just the authentication component. Some applications may use some specific authentication and password management modules but share the account and session management modules with others. This reasoning leads to a partitioning of the entire set of interfaces into four areas of functionality: (1) authentication, (2) account, (3) session, and (4) password. The concept of PAM was extended to these functional areas by implementing each of them as a separate pluggable module. Breaking the functionality into four modules helps the module providers because they can use the system-provided libraries for the modules that they are not changing. For example, if a supplier wants to provide a better version of Kerberos, they can just provide that new authentication and password module, and reuse the existing ones for account and session. 4.1. Module Description More details on specific API's are described in Appendix A. A brief description of four modules follows: (a) Authentication management: This set includes the `pam_authenticate()' function to authenticate the user, and the `pam_setcred()' interface to set, refresh or destroy the user credentials. (b) Account management: This set includes the `pam_acct_mgmt()' function to check whether the authenticated user should be Samar, Schemers Page 6 OSF-RFC 86.0 PAM October 1995 given access to his/her account. This function can implement account expiration and access hour restrictions. (c) Session management: This set includes the `pam_open_session()' and `pam_close_session()' functions for session management and accounting. For example, the system may want to store the total time for the session. (d) Password management: This set includes a function, `pam_chauthtok()', to change the password. 5. FRAMEWORK INTERFACES The PAM framework further provides a set of administrative interfaces to support the above modules and to provide for application-module communication. There is no corresponding service provider interface (SPI) for such functions. 5.1. Administrative Interfaces Each set of PAM transactions starts with `pam_start()' and ends with the `pam_end()' function. The interfaces `pam_get_item()' and `pam_set_item()' are used to read and write the state information associated with the PAM transaction. If there is any error with any of the PAM interfaces, the error message can be printed with `pam_strerror()'. 5.2. Application-Module Communication During application initialization, certain data such as the user name is saved in the PAM framework layer through `pam_start()' so that it can be used by the underlying modules. The application can also pass opaque data to the module which the modules will pass back while communicating with the user. 5.3. User-Module Communication The `pam_start()' function also passes conversation function that has to be used by the underlying modules to read and write module specific authentication information. For example, these functions can be used to prompt the user for the password in a way determined by the application. PAM can thus be used by graphical, non- graphical, or networked applications. Samar, Schemers Page 7 OSF-RFC 86.0 PAM October 1995 5.4. Inter-Module Communication Though the modules are independent, they can share certain common information about the authentication session such as user name, service name, password, and conversation function through the `pam_get_item()' and `pam_set_item()' interfaces. These API's can also be used by the application to change the state information after having called `pam_start()' once. 5.5. Module State Information The PAM service modules may want to keep certain module-specific state information about the session. The interfaces `pam_get_data()' and `pam_set_data()' can be used by the service modules to access and update module-specific information as needed from the PAM handle. The modules can also attach a cleanup function with the data. The cleanup function is executed when `pam_end()' is called to indicate the end of the current authentication activity. Since the PAM modules are loaded upon demand, there is no direct module initialization support in the PAM framework. If there are certain initialization tasks that the PAM service modules have to do, they should be done upon the first invocation. However, if there are certain clean-up tasks to be done when the authentication session ends, the modules should use `pam_set_data()' to specify the clean-up functions, which would be called when `pam_end()' is called by the application. 6. MODULE CONFIGURATION MANAGEMENT Table 2 shows an example of a configuration file `pam.conf' with support for authentication, session, account, and password management modules. `login' has three entries: one each for authentication processing, session management and account management. Each entry specifies the module name that should be loaded for the given module type. In this example, the `ftp' service uses the authentication and session modules. Note that all services here share the same session management module, while having different authentication modules. Samar, Schemers Page 8 OSF-RFC 86.0 PAM October 1995 Table 2: Configuration File (pam.conf) with Different Modules and Control Flow service module_type control_flag module_path options ------- ----------- ------------ ----------- ------- login auth required pam_unix_auth.so nowarn login session required pam_unix_session.so login account required pam_unix_account.so ftp auth required pam_skey_auth.so debug ftp session required pam_unix_session.so telnet session required pam_unix_session.so login password required pam_unix_passwd.so passwd password required pam_unix_passwd.so OTHER auth required pam_unix_auth.so OTHER session required pam_unix_session.so OTHER account required pam_unix_account.so The first field, _service_, denotes the service (for example, `login', `passwd', `rlogin'). The name `OTHER' indicates the module used by all other applications that have not been specified in this file. This name can also be used if all services have the same requirements. In the example, since all the services use the same session module, we could have replaced those lines with a single `OTHER' line. The second field, _module_type_, indicates the type of the PAM functional module. It can be one of `auth', `account', `session', or `password' modules. The third field, _control_flag_ determines the behavior of stacking multiple modules by specifying whether any particular module is _required_, _sufficient_, or _optional_. The next section describes stacking in more detail. The fourth field, _module_path_, specifies the location of the module. The PAM framework loads this module upon demand to invoke the required function. The fifth field, _options_, is used by the PAM framework layer to pass module specific options to the modules. It is up to the module to parse and interpret the options. This field can be used by the modules to turn on debugging or to pass any module specific parameters such as a timeout value. It is also used to support unified login as described below. The options field can be used by the system administrator to fine-tune the PAM modules. If any of the fields are invalid, or if a module is not found, that line is ignored and the error is logged as a critical error via `syslog(3)'. If no entries are found for the given module type, then the PAM framework returns an error to the application. Samar, Schemers Page 9 OSF-RFC 86.0 PAM October 1995 7. INTEGRATING MULTIPLE AUTHENTICATION SERVICES WITH STACKING In the world of heterogeneous systems, the system administrator often has to deal with the problem of integrating multiple authentication mechanisms. The user is often required to know about the authentication command of the new authentication module (for example, `kinit', `dce_login') after logging into the system. This is not user-friendly because it forces people to remember to type the new command and enter the new password. This functionality should be invisible instead of burdening the user with it. There are two problems to be addressed here: (a) Supporting multiple authentication mechanisms. (b) Providing unified login in the presence of multiple mechanisms. In the previous section, we described how one could replace the default authentication module with any other module of choice. Now we demonstrate how the same model can be extended to provide support for multiple modules. 7.1. Design for Stacked Modules One possibility was to provide hard-coded rules in `login' or other applications requiring authentication services [Adamson 95]. But this becomes very specific to the particular combination of authentication protocols, and also requires the source code of the application. Digital's Security Integration Architecture [SIA 95] addresses this problem by specifying the same list of authentication modules for all applications. Since requirements for various applications can vary, it is essential that the configuration be on a per-application basis. To support multiple authentication mechanisms, the PAM framework was extended to support _stacking_. When any API is called, the back ends for the stacked modules are invoked in the order listed, and the result returned to the caller. In Figure 2, the authentication service of `login' is stacked and the user is authenticated by UNIX, Kerberos, and RSA authentication mechanisms. Note that in this example, there is no stacking for session or account management modules. Samar, Schemers Page 10 OSF-RFC 86.0 PAM October 1995 login | +--------+--------+ | | | session auth account | | | +--+--+ +--+--+ +--+--+ | PAM | | PAM | | PAM | +--+--+ +--+--+ +--+--+ | | | UNIX UNIX UNIX session auth account | Kerberos auth | RSA auth Figure 2: Stacking With the PAM Architecture Stacking is specified through additional entries in the configuration file shown earlier. As shown in Table 2, for each application (such as `login') the configuration file can specify multiple mechanisms that have to be invoked in the specified order. When mechanisms fail, the _control_flag_ decides which error should be returned to the application. Since the user should not know which authentication module failed when a bad password was typed, the PAM framework continues to call other authentication modules on the stack even on failure. The semantics of the control flag are as follows: (a) `required': With this flag, the module failure results in the PAM framework returning the error to the caller _after_ executing all other modules on the stack. For the function to be able to return success to the application all `required' modules have to report success. This flag is normally set when authentication by this module is a _must_. (b) `optional': With this flag, the PAM framework ignores the module failure and continues with the processing of the next module in sequence. This flag is used when the user is allowed to login even if that particular module has failed. (c) `sufficient': With this flag, if the module succeeds the PAM framework returns success to the application immediately without trying any other modules. For failure cases, the _sufficient_ modules are treated as `optional'. Table 3 shows a sample configuration file that stacks the `login' command. Here the user is authenticated by UNIX, Kerberos, and RSA authentication services. The `required' key word for _control_flag_ Samar, Schemers Page 11 OSF-RFC 86.0 PAM October 1995 enforces that the user is allowed to login only if he/she is authenticated by _both_ UNIX and Kerberos services. RSA authentication is optional by virtue of the `optional' key word in the _control_flag_ field. The user can still log in even if RSA authentication fails. Table 3: PAM Configuration File with Support for Stacking service module_type control_flag module_path options ------- ----------- ------------ ----------- ------- login auth required pam_unix.so debug login auth required pam_kerb.so use_mapped_pass login auth optional pam_rsa.so use_first_pass Table 4 illustrates the use of the sufficient flag for the `rlogin' service. The Berkeley `rlogin' protocol specifies that if the remote host is trusted (as specified in the `/etc/hosts.equiv' file or in the `.rhosts' file in the home directory of the user), then the `rlogin' daemon should not require the user to type the password. If this is not the case, then the user is required to type the password. Instead of hard coding this policy in the `rlogin' daemon, this can be expressed with the `pam.conf' file in Table 4. The PAM module `pam_rhosts_auth.so.1' implements the `.rhosts' policy described above. If a site administrator wants to enable remote login with only passwords, then the first line should be deleted. Table 4: PAM Configuration File for the rlogin service service module_type control_flag module_path options ------- ----------- ------------ ----------- ------- rlogin auth sufficient pam_rhosts_auth.so rlogin auth required pam_unix.so 7.2. Password-Mapping Multiple authentication mechanisms on a machine can lead to multiple passwords that users have to remember. One attractive solution from the ease-of-use viewpoint is to use the same password for all mechanisms. This, however, can also weaken the security because if that password were to be compromised in any of the multiple mechanisms, all mechanisms would be compromised at the same time. Furthermore, different authentication mechanisms may have their own distinctive password requirements in regards to its length, allowed characters, time interval between updates, aging, locking, and so forth. These requirements make it problematic to use the same password for multiple authentication mechanisms. The solution we propose, while not precluding use of the same password for every mechanism, allows for a different password for each mechanism through what we call _password-mapping_. This basically means using the user's _primary_ password to encrypt the Samar, Schemers Page 12 OSF-RFC 86.0 PAM October 1995 user's other (_secondary_) passwords, and storing these encrypted passwords in a place where they are available to the user. Once the primary password is verified, the authentication modules would obtain the other passwords for their own mechanisms by decrypting the mechanism-specific encrypted password with the primary password, and passing it to the authentication service. The security of this design for password-mapping assumes that the primary password is the user's strongest password, in terms of its unguessability (length, type and mix of characters used, etc.). If there is any error in password-mapping, or if the mapping does not exist, the user will be prompted for the password by each authentication module. To support password-mapping, the PAM framework saves the primary password and provides it to stacked authentication modules. The password is cleared out before the `pam_authenticate' function returns. How the password is encrypted depends completely on the module implementation. The encrypted secondary password (also called a "mapped password") can be stored in a trusted or untrusted place, such as a smart card, a local file, or a directory service. If the encrypted passwords are stored in an untrusted publicly accessible place, this does provide an intruder with opportunities for potential dictionary attack. Though password-mapping is voluntary, it is recommended that all module providers add support for the following four mapping options: (a) `use_first_pass': Use the same password used by the first mechanism that asked for a password. The module should not ask for the password if the user cannot be authenticated by the first password. This option is normally used when the system administrator wants to enforce the same password across multiple modules. (b) `try_first_pass': This is the same as `use_first_pass', except that if the primary password is not valid, it should prompt the user for the password. (c) `use_mapped_pass': Use the password-mapping scheme to get the actual password for this module. One possible implementation is to get the mapped-password using the XFN API [XFN 94], and decrypt it with the primary password to get the module-specific password. The module should not ask for the password if the user cannot be authenticated by the first password. The XFN API allows user-defined attributes (such as _mapped-password_) to be stored in the _user-context_. Using the XFN API is particularly attractive because support for the XFN may be found on many systems in the future. Samar, Schemers Page 13 OSF-RFC 86.0 PAM October 1995 (d) `try_mapped_pass': This is the same as `use_mapped_pass', except that if the primary password is not valid, it should prompt the user for the password. When passwords get updated, the PAM framework stores both the old as well as the new password to be able to inform other dependent authentication modules about the change. Other modules can use this information to update the encrypted password without forcing the user to type the sequence of passwords again. The PAM framework clears out the passwords before returning to the application. Table 3 illustrates how the same password can be used by `login' for authenticating to the standard UNIX login, Kerberos and RSA services. Once the user has been authenticated to the primary authentication service (UNIX `login' in this example) with the primary password, the option `use_mapped_pass' indicates to the Kerberos module that it should use the primary password to decrypt the stored Kerberos password and then use the Kerberos password to get the ticket for the ticket-granting-service. After that succeeds, the option `use_first_pass' indicates to the RSA module that instead of prompting the user for a password, it should use the primary password typed earlier for authenticating the user. Note that in this scenario, the user has to enter the password just once. Note that if a one-time password scheme (e.g., S/Key) is used, password mapping cannot apply. 7.3. Implications of Stacking on the PAM Design Because of the stacking capability of PAM, we have designed the PAM API's to not return any data to the application, except status. If this were not the case, it would be difficult for the PAM framework to decide which module should return data to the application. When there is any error, the application does not know which of the modules failed. This behavior enables (even requires) the application to be completely independent from the modules. Another design decision we have made is that PAM gives only the user name to all the underlying PAM modules, hence it is the responsibility of the PAM modules to convert the name to their own internal format. For example, the Kerberos module may have to convert the UNIX user name to a Kerberos principal name. Stacking also forces the modules to be designed such that they can occur anywhere in the stack without any side-effects. Since modules such as the authentication and the password module are very closely related, it is important they be configured in the same order and with compatible options. Samar, Schemers Page 14 OSF-RFC 86.0 PAM October 1995 8. INTEGRATION WITH SMART CARDS Many networking authentication protocols require possession of a long key to establish the user identity. For ease-of-use reasons, that long key is normally encrypted with the user's password so that the user is not required to memorize it. However, weak passwords can be compromised through a dictionary attack and thus undermine the stronger network authentication mechanism. Furthermore, the encrypted data is normally stored in a centrally accessible service whose availability depends upon the reliability of the associated service. Solutions have been proposed to use a pass-phrase or one- time-password, but those are much longer than the regular eight character passwords traditionally used with UNIX `login'. This makes the solution user-unfriendly because it requires longer strings to be remembered and typed. For most authentication protocol implementations, the trust boundary is the local machine. This assumption may not be valid in cases where the user is mobile and has to use publicly available networked computers. In such cases, it is required that the clear text of the key or the password never be made available to the machine. Smart cards solve the above problems by reducing password exposure by supporting a _two factor_ authentication mechanism: the first with the possession of the card, and the second with the knowledge of the PIN associated with the card. Not only can the smart cards be a secure repository of multiple passwords, they can also provide the encryption and authentication functions such that the long (private) key is never exposed outside the card. The PAM framework allows for integrating smart cards to the system by providing a smart card specific module for authentication. Furthermore, the unified login problem is simplified because the multiple passwords for various authentication mechanisms can be stored on the smart card itself. This can be enabled by adding a suitable key-word such as `use_smart_card' in the _options_ field. 9. SECURITY ISSUES It is important to understand the impact of PAM on the security of any system so that the site-administrator can make an informed decision. (a) Sharing of passwords with multiple authentication mechanisms. If there are multiple authentication modules, one possibility is to use the same password for all of them. If the password for any of the multiple authentication system is compromised, the user's password in all systems would be compromised. If this is a concern, then multiple passwords might be considered Samar, Schemers Page 15 OSF-RFC 86.0 PAM October 1995 at the cost of ease-of-use. (b) Password-mapping. This technique of encrypting all other passwords with the primary password assumes that it is lot more difficult to crack the primary password and that reasonable steps have been taken to ensure limited availability of the encrypted primary password. If this is not done, an intruder could target the primary password as the first point of dictionary attack. If one of the other modules provide stronger security than the password based security, the site would be negating the strong security by using password-mapping. If this is a concern, then multiple passwords might be considered at the cost of ease-of- use. If smart cards are used, they obviate the need for password-mapping completely. (c) Security of the configuration file. Since the policy file dictates how the user is authenticated, this file should be protected from unauthorized modifications. (d) Stacking various PAM modules. The system administrator should fully understand the implications of stacking various modules that will be installed on the system and their respective orders and interactions. The composition of various authentication modules should be carefully examined. The trusted computing base of the machine now includes the PAM modules. 10. EXPERIENCE WITH PAM The PAM framework was first added in Solaris 2.3 release as a private internal interface. PAM is currently being used by several system entry applications such as `login', `passwd', `su', `dtlogin', `rlogind', `rshd', `telnetd', `ftpd', `in.rexecd', `uucpd', `init', `sac', and `ttymon'. We have found that PAM provides an excellent framework to encapsulate the authentication-related tasks for the entire system. The Solaris 2.3 PAM API's were hence enhanced and simplified to support stacking. PAM modules have been developed for UNIX, DCE, Kerberos, S/Key, remote user authentication, and dialpass authentication. Other PAM modules are under development, and integration with smart cards is being planned. Some third parties have used the PAM interface to extend the security mechanisms offered by the Solaris environment. Samar, Schemers Page 16 OSF-RFC 86.0 PAM October 1995 The PAM API has been accepted by Common Desktop Environment (CDE) vendors as the API to be used for integrating the graphical interface for login, `dtlogin' with multiple authentication mechanisms. 11. FUTURE WORK Amongst the various components of PAM, the password component needs to be carefully examined to see whether the stacking semantics are particularly applicable, and how PAM should deal with partial failures when changing passwords. The _control_flag_ of the configuration file can be extended to include other semantics. For example, if the error is "name service not available", one may want to retry. It is also possible to offer semantics of "return success if any of the modules return success". In an earlier section, we had mentioned integration of smart cards with PAM. Though we feel that integration should be straight forward from the PAM architecture point of view, there may be some issues with implementation because the interfaces to the smart cards have not yet been standardized. One possible extension to PAM is to allow the passing of module- specific data between applications and PAM modules. For example, the `login' program likes to build its new environment from a select list of variables, yet the DCE module needs the `KRB5CCNAME' variable to be exported to the child process. For now we have modified the `login' program to explicitly export the `KRB5CCNAME' variable. Administrative tools are needed to help system administrators modify `pam.conf', and perform sanity checks on it (i.e., a `pam_check' utility). 12. CONCLUSION The PAM framework and the module interfaces provide pluggability for user authentication, as well as for account, session and password management. The PAM architecture can be used by `login' and by all other system-entry services, and thus ensure that all entry points for the system have been secured. This architecture enables replacement and modification of authentication modules in the field to secure the system against the newly found weaknesses without changing any of the system services. The PAM framework can be used to integrate `login' and `dtlogin' with different authentication mechanisms such as RSA and Kerberos. Multiple authentication systems can be accessed with the same password. The PAM framework also provides easy integration of smart cards into the system. Samar, Schemers Page 17 OSF-RFC 86.0 PAM October 1995 PAM provides complementary functionality to GSS-API, in that it provides mechanisms through which the user gets authenticated to any new system-level authentication service on the machine. GSS-API then uses the credentials for authenticated and secure communications with other application-level service entities on the network. 13. ACKNOWLEDGEMENTS PAM development has spanned several release cycles at SunSoft. Shau-Ping Lo, Chuck Hickey, and Alex Choy did the first design and implementation. Bill Shannon and Don Stephenson helped with the PAM architecture. Rocky Wu prototyped stacking of multiple modules. Paul Fronberg, Charlie Lai, and Roland Schemers made very significant enhancements to the PAM interfaces and took the project to completion within a very short time. Kathy Slattery wrote the PAM documentation. John Perry integrated PAM within the CDE framework. APPENDIX A. PAM API'S This appendix gives an informal description of the various interfaces of PAM. Since the goal here is just for the reader to get a working knowledge about the PAM interfaces, not all flags and options have been fully defined and explained. The API's described here are subject to change. The PAM Service Provider Interface is very similar to the PAM API, except for one extra parameter to pass module-specific options to the underlying modules. A.1. Framework Layer API's int pam_start( char *service_name, char *user, struct pam_conv *pam_conversation, pam_handle_t **pamh ); `pam_start()' is called to initiate an authentication transaction. `pam_start()' takes as arguments the name of the service, the name of the user to be authenticated, the address of the conversation structure. `pamh' is later used as a handle for subsequent calls to the PAM library. The PAM modules do not communicate directly with the user; instead they rely on the application to perform all such interaction. The application needs to provide the conversation functions, `conv()', and associated application data pointers through a `pam_conv' Samar, Schemers Page 18 OSF-RFC 86.0 PAM October 1995 structure when it initiates an authentication transaction. The module uses the `conv()' function to prompt the user for data, display error messages, or text information. int pam_end( pam_handle_t *pamh, int pam_status ); `pam_end()' is called to terminate the PAM transaction as specified by `pamh', and to free any storage area allocated by the PAM modules with `pam_set_item()'. int pam_set_item( pam_handle_t *pamh, int item_type, void *item ); int pam_get_item( pam_handle_t *pamh, int item_type, void **item); `pam_get_item()' and `pam_set_item()' allow the parameters specified in the initial call to `pam_start()' to be read and updated. This is useful when a particular parameter is not available when `pam_start()' is called or must be modified after the initial call to `pam_start()'. `pam_set_item()' is passed a pointer to the object, `item', and its type, `item_type'. `pam_get_item()' is passed the address of the pointer, `item', which is assigned the address of the requested object. The `item_type' is one of the following: Table 5: Possible Values for Item_type Item Name Description --------- ----------- PAM_SERVICE The service name PAM_USER The user name PAM_TTY The tty name PAM_RHOST The remote host name PAM_CONV The pam_conv structure PAM_AUTHTOK The authentication token (password) PAM_OLDAUTHTOK The old authentication token PAM_RUSER The remote user name Samar, Schemers Page 19 OSF-RFC 86.0 PAM October 1995 Note that the values of `PAM_AUTHTOK' and `PAM_OLDAUTHTOK' are only available to PAM modules and not to the applications. They are explicitly cleared out by the framework before returning to the application. char * pam_strerror( int errnum ); `pam_strerror()' maps the error number to a PAM error message string, and returns a pointer to that string. int pam_set_data( pam_handle_t *pamh, char *module_data_name, char *data, (*cleanup)(pam_handle_t *pamh, char *data, int error_status) ); The `pam_set_data()' function stores module specific data within the PAM handle. The `module_data_name' uniquely specifies the name to which some data and cleanup callback function can be attached. The cleanup function is called when `pam_end()' is invoked. int pam_get_data( pam_handle_t *pamh, char *module_data_name, void **datap ); The `pam_get_data()' function obtains module-specific data from the PAM handle stored previously by the `pam_get_data()' function. The `module_data_name' uniquely specifies the name for which data has to be obtained. This function is normally used to retrieve module specific state information. A.2. Authentication API's int pam_authenticate( pam_handle_t *pamh, int flags ); The `pam_authenticate()' function is called to verify the identity of the current user. The user is usually required to enter a password or similar authentication token, depending upon the authentication Samar, Schemers Page 20 OSF-RFC 86.0 PAM October 1995 module configured with the system. The user in question is specified by a prior call to `pam_start()', and is referenced by the authentication handle, `pamh'. int pam_setcred( pam_handle_t *pamh, int flags ); The `pam_setcred()' function is called to set the credentials of the current process associated with the authentication handle, `pamh'. The actions that can be denoted through `flags' include credential initialization, refresh, reinitialization and deletion. A.3. Account Management API int pam_acct_mgmt( pam_handle_t *pamh, int flags ); The function `pam_acct_mgmt()' is called to determine whether the current user's account and password are valid. This typically includes checking for password and account expiration, valid login times, etc. The user in question is specified by a prior call to `pam_start()', and is referenced by the authentication handle, `pamh'. A.4. Session Management API's int pam_open_session( pam_handle_t *pamh, int flags ); `pam_open_session()' is called to inform the session modules that a new session has been initialized. All programs which use PAM should invoke `pam_open_session()' when beginning a new session. int pam_close_session( pam_handle_t *pamh, int flags ); Upon termination of this session, the `pam_close_session()' function should be invoked to inform the underlying modules that the session has terminated. Samar, Schemers Page 21 OSF-RFC 86.0 PAM October 1995 A.5. Password Management API's int pam_chauthtok( pam_handle_t *pamh, int flags ); `pam_chauthtok()' is called to change the authentication token associated with the user referenced by the authentication handle `pamh'. After the call, the authentication token of the user will be changed in accordance with the authentication module configured on the system. APPENDIX B. SAMPLE PAM APPLICATION This appendix shows a sample `login' application which uses the PAM API's. It is not meant to be a fully functional login program, as some functionality has been left out in order to emphasize the use of PAM API's. #include static int login_conv(int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr); static struct pam_conv pam_conv = {login_conv, NULL}; static pam_handle_t *pamh; /* Authentication handle */ void main(int argc, char *argv[], char **renvp) { /* * Call pam_start to initiate a PAM authentication operation */ if ((pam_start("login", user_name, &pam_conv, &pamh)) != PAM_SUCCESS) login_exit(1); pam_set_item(pamh, PAM_TTY, ttyn); pam_set_item(pamh, PAM_RHOST, remote_host); while (!authenticated && retry < MAX_RETRIES) { status = pam_authenticate(pamh, 0); authenticated = (status == PAM_SUCCESS); } Samar, Schemers Page 22 OSF-RFC 86.0 PAM October 1995 if (status != PAM_SUCCESS) { fprintf(stderr,"error: %s\n", pam_strerror(status)); login_exit(1); } /* now check if the authenticated user is allowed to login. */ if ((status = pam_acct_mgmt(pamh, 0)) != PAM_SUCCESS) { if (status == PAM_AUTHTOK_EXPIRED) { status = pam_chauthtok(pamh, 0); if (status != PAM_SUCCESS) login_exit(1); } else { login_exit(1); } } /* * call pam_open_session to open the authenticated session * pam_close_session gets called by the process that * cleans up the utmp entry (i.e., init) */ if (status = pam_open_session(pamh, 0) != PAM_SUCCESS) { login_exit(status); } /* set up the process credentials */ setgid(pwd->pw_gid); /* * Initialize the supplementary group access list. * This should be done before pam_setcred because * the PAM modules might add groups during the pam_setcred call */ initgroups(user_name, pwd->pw_gid); status = pam_setcred(pamh, PAM_ESTABLISH_CRED); if (status != PAM_SUCCESS) { login_exit(status); } /* set the real (and effective) UID */ setuid(pwd->pw_uid); pam_end(pamh, PAM_SUCCESS); /* Done using PAM */ /* * Add DCE/Kerberos cred name, if any. * XXX - The module specific stuff should be removed from login * program eventually. This is better placed in DCE module and * will be once PAM has routines for "exporting" environment Samar, Schemers Page 23 OSF-RFC 86.0 PAM October 1995 * variables. */ krb5p = getenv("KRB5CCNAME"); if (krb5p != NULL) { ENVSTRNCAT(krb5ccname, krb5p); envinit[basicenv++] = krb5ccname; } environ = envinit; /* Switch to the new environment. */ exec_the_shell(); /* All done */ } /* * login_exit - Call exit() and terminate. * This function is here for PAM so cleanup can * be done before the process exits. */ static void login_exit(int exit_code) { if (pamh) pam_end(pamh, PAM_ABORT); exit(exit_code); /*NOTREACHED*/ } /* * login_conv(): * This is the conv (conversation) function called from * a PAM authentication module to print error messages * or garner information from the user. */ static int login_conv(int num_msg, struct pam_message **msg, struct pam_response **response, void *appdata_ptr) { while (num_msg--) { switch (m->msg_style) { case PAM_PROMPT_ECHO_OFF: r->resp = strdup(getpass(m->msg)); break; case PAM_PROMPT_ECHO_ON: (void) fputs(m->msg, stdout); r->resp = malloc(PAM_MAX_RESP_SIZE); fgets(r->resp, PAM_MAX_RESP_SIZE, stdin); /* add code here to remove \n from fputs */ Samar, Schemers Page 24 OSF-RFC 86.0 PAM October 1995 break; case PAM_ERROR_MSG: (void) fputs(m->msg, stderr); break; case PAM_TEXT_INFO: (void) fputs(m->msg, stdout); break; default: /* add code here to log error message, etc */ break; } } return (PAM_SUCCESS); } APPENDIX C. DCE MODULE This appendix describes a sample implementation of a DCE PAM module. In order to simplify the description, we do not address the issues raised by password-mapping or stacking. The intent is to show which DCE calls are being made by the DCE module. The `pam_sm_*()' functions implement the PAM SPI functions which are called from the PAM API functions. C.1. DCE Authentication Management The algorithm for authenticating with DCE (not including error checking, prompting for passwords, etc.) is as follows: pam_sm_authenticate() { sec_login_setup_identity(...); pam_set_data(...); sec_login_valid_and_cert_ident(...); } pam_sm_setcred() { pam_get_data(...); sec_login_set_context(...); } The `pam_sm_authenticate()' function for DCE uses the `pam_set_data()' and `pam_get_data()' functions to keep state (like the `sec_login_handle_t' context) between calls. The following cleanup function is also registered and gets called when `pam_end()' Samar, Schemers Page 25 OSF-RFC 86.0 PAM October 1995 is called: dce_cleanup() { if (/* PAM_SUCCESS and sec_login_valid_and_cert_ident success */) { sec_login_release_context(...); } else { sec_login_purge_context(...); } } If everything was successful we release the login context, but leave the credentials file intact. If the status passed to `pam_end()' was not `PAM_SUCCESS' (i.e., a required module failed) we purge the login context which also removes the credentials file. C.2. DCE Account Management The algorithm for DCE account management is as follows: pam_sm_acct_mgmt() { pam_get_data(...); sec_login_inquire_net_info(...); /* check for expired password and account */ sec_login_free_net_info(...); } The `sec_login_inquire_net_info()' function is called to obtain information about when the user's account and/or password are going to expire. A warning message is displayed (using the conversation function) if the user's account or password is going to expire in the near future, or has expired. These warning messages can be disabled using the `nowarn' option in the `pam.conf' file. C.3. DCE Session Management The DCE session management functions are currently empty. They could be modified to optionally remove the DCE credentials file upon logout, etc. C.4. DCE Password Management The algorithm for DCE password management is as follows: Samar, Schemers Page 26 OSF-RFC 86.0 PAM October 1995 pam_sm_chauthtok { sec_rgy_site_open(...); sec_rgy_acct_lookup(...); sec_rgy_acct_passwd(...); sec_rgy_site_close(...); } The `sec_rgy_acct_passwd()' function is called to change the user's password in the DCE registry. REFERENCES [Adamson 95] W. A. Adamson, J. Rees, and P. Honeyman, "Joining Security Realms: A Single Login for Netware and Kerberos", CITI Technical Report 95-1, Center for Information Technology Integration, University of Michigan, Ann Arbor, MI, February 1995. [Diffie 76] W. Diffie and M. E. Hellman, "New Directions in Cryptography", IEEE Transactions on Information Theory, November 1976. [Linn 93] J. Linn, "Generic Security Service Application Programming Interface", Internet RFC 1508, 1509, 1993. [Rivest 78] R. L. Rivest, A. Shamir, and L. Adleman., "A Method for Obtaining Digital Signatures and Pubic-key Cryptosystems", Communications of the ACM, 21(2), 1978. [SIA 95] "Digital UNIX Security", Digital Equipment Corporation, Order Number AA-Q0R2C-TE, July 1995. [Skey 94] N. M. Haller, "The S/Key One-Time Password System", ISOC Symposium on Network and Distributed Security, 1994. [Steiner 88] J.G. Steiner, B. C. Neuman, and J. I. Schiller, "Kerberos, An Authentication Service for Open Network Systems", in Proceedings of the Winter USENIX Conference, Dallas, Jan 1988. [Taylor 88] B. Taylor and D. Goldberg, "Secure Networking in the Sun Environment", Sun Microsystems Technical Paper, 1988. [XFN 94] "Federated Naming: the XFN Specifications", X/Open Preliminary Specification, X/Open Document #P403, ISBN:1-85912-045-8, X/Open Co. Ltd., July 1994. Samar, Schemers Page 27 OSF-RFC 86.0 PAM October 1995 AUTHOR'S ADDRESS Vipin Samar Internet email: vipin@eng.sun.com SunSoft, Inc. Telephone: +1-415-336-1002 2550 Garcia Avenue Mountain View, CA 94043 USA Roland J. Schemers III Internet email: schemers@eng.sun.com SunSoft, Inc. Telephone: +1-415-336-1035 2550 Garcia Avenue Mountain View, CA 94043 USA Samar, Schemers Page 28 pam/doc/specs/std-agent-id.raw0000644000000000000000000000560613261244762013414 0ustar PAM working group ## A.G. Morgan ## $Id$ ## ## Pluggable Authentication Modules ## ## REGISTERED AGENTS AND THEIR AGENT-ID'S ## #$ Purpose of this document #$$#{definition} Definition of an agent-id The most complete version of a "PAM agent-id" is contained in this reference [#$R#{PAM_RFC2}]. A copy of a recent definition is reproduced here for convenience. The reader is recommended to consult reference [#{PAM_RFC2}] for definitions of other terms that are used in this document. ## -------------- ## The agent_id is a sequence of characters satisfying the following regexp: /^[a-z0-9\_]+(@[a-z0-9\_.]+)?$/ and has a specific form for each independent agent. o Agent_ids that do not contain an at-sign (@) are to be considered as representing some authentication mode that is a "public standard". Registered names MUST NOT contain an at-sign (@). o Anyone can define additional agents by using names in the format name@domainname, e.g. "ouragent@example.com". The part following the at-sign MUST be a valid fully qualified internet domain name [RFC-1034] controlled by the person or organization defining the name. (Said another way, if you control the email address that your agent has as an identifier, they you are entitled to use this identifier.) It is up to each domain how it manages its local namespace. ## -------------- ## #$ Registered agent-id's The structure of this section is a single subsection for each registered agent-id. This section includes a full definition of binary prompts accepted by the agent and example responses of said agent. Using the defining section alone, it should be possible for a third party to create a conforming agent and modules that can interoperate with other implementations of these objects. *$ "userpass" - the user+password agent Many legacy authentication systems are hardcoded to support one and only one authentication method. Namely, username: joe password: Indeed, this authentication method is often embedded into parts of the transport protocol. The "user+password" agent with PAM agent-id: "userpass" Is intended to support this legacy authentication scheme. The protocol for binary prompt exchange with this 'standard agent' is as follows: Case 1: module does not know the username, but expects the agent to obtain this information and also the user's password: module: {LENGTH;PAM_BP_SELECT;userpass;'/'} agent: {} Case 2: module has suggested username, but would like agent to confirm it and gather password: module: {} agent: {} Case 3: module knows username and will not permit the agent to change it: module: {} agent: {} #$ References [#{PAM_RFC2}] Internet draft, "Pluggable Authentication Modules (PAM)", available here: # http://linux.kernel.org/pub/linux/libs/pam/pre/doc/current-draft.txt # #$ Author's Address Andrew G. Morgan Email: morgan@kernel.org pam/examples/0000755000000000000000000000000013261244762010346 5ustar pam/examples/Makefile.am0000644000000000000000000000052613261244762012405 0ustar # # Copyright (c) 2005 Thorsten Kukuk # CLEANFILES = *~ EXTRA_DIST = README AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include LDADD = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la noinst_PROGRAMS = xsh vpass blank check_user pam/examples/Makefile.in0000644000000000000000000004236313261244762012423 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = xsh$(EXEEXT) vpass$(EXEEXT) blank$(EXEEXT) \ check_user$(EXEEXT) subdir = examples DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = PROGRAMS = $(noinst_PROGRAMS) blank_SOURCES = blank.c blank_OBJECTS = blank.$(OBJEXT) blank_LDADD = $(LDADD) blank_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la check_user_SOURCES = check_user.c check_user_OBJECTS = check_user.$(OBJEXT) check_user_LDADD = $(LDADD) check_user_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la vpass_SOURCES = vpass.c vpass_OBJECTS = vpass.$(OBJEXT) vpass_LDADD = $(LDADD) vpass_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la xsh_SOURCES = xsh.c xsh_OBJECTS = xsh.$(OBJEXT) xsh_LDADD = $(LDADD) xsh_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = blank.c check_user.c vpass.c xsh.c DIST_SOURCES = blank.c check_user.c vpass.c xsh.c ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ EXTRA_DIST = README AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include LDADD = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu examples/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu examples/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list blank$(EXEEXT): $(blank_OBJECTS) $(blank_DEPENDENCIES) @rm -f blank$(EXEEXT) $(LINK) $(blank_OBJECTS) $(blank_LDADD) $(LIBS) check_user$(EXEEXT): $(check_user_OBJECTS) $(check_user_DEPENDENCIES) @rm -f check_user$(EXEEXT) $(LINK) $(check_user_OBJECTS) $(check_user_LDADD) $(LIBS) vpass$(EXEEXT): $(vpass_OBJECTS) $(vpass_DEPENDENCIES) @rm -f vpass$(EXEEXT) $(LINK) $(vpass_OBJECTS) $(vpass_LDADD) $(LIBS) xsh$(EXEEXT): $(xsh_OBJECTS) $(xsh_DEPENDENCIES) @rm -f xsh$(EXEEXT) $(LINK) $(xsh_OBJECTS) $(xsh_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blank.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/check_user.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vpass.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xsh.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-noinstPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/examples/README0000644000000000000000000000063613261244762011233 0ustar (now we are getting networked apps, be careful to try and test on a securely isolated system!) These programs grant no privileges, but they give an idea of how well the modules are working. blank is new as of Linux-PAM-0.21. If you are writing/modifying an application it might be a place to start... xsh is new as of Linux-PAM-0.31, it is identical to blank, but invokes /bin/sh if the user is authenticated. pam/examples/blank.c0000644000000000000000000001031713261244762011603 0ustar /* * $Id$ */ /* Andrew Morgan (morgan@parc.power.net) -- a self contained `blank' * application * * I am not very proud of this code. It makes use of a possibly ill- * defined pamh pointer to call pam_strerror() with. The reason that * I was sloppy with this is historical (pam_strerror, prior to 0.59, * did not require a pamh argument) and if this program is used as a * model for anything, I should wish that you will take this error into * account. */ #include #include #include #include /* ------ some local (static) functions ------- */ static void bail_out(pam_handle_t *pamh, int really, int code, const char *fn) { fprintf(stderr,"==> called %s()\n got: `%s'\n", fn, pam_strerror(pamh, code)); if (really && code) exit (1); } /* ------ some static data objects ------- */ static struct pam_conv conv = { misc_conv, NULL }; /* ------- the application itself -------- */ int main(int argc, char **argv) { pam_handle_t *pamh=NULL; char *username=NULL; int retcode; /* did the user call with a username as an argument ? */ if (argc > 2) { fprintf(stderr,"usage: %s [username]\n",argv[0]); } else if (argc == 2) { username = argv[1]; } /* initialize the Linux-PAM library */ retcode = pam_start("blank", username, &conv, &pamh); bail_out(pamh,1,retcode,"pam_start"); /* test the environment stuff */ { #define MAXENV 15 const char *greek[MAXENV] = { "a=alpha", "b=beta", "c=gamma", "d=delta", "e=epsilon", "f=phi", "g=psi", "h=eta", "i=iota", "j=mu", "k=nu", "l=zeta", "h=", "d", "k=xi" }; char **env; int i; for (i=0; i slight modifications by AGM. You need to add the following (or equivalent) to the /etc/pam.conf file. # check authorization check auth required pam_unix_auth.so check account required pam_unix_acct.so */ #include #include #include static struct pam_conv conv = { misc_conv, NULL }; int main(int argc, char *argv[]) { pam_handle_t *pamh=NULL; int retval; const char *user="nobody"; if(argc == 2) { user = argv[1]; } if(argc > 2) { fprintf(stderr, "Usage: check_user [username]\n"); exit(1); } retval = pam_start("check", user, &conv, &pamh); if (retval == PAM_SUCCESS) retval = pam_authenticate(pamh, 0); /* is user really user? */ if (retval == PAM_SUCCESS) retval = pam_acct_mgmt(pamh, 0); /* permitted access? */ /* This is where we have been authorized or not. */ if (retval == PAM_SUCCESS) { fprintf(stdout, "Authenticated\n"); } else { fprintf(stdout, "Not Authenticated\n"); } if (pam_end(pamh,retval) != PAM_SUCCESS) { /* close Linux-PAM */ pamh = NULL; fprintf(stderr, "check_user: failed to release authenticator\n"); exit(1); } return ( retval == PAM_SUCCESS ? 0:1 ); /* indicate success */ } pam/examples/vpass.c0000644000000000000000000000164013261244762011647 0ustar #include "config.h" #include #include #include #include #include #include static int test_conv (int num_msg UNUSED, const struct pam_message **msgm UNUSED, struct pam_response **response UNUSED, void *appdata_ptr UNUSED) { return 0; } static struct pam_conv conv = { test_conv, NULL }; int main(void) { char *user; pam_handle_t *pamh; struct passwd *pw; uid_t uid; int res; uid = geteuid(); pw = getpwuid(uid); if (pw) { user = pw->pw_name; } else { fprintf(stderr, "Invalid userid: %lu\n", (unsigned long) uid); exit(1); } pam_start("vpass", user, &conv, &pamh); pam_set_item(pamh, PAM_TTY, "/dev/tty"); if ((res = pam_authenticate(pamh, 0)) != PAM_SUCCESS) { fprintf(stderr, "Oops: %s\n", pam_strerror(pamh, res)); exit(1); } pam_end(pamh, res); exit(0); } pam/examples/xsh.c0000644000000000000000000001105513261244762011316 0ustar /* Andrew Morgan (morgan@kernel.org) -- an example application * that invokes a shell, based on blank.c */ #include "config.h" #include #include #include #include #include #include #include /* ------ some local (static) functions ------- */ static void bail_out(pam_handle_t *pamh,int really, int code, const char *fn) { fprintf(stderr,"==> called %s()\n got: `%s'\n", fn, pam_strerror(pamh,code)); if (really && code) exit (1); } /* ------ some static data objects ------- */ static struct pam_conv conv = { misc_conv, NULL }; /* ------- the application itself -------- */ int main(int argc, char **argv) { pam_handle_t *pamh=NULL; const void *username=NULL; const char *service="xsh"; int retcode; /* did the user call with a username as an argument ? * did they also */ if (argc > 3) { fprintf(stderr,"usage: %s [username [service-name]]\n",argv[0]); } if ((argc >= 2) && (argv[1][0] != '-')) { username = argv[1]; } if (argc == 3) { service = argv[2]; } /* initialize the Linux-PAM library */ retcode = pam_start(service, username, &conv, &pamh); bail_out(pamh,1,retcode,"pam_start"); /* fill in the RUSER and RHOST etc. fields */ { char buffer[100]; struct passwd *pw; const char *tty; pw = getpwuid(getuid()); if (pw != NULL) { retcode = pam_set_item(pamh, PAM_RUSER, pw->pw_name); bail_out(pamh,1,retcode,"pam_set_item(PAM_RUSER)"); } retcode = gethostname(buffer, sizeof(buffer)-1); if (retcode) { perror("failed to look up hostname"); retcode = pam_end(pamh, PAM_ABORT); bail_out(pamh,1,retcode,"pam_end"); } retcode = pam_set_item(pamh, PAM_RHOST, buffer); bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); tty = ttyname(fileno(stdin)); if (tty) { retcode = pam_set_item(pamh, PAM_TTY, tty); bail_out(pamh,1,retcode,"pam_set_item(PAM_RHOST)"); } } /* to avoid using goto we abuse a loop here */ for (;;) { /* authenticate the user --- `0' here, could have been PAM_SILENT * | PAM_DISALLOW_NULL_AUTHTOK */ retcode = pam_authenticate(pamh, 0); bail_out(pamh,0,retcode,"pam_authenticate"); /* has the user proved themself valid? */ if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* the user is valid, but should they have access at this time? */ retcode = pam_acct_mgmt(pamh, 0); /* `0' could be as above */ bail_out(pamh,0,retcode,"pam_acct_mgmt"); if (retcode == PAM_NEW_AUTHTOK_REQD) { fprintf(stderr,"Application must request new password...\n"); retcode = pam_chauthtok(pamh,PAM_CHANGE_EXPIRED_AUTHTOK); bail_out(pamh,0,retcode,"pam_chauthtok"); } if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: invalid request\n",argv[0]); break; } /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED); bail_out(pamh,0,retcode,"pam_setcred"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem setting user credentials\n" ,argv[0]); break; } /* open a session for the user --- `0' could be PAM_SILENT */ retcode = pam_open_session(pamh,0); bail_out(pamh,0,retcode,"pam_open_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem opening a session\n",argv[0]); break; } pam_get_item(pamh, PAM_USER, &username); fprintf(stderr, "The user [%s] has been authenticated and `logged in'\n", (const char *)username); /* this is always a really bad thing for security! */ retcode = system("/bin/sh"); /* close a session for the user --- `0' could be PAM_SILENT * it is possible that this pam_close_call is in another program.. */ retcode = pam_close_session(pamh,0); bail_out(pamh,0,retcode,"pam_close_session"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem closing a session\n",argv[0]); break; } /* `0' could be as above */ retcode = pam_setcred(pamh, PAM_DELETE_CRED); bail_out(pamh,0,retcode,"pam_setcred"); if (retcode != PAM_SUCCESS) { fprintf(stderr,"%s: problem deleting user credentials\n" ,argv[0]); break; } break; /* don't go on for ever! */ } /* close the Linux-PAM library */ retcode = pam_end(pamh, PAM_SUCCESS); pamh = NULL; bail_out(pamh,1,retcode,"pam_end"); return (0); } pam/libpam/0000755000000000000000000000000013261244762007774 5ustar pam/libpam/Makefile.am0000644000000000000000000000310113261244762012023 0ustar # # Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk # AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) -DPAM_VERSION=\"$(VERSION)\" if HAVE_LIBSELINUX AM_CFLAGS += -D"WITH_SELINUX" endif CLEANFILES = *~ EXTRA_DIST = libpam.map include_HEADERS = include/security/_pam_compat.h \ include/security/_pam_macros.h include/security/_pam_types.h \ include/security/pam_appl.h include/security/pam_modules.h \ include/security/pam_ext.h include/security/pam_modutil.h noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ pam_modutil_private.h pam_static_modules.h libpam_la_LDFLAGS = -no-undefined -version-info 83:1:83 libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ if STATIC_MODULES libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil AM_CFLAGS += $(NIS_CFLAGS) endif if HAVE_VERSIONING libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map endif lib_LTLIBRARIES = libpam.la libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ pam_handlers.c pam_item.c \ pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_static.c pam_strerror.c \ pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ pam_modutil_priv.c pam/libpam/Makefile.in0000644000000000000000000005717713261244762012062 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_LIBSELINUX_TRUE@am__append_1 = -D"WITH_SELINUX" @STATIC_MODULES_TRUE@am__append_2 = $(shell ls ../modules/pam_*/*.lo) \ @STATIC_MODULES_TRUE@ @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil @STATIC_MODULES_TRUE@am__append_3 = $(NIS_CFLAGS) @HAVE_VERSIONING_TRUE@am__append_4 = -Wl,--version-script=$(srcdir)/libpam.map subdir = libpam DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) am__DEPENDENCIES_1 = @STATIC_MODULES_TRUE@am__DEPENDENCIES_2 = $(shell ls \ @STATIC_MODULES_TRUE@ ../modules/pam_*/*.lo) \ @STATIC_MODULES_TRUE@ $(am__DEPENDENCIES_1) libpam_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) am_libpam_la_OBJECTS = pam_account.lo pam_auth.lo pam_data.lo \ pam_delay.lo pam_dispatch.lo pam_end.lo pam_env.lo \ pam_get_authtok.lo pam_handlers.lo pam_item.lo pam_misc.lo \ pam_password.lo pam_prelude.lo pam_session.lo pam_start.lo \ pam_static.lo pam_strerror.lo pam_vprompt.lo pam_syslog.lo \ pam_dynamic.lo pam_audit.lo pam_modutil_cleanup.lo \ pam_modutil_getpwnam.lo pam_modutil_ioloop.lo \ pam_modutil_getgrgid.lo pam_modutil_getpwuid.lo \ pam_modutil_getgrnam.lo pam_modutil_getspnam.lo \ pam_modutil_getlogin.lo pam_modutil_ingroup.lo \ pam_modutil_priv.lo libpam_la_OBJECTS = $(am_libpam_la_OBJECTS) libpam_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libpam_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libpam_la_SOURCES) DIST_SOURCES = $(libpam_la_SOURCES) HEADERS = $(include_HEADERS) $(noinst_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AM_CFLAGS = -DDEFAULT_MODULE_PATH=\"$(SECUREDIR)/\" -DLIBPAM_COMPILE \ -I$(srcdir)/include $(LIBPRELUDE_CFLAGS) \ -DPAM_VERSION=\"$(VERSION)\" $(am__append_1) $(am__append_3) CLEANFILES = *~ EXTRA_DIST = libpam.map include_HEADERS = include/security/_pam_compat.h \ include/security/_pam_macros.h include/security/_pam_types.h \ include/security/pam_appl.h include/security/pam_modules.h \ include/security/pam_ext.h include/security/pam_modutil.h noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ pam_modutil_private.h pam_static_modules.h libpam_la_LDFLAGS = -no-undefined -version-info 83:1:83 \ $(am__append_4) libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ \ $(am__append_2) lib_LTLIBRARIES = libpam.la libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ pam_handlers.c pam_item.c \ pam_misc.c pam_password.c pam_prelude.c \ pam_session.c pam_start.c pam_static.c pam_strerror.c \ pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ pam_modutil_getspnam.c pam_modutil_getlogin.c pam_modutil_ingroup.c \ pam_modutil_priv.c all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libpam/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu libpam/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libpam.la: $(libpam_la_OBJECTS) $(libpam_la_DEPENDENCIES) $(libpam_la_LINK) -rpath $(libdir) $(libpam_la_OBJECTS) $(libpam_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_account.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_audit.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_auth.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_data.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_delay.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dispatch.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_dynamic.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_end.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_get_authtok.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_handlers.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_item.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_misc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_cleanup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrgid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getgrnam.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getlogin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwnam.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getpwuid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_getspnam.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ingroup.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_ioloop.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_modutil_priv.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_password.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_prelude.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_session.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_start.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_static.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_strerror.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_syslog.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_vprompt.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-includeHEADERS install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-includeHEADERS install-info \ install-info-am install-libLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-includeHEADERS \ uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/libpam/include/0000755000000000000000000000000013261244762011417 5ustar pam/libpam/include/security/0000755000000000000000000000000013261244762013266 5ustar pam/libpam/include/security/_pam_compat.h0000644000000000000000000000563413261244762015726 0ustar #ifndef _PAM_COMPAT_H #define _PAM_COMPAT_H /* * This file was contributed by Derrick J Brashear * slight modification by Brad M. Garcia * * A number of operating systems have started to implement PAM. * unfortunately, they have a different set of numeric values for * certain constants. This file is included for compatibility's sake. */ /* Solaris uses different constants. We redefine to those here */ #if defined(solaris) || (defined(__SVR4) && defined(sun)) # ifdef _SECURITY_PAM_MODULES_H /* flags for pam_chauthtok() */ # undef PAM_PRELIM_CHECK # define PAM_PRELIM_CHECK 0x1 # undef PAM_UPDATE_AUTHTOK # define PAM_UPDATE_AUTHTOK 0x2 # endif /* _SECURITY_PAM_MODULES_H */ # ifdef _SECURITY__PAM_TYPES_H /* generic for pam_* functions */ # undef PAM_SILENT # define PAM_SILENT 0x80000000 # undef PAM_CHANGE_EXPIRED_AUTHTOK # define PAM_CHANGE_EXPIRED_AUTHTOK 0x4 /* flags for pam_setcred() */ # undef PAM_ESTABLISH_CRED # define PAM_ESTABLISH_CRED 0x1 # undef PAM_DELETE_CRED # define PAM_DELETE_CRED 0x2 # undef PAM_REINITIALIZE_CRED # define PAM_REINITIALIZE_CRED 0x4 # undef PAM_REFRESH_CRED # define PAM_REFRESH_CRED 0x8 /* another binary incompatibility comes from the return codes! */ # undef PAM_CONV_ERR # define PAM_CONV_ERR 6 # undef PAM_PERM_DENIED # define PAM_PERM_DENIED 7 # undef PAM_MAXTRIES # define PAM_MAXTRIES 8 # undef PAM_AUTH_ERR # define PAM_AUTH_ERR 9 # undef PAM_NEW_AUTHTOK_REQD # define PAM_NEW_AUTHTOK_REQD 10 # undef PAM_CRED_INSUFFICIENT # define PAM_CRED_INSUFFICIENT 11 # undef PAM_AUTHINFO_UNAVAIL # define PAM_AUTHINFO_UNAVAIL 12 # undef PAM_USER_UNKNOWN # define PAM_USER_UNKNOWN 13 # undef PAM_CRED_UNAVAIL # define PAM_CRED_UNAVAIL 14 # undef PAM_CRED_EXPIRED # define PAM_CRED_EXPIRED 15 # undef PAM_CRED_ERR # define PAM_CRED_ERR 16 # undef PAM_ACCT_EXPIRED # define PAM_ACCT_EXPIRED 17 # undef PAM_AUTHTOK_EXPIRED # define PAM_AUTHTOK_EXPIRED 18 # undef PAM_SESSION_ERR # define PAM_SESSION_ERR 19 # undef PAM_AUTHTOK_ERR # define PAM_AUTHTOK_ERR 20 # undef PAM_AUTHTOK_RECOVERY_ERR # define PAM_AUTHTOK_RECOVERY_ERR 21 # undef PAM_AUTHTOK_LOCK_BUSY # define PAM_AUTHTOK_LOCK_BUSY 22 # undef PAM_AUTHTOK_DISABLE_AGING # define PAM_AUTHTOK_DISABLE_AGING 23 # undef PAM_NO_MODULE_DATA # define PAM_NO_MODULE_DATA 24 # undef PAM_IGNORE # define PAM_IGNORE 25 # undef PAM_ABORT # define PAM_ABORT 26 # undef PAM_TRY_AGAIN # define PAM_TRY_AGAIN 27 #endif /* _SECURITY__PAM_TYPES_H */ #else /* For compatibility with old Linux-PAM implementations. */ #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR #endif /* defined(solaris) || (defined(__SVR4) && defined(sun)) */ #endif /* _PAM_COMPAT_H */ pam/libpam/include/security/_pam_macros.h0000644000000000000000000001373513261244762015730 0ustar #ifndef PAM_MACROS_H #define PAM_MACROS_H /* * All kind of macros used by PAM, but usable in some other * programs too. * Organized by Cristian Gafton */ /* a 'safe' version of strdup */ #include #include #define x_strdup(s) ( (s) ? strdup(s):NULL ) /* Good policy to strike out passwords with some characters not just free the memory */ #define _pam_overwrite(x) \ do { \ register char *__xx__; \ if ((__xx__=(x))) \ while (*__xx__) \ *__xx__++ = '\0'; \ } while (0) #define _pam_overwrite_n(x,n) \ do { \ register char *__xx__; \ register unsigned int __i__ = 0; \ if ((__xx__=(x))) \ for (;__i__ */ #include #include #include #include #include #include #include /* * This is for debugging purposes ONLY. DO NOT use on live systems !!! * You have been warned :-) - CG * * to get automated debugging to the log file, it must be created manually. * _PAM_LOGFILE must exist and be writable to the programs you debug. */ #ifndef _PAM_LOGFILE #define _PAM_LOGFILE "/var/run/pam-debug.log" #endif static void _pam_output_debug_info(const char *file, const char *fn , const int line) { FILE *logfile; int must_close = 1, fd; #ifdef O_NOFOLLOW if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { #else if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { #endif if (!(logfile = fdopen(fd,"a"))) { logfile = stderr; must_close = 0; close(fd); } } else { logfile = stderr; must_close = 0; } fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); fflush(logfile); if (must_close) fclose(logfile); } static void _pam_output_debug(const char *format, ...) { va_list args; FILE *logfile; int must_close = 1, fd; va_start(args, format); #ifdef O_NOFOLLOW if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { #else if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { #endif if (!(logfile = fdopen(fd,"a"))) { logfile = stderr; must_close = 0; close(fd); } } else { logfile = stderr; must_close = 0; } vfprintf(logfile, format, args); fprintf(logfile, "\n"); fflush(logfile); if (must_close) fclose(logfile); va_end(args); } #define D(x) do { \ _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ _pam_output_debug x ; \ } while (0) #define _pam_show_mem(X,XS) do { \ int i; \ register unsigned char *x; \ x = (unsigned char *)X; \ fprintf(stderr, " \n", X); \ for (i = 0; i < XS ; ++x, ++i) { \ fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ } \ fprintf(stderr, " \n", X, XS); \ } while (0) #define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ do { \ int reply_i; \ setbuf(stderr, NULL); \ fprintf(stderr, "array at %p of size %d\n",reply,replies); \ fflush(stderr); \ if (reply) { \ for (reply_i = 0; reply_i < replies; reply_i++) { \ fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ reply_i, reply+reply_i, reply[reply_i].resp, \ reply[reply_i].resp, _retcode); \ fflush(stderr); \ if (reply[reply_i].resp) { \ fprintf(stderr, " resp[%d] = '%s'\n", \ strlen(reply[reply_i].resp), reply[reply_i].resp); \ fflush(stderr); \ } \ } \ } \ fprintf(stderr, "done here\n"); \ fflush(stderr); \ } while (0) #else #define D(x) do { } while (0) #define _pam_show_mem(X,XS) do { } while (0) #define _pam_show_reply(reply, replies) do { } while (0) #endif /* PAM_DEBUG */ #endif /* PAM_MACROS_H */ pam/libpam/include/security/_pam_types.h0000644000000000000000000003115013261244762015577 0ustar /* * * * This file defines all of the types common to the Linux-PAM library * applications and modules. * * Note, the copyright+license information is at end of file. */ #ifndef _SECURITY__PAM_TYPES_H #define _SECURITY__PAM_TYPES_H /* This is a blind structure; users aren't allowed to see inside a * pam_handle_t, so we don't define struct pam_handle here. This is * defined in a file private to the PAM library. (i.e., it's private * to PAM service modules, too!) */ typedef struct pam_handle pam_handle_t; /* ---------------- The Linux-PAM Version defines ----------------- */ /* Major and minor version number of the Linux-PAM package. Use these macros to test for features in specific releases. */ #define __LINUX_PAM__ 1 #define __LINUX_PAM_MINOR__ 0 /* ----------------- The Linux-PAM return values ------------------ */ #define PAM_SUCCESS 0 /* Successful function return */ #define PAM_OPEN_ERR 1 /* dlopen() failure when dynamically */ /* loading a service module */ #define PAM_SYMBOL_ERR 2 /* Symbol not found */ #define PAM_SERVICE_ERR 3 /* Error in service module */ #define PAM_SYSTEM_ERR 4 /* System error */ #define PAM_BUF_ERR 5 /* Memory buffer error */ #define PAM_PERM_DENIED 6 /* Permission denied */ #define PAM_AUTH_ERR 7 /* Authentication failure */ #define PAM_CRED_INSUFFICIENT 8 /* Can not access authentication data */ /* due to insufficient credentials */ #define PAM_AUTHINFO_UNAVAIL 9 /* Underlying authentication service */ /* can not retrieve authentication */ /* information */ #define PAM_USER_UNKNOWN 10 /* User not known to the underlying */ /* authenticaiton module */ #define PAM_MAXTRIES 11 /* An authentication service has */ /* maintained a retry count which has */ /* been reached. No further retries */ /* should be attempted */ #define PAM_NEW_AUTHTOK_REQD 12 /* New authentication token required. */ /* This is normally returned if the */ /* machine security policies require */ /* that the password should be changed */ /* beccause the password is NULL or it */ /* has aged */ #define PAM_ACCT_EXPIRED 13 /* User account has expired */ #define PAM_SESSION_ERR 14 /* Can not make/remove an entry for */ /* the specified session */ #define PAM_CRED_UNAVAIL 15 /* Underlying authentication service */ /* can not retrieve user credentials */ /* unavailable */ #define PAM_CRED_EXPIRED 16 /* User credentials expired */ #define PAM_CRED_ERR 17 /* Failure setting user credentials */ #define PAM_NO_MODULE_DATA 18 /* No module specific data is present */ #define PAM_CONV_ERR 19 /* Conversation error */ #define PAM_AUTHTOK_ERR 20 /* Authentication token manipulation error */ #define PAM_AUTHTOK_RECOVERY_ERR 21 /* Authentication information */ /* cannot be recovered */ #define PAM_AUTHTOK_LOCK_BUSY 22 /* Authentication token lock busy */ #define PAM_AUTHTOK_DISABLE_AGING 23 /* Authentication token aging disabled */ #define PAM_TRY_AGAIN 24 /* Preliminary check by password service */ #define PAM_IGNORE 25 /* Ignore underlying account module */ /* regardless of whether the control */ /* flag is required, optional, or sufficient */ #define PAM_ABORT 26 /* Critical error (?module fail now request) */ #define PAM_AUTHTOK_EXPIRED 27 /* user's authentication token has expired */ #define PAM_MODULE_UNKNOWN 28 /* module is not known */ #define PAM_BAD_ITEM 29 /* Bad item passed to pam_*_item() */ #define PAM_CONV_AGAIN 30 /* conversation function is event driven and data is not available yet */ #define PAM_INCOMPLETE 31 /* please call this function again to complete authentication stack. Before calling again, verify that conversation is completed */ /* * Add new #define's here - take care to also extend the libpam code: * pam_strerror() and "libpam/pam_tokens.h" . */ #define _PAM_RETURN_VALUES 32 /* this is the number of return values */ /* ---------------------- The Linux-PAM flags -------------------- */ /* Authentication service should not generate any messages */ #define PAM_SILENT 0x8000U /* Note: these flags are used by pam_authenticate{,_secondary}() */ /* The authentication service should return PAM_AUTH_ERROR if the * user has a null authentication token */ #define PAM_DISALLOW_NULL_AUTHTOK 0x0001U /* Note: these flags are used for pam_setcred() */ /* Set user credentials for an authentication service */ #define PAM_ESTABLISH_CRED 0x0002U /* Delete user credentials associated with an authentication service */ #define PAM_DELETE_CRED 0x0004U /* Reinitialize user credentials */ #define PAM_REINITIALIZE_CRED 0x0008U /* Extend lifetime of user credentials */ #define PAM_REFRESH_CRED 0x0010U /* Note: these flags are used by pam_chauthtok */ /* The password service should only update those passwords that have * aged. If this flag is not passed, the password service should * update all passwords. */ #define PAM_CHANGE_EXPIRED_AUTHTOK 0x0020U /* ------------------ The Linux-PAM item types ------------------- */ /* These defines are used by pam_set_item() and pam_get_item(). Please check the spec which are allowed for use by applications and which are only allowed for use by modules. */ #define PAM_SERVICE 1 /* The service name */ #define PAM_USER 2 /* The user name */ #define PAM_TTY 3 /* The tty name */ #define PAM_RHOST 4 /* The remote host name */ #define PAM_CONV 5 /* The pam_conv structure */ #define PAM_AUTHTOK 6 /* The authentication token (password) */ #define PAM_OLDAUTHTOK 7 /* The old authentication token */ #define PAM_RUSER 8 /* The remote user name */ #define PAM_USER_PROMPT 9 /* the prompt for getting a username */ /* Linux-PAM extensions */ #define PAM_FAIL_DELAY 10 /* app supplied function to override failure delays */ #define PAM_XDISPLAY 11 /* X display name */ #define PAM_XAUTHDATA 12 /* X server authentication data */ #define PAM_AUTHTOK_TYPE 13 /* The type for pam_get_authtok */ /* -------------- Special defines used by Linux-PAM -------------- */ #if defined(__GNUC__) && defined(__GNUC_MINOR__) # define PAM_GNUC_PREREQ(maj, min) \ ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) #else # define PAM_GNUC_PREREQ(maj, min) 0 #endif #if PAM_GNUC_PREREQ(2,5) # define PAM_FORMAT(params) __attribute__((__format__ params)) #else # define PAM_FORMAT(params) #endif #if PAM_GNUC_PREREQ(3,3) && !defined(LIBPAM_COMPILE) # define PAM_NONNULL(params) __attribute__((__nonnull__ params)) #else # define PAM_NONNULL(params) #endif /* ---------- Common Linux-PAM application/module PI ----------- */ extern int PAM_NONNULL((1)) pam_set_item(pam_handle_t *pamh, int item_type, const void *item); extern int PAM_NONNULL((1)) pam_get_item(const pam_handle_t *pamh, int item_type, const void **item); extern const char * pam_strerror(pam_handle_t *pamh, int errnum); extern int PAM_NONNULL((1,2)) pam_putenv(pam_handle_t *pamh, const char *name_value); extern const char * PAM_NONNULL((1,2)) pam_getenv(pam_handle_t *pamh, const char *name); extern char ** PAM_NONNULL((1)) pam_getenvlist(pam_handle_t *pamh); /* ---------- Common Linux-PAM application/module PI ----------- */ /* * here are some proposed error status definitions for the * 'error_status' argument used by the cleanup function associated * with data items they should be logically OR'd with the error_status * of the latest return from libpam -- new with .52 and positive * impression from Sun although not official as of 1996/9/4 * [generally the other flags are to be found in pam_modules.h] */ #define PAM_DATA_SILENT 0x40000000 /* used to suppress messages... */ /* * here we define an externally (by apps or modules) callable function * that primes the libpam library to delay when a stacked set of * modules results in a failure. In the case of PAM_SUCCESS this delay * is ignored. * * Note, the pam_[gs]et_item(... PAM_FAIL_DELAY ...) can be used to set * a function pointer which can override the default fail-delay behavior. * This item was added to accommodate event driven programs that need to * manage delays more carefully. The function prototype for this data * item is * void (*fail_delay)(int status, unsigned int delay, void *appdata_ptr); */ #define HAVE_PAM_FAIL_DELAY extern int pam_fail_delay(pam_handle_t *pamh, unsigned int musec_delay); /* ------------ The Linux-PAM conversation structures ------------ */ /* Message styles */ #define PAM_PROMPT_ECHO_OFF 1 #define PAM_PROMPT_ECHO_ON 2 #define PAM_ERROR_MSG 3 #define PAM_TEXT_INFO 4 /* Linux-PAM specific types */ #define PAM_RADIO_TYPE 5 /* yes/no/maybe conditionals */ /* This is for server client non-human interaction.. these are NOT part of the X/Open PAM specification. */ #define PAM_BINARY_PROMPT 7 /* maximum size of messages/responses etc.. (these are mostly arbitrary so Linux-PAM should handle longer values). */ #define PAM_MAX_NUM_MSG 32 #define PAM_MAX_MSG_SIZE 512 #define PAM_MAX_RESP_SIZE 512 /* Used to pass prompting text, error messages, or other informatory * text to the user. This structure is allocated and freed by the PAM * library (or loaded module). */ struct pam_message { int msg_style; const char *msg; }; /* if the pam_message.msg_style = PAM_BINARY_PROMPT the 'pam_message.msg' is a pointer to a 'const *' for the following pseudo-structure. When used with a PAM_BINARY_PROMPT, the returned pam_response.resp pointer points to an object with the following structure: struct { u32 length; # network byte order unsigned char type; unsigned char data[length-5]; }; The 'libpamc' library is designed around this flavor of message and should be used to handle this flavor of msg_style. */ /* Used to return the user's response to the PAM library. This structure is allocated by the application program, and free()'d by the Linux-PAM library (or calling module). */ struct pam_response { char *resp; int resp_retcode; /* currently un-used, zero expected */ }; /* The actual conversation structure itself */ struct pam_conv { int (*conv)(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr); void *appdata_ptr; }; /* Used by the PAM_XAUTHDATA pam item. Contains X authentication data used by modules to connect to the user's X display. Note: this structure is intentionally compatible with xcb_auth_info_t. */ struct pam_xauth_data { int namelen; char *name; int datalen; char *data; }; /* ... adapted from the pam_appl.h file created by Theodore Ts'o and * * Copyright Theodore Ts'o, 1996. All rights reserved. * Copyright (c) Andrew G. Morgan , 1996-8 * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #endif /* _SECURITY__PAM_TYPES_H */ pam/libpam/include/security/pam_appl.h0000644000000000000000000000634113261244762015234 0ustar /* * * * This header file collects definitions for the PAM API --- that is, * public interface between the PAM library and an application program * that wishes to use it. * * Note, the copyright information is at end of file. */ #ifndef _SECURITY_PAM_APPL_H #define _SECURITY_PAM_APPL_H #ifdef __cplusplus extern "C" { #endif #include /* Linux-PAM common defined types */ /* -------------- The Linux-PAM Framework layer API ------------- */ extern int PAM_NONNULL((1,3,4)) pam_start(const char *service_name, const char *user, const struct pam_conv *pam_conversation, pam_handle_t **pamh); extern int PAM_NONNULL((1)) pam_end(pam_handle_t *pamh, int pam_status); /* Authentication API's */ extern int PAM_NONNULL((1)) pam_authenticate(pam_handle_t *pamh, int flags); extern int PAM_NONNULL((1)) pam_setcred(pam_handle_t *pamh, int flags); /* Account Management API's */ extern int PAM_NONNULL((1)) pam_acct_mgmt(pam_handle_t *pamh, int flags); /* Session Management API's */ extern int PAM_NONNULL((1)) pam_open_session(pam_handle_t *pamh, int flags); extern int PAM_NONNULL((1)) pam_close_session(pam_handle_t *pamh, int flags); /* Password Management API's */ extern int PAM_NONNULL((1)) pam_chauthtok(pam_handle_t *pamh, int flags); /* take care of any compatibility issues */ #include #ifdef __cplusplus } #endif /* * Copyright Theodore Ts'o, 1996. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #endif /* _SECURITY_PAM_APPL_H */ pam/libpam/include/security/pam_ext.h0000644000000000000000000000705713261244762015105 0ustar /* * Copyright (C) 2005, 2006, 2008, 2009 Thorsten Kukuk. * * * * This header file collects definitions for the extended PAM API. * This is a public interface of the PAM library for PAM modules, * which makes the life of PAM developers easier, but are not documented * in any standard and are not portable between different PAM * implementations. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SECURITY__PAM_EXT_H_ #define _SECURITY__PAM_EXT_H_ #ifdef __cplusplus extern "C" { #endif #include #include extern void PAM_FORMAT((printf, 3, 0)) PAM_NONNULL((3)) pam_vsyslog (const pam_handle_t *pamh, int priority, const char *fmt, va_list args); extern void PAM_FORMAT((printf, 3, 4)) PAM_NONNULL((3)) pam_syslog (const pam_handle_t *pamh, int priority, const char *fmt, ...); extern int PAM_FORMAT((printf, 4, 0)) PAM_NONNULL((1,4)) pam_vprompt (pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args); extern int PAM_FORMAT((printf, 4, 5)) PAM_NONNULL((1,4)) pam_prompt (pam_handle_t *pamh, int style, char **response, const char *fmt, ...); #define pam_error(pamh, fmt...) \ pam_prompt(pamh, PAM_ERROR_MSG, NULL, fmt) #define pam_verror(pamh, fmt, args) \ pam_vprompt(pamh, PAM_ERROR_MSG, NULL, fmt, args) #define pam_info(pamh, fmt...) pam_prompt(pamh, PAM_TEXT_INFO, NULL, fmt) #define pam_vinfo(pamh, fmt, args) pam_vprompt(pamh, PAM_TEXT_INFO, NULL, fmt, args) extern int PAM_NONNULL((1,3)) pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok, const char *prompt); extern int PAM_NONNULL((1,2)) pam_get_authtok_noverify (pam_handle_t *pamh, const char **authtok, const char *prompt); extern int PAM_NONNULL((1,2)) pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok, const char *prompt); #ifdef __cplusplus } #endif #endif pam/libpam/include/security/pam_modules.h0000644000000000000000000001444013261244762015747 0ustar /* * * * This header file collects definitions for the PAM API --- that is, * public interface between the PAM library and PAM modules. * * Note, the copyright information is at end of file. */ #ifndef _SECURITY_PAM_MODULES_H #define _SECURITY_PAM_MODULES_H #ifdef __cplusplus extern "C" { #endif #include /* Linux-PAM common defined types */ /* -------------- The Linux-PAM Module PI ------------- */ extern int PAM_NONNULL((1,2)) pam_set_data(pam_handle_t *pamh, const char *module_data_name, void *data, void (*cleanup)(pam_handle_t *pamh, void *data, int error_status)); extern int PAM_NONNULL((1,2,3)) pam_get_data(const pam_handle_t *pamh, const char *module_data_name, const void **data); extern int PAM_NONNULL((1,2)) pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); #ifdef PAM_STATIC #define PAM_EXTERN static struct pam_module { const char *name; /* Name of the module */ /* These are function pointers to the module's key functions. */ int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, int argc, const char **argv); int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, int argc, const char **argv); int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, int argc, const char **argv); int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, int argc, const char **argv); int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, int argc, const char **argv); int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, int argc, const char **argv); }; #else /* !PAM_STATIC */ #define PAM_EXTERN extern #endif /* PAM_STATIC */ /* Lots of files include pam_modules.h that don't need these * declared. However, when they are declared static, they * need to be defined later. So we have to protect C files * that include these without wanting these functions defined.. */ #if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) /* Authentication API's */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv); PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv); #endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC)*/ #if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) /* Account Management API's */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv); #endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC)*/ #if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) /* Session Management API's */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv); PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv); #endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC)*/ #if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) /* Password Management API's */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv); #endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC)*/ /* The following two flags are for use across the Linux-PAM/module * interface only. The Application is not permitted to use these * tokens. * * The password service should only perform preliminary checks. No * passwords should be updated. */ #define PAM_PRELIM_CHECK 0x4000 /* The password service should update passwords Note: PAM_PRELIM_CHECK * and PAM_UPDATE_AUTHTOK cannot both be set simultaneously! */ #define PAM_UPDATE_AUTHTOK 0x2000 /* * here are some proposed error status definitions for the * 'error_status' argument used by the cleanup function associated * with data items they should be logically OR'd with the error_status * of the latest return from libpam -- new with .52 and positive * impression from Sun although not official as of 1996/9/4 there are * others in _pam_types.h -- they are for common module/app use. */ #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ /* take care of any compatibility issues */ #include #ifdef __cplusplus } #endif /* Copyright (C) Theodore Ts'o, 1996. * Copyright (C) Andrew Morgan, 1996-8. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU General Public License, in which case the provisions of the * GNU GPL are required INSTEAD OF the above restrictions. (This * clause is necessary due to a potential bad interaction between the * GNU GPL and the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #endif /* _SECURITY_PAM_MODULES_H */ pam/libpam/include/security/pam_modutil.h0000644000000000000000000001121113261244762015745 0ustar /* * Copyright (c) 2001-2002 Andrew Morgan * * * * This file is a list of handy libc wrappers that attempt to provide some * thread-safe and other convenient functionality to modules in a common form. * * A number of these functions reserve space in a pam_[sg]et_data item. * In all cases, the name of the item is prefixed with "pam_modutil_*". * * On systems that simply can't support thread safe programming, these * functions don't support it either - sorry. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SECURITY__PAM_MODUTIL_H #define _SECURITY__PAM_MODUTIL_H #include #include #include #include #ifdef __cplusplus extern "C" { #endif #include extern struct passwd * PAM_NONNULL((1,2)) pam_modutil_getpwnam(pam_handle_t *pamh, const char *user); extern struct passwd * PAM_NONNULL((1)) pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid); extern struct group * PAM_NONNULL((1,2)) pam_modutil_getgrnam(pam_handle_t *pamh, const char *group); extern struct group * PAM_NONNULL((1)) pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid); extern struct spwd * PAM_NONNULL((1,2)) pam_modutil_getspnam(pam_handle_t *pamh, const char *user); extern int PAM_NONNULL((1,2,3)) pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, const char *user, const char *group); extern int PAM_NONNULL((1,2)) pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, const char *user, gid_t group); extern int PAM_NONNULL((1,3)) pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, uid_t user, const char *group); extern int PAM_NONNULL((1)) pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, uid_t user, gid_t group); extern const char * PAM_NONNULL((1)) pam_modutil_getlogin(pam_handle_t *pamh); extern int pam_modutil_read(int fd, char *buffer, int count); extern int pam_modutil_write(int fd, const char *buffer, int count); extern int PAM_NONNULL((1,3)) pam_modutil_audit_write(pam_handle_t *pamh, int type, const char *message, int retval); struct pam_modutil_privs { gid_t *grplist; int number_of_groups; int allocated; gid_t old_gid; uid_t old_uid; int is_dropped; }; #define PAM_MODUTIL_NGROUPS 64 #define PAM_MODUTIL_DEF_PRIVS(n) \ gid_t n##_grplist[PAM_MODUTIL_NGROUPS]; \ struct pam_modutil_privs n = { n##_grplist, PAM_MODUTIL_NGROUPS, 0, -1, -1, 0 } extern int PAM_NONNULL((1,2,3)) pam_modutil_drop_priv(pam_handle_t *pamh, struct pam_modutil_privs *p, const struct passwd *pw); extern int PAM_NONNULL((1,2)) pam_modutil_regain_priv(pam_handle_t *pamh, struct pam_modutil_privs *p); #ifdef __cplusplus } #endif #endif /* _SECURITY__PAM_MODUTIL_H */ pam/libpam/libpam.map0000644000000000000000000000235313261244762011742 0ustar LIBPAM_1.0 { global: pam_acct_mgmt; pam_authenticate; pam_chauthtok; pam_close_session; pam_end; pam_open_session; pam_setcred; pam_start; pam_getenv; pam_putenv; pam_getenvlist; pam_set_item; pam_get_item; pam_strerror; pam_fail_delay; pam_set_data; pam_get_data; pam_get_user; local: *; }; LIBPAM_EXTENSION_1.0 { global: pam_prompt; pam_vprompt; pam_syslog; pam_vsyslog; }; LIBPAM_EXTENSION_1.1 { global: pam_get_authtok; } LIBPAM_EXTENSION_1.0; LIBPAM_EXTENSION_1.1.1 { global: pam_get_authtok_noverify; pam_get_authtok_verify; } LIBPAM_EXTENSION_1.1; LIBPAM_MODUTIL_1.0 { global: pam_modutil_getpwnam; pam_modutil_getpwuid; pam_modutil_getgrnam; pam_modutil_getgrgid; pam_modutil_getspnam; pam_modutil_user_in_group_nam_nam; pam_modutil_user_in_group_nam_gid; pam_modutil_user_in_group_uid_nam; pam_modutil_user_in_group_uid_gid; pam_modutil_getlogin; pam_modutil_read; pam_modutil_write; }; LIBPAM_MODUTIL_1.1 { global: pam_modutil_audit_write; } LIBPAM_MODUTIL_1.0; LIBPAM_MODUTIL_1.1.3 { global: pam_modutil_drop_priv; pam_modutil_regain_priv; } LIBPAM_MODUTIL_1.1; pam/libpam/pam_account.c0000644000000000000000000000076313261244762012437 0ustar /* pam_account.c - PAM Account Management */ #include "pam_private.h" #include int pam_acct_mgmt(pam_handle_t *pamh, int flags) { int retval; D(("called")); IF_NO_PAMH("pam_acct_mgmt", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } retval = _pam_dispatch(pamh, flags, PAM_ACCOUNT); #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_ACCOUNT, retval, flags); #endif return retval; } pam/libpam/pam_audit.c0000644000000000000000000001056213261244762012107 0ustar /* pam_audit.c -- Instrumentation code for Linux Auditing System */ /* (C) 2005-2006 Red Hat, Inc. -- Licensing details are in the COPYING file accompanying the Linux-PAM source distribution. Authors: Steve Grubb */ #include #include #include "pam_private.h" #include "pam_modutil_private.h" #ifdef HAVE_LIBAUDIT #include #include #include #include #include #include #include #include #define PAMAUDIT_LOGGED 1 static int _pam_audit_writelog(pam_handle_t *pamh, int audit_fd, int type, const char *message, int retval) { static int old_errno = -1; int rc; char buf[32]; snprintf(buf, sizeof(buf), "PAM:%s", message); rc = audit_log_acct_message (audit_fd, type, NULL, buf, (retval != PAM_USER_UNKNOWN && pamh->user) ? pamh->user : "?", -1, pamh->rhost, NULL, pamh->tty, retval == PAM_SUCCESS ); /* libaudit sets errno to his own negative error code. This can be an official errno number, but must not. It can also be a audit internal error code. Which makes errno useless :-((. Try the best to fix it. */ errno = -rc; pamh->audit_state |= PAMAUDIT_LOGGED; if (rc < 0) { if (rc == -EPERM && getuid() != 0) return 0; if (errno != old_errno) { old_errno = errno; pam_syslog (pamh, LOG_CRIT, "audit_log_acct_message() failed: %m"); } } return rc; } static int _pam_audit_open(pam_handle_t *pamh) { int audit_fd; audit_fd = audit_open(); if (audit_fd < 0) { /* You get these error codes only when the kernel doesn't have * audit compiled in. */ if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return -2; /* this should only fail in case of extreme resource shortage, * need to prevent login in that case for CAPP compliance. */ pam_syslog(pamh, LOG_CRIT, "audit_open() failed: %m"); return -1; } return audit_fd; } int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags) { const char *message; int type; int audit_fd; if ((audit_fd=_pam_audit_open(pamh)) == -1) { return PAM_SYSTEM_ERR; } else if (audit_fd == -2) { return retval; } switch (action) { case PAM_AUTHENTICATE: message = "authentication"; type = AUDIT_USER_AUTH; break; case PAM_OPEN_SESSION: message = "session_open"; type = AUDIT_USER_START; break; case PAM_CLOSE_SESSION: message = "session_close"; type = AUDIT_USER_END; break; case PAM_ACCOUNT: message = "accounting"; type = AUDIT_USER_ACCT; break; case PAM_CHAUTHTOK: message = "chauthtok"; type = AUDIT_USER_CHAUTHTOK; break; case PAM_SETCRED: message = "setcred"; if (flags & PAM_ESTABLISH_CRED) type = AUDIT_CRED_ACQ; else if ((flags & PAM_REINITIALIZE_CRED) || (flags & PAM_REFRESH_CRED)) type = AUDIT_CRED_REFR; else if (flags & PAM_DELETE_CRED) type = AUDIT_CRED_DISP; else type = AUDIT_USER_ERR; break; case _PAM_ACTION_DONE: message = "bad_ident"; type = AUDIT_USER_ERR; break; default: message = "UNKNOWN"; type = AUDIT_USER_ERR; pam_syslog(pamh, LOG_CRIT, "_pam_auditlog() should never get here"); retval = PAM_SYSTEM_ERR; } if (_pam_audit_writelog(pamh, audit_fd, type, message, retval) < 0) retval = PAM_SYSTEM_ERR; audit_close(audit_fd); return retval; } int _pam_audit_end(pam_handle_t *pamh, int status UNUSED) { if (! (pamh->audit_state & PAMAUDIT_LOGGED)) { /* PAM library is being shut down without any of the auditted * stacks having been run. Assume that this is sshd faking * things for an unknown user. */ _pam_auditlog(pamh, _PAM_ACTION_DONE, PAM_USER_UNKNOWN, 0); } return 0; } int pam_modutil_audit_write(pam_handle_t *pamh, int type, const char *message, int retval) { int audit_fd; int rc; if ((audit_fd=_pam_audit_open(pamh)) == -1) { return PAM_SYSTEM_ERR; } else if (audit_fd == -2) { return retval; } rc = _pam_audit_writelog(pamh, audit_fd, type, message, retval); audit_close(audit_fd); return rc < 0 ? PAM_SYSTEM_ERR : PAM_SUCCESS; } #else int pam_modutil_audit_write(pam_handle_t *pamh UNUSED, int type UNUSED, const char *message UNUSED, int retval UNUSED) { return PAM_SUCCESS; } #endif /* HAVE_LIBAUDIT */ pam/libpam/pam_auth.c0000644000000000000000000000304713261244762011742 0ustar /* * pam_auth.c -- PAM authentication * * $Id$ * */ #include "pam_private.h" #include "pam_prelude.h" #include #include int pam_authenticate(pam_handle_t *pamh, int flags) { int retval; D(("pam_authenticate called")); IF_NO_PAMH("pam_authenticate", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } if (pamh->former.choice == PAM_NOT_STACKED) { _pam_sanitize(pamh); _pam_start_timer(pamh); /* we try to make the time for a failure independent of the time it takes to fail */ } retval = _pam_dispatch(pamh, flags, PAM_AUTHENTICATE); if (retval != PAM_INCOMPLETE) { _pam_sanitize(pamh); _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ D(("pam_authenticate exit")); } else { D(("will resume when ready")); } #ifdef PRELUDE prelude_send_alert(pamh, retval); #endif #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_AUTHENTICATE, retval, flags); #endif return retval; } int pam_setcred(pam_handle_t *pamh, int flags) { int retval; D(("pam_setcred called")); IF_NO_PAMH("pam_setcred", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } if (! flags) { flags = PAM_ESTABLISH_CRED; } retval = _pam_dispatch(pamh, flags, PAM_SETCRED); #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_SETCRED, retval, flags); #endif D(("pam_setcred exit")); return retval; } pam/libpam/pam_data.c0000644000000000000000000001101213261244762011701 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include "pam_private.h" #include #include static struct pam_data *_pam_locate_data(const pam_handle_t *pamh, const char *name) { struct pam_data *data; D(("called")); IF_NO_PAMH("_pam_locate_data", pamh, NULL); data = pamh->data; while (data) { if (!strcmp(data->name, name)) { return data; } data = data->next; } return NULL; } int pam_set_data( pam_handle_t *pamh, const char *module_data_name, void *data, void (*cleanup)(pam_handle_t *pamh, void *data, int error_status)) { struct pam_data *data_entry; D(("called")); IF_NO_PAMH("pam_set_data", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_APP(pamh)) { D(("called from application!?")); return PAM_SYSTEM_ERR; } /* module_data_name should not be NULL */ if (module_data_name == NULL) { D(("called with NULL as module_data_name")); return PAM_SYSTEM_ERR; } /* first check if there is some data already. If so clean it up */ if ((data_entry = _pam_locate_data(pamh, module_data_name))) { if (data_entry->cleanup) { data_entry->cleanup(pamh, data_entry->data, PAM_DATA_REPLACE | PAM_SUCCESS ); } } else if ((data_entry = malloc(sizeof(*data_entry)))) { char *tname; if ((tname = _pam_strdup(module_data_name)) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_set_data: no memory for data name"); _pam_drop(data_entry); return PAM_BUF_ERR; } data_entry->next = pamh->data; pamh->data = data_entry; data_entry->name = tname; } else { pam_syslog(pamh, LOG_CRIT, "pam_set_data: cannot allocate data entry"); return PAM_BUF_ERR; } data_entry->data = data; /* note this could be NULL */ data_entry->cleanup = cleanup; return PAM_SUCCESS; } int pam_get_data( const pam_handle_t *pamh, const char *module_data_name, const void **datap) { struct pam_data *data; D(("called")); IF_NO_PAMH("pam_get_data", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_APP(pamh)) { D(("called from application!?")); return PAM_SYSTEM_ERR; } /* module_data_name should not be NULL */ if (module_data_name == NULL) { D(("called with NULL as module_data_name")); return PAM_SYSTEM_ERR; } data = _pam_locate_data(pamh, module_data_name); if (data) { *datap = data->data; return PAM_SUCCESS; } return PAM_NO_MODULE_DATA; } void _pam_free_data(pam_handle_t *pamh, int status) { struct pam_data *last; struct pam_data *data; D(("called")); IF_NO_PAMH("_pam_free_data", pamh, /* no return value for void fn */); data = pamh->data; while (data) { last = data; data = data->next; if (last->cleanup) { last->cleanup(pamh, last->data, status); } _pam_drop(last->name); _pam_drop(last); } } pam/libpam/pam_delay.c0000644000000000000000000001031513261244762012073 0ustar /* * pam_delay.c * * Copyright (c) Andrew G. Morgan 1996-9 * All rights reserved. * * $Id$ * */ /* * This is a simple implementation of a delay on failure mechanism; an * attempt to overcome authentication-time attacks in a simple manner. */ #include "pam_private.h" #include #include /* ********************************************************************** * initialize the time as unset, this is set on the return from the * authenticating pair of of the libpam pam_XXX calls. */ void _pam_reset_timer(pam_handle_t *pamh) { D(("setting pamh->fail_delay.set to FALSE")); pamh->fail_delay.set = PAM_FALSE; } /* ********************************************************************** * this function sets the start time for possible delayed failing. * * Eventually, it may set the timer so libpam knows how long the program * has already been executing. Currently, this value is used to seed * a pseudo-random number generator... */ void _pam_start_timer(pam_handle_t *pamh) { pamh->fail_delay.begin = time(NULL); D(("starting timer...")); } /* ******************************************************************* * Compute a pseudo random time. The value is base*(1 +/- 1/5) where * the distribution is pseudo gausian (the sum of three evenly * distributed random numbers -- central limit theorem and all ;^) The * linear random numbers are based on a formulae given in Knuth's * Seminumerical recipies that was reproduced in `Numerical Recipies * in C'. It is *not* a cryptographically strong generator, but it is * probably "good enough" for our purposes here. * * /dev/random might be a better place to look for some numbers... */ static unsigned int _pam_rand(unsigned int seed) { #define N1 1664525 #define N2 1013904223 return N1*seed + N2; } static unsigned int _pam_compute_delay(unsigned int seed, unsigned int base) { int i; double sum; unsigned int ans; for (sum=i=0; i<3; ++i) { seed = _pam_rand(seed); sum += (double) ((seed / 10) % 1000000); } sum = (sum/3.)/1e6 - .5; /* rescale */ ans = (unsigned int) ( base*(1.+sum) ); D(("random number: base=%u -> ans=%u\n", base, ans)); return ans; } /* ********************************************************************** * the following function sleeps for a random time. The actual time * slept is computed above.. It is based on the requested time but will * differ by up to +/- 25%. */ void _pam_await_timer(pam_handle_t *pamh, int status) { unsigned int delay; D(("waiting?...")); delay = _pam_compute_delay(pamh->fail_delay.begin, pamh->fail_delay.delay); if (pamh->fail_delay.delay_fn_ptr) { union { const void *value; void (*fn)(int, unsigned, void *); } hack_fn_u; void *appdata_ptr; if (pamh->pam_conversation) { appdata_ptr = pamh->pam_conversation->appdata_ptr; } else { appdata_ptr = NULL; } /* always call the applications delay function, even if the delay is zero - indicate status */ hack_fn_u.value = pamh->fail_delay.delay_fn_ptr; hack_fn_u.fn(status, delay, appdata_ptr); } else if (status != PAM_SUCCESS && pamh->fail_delay.set) { D(("will wait %u usec", delay)); if (delay > 0) { struct timeval tval; tval.tv_sec = delay / 1000000; tval.tv_usec = delay % 1000000; select(0, NULL, NULL, NULL, &tval); } } _pam_reset_timer(pamh); D(("waiting done")); } /* ********************************************************************** * this function is known to both the module and the application, it * keeps a running score of the largest-requested delay so far, as * specified by either modules or an application. */ int pam_fail_delay(pam_handle_t *pamh, unsigned int usec) { unsigned int largest; IF_NO_PAMH("pam_fail_delay", pamh, PAM_SYSTEM_ERR); D(("setting delay to %u",usec)); if (pamh->fail_delay.set) { largest = pamh->fail_delay.delay; } else { pamh->fail_delay.set = PAM_TRUE; largest = 0; } D(("largest = %u",largest)); if (largest < usec) { D(("resetting largest delay")); pamh->fail_delay.delay = usec; } return PAM_SUCCESS; } pam/libpam/pam_dispatch.c0000644000000000000000000002757713261244762012616 0ustar /* pam_dispatch.c - handles module function dispatch */ /* * Copyright (c) 1998, 2005 Andrew G. Morgan * */ #include "pam_private.h" #include #include /* * this is the return code we return when a function pointer is NULL * or, the handler structure indicates a broken module config line */ #define PAM_MUST_FAIL_CODE PAM_PERM_DENIED /* impression codes - this gives some sense to the logical choices */ #define _PAM_UNDEF 0 #define _PAM_POSITIVE +1 #define _PAM_NEGATIVE -1 /* frozen chain required codes */ #define _PAM_PLEASE_FREEZE 0 #define _PAM_MAY_BE_FROZEN 1 #define _PAM_MUST_BE_FROZEN 2 /* * walk a stack of modules. Interpret the administrator's instructions * when combining the return code of each module. */ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, _pam_boolean resumed, int use_cached_chain) { int depth, impression, status, skip_depth, prev_level, stack_level; struct _pam_substack_state *substates = NULL; IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR); if (h == NULL) { const void *service=NULL; (void) pam_get_item(pamh, PAM_SERVICE, &service); pam_syslog(pamh, LOG_ERR, "no modules loaded for `%s' service", service ? (const char *)service:"" ); service = NULL; return PAM_MUST_FAIL_CODE; } /* if we are recalling this module stack because a former call did not complete, we restore the state of play from pamh. */ if (resumed) { skip_depth = pamh->former.depth; status = pamh->former.status; impression = pamh->former.impression; substates = pamh->former.substates; /* forget all that */ pamh->former.impression = _PAM_UNDEF; pamh->former.status = PAM_MUST_FAIL_CODE; pamh->former.depth = 0; pamh->former.substates = NULL; } else { skip_depth = 0; substates = malloc(PAM_SUBSTACK_MAX_LEVEL * sizeof(*substates)); if (substates == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_dispatch_aux: no memory for substack states"); return PAM_BUF_ERR; } substates[0].impression = impression = _PAM_UNDEF; substates[0].status = status = PAM_MUST_FAIL_CODE; } prev_level = 0; /* Loop through module logic stack */ for (depth=0 ; h != NULL ; prev_level = stack_level, h = h->next, ++depth) { int retval, cached_retval, action; stack_level = h->stack_level; /* skip leading modules if they have already returned */ if (depth < skip_depth) { continue; } /* remember state if we are entering a substack */ if (prev_level < stack_level) { substates[stack_level].impression = impression; substates[stack_level].status = status; } /* attempt to call the module */ if (h->handler_type == PAM_HT_MUST_FAIL) { D(("module poorly listed in PAM config; forcing failure")); retval = PAM_MUST_FAIL_CODE; } else if (h->handler_type == PAM_HT_SUBSTACK) { D(("skipping substack handler")); continue; } else if (h->func == NULL) { D(("module function is not defined, indicating failure")); retval = PAM_MODULE_UNKNOWN; } else { D(("passing control to module...")); pamh->mod_name=h->mod_name; pamh->mod_argc = h->argc; pamh->mod_argv = h->argv; retval = h->func(pamh, flags, h->argc, h->argv); pamh->mod_name=NULL; pamh->mod_argc = 0; pamh->mod_argv = NULL; D(("module returned: %s", pam_strerror(pamh, retval))); } /* * PAM_INCOMPLETE return is special. It indicates that the * module wants to wait for the application before continuing. * In order to return this, the module will have saved its * state so it can resume from an equivalent position when it * is called next time. (This was added as of 0.65) */ if (retval == PAM_INCOMPLETE) { pamh->former.impression = impression; pamh->former.status = status; pamh->former.depth = depth; pamh->former.substates = substates; D(("module %d returned PAM_INCOMPLETE", depth)); return retval; } /* * use_cached_chain is how we ensure that the setcred and * close_session modules are called in the same order as they did * when they were invoked as auth/open_session. This feature was * added in 0.75 to make the behavior of pam_setcred sane. */ if (use_cached_chain != _PAM_PLEASE_FREEZE) { /* a former stack execution should have frozen the chain */ cached_retval = *(h->cached_retval_p); if (cached_retval == _PAM_INVALID_RETVAL) { /* This may be a problem condition. It implies that the application is running setcred, close_session, chauthtok(2nd) without having first run authenticate, open_session, chauthtok(1st) [respectively]. */ D(("use_cached_chain is set to [%d]," " but cached_retval == _PAM_INVALID_RETVAL", use_cached_chain)); /* In the case of close_session and setcred there is a backward compatibility reason for allowing this, in the chauthtok case we have encountered a bug in libpam! */ if (use_cached_chain == _PAM_MAY_BE_FROZEN) { /* (not ideal) force non-frozen stack control. */ cached_retval = retval; } else { D(("BUG in libpam -" " chain is required to be frozen but isn't")); /* cached_retval is already _PAM_INVALID_RETVAL */ } } } else { /* this stack execution is defining the frozen chain */ cached_retval = h->cached_retval = retval; } /* verify that the return value is a valid one */ if ((cached_retval < PAM_SUCCESS) || (cached_retval >= _PAM_RETURN_VALUES)) { retval = PAM_MUST_FAIL_CODE; action = _PAM_ACTION_BAD; } else { /* We treat the current retval with some respect. It may (for example, in the case of setcred) have a value that needs to be propagated to the user. We want to use the cached_retval to determine the modules to be executed in the stacked chain, but we want to treat each non-ignored module in the cached chain as now being 'required'. We only need to treat the, _PAM_ACTION_IGNORE, _PAM_ACTION_IS_JUMP and _PAM_ACTION_RESET actions specially. */ action = h->actions[cached_retval]; } D(("use_cached_chain=%d action=%d cached_retval=%d retval=%d", use_cached_chain, action, cached_retval, retval)); /* decide what to do */ switch (action) { case _PAM_ACTION_RESET: impression = substates[stack_level].impression; status = substates[stack_level].status; break; case _PAM_ACTION_OK: case _PAM_ACTION_DONE: if ( impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { /* in case of using cached chain we could get here with PAM_IGNORE - don't return it */ if ( retval != PAM_IGNORE || cached_retval == retval ) { impression = _PAM_POSITIVE; status = retval; } } if ( impression == _PAM_POSITIVE && action == _PAM_ACTION_DONE ) { goto decision_made; } break; case _PAM_ACTION_BAD: case _PAM_ACTION_DIE: #ifdef PAM_FAIL_NOW_ON if ( cached_retval == PAM_ABORT ) { impression = _PAM_NEGATIVE; status = PAM_PERM_DENIED; goto decision_made; } #endif /* PAM_FAIL_NOW_ON */ if ( impression != _PAM_NEGATIVE ) { impression = _PAM_NEGATIVE; /* Don't return with PAM_IGNORE as status */ if ( retval == PAM_IGNORE ) status = PAM_MUST_FAIL_CODE; else status = retval; } if ( action == _PAM_ACTION_DIE ) { goto decision_made; } break; case _PAM_ACTION_IGNORE: break; /* if we get here, we expect action is a positive number -- this is what the ...JUMP macro checks. */ default: if ( _PAM_ACTION_IS_JUMP(action) ) { /* If we are evaluating a cached chain, we treat this module as required (aka _PAM_ACTION_OK) as well as executing the jump. */ if (use_cached_chain) { if (impression == _PAM_UNDEF || (impression == _PAM_POSITIVE && status == PAM_SUCCESS) ) { if ( retval != PAM_IGNORE || cached_retval == retval ) { impression = _PAM_POSITIVE; status = retval; } } } /* this means that we need to skip #action stacked modules */ while (h->next != NULL && h->next->stack_level >= stack_level && action > 0) { do { h = h->next; ++depth; } while (h->next != NULL && h->next->stack_level > stack_level); --action; } /* note if we try to skip too many modules action is still non-zero and we snag the next if. */ } /* this case is a syntax error: we can't succeed */ if (action) { pam_syslog(pamh, LOG_ERR, "bad jump in stack"); impression = _PAM_NEGATIVE; status = PAM_MUST_FAIL_CODE; } } continue; decision_made: /* by getting here we have made a decision */ while (h->next != NULL && h->next->stack_level >= stack_level) { h = h->next; ++depth; } } /* Sanity check */ if ( status == PAM_SUCCESS && impression != _PAM_POSITIVE ) { D(("caught on sanity check -- this is probably a config error!")); status = PAM_MUST_FAIL_CODE; } free(substates); /* We have made a decision about the modules executed */ return status; } /* * This function translates the module dispatch request into a pointer * to the stack of modules that will actually be run. the * _pam_dispatch_aux() function (above) is responsible for walking the * module stack. */ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) { struct handler *h = NULL; int retval, use_cached_chain; _pam_boolean resumed; IF_NO_PAMH("_pam_dispatch", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from a module!?")); return PAM_SYSTEM_ERR; } /* Load all modules, resolve all symbols */ if ((retval = _pam_init_handlers(pamh)) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "unable to dispatch function"); return retval; } use_cached_chain = _PAM_PLEASE_FREEZE; switch (choice) { case PAM_AUTHENTICATE: h = pamh->handlers.conf.authenticate; break; case PAM_SETCRED: h = pamh->handlers.conf.setcred; use_cached_chain = _PAM_MAY_BE_FROZEN; break; case PAM_ACCOUNT: h = pamh->handlers.conf.acct_mgmt; break; case PAM_OPEN_SESSION: h = pamh->handlers.conf.open_session; break; case PAM_CLOSE_SESSION: h = pamh->handlers.conf.close_session; use_cached_chain = _PAM_MAY_BE_FROZEN; break; case PAM_CHAUTHTOK: h = pamh->handlers.conf.chauthtok; break; default: pam_syslog(pamh, LOG_ERR, "undefined fn choice; %d", choice); return PAM_ABORT; } if (h == NULL) { /* there was no handlers.conf... entry; will use * handlers.other... */ switch (choice) { case PAM_AUTHENTICATE: h = pamh->handlers.other.authenticate; break; case PAM_SETCRED: h = pamh->handlers.other.setcred; break; case PAM_ACCOUNT: h = pamh->handlers.other.acct_mgmt; break; case PAM_OPEN_SESSION: h = pamh->handlers.other.open_session; break; case PAM_CLOSE_SESSION: h = pamh->handlers.other.close_session; break; case PAM_CHAUTHTOK: h = pamh->handlers.other.chauthtok; break; } } /* Did a module return an "incomplete state" last time? */ if (pamh->former.choice != PAM_NOT_STACKED) { if (pamh->former.choice != choice) { pam_syslog(pamh, LOG_ERR, "application failed to re-exec stack [%d:%d]", pamh->former.choice, choice); return PAM_ABORT; } resumed = PAM_TRUE; } else { resumed = PAM_FALSE; } __PAM_TO_MODULE(pamh); /* call the list of module functions */ pamh->choice = choice; retval = _pam_dispatch_aux(pamh, flags, h, resumed, use_cached_chain); resumed = PAM_FALSE; __PAM_TO_APP(pamh); /* Should we recall where to resume next time? */ if (retval == PAM_INCOMPLETE) { D(("module [%d] returned PAM_INCOMPLETE")); pamh->former.choice = choice; } else { pamh->former.choice = PAM_NOT_STACKED; } return retval; } pam/libpam/pam_dynamic.c0000644000000000000000000000741113261244762012424 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "pam_private.h" #ifndef PAM_STATIC #ifdef PAM_SHL # include #elif defined(PAM_DYLD) # include #else /* PAM_SHL */ # include #endif /* PAM_SHL */ #ifndef SHLIB_SYM_PREFIX #define SHLIB_SYM_PREFIX "_" #endif void *_pam_dlopen(const char *mod_path) { #ifdef PAM_SHL return shl_load(mod_path, BIND_IMMEDIATE, 0L); #elif defined(PAM_DYLD) NSObjectFileImage ofile; void *ret = NULL; if (NSCreateObjectFileImageFromFile(mod_path, &ofile) != NSObjectFileImageSuccess ) return NULL; ret = NSLinkModule(ofile, mod_path, NSLINKMODULE_OPTION_PRIVATE | NSLINKMODULE_OPTION_BINDNOW); NSDestroyObjectFileImage(ofile); return ret; #else return dlopen(mod_path, RTLD_NOW); #endif } servicefn _pam_dlsym(void *handle, const char *symbol) { #ifdef PAM_SHL char *_symbol = NULL; servicefn ret; if( symbol == NULL ) return NULL; if( shl_findsym(&handle, symbol, (short) TYPE_PROCEDURE, &ret ){ _symbol = malloc( strlen(symbol) + sizeof(SHLIB_SYM_PREFIX) + 1 ); if( _symbol == NULL ) return NULL; strcpy(_symbol, SHLIB_SYM_PREFIX); strcat(_symbol, symbol); if( shl_findsym(&handle, _symbol, (short) TYPE_PROCEDURE, &ret ){ free(_symbol); return NULL; } free(_symbol); } return ret; #elif defined(PAM_DYLD) NSSymbol nsSymbol; char *_symbol; if( symbol == NULL ) return NULL; _symbol = malloc( strlen(symbol) + 2 ); if( _symbol == NULL ) return NULL; strcpy(_symbol, SHLIB_SYM_PREFIX); strcat(_symbol, symbol); nsSymbol = NSLookupSymbolInModule(handle, _symbol); if( nsSymbol == NULL ) return NULL; free(_symbol); return (servicefn)NSAddressOfSymbol(nsSymbol); #else return (servicefn) dlsym(handle, symbol); #endif } void _pam_dlclose(void *handle) { #ifdef PAM_SHL shl_unload(handle); #elif defined(PAM_DYLD) NSUnLinkModule((NSModule)handle, NSUNLINKMODULE_OPTION_NONE); #else dlclose(handle); #endif return; } const char * _pam_dlerror (void) { #if defined(PAM_SHL) || defined(PAM_DYLD) return "unknown"; #else return dlerror (); #endif } #endif pam/libpam/pam_end.c0000644000000000000000000000445013261244762011546 0ustar /* pam_end.c */ /* * $Id$ */ #include "pam_private.h" #include int pam_end(pam_handle_t *pamh, int pam_status) { int ret; D(("entering pam_end()")); IF_NO_PAMH("pam_end", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } #ifdef HAVE_LIBAUDIT _pam_audit_end(pamh, pam_status); #endif /* first liberate the modules (it is not inconcevible that the modules may need to use the service_name etc. to clean up) */ _pam_free_data(pamh, pam_status); /* now drop all modules */ if ((ret = _pam_free_handlers(pamh)) != PAM_SUCCESS) { return ret; /* error occurred */ } /* from this point we cannot call the modules any more. Free the remaining memory used by the Linux-PAM interface */ _pam_drop_env(pamh); /* purge the environment */ _pam_overwrite(pamh->authtok); /* blank out old token */ _pam_drop(pamh->authtok); _pam_overwrite(pamh->oldauthtok); /* blank out old token */ _pam_drop(pamh->oldauthtok); _pam_overwrite(pamh->former.prompt); _pam_drop(pamh->former.prompt); /* drop saved prompt */ _pam_overwrite(pamh->service_name); _pam_drop(pamh->service_name); _pam_overwrite(pamh->user); _pam_drop(pamh->user); _pam_overwrite(pamh->prompt); _pam_drop(pamh->prompt); /* prompt for pam_get_user() */ _pam_overwrite(pamh->tty); _pam_drop(pamh->tty); _pam_overwrite(pamh->rhost); _pam_drop(pamh->rhost); _pam_overwrite(pamh->ruser); _pam_drop(pamh->ruser); _pam_drop(pamh->pam_conversation); pamh->fail_delay.delay_fn_ptr = NULL; _pam_drop(pamh->former.substates); _pam_overwrite(pamh->xdisplay); _pam_drop(pamh->xdisplay); _pam_overwrite(pamh->xauth.name); _pam_drop(pamh->xauth.name); _pam_overwrite_n(pamh->xauth.data, (unsigned int)pamh->xauth.datalen); _pam_drop(pamh->xauth.data); _pam_overwrite_n((char *)&pamh->xauth, sizeof(pamh->xauth)); _pam_overwrite(pamh->authtok_type); _pam_drop(pamh->authtok_type); /* and finally liberate the memory for the pam_handle structure */ _pam_drop(pamh); D(("exiting pam_end() successfully")); return PAM_SUCCESS; } pam/libpam/pam_env.c0000644000000000000000000002265513261244762011577 0ustar /* * pam_env.c * * Copyright (c) Andrew G. Morgan 1996,1997 * All rights reserved. * * This file was written from a "hint" provided by the people at SUN. * and the X/Open XSSO draft of March 1997. * * $Id$ */ #include "pam_private.h" #include #include #ifdef sunos #define memmove(x,y,z) bcopy(y,x,z) #endif /* helper functions */ #ifdef PAM_DEBUG static void _pam_dump_env(pam_handle_t *pamh) { int i; D(("Listing environment of pamh=%p", pamh)); D(("pamh->env = %p", pamh->env)); D(("environment entries used = %d [of %d allocated]" , pamh->env->requested, pamh->env->entries)); for (i=0; ienv->requested; ++i) { _pam_output_debug(">%-3d [%9p]:[%s]" , i, pamh->env->list[i], pamh->env->list[i]); } _pam_output_debug("*NOTE* the last item should be (nil)"); } #else #define _pam_dump_env(x) #endif /* * Create the environment */ int _pam_make_env(pam_handle_t *pamh) { D(("called.")); IF_NO_PAMH("_pam_make_env", pamh, PAM_ABORT); /* * get structure memory */ pamh->env = (struct pam_environ *) malloc(sizeof(struct pam_environ)); if (pamh->env == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_make_env: out of memory"); return PAM_BUF_ERR; } /* * get list memory */ pamh->env->list = (char **)calloc( PAM_ENV_CHUNK, sizeof(char *) ); if (pamh->env->list == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_make_env: no memory for list"); _pam_drop(pamh->env); return PAM_BUF_ERR; } /* * fill entries in pamh->env */ pamh->env->entries = PAM_ENV_CHUNK; pamh->env->requested = 1; pamh->env->list[0] = NULL; _pam_dump_env(pamh); /* only active when debugging */ return PAM_SUCCESS; } /* * purge the environment */ void _pam_drop_env(pam_handle_t *pamh) { D(("called.")); IF_NO_PAMH("_pam_make_env", pamh, /* nothing to return */); if (pamh->env != NULL) { int i; /* we will only purge the pamh->env->requested number of elements */ for (i=pamh->env->requested-1; i-- > 0; ) { D(("dropping #%3d>%s<", i, pamh->env->list[i])); _pam_overwrite(pamh->env->list[i]); /* clean */ _pam_drop(pamh->env->list[i]); /* forget */ } pamh->env->requested = 0; pamh->env->entries = 0; _pam_drop(pamh->env->list); /* forget */ _pam_drop(pamh->env); /* forget */ } else { D(("no environment present in pamh?")); } } /* * Return the item number of the given variable = first 'length' chars * of 'name_value'. Since this is a static function, it is safe to * assume its supplied arguments are well defined. */ static int _pam_search_env(const struct pam_environ *env , const char *name_value, int length) { int i; for (i=env->requested-1; i-- > 0; ) { if (strncmp(name_value,env->list[i],length) == 0 && env->list[i][length] == '=') { return i; /* Got it! */ } } return -1; /* no luck */ } /* * externally visible functions */ /* * pam_putenv(): Add/replace/delete a PAM-environment variable. * * Add/replace: * name_value = "NAME=VALUE" or "NAME=" (for empty value="\0") * * delete: * name_value = "NAME" */ int pam_putenv(pam_handle_t *pamh, const char *name_value) { int l2eq, item, retval; D(("called.")); IF_NO_PAMH("pam_putenv", pamh, PAM_ABORT); if (name_value == NULL) { pam_syslog(pamh, LOG_ERR, "pam_putenv: no variable indicated"); return PAM_PERM_DENIED; } /* * establish if we are setting or deleting; scan for '=' */ for (l2eq=0; name_value[l2eq] && name_value[l2eq] != '='; ++l2eq); if (l2eq <= 0) { pam_syslog(pamh, LOG_ERR, "pam_putenv: bad variable"); return PAM_BAD_ITEM; } /* * Look first for environment. */ if (pamh->env == NULL || pamh->env->list == NULL) { pam_syslog(pamh, LOG_ERR, "pam_putenv: no env%s found", pamh->env == NULL ? "":"-list"); return PAM_ABORT; } /* find the item to replace */ item = _pam_search_env(pamh->env, name_value, l2eq); if (name_value[l2eq]) { /* (re)setting */ if (item == -1) { /* new variable */ D(("adding item: %s", name_value)); /* enough space? */ if (pamh->env->entries <= pamh->env->requested) { register int i; register char **tmp; /* get some new space */ tmp = calloc( pamh->env->entries + PAM_ENV_CHUNK , sizeof(char *) ); if (tmp == NULL) { /* nothing has changed - old env intact */ pam_syslog(pamh, LOG_CRIT, "pam_putenv: cannot grow environment"); return PAM_BUF_ERR; } /* copy old env-item pointers/forget old */ for (i=0; ienv->requested; ++i) { tmp[i] = pamh->env->list[i]; pamh->env->list[i] = NULL; } /* drop old list and replace with new */ _pam_drop(pamh->env->list); pamh->env->list = tmp; pamh->env->entries += PAM_ENV_CHUNK; D(("resized env list")); _pam_dump_env(pamh); /* only when debugging */ } item = pamh->env->requested-1; /* old last item (NULL) */ /* add a new NULL entry at end; increase counter */ pamh->env->list[pamh->env->requested++] = NULL; } else { /* replace old */ D(("replacing item: %s\n with: %s" , pamh->env->list[item], name_value)); _pam_overwrite(pamh->env->list[item]); _pam_drop(pamh->env->list[item]); } /* * now we have a place to put the new env-item, insert at 'item' */ pamh->env->list[item] = _pam_strdup(name_value); if (pamh->env->list[item] != NULL) { _pam_dump_env(pamh); /* only when debugging */ return PAM_SUCCESS; } /* something went wrong; we should delete the item - fall through */ retval = PAM_BUF_ERR; /* an error occurred */ } else { retval = PAM_SUCCESS; /* we requested delete */ } /* getting to here implies we are deleting an item */ if (item < 0) { pam_syslog(pamh, LOG_ERR, "pam_putenv: delete non-existent entry; %s", name_value); return PAM_BAD_ITEM; } /* * remove item: purge memory; reset counter; resize [; display-env] */ D(("deleting: env#%3d:[%s]", item, pamh->env->list[item])); _pam_overwrite(pamh->env->list[item]); _pam_drop(pamh->env->list[item]); --(pamh->env->requested); D(("mmove: item[%d]+%d -> item[%d]" , item+1, ( pamh->env->requested - item ), item)); (void) memmove(&pamh->env->list[item], &pamh->env->list[item+1] , ( pamh->env->requested - item )*sizeof(char *) ); _pam_dump_env(pamh); /* only when debugging */ /* * deleted. */ return retval; } /* * Return the value of the requested environment variable */ const char *pam_getenv(pam_handle_t *pamh, const char *name) { int item; D(("called.")); IF_NO_PAMH("pam_getenv", pamh, NULL); if (name == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenv: no variable indicated"); return NULL; } if (pamh->env == NULL || pamh->env->list == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenv: no env%s found", pamh->env == NULL ? "":"-list" ); return NULL; } /* find the requested item */ item = _pam_search_env(pamh->env, name, strlen(name)); if (item != -1) { D(("env-item: %s, found!", name)); return (pamh->env->list[item] + 1 + strlen(name)); } else { D(("env-item: %s, not found", name)); return NULL; } } static char **_copy_env(pam_handle_t *pamh) { char **dump; int i = pamh->env->requested; /* reckon size of environment */ char *const *env = pamh->env->list; D(("now get some memory for dump")); /* allocate some memory for this (plus the null tail-pointer) */ dump = (char **) calloc(i, sizeof(char *)); D(("dump = %p", dump)); if (dump == NULL) { return NULL; } /* now run through entries and copy the variables over */ dump[--i] = NULL; while (i-- > 0) { D(("env[%d]=`%s'", i,env[i])); dump[i] = _pam_strdup(env[i]); D(("->dump[%d]=`%s'", i,dump[i])); if (dump[i] == NULL) { /* out of memory */ while (dump[++i]) { _pam_overwrite(dump[i]); _pam_drop(dump[i]); } _pam_drop(dump); return NULL; } } env = NULL; /* forget now */ /* return transcribed environment */ return dump; } char **pam_getenvlist(pam_handle_t *pamh) { int i; D(("called.")); IF_NO_PAMH("pam_getenvlist", pamh, NULL); if (pamh->env == NULL || pamh->env->list == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenvlist: no env%s found", pamh->env == NULL ? "":"-list" ); return NULL; } /* some quick checks */ if (pamh->env->requested > pamh->env->entries) { pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment corruption"); _pam_dump_env(pamh); /* only active when debugging */ return NULL; } for (i=pamh->env->requested-1; i-- > 0; ) { if (pamh->env->list[i] == NULL) { pam_syslog(pamh, LOG_ERR, "pam_getenvlist: environment broken"); _pam_dump_env(pamh); /* only active when debugging */ return NULL; /* somehow we've broken the environment!? */ } } /* Seems fine; copy environment */ _pam_dump_env(pamh); /* only active when debugging */ return _copy_env(pamh); } pam/libpam/pam_get_authtok.c0000644000000000000000000001623613261244762013323 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include "pam_private.h" #include #define PROMPT _("Password: ") /* For Translators: "%s%s" could be replaced with " " or "". */ #define PROMPT1 _("New %s%spassword: ") /* For Translators: "%s%s" could be replaced with " " or "". */ #define PROMPT2 _("Retype new %s%spassword: ") #define MISTYPED_PASS _("Sorry, passwords do not match.") #define PAM_GETAUTHTOK_NOVERIFY 1 static const char * get_option (pam_handle_t *pamh, const char *option) { int i; size_t len; if (option == NULL || pamh == NULL || pamh->mod_argc == 0 || pamh->mod_argv == NULL) return NULL; len = strlen (option); for (i = 0; i < pamh->mod_argc; i++) { if (strncmp (option, pamh->mod_argv[i], len) == 0) { if (pamh->mod_argv[i][len] == '=') return &(pamh->mod_argv[i][len+1]); else if (pamh->mod_argv[i][len] == '\0') return ""; } } return NULL; } static int pam_get_authtok_internal (pam_handle_t *pamh, int item, const char **authtok, const char *prompt, unsigned int flags) { char *resp[2] = {NULL, NULL}; const void *prevauthtok; const char *authtok_type = ""; int chpass = 0; /* Password change, ask twice for it */ int retval; if (authtok == NULL) return PAM_SYSTEM_ERR; /* PAM_AUTHTOK in password stack returns new password, which needs to be verified. */ if (item == PAM_AUTHTOK && pamh->choice == PAM_CHAUTHTOK) { chpass = 1; if (!(flags & PAM_GETAUTHTOK_NOVERIFY)) ++chpass; authtok_type = get_option (pamh, "authtok_type"); if (authtok_type == NULL) { retval = pam_get_item (pamh, PAM_AUTHTOK_TYPE, (const void **)&authtok_type); if (retval != PAM_SUCCESS || authtok_type == NULL) authtok_type = ""; } else pam_set_item(pamh, PAM_AUTHTOK_TYPE, authtok_type); } retval = pam_get_item (pamh, item, &prevauthtok); if (retval == PAM_SUCCESS && prevauthtok != NULL) { *authtok = prevauthtok; return PAM_SUCCESS; } else if (get_option (pamh, "use_first_pass") || (chpass && get_option (pamh, "use_authtok"))) { if (prevauthtok == NULL) { if (chpass) return PAM_AUTHTOK_ERR; else return PAM_AUTH_ERR; } else return retval; } if (prompt != NULL) { retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0], "%s", prompt); if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL) retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1], _("Retype %s"), prompt); } else if (chpass) { retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0], PROMPT1, authtok_type, strlen (authtok_type) > 0?" ":""); if (retval == PAM_SUCCESS && chpass > 1 && resp[0] != NULL) retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[1], PROMPT2, authtok_type, strlen (authtok_type) > 0?" ":""); } else retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp[0], "%s", PROMPT); if (retval != PAM_SUCCESS || resp[0] == NULL || (chpass > 1 && resp[1] == NULL)) { /* We want to abort the password change */ pam_error (pamh, _("Password change aborted.")); return PAM_AUTHTOK_ERR; } if (chpass > 1 && strcmp (resp[0], resp[1]) != 0) { pam_error (pamh, MISTYPED_PASS); _pam_overwrite (resp[0]); _pam_drop (resp[0]); _pam_overwrite (resp[1]); _pam_drop (resp[1]); return PAM_TRY_AGAIN; } _pam_overwrite (resp[1]); _pam_drop (resp[1]); retval = pam_set_item (pamh, item, resp[0]); _pam_overwrite (resp[0]); _pam_drop (resp[0]); if (retval != PAM_SUCCESS) return retval; return pam_get_item(pamh, item, (const void **)authtok); } int pam_get_authtok (pam_handle_t *pamh, int item, const char **authtok, const char *prompt) { return pam_get_authtok_internal (pamh, item, authtok, prompt, 0); } int pam_get_authtok_noverify (pam_handle_t *pamh, const char **authtok, const char *prompt) { return pam_get_authtok_internal (pamh, PAM_AUTHTOK, authtok, prompt, PAM_GETAUTHTOK_NOVERIFY); } int pam_get_authtok_verify (pam_handle_t *pamh, const char **authtok, const char *prompt) { char *resp = NULL; const char *authtok_type = ""; int retval; if (authtok == NULL || pamh->choice != PAM_CHAUTHTOK) return PAM_SYSTEM_ERR; if (prompt != NULL) { retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp, _("Retype %s"), prompt); } else { retval = pam_get_item (pamh, PAM_AUTHTOK_TYPE, (const void **)&authtok_type); if (retval != PAM_SUCCESS || authtok_type == NULL) authtok_type = ""; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp, PROMPT2, authtok_type, strlen (authtok_type) > 0?" ":""); } if (retval != PAM_SUCCESS || resp == NULL) { /* We want to abort the password change */ pam_set_item (pamh, PAM_AUTHTOK, NULL); pam_error (pamh, _("Password change aborted.")); return PAM_AUTHTOK_ERR; } if (strcmp (*authtok, resp) != 0) { pam_set_item (pamh, PAM_AUTHTOK, NULL); pam_error (pamh, MISTYPED_PASS); _pam_overwrite (resp); _pam_drop (resp); return PAM_TRY_AGAIN; } retval = pam_set_item (pamh, PAM_AUTHTOK, resp); _pam_overwrite (resp); _pam_drop (resp); if (retval != PAM_SUCCESS) return retval; return pam_get_item(pamh, PAM_AUTHTOK, (const void **)authtok); } pam/libpam/pam_handlers.c0000644000000000000000000007261713261244762012612 0ustar /* pam_handlers.c -- pam config file parsing and module loading */ /* * created by Marc Ewing. * Currently maintained by Andrew G. Morgan * */ #include "pam_private.h" #include #include #include #include #include #include #include #define BUF_SIZE 1024 #define MODULE_CHUNK 4 #define UNKNOWN_MODULE "<*unknown module*>" #ifndef _PAM_ISA #define _PAM_ISA "." #endif static int _pam_assemble_line(FILE *f, char *buf, int buf_len); static void _pam_free_handlers_aux(struct handler **hp); static int _pam_add_handler(pam_handle_t *pamh , int must_fail, int other, int stack_level, int type , int *actions, const char *mod_path , int argc, char **argv, int argvlen); /* Values for module type */ #define PAM_T_ANY 0 #define PAM_T_AUTH 1 #define PAM_T_SESS 2 #define PAM_T_ACCT 4 #define PAM_T_PASS 8 static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name , const char *service /* specific file */ , int module_type /* specific type */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other #endif /* PAM_READ_BOTH_CONFS */ ); static int _pam_parse_conf_file(pam_handle_t *pamh, FILE *f , const char *known_service /* specific file */ , int requested_module_type /* specific type */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other #endif /* PAM_READ_BOTH_CONFS */ ) { char buf[BUF_SIZE]; int x; /* read a line from the FILE *f ? */ /* * read a line from the configuration (FILE *) f */ while ((x = _pam_assemble_line(f, buf, BUF_SIZE)) > 0) { char *tok, *nexttok=NULL; const char *this_service; const char *mod_path; int module_type, actions[_PAM_RETURN_VALUES]; int other; /* set if module is for PAM_DEFAULT_SERVICE */ int res; /* module added successfully? */ int handler_type = PAM_HT_MODULE; /* regular handler from a module */ int argc; char **argv; int argvlen; D(("_pam_init_handler: LINE: %s", buf)); if (known_service != NULL) { nexttok = buf; /* No service field: all lines are for the known service. */ this_service = known_service; } else { this_service = tok = _pam_StrTok(buf, " \n\t", &nexttok); } #ifdef PAM_READ_BOTH_CONFS if (not_other) other = 0; else #endif /* PAM_READ_BOTH_CONFS */ other = !strcasecmp(this_service, PAM_DEFAULT_SERVICE); /* accept "service name" or PAM_DEFAULT_SERVICE modules */ if (!strcasecmp(this_service, pamh->service_name) || other) { int pam_include = 0; int substack = 0; /* This is a service we are looking for */ D(("_pam_init_handlers: Found PAM config entry for: %s" , this_service)); tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (tok == NULL) { /* module type does not exist */ D(("_pam_init_handlers: empty module type for %s", this_service)); pam_syslog(pamh, LOG_ERR, "(%s) empty module type", this_service); module_type = (requested_module_type != PAM_T_ANY) ? requested_module_type : PAM_T_AUTH; /* most sensitive */ handler_type = PAM_HT_MUST_FAIL; /* install as normal but fail when dispatched */ } else { if (tok[0] == '-') { /* do not log module load errors */ handler_type = PAM_HT_SILENT_MODULE; ++tok; } if (!strcasecmp("auth", tok)) { module_type = PAM_T_AUTH; } else if (!strcasecmp("session", tok)) { module_type = PAM_T_SESS; } else if (!strcasecmp("account", tok)) { module_type = PAM_T_ACCT; } else if (!strcasecmp("password", tok)) { module_type = PAM_T_PASS; } else { /* Illegal module type */ D(("_pam_init_handlers: bad module type: %s", tok)); pam_syslog(pamh, LOG_ERR, "(%s) illegal module type: %s", this_service, tok); module_type = (requested_module_type != PAM_T_ANY) ? requested_module_type : PAM_T_AUTH; /* most sensitive */ handler_type = PAM_HT_MUST_FAIL; /* install as normal but fail when dispatched */ } } D(("Using %s config entry: %s", handler_type?"BAD ":"", tok)); if (requested_module_type != PAM_T_ANY && module_type != requested_module_type) { D(("Skipping config entry: %s (requested=%d, found=%d)", tok, requested_module_type, module_type)); continue; } /* reset the actions to .._UNDEF's -- this is so that we can work out which entries are not yet set (for default). */ { int i; for (i=0; i<_PAM_RETURN_VALUES; actions[i++] = _PAM_ACTION_UNDEF); } tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (tok == NULL) { /* no module name given */ D(("_pam_init_handlers: no control flag supplied")); pam_syslog(pamh, LOG_ERR, "(%s) no control flag supplied", this_service); _pam_set_default_control(actions, _PAM_ACTION_BAD); handler_type = PAM_HT_MUST_FAIL; } else if (!strcasecmp("required", tok)) { D(("*PAM_F_REQUIRED*")); actions[PAM_SUCCESS] = _PAM_ACTION_OK; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; actions[PAM_IGNORE] = _PAM_ACTION_IGNORE; _pam_set_default_control(actions, _PAM_ACTION_BAD); } else if (!strcasecmp("requisite", tok)) { D(("*PAM_F_REQUISITE*")); actions[PAM_SUCCESS] = _PAM_ACTION_OK; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; actions[PAM_IGNORE] = _PAM_ACTION_IGNORE; _pam_set_default_control(actions, _PAM_ACTION_DIE); } else if (!strcasecmp("optional", tok)) { D(("*PAM_F_OPTIONAL*")); actions[PAM_SUCCESS] = _PAM_ACTION_OK; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_OK; _pam_set_default_control(actions, _PAM_ACTION_IGNORE); } else if (!strcasecmp("sufficient", tok)) { D(("*PAM_F_SUFFICIENT*")); actions[PAM_SUCCESS] = _PAM_ACTION_DONE; actions[PAM_NEW_AUTHTOK_REQD] = _PAM_ACTION_DONE; _pam_set_default_control(actions, _PAM_ACTION_IGNORE); } else if (!strcasecmp("include", tok)) { D(("*PAM_F_INCLUDE*")); pam_include = 1; substack = 0; } else if (!strcasecmp("substack", tok)) { D(("*PAM_F_SUBSTACK*")); pam_include = 1; substack = 1; } else { D(("will need to parse %s", tok)); _pam_parse_control(actions, tok); /* by default the default is to treat as failure */ _pam_set_default_control(actions, _PAM_ACTION_BAD); } tok = _pam_StrTok(NULL, " \n\t", &nexttok); if (pam_include) { if (substack) { res = _pam_add_handler(pamh, PAM_HT_SUBSTACK, other, stack_level, module_type, actions, tok, 0, NULL, 0); if (res != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error adding substack %s", tok); D(("failed to load module - aborting")); return PAM_ABORT; } } if (_pam_load_conf_file(pamh, tok, this_service, module_type, stack_level + substack #ifdef PAM_READ_BOTH_CONFS , !other #endif /* PAM_READ_BOTH_CONFS */ ) == PAM_SUCCESS) continue; _pam_set_default_control(actions, _PAM_ACTION_BAD); mod_path = NULL; handler_type = PAM_HT_MUST_FAIL; nexttok = NULL; } else if (tok != NULL) { mod_path = tok; D(("mod_path = %s",mod_path)); } else { /* no module name given */ D(("_pam_init_handlers: no module name supplied")); pam_syslog(pamh, LOG_ERR, "(%s) no module name supplied", this_service); mod_path = NULL; handler_type = PAM_HT_MUST_FAIL; } /* nexttok points to remaining arguments... */ if (nexttok != NULL) { D(("list: %s",nexttok)); argvlen = _pam_mkargv(nexttok, &argv, &argc); D(("argvlen = %d",argvlen)); } else { /* there are no arguments so fix by hand */ D(("_pam_init_handlers: empty argument list")); argvlen = argc = 0; argv = NULL; } #ifdef PAM_DEBUG { int y; D(("CONF%s: %s%s %d %s %d" , handler_type==PAM_HT_MUST_FAIL?"<*will fail*>":"" , this_service, other ? "(backup)":"" , module_type , mod_path, argc)); for (y = 0; y < argc; y++) { D(("CONF: %s", argv[y])); } for (y = 0; y<_PAM_RETURN_VALUES; ++y) { D(("RETURN %s(%d) -> %d %s", _pam_token_returns[y], y, actions[y], actions[y]>0 ? "jump": _pam_token_actions[-actions[y]])); } } #endif res = _pam_add_handler(pamh, handler_type, other, stack_level , module_type, actions, mod_path , argc, argv, argvlen); if (res != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error loading %s", mod_path); D(("failed to load module - aborting")); return PAM_ABORT; } } } return ( (x < 0) ? PAM_ABORT:PAM_SUCCESS ); } static int _pam_load_conf_file(pam_handle_t *pamh, const char *config_name , const char *service /* specific file */ , int module_type /* specific type */ , int stack_level /* level of substack */ #ifdef PAM_READ_BOTH_CONFS , int not_other #endif /* PAM_READ_BOTH_CONFS */ ) { FILE *f; char *config_path = NULL; int retval = PAM_ABORT; D(("_pam_load_conf_file called")); if (stack_level >= PAM_SUBSTACK_MAX_LEVEL) { D(("maximum level of substacks reached")); pam_syslog(pamh, LOG_ERR, "maximum level of substacks reached"); return PAM_ABORT; } if (config_name == NULL) { D(("no config file supplied")); pam_syslog(pamh, LOG_ERR, "(%s) no config file supplied", service); return PAM_ABORT; } if (config_name[0] != '/') { if (asprintf (&config_path, PAM_CONFIG_DF, config_name) < 0) { pam_syslog(pamh, LOG_CRIT, "asprintf failed"); return PAM_BUF_ERR; } config_name = config_path; } D(("opening %s", config_name)); f = fopen(config_name, "r"); if (f != NULL) { retval = _pam_parse_conf_file(pamh, f, service, module_type, stack_level #ifdef PAM_READ_BOTH_CONFS , not_other #endif /* PAM_READ_BOTH_CONFS */ ); fclose(f); if (retval != PAM_SUCCESS) pam_syslog(pamh, LOG_ERR, "_pam_load_conf_file: error reading %s: %s", config_name, pam_strerror(pamh, retval)); } else { D(("unable to open %s", config_name)); pam_syslog(pamh, LOG_ERR, "_pam_load_conf_file: unable to open %s", config_name); } _pam_drop(config_path); return retval; } /* Parse config file, allocate handler structures, dlopen() */ int _pam_init_handlers(pam_handle_t *pamh) { FILE *f; int retval; D(("_pam_init_handlers called")); IF_NO_PAMH("_pam_init_handlers",pamh,PAM_SYSTEM_ERR); /* Return immediately if everything is already loaded */ if (pamh->handlers.handlers_loaded) { return PAM_SUCCESS; } D(("_pam_init_handlers: initializing")); /* First clean the service structure */ _pam_free_handlers(pamh); if (! pamh->handlers.module) { if ((pamh->handlers.module = malloc(MODULE_CHUNK * sizeof(struct loaded_module))) == NULL) { pam_syslog(pamh, LOG_CRIT, "_pam_init_handlers: no memory loading module"); return PAM_BUF_ERR; } pamh->handlers.modules_allocated = MODULE_CHUNK; pamh->handlers.modules_used = 0; } if (pamh->service_name == NULL) { return PAM_BAD_ITEM; /* XXX - better error? */ } #ifdef PAM_LOCKING /* Is the PAM subsystem locked? */ { int fd_tmp; if ((fd_tmp = open( PAM_LOCK_FILE, O_RDONLY )) != -1) { pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: PAM lockfile (" PAM_LOCK_FILE ") exists - aborting"); (void) close(fd_tmp); /* * to avoid swamping the system with requests */ _pam_start_timer(pamh); pam_fail_delay(pamh, 5000000); _pam_await_timer(pamh, PAM_ABORT); return PAM_ABORT; } } #endif /* PAM_LOCKING */ /* * Now parse the config file(s) and add handlers */ { struct stat test_d; /* Is there a PAM_CONFIG_D directory? */ if ( stat(PAM_CONFIG_D, &test_d) == 0 && S_ISDIR(test_d.st_mode) ) { char *filename; int read_something=0; D(("searching " PAM_CONFIG_D " for config files")); if (asprintf(&filename, PAM_CONFIG_DF, pamh->service_name) < 0) { pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: no memory; service %s", pamh->service_name); return PAM_BUF_ERR; } D(("opening %s", filename)); f = fopen(filename, "r"); if (f != NULL) { /* would test magic here? */ retval = _pam_parse_conf_file(pamh, f, pamh->service_name, PAM_T_ANY, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ ); fclose(f); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: error reading %s", filename); pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: [%s]", pam_strerror(pamh, retval)); } else { read_something = 1; } } else { D(("unable to open %s", filename)); #ifdef PAM_READ_BOTH_CONFS D(("checking %s", PAM_CONFIG)); if ((f = fopen(PAM_CONFIG,"r")) != NULL) { retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0, 1); fclose(f); } else #endif /* PAM_READ_BOTH_CONFS */ retval = PAM_SUCCESS; /* * XXX - should we log an error? Some people want to always * use "other" */ } _pam_drop(filename); if (retval == PAM_SUCCESS) { /* now parse the PAM_DEFAULT_SERVICE_FILE */ D(("opening %s", PAM_DEFAULT_SERVICE_FILE)); f = fopen(PAM_DEFAULT_SERVICE_FILE, "r"); if (f != NULL) { /* would test magic here? */ retval = _pam_parse_conf_file(pamh, f, PAM_DEFAULT_SERVICE, PAM_T_ANY, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ ); fclose(f); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: error reading %s", PAM_DEFAULT_SERVICE_FILE); pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: [%s]", pam_strerror(pamh, retval)); } else { read_something = 1; } } else { D(("unable to open %s", PAM_DEFAULT_SERVICE_FILE)); pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: no default config %s", PAM_DEFAULT_SERVICE_FILE); } if (!read_something) { /* nothing read successfully */ retval = PAM_ABORT; } } } else { if ((f = fopen(PAM_CONFIG, "r")) == NULL) { pam_syslog(pamh, LOG_ERR, "_pam_init_handlers: could not open " PAM_CONFIG ); return PAM_ABORT; } retval = _pam_parse_conf_file(pamh, f, NULL, PAM_T_ANY, 0 #ifdef PAM_READ_BOTH_CONFS , 0 #endif /* PAM_READ_BOTH_CONFS */ ); D(("closing configuration file")); fclose(f); } } if (retval != PAM_SUCCESS) { /* Read error */ pam_syslog(pamh, LOG_ERR, "error reading PAM configuration file"); return PAM_ABORT; } pamh->handlers.handlers_loaded = 1; D(("_pam_init_handlers exiting")); return PAM_SUCCESS; } /* * This is where we read a line of the PAM config file. The line may be * preceeded by lines of comments and also extended with "\\\n" */ static int _pam_assemble_line(FILE *f, char *buffer, int buf_len) { char *p = buffer; char *endp = buffer + buf_len; char *s, *os; int used = 0; /* loop broken with a 'break' when a non-'\\n' ended line is read */ D(("called.")); for (;;) { if (p >= endp) { /* Overflow */ D(("_pam_assemble_line: overflow")); return -1; } if (fgets(p, endp - p, f) == NULL) { if (used) { /* Incomplete read */ return -1; } else { /* EOF */ return 0; } } /* skip leading spaces --- line may be blank */ s = p + strspn(p, " \n\t"); if (*s && (*s != '#')) { os = s; /* * we are only interested in characters before the first '#' * character */ while (*s && *s != '#') ++s; if (*s == '#') { *s = '\0'; used += strlen(os); break; /* the line has been read */ } s = os; /* * Check for backslash by scanning back from the end of * the entered line, the '\n' has been included since * normally a line is terminated with this * character. fgets() should only return one though! */ s += strlen(s); while (s > os && ((*--s == ' ') || (*s == '\t') || (*s == '\n'))); /* check if it ends with a backslash */ if (*s == '\\') { *s++ = ' '; /* replace backslash with ' ' */ *s = '\0'; /* truncate the line here */ used += strlen(os); p = s; /* there is more ... */ } else { /* End of the line! */ used += strlen(os); break; /* this is the complete line */ } } else { /* Nothing in this line */ /* Don't move p */ } } return used; } static char * extract_modulename(const char *mod_path) { const char *p = strrchr (mod_path, '/'); char *dot, *retval; if (p == NULL) p = mod_path; else p++; if ((retval = _pam_strdup (p)) == NULL) return NULL; dot = strrchr (retval, '.'); if (dot) *dot = '\0'; return retval; } static struct loaded_module * _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) { int x = 0; int success; #ifndef PAM_STATIC char *mod_full_isa_path=NULL, *isa=NULL; #endif struct loaded_module *mod; D(("_pam_load_module: loading module `%s'", mod_path)); mod = pamh->handlers.module; /* First, ensure the module is loaded */ while (x < pamh->handlers.modules_used) { if (!strcmp(mod[x].name, mod_path)) { /* case sensitive ! */ break; } x++; } if (x == pamh->handlers.modules_used) { /* Not found */ if (pamh->handlers.modules_allocated == pamh->handlers.modules_used) { /* will need more memory */ void *tmp = realloc(pamh->handlers.module, (pamh->handlers.modules_allocated+MODULE_CHUNK) *sizeof(struct loaded_module)); if (tmp == NULL) { D(("cannot enlarge module pointer memory")); pam_syslog(pamh, LOG_ERR, "realloc returned NULL in _pam_load_module"); return NULL; } pamh->handlers.module = tmp; pamh->handlers.modules_allocated += MODULE_CHUNK; } mod = &(pamh->handlers.module[x]); /* Be pessimistic... */ success = PAM_ABORT; #ifdef PAM_STATIC /* Only load static function if function was not found dynamically. * This code should work even if no dynamic loading is available. */ if (success != PAM_SUCCESS) { D(("_pam_load_module: open static handler %s", mod_path)); mod->dl_handle = _pam_open_static_handler(pamh, mod_path); if (mod->dl_handle == NULL) { D(("_pam_load_module: unable to find static handler %s", mod_path)); if (handler_type != PAM_HT_SILENT_MODULE) pam_syslog(pamh, LOG_ERR, "unable to open static handler %s", mod_path); /* Didn't find module in dynamic or static..will mark bad */ } else { D(("static module added successfully")); success = PAM_SUCCESS; mod->type = PAM_MT_STATIC_MOD; pamh->handlers.modules_used++; } } #else D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); mod->dl_handle = _pam_dlopen(mod_path); D(("_pam_load_module: _pam_dlopen'ed")); D(("_pam_load_module: dlopen'ed")); if (mod->dl_handle == NULL) { if (strstr(mod_path, "$ISA")) { mod_full_isa_path = malloc(strlen(mod_path) + strlen(_PAM_ISA) + 1); if (mod_full_isa_path == NULL) { D(("_pam_load_module: couldn't get memory for mod_path")); pam_syslog(pamh, LOG_ERR, "no memory for module path"); success = PAM_ABORT; } else { strcpy(mod_full_isa_path, mod_path); isa = strstr(mod_full_isa_path, "$ISA"); if (isa) { memmove(isa + strlen(_PAM_ISA), isa + 4, strlen(isa + 4) + 1); memmove(isa, _PAM_ISA, strlen(_PAM_ISA)); } mod->dl_handle = _pam_dlopen(mod_full_isa_path); _pam_drop(mod_full_isa_path); } } } if (mod->dl_handle == NULL) { D(("_pam_load_module: _pam_dlopen(%s) failed", mod_path)); if (handler_type != PAM_HT_SILENT_MODULE) pam_syslog(pamh, LOG_ERR, "unable to dlopen(%s): %s", mod_path, _pam_dlerror()); /* Don't abort yet; static code may be able to find function. * But defaults to abort if nothing found below... */ } else { D(("module added successfully")); success = PAM_SUCCESS; mod->type = PAM_MT_DYNAMIC_MOD; pamh->handlers.modules_used++; } #endif if (success != PAM_SUCCESS) { /* add a malformed module */ mod->dl_handle = NULL; mod->type = PAM_MT_FAULTY_MOD; pamh->handlers.modules_used++; if (handler_type != PAM_HT_SILENT_MODULE) pam_syslog(pamh, LOG_ERR, "adding faulty module: %s", mod_path); success = PAM_SUCCESS; /* We have successfully added a module */ } /* indicate its name - later we will search for it by this */ if ((mod->name = _pam_strdup(mod_path)) == NULL) { D(("_pam_load_module: couldn't get memory for mod_path")); pam_syslog(pamh, LOG_ERR, "no memory for module path"); success = PAM_ABORT; } } else { /* x != pamh->handlers.modules_used */ mod += x; /* the located module */ success = PAM_SUCCESS; } return success == PAM_SUCCESS ? mod : NULL; } int _pam_add_handler(pam_handle_t *pamh , int handler_type, int other, int stack_level, int type , int *actions, const char *mod_path , int argc, char **argv, int argvlen) { struct loaded_module *mod = NULL; struct handler **handler_p; struct handler **handler_p2; struct handlers *the_handlers; const char *sym, *sym2; char *mod_full_path; servicefn func, func2; int mod_type = PAM_MT_FAULTY_MOD; D(("called.")); IF_NO_PAMH("_pam_add_handler",pamh,PAM_SYSTEM_ERR); D(("_pam_add_handler: adding type %d, handler_type %d, module `%s'", type, handler_type, mod_path)); if ((handler_type == PAM_HT_MODULE || handler_type == PAM_HT_SILENT_MODULE) && mod_path != NULL) { if (mod_path[0] == '/') { mod = _pam_load_module(pamh, mod_path, handler_type); } else if (asprintf(&mod_full_path, "%s%s", DEFAULT_MODULE_PATH, mod_path) >= 0) { mod = _pam_load_module(pamh, mod_full_path, handler_type); _pam_drop(mod_full_path); } else { pam_syslog(pamh, LOG_CRIT, "cannot malloc full mod path"); return PAM_ABORT; } if (mod == NULL) { /* if we get here with NULL it means allocation error */ return PAM_ABORT; } mod_type = mod->type; } if (mod_path == NULL) mod_path = UNKNOWN_MODULE; /* * At this point 'mod' points to the stored/loaded module. */ /* Now define the handler(s) based on mod->dlhandle and type */ /* decide which list of handlers to use */ the_handlers = (other) ? &pamh->handlers.other : &pamh->handlers.conf; handler_p = handler_p2 = NULL; func = func2 = NULL; sym2 = NULL; /* point handler_p's at the root addresses of the function stacks */ switch (type) { case PAM_T_AUTH: handler_p = &the_handlers->authenticate; sym = "pam_sm_authenticate"; handler_p2 = &the_handlers->setcred; sym2 = "pam_sm_setcred"; break; case PAM_T_SESS: handler_p = &the_handlers->open_session; sym = "pam_sm_open_session"; handler_p2 = &the_handlers->close_session; sym2 = "pam_sm_close_session"; break; case PAM_T_ACCT: handler_p = &the_handlers->acct_mgmt; sym = "pam_sm_acct_mgmt"; break; case PAM_T_PASS: handler_p = &the_handlers->chauthtok; sym = "pam_sm_chauthtok"; break; default: /* Illegal module type */ D(("_pam_add_handler: illegal module type %d", type)); return PAM_ABORT; } /* are the modules reliable? */ if ( #ifdef PAM_STATIC mod_type != PAM_MT_STATIC_MOD && #else mod_type != PAM_MT_DYNAMIC_MOD && #endif mod_type != PAM_MT_FAULTY_MOD ) { D(("_pam_add_handlers: illegal module library type; %d", mod_type)); pam_syslog(pamh, LOG_ERR, "internal error: module library type not known: %s;%d", sym, mod_type); return PAM_ABORT; } /* now identify this module's functions - for non-faulty modules */ #ifdef PAM_STATIC if ((mod_type == PAM_MT_STATIC_MOD) && (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); } #else if ((mod_type == PAM_MT_DYNAMIC_MOD) && !(func = _pam_dlsym(mod->dl_handle, sym)) ) { pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); } #endif if (sym2) { #ifdef PAM_STATIC if ((mod_type == PAM_MT_STATIC_MOD) && (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) == NULL) { pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); } #else if ((mod_type == PAM_MT_DYNAMIC_MOD) && !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); } #endif } /* here func (and perhaps func2) point to the appropriate functions */ /* add new handler to end of existing list */ while (*handler_p != NULL) { handler_p = &((*handler_p)->next); } if ((*handler_p = malloc(sizeof(struct handler))) == NULL) { pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #1"); return (PAM_ABORT); } (*handler_p)->handler_type = handler_type; (*handler_p)->stack_level = stack_level; (*handler_p)->func = func; memcpy((*handler_p)->actions,actions,sizeof((*handler_p)->actions)); (*handler_p)->cached_retval = _PAM_INVALID_RETVAL; (*handler_p)->cached_retval_p = &((*handler_p)->cached_retval); (*handler_p)->argc = argc; (*handler_p)->argv = argv; /* not a copy */ (*handler_p)->mod_name = extract_modulename(mod_path); (*handler_p)->next = NULL; /* some of the modules have a second calling function */ if (handler_p2) { /* add new handler to end of existing list */ while (*handler_p2) { handler_p2 = &((*handler_p2)->next); } if ((*handler_p2 = malloc(sizeof(struct handler))) == NULL) { pam_syslog(pamh, LOG_CRIT, "cannot malloc struct handler #2"); return (PAM_ABORT); } (*handler_p2)->handler_type = handler_type; (*handler_p2)->stack_level = stack_level; (*handler_p2)->func = func2; memcpy((*handler_p2)->actions,actions,sizeof((*handler_p2)->actions)); (*handler_p2)->cached_retval = _PAM_INVALID_RETVAL; /* ignored */ /* Note, this next entry points to the handler_p value! */ (*handler_p2)->cached_retval_p = &((*handler_p)->cached_retval); (*handler_p2)->argc = argc; if (argv) { if (((*handler_p2)->argv = malloc(argvlen)) == NULL) { pam_syslog(pamh, LOG_CRIT, "cannot malloc argv for handler #2"); return (PAM_ABORT); } memcpy((*handler_p2)->argv, argv, argvlen); } else { (*handler_p2)->argv = NULL; /* no arguments */ } (*handler_p2)->mod_name = extract_modulename(mod_path); (*handler_p2)->next = NULL; } D(("_pam_add_handler: returning successfully")); return PAM_SUCCESS; } /* Free various allocated structures and dlclose() the libs */ int _pam_free_handlers(pam_handle_t *pamh) { struct loaded_module *mod; D(("called.")); IF_NO_PAMH("_pam_free_handlers",pamh,PAM_SYSTEM_ERR); mod = pamh->handlers.module; /* Close all loaded modules */ while (pamh->handlers.modules_used) { D(("_pam_free_handlers: dlclose(%s)", mod->name)); free(mod->name); #ifndef PAM_STATIC if (mod->type == PAM_MT_DYNAMIC_MOD) { _pam_dlclose(mod->dl_handle); } #endif mod++; pamh->handlers.modules_used--; } /* Free all the handlers */ _pam_free_handlers_aux(&(pamh->handlers.conf.authenticate)); _pam_free_handlers_aux(&(pamh->handlers.conf.setcred)); _pam_free_handlers_aux(&(pamh->handlers.conf.acct_mgmt)); _pam_free_handlers_aux(&(pamh->handlers.conf.open_session)); _pam_free_handlers_aux(&(pamh->handlers.conf.close_session)); _pam_free_handlers_aux(&(pamh->handlers.conf.chauthtok)); _pam_free_handlers_aux(&(pamh->handlers.other.authenticate)); _pam_free_handlers_aux(&(pamh->handlers.other.setcred)); _pam_free_handlers_aux(&(pamh->handlers.other.acct_mgmt)); _pam_free_handlers_aux(&(pamh->handlers.other.open_session)); _pam_free_handlers_aux(&(pamh->handlers.other.close_session)); _pam_free_handlers_aux(&(pamh->handlers.other.chauthtok)); /* no more loaded modules */ _pam_drop(pamh->handlers.module); /* Indicate that handlers are not initialized for this pamh */ pamh->handlers.handlers_loaded = 0; return PAM_SUCCESS; } void _pam_start_handlers(pam_handle_t *pamh) { D(("called.")); /* NB. There is no check for a NULL pamh here, since no return * value to communicate the fact! */ /* Indicate that handlers are not initialized for this pamh */ pamh->handlers.handlers_loaded = 0; pamh->handlers.modules_allocated = 0; pamh->handlers.modules_used = 0; pamh->handlers.module = NULL; /* initialize the .conf and .other entries */ pamh->handlers.conf.authenticate = NULL; pamh->handlers.conf.setcred = NULL; pamh->handlers.conf.acct_mgmt = NULL; pamh->handlers.conf.open_session = NULL; pamh->handlers.conf.close_session = NULL; pamh->handlers.conf.chauthtok = NULL; pamh->handlers.other.authenticate = NULL; pamh->handlers.other.setcred = NULL; pamh->handlers.other.acct_mgmt = NULL; pamh->handlers.other.open_session = NULL; pamh->handlers.other.close_session = NULL; pamh->handlers.other.chauthtok = NULL; } void _pam_free_handlers_aux(struct handler **hp) { struct handler *h = *hp; struct handler *last; D(("called.")); while (h) { last = h; _pam_drop(h->argv); /* This is all alocated in a single chunk */ _pam_drop(h->mod_name); h = h->next; memset(last, 0, sizeof(*last)); free(last); } *hp = NULL; } pam/libpam/pam_item.c0000644000000000000000000002065213261244762011740 0ustar /* pam_item.c */ /* * $Id$ */ #include "pam_private.h" #include #include #include #include #define TRY_SET(X, Y) \ { \ if ((X) != (Y)) { \ char *_TMP_ = _pam_strdup(Y); \ if (_TMP_ == NULL && (Y) != NULL) \ return PAM_BUF_ERR; \ free(X); \ (X) = _TMP_; \ } \ } /* functions */ int pam_set_item (pam_handle_t *pamh, int item_type, const void *item) { int retval; D(("called")); IF_NO_PAMH("pam_set_item", pamh, PAM_SYSTEM_ERR); retval = PAM_SUCCESS; switch (item_type) { case PAM_SERVICE: /* Setting handlers_loaded to 0 will cause the handlers * to be reloaded on the next call to a service module. */ pamh->handlers.handlers_loaded = 0; TRY_SET(pamh->service_name, item); { char *tmp; for (tmp=pamh->service_name; *tmp; ++tmp) *tmp = tolower(*tmp); /* require lower case */ } break; case PAM_USER: TRY_SET(pamh->user, item); pamh->former.fail_user = PAM_SUCCESS; break; case PAM_USER_PROMPT: TRY_SET(pamh->prompt, item); pamh->former.fail_user = PAM_SUCCESS; break; case PAM_TTY: D(("setting tty to %s", item)); TRY_SET(pamh->tty, item); break; case PAM_RUSER: TRY_SET(pamh->ruser, item); break; case PAM_RHOST: TRY_SET(pamh->rhost, item); break; case PAM_AUTHTOK: /* * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from * modules. */ if (__PAM_FROM_MODULE(pamh)) { if (pamh->authtok != item) { _pam_overwrite(pamh->authtok); TRY_SET(pamh->authtok, item); } } else { retval = PAM_BAD_ITEM; } break; case PAM_OLDAUTHTOK: /* * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from * modules. */ if (__PAM_FROM_MODULE(pamh)) { if (pamh->oldauthtok != item) { _pam_overwrite(pamh->oldauthtok); TRY_SET(pamh->oldauthtok, item); } } else { retval = PAM_BAD_ITEM; } break; case PAM_CONV: /* want to change the conversation function */ if (item == NULL) { pam_syslog(pamh, LOG_ERR, "pam_set_item: attempt to set conv() to NULL"); retval = PAM_PERM_DENIED; } else { struct pam_conv *tconv; if ((tconv= (struct pam_conv *) malloc(sizeof(struct pam_conv)) ) == NULL) { pam_syslog(pamh, LOG_CRIT, "pam_set_item: malloc failed for pam_conv"); retval = PAM_BUF_ERR; } else { memcpy(tconv, item, sizeof(struct pam_conv)); _pam_drop(pamh->pam_conversation); pamh->pam_conversation = tconv; pamh->former.fail_user = PAM_SUCCESS; } } break; case PAM_FAIL_DELAY: pamh->fail_delay.delay_fn_ptr = item; break; case PAM_XDISPLAY: TRY_SET(pamh->xdisplay, item); break; case PAM_XAUTHDATA: if (&pamh->xauth == item) break; if (pamh->xauth.namelen) { _pam_overwrite(pamh->xauth.name); free(pamh->xauth.name); } if (pamh->xauth.datalen) { _pam_overwrite_n(pamh->xauth.data, (unsigned int) pamh->xauth.datalen); free(pamh->xauth.data); } pamh->xauth = *((const struct pam_xauth_data *) item); if ((pamh->xauth.name=_pam_strdup(pamh->xauth.name)) == NULL) { memset(&pamh->xauth, '\0', sizeof(pamh->xauth)); return PAM_BUF_ERR; } if ((pamh->xauth.data=_pam_memdup(pamh->xauth.data, pamh->xauth.datalen)) == NULL) { _pam_overwrite(pamh->xauth.name); free(pamh->xauth.name); memset(&pamh->xauth, '\0', sizeof(pamh->xauth)); return PAM_BUF_ERR; } break; case PAM_AUTHTOK_TYPE: TRY_SET(pamh->authtok_type, item); break; default: retval = PAM_BAD_ITEM; } return retval; } int pam_get_item (const pam_handle_t *pamh, int item_type, const void **item) { int retval = PAM_SUCCESS; D(("called.")); IF_NO_PAMH("pam_get_item", pamh, PAM_SYSTEM_ERR); if (item == NULL) { pam_syslog(pamh, LOG_ERR, "pam_get_item: nowhere to place requested item"); return PAM_PERM_DENIED; } else *item = NULL; switch (item_type) { case PAM_SERVICE: *item = pamh->service_name; break; case PAM_USER: D(("returning user=%s", pamh->user)); *item = pamh->user; break; case PAM_USER_PROMPT: D(("returning userprompt=%s", pamh->user)); *item = pamh->prompt; break; case PAM_TTY: D(("returning tty=%s", pamh->tty)); *item = pamh->tty; break; case PAM_RUSER: *item = pamh->ruser; break; case PAM_RHOST: *item = pamh->rhost; break; case PAM_AUTHTOK: /* * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from * modules. */ if (__PAM_FROM_MODULE(pamh)) { *item = pamh->authtok; } else { retval = PAM_BAD_ITEM; } break; case PAM_OLDAUTHTOK: /* * PAM_AUTHTOK and PAM_OLDAUTHTOK are only accessible from * modules. */ if (__PAM_FROM_MODULE(pamh)) { *item = pamh->oldauthtok; } else { retval = PAM_BAD_ITEM; } break; case PAM_CONV: *item = pamh->pam_conversation; break; case PAM_FAIL_DELAY: *item = pamh->fail_delay.delay_fn_ptr; break; case PAM_XDISPLAY: *item = pamh->xdisplay; break; case PAM_XAUTHDATA: *item = &pamh->xauth; break; case PAM_AUTHTOK_TYPE: *item = pamh->authtok_type; break; default: retval = PAM_BAD_ITEM; } return retval; } /* * This function is the 'preferred method to obtain the username'. */ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt) { const char *use_prompt; int retval; struct pam_message msg; const struct pam_message *pmsg; struct pam_response *resp; D(("called.")); IF_NO_PAMH("pam_get_user", pamh, PAM_SYSTEM_ERR); if (user == NULL) { /* ensure that the module has supplied a destination */ pam_syslog(pamh, LOG_ERR, "pam_get_user: nowhere to record username"); return PAM_PERM_DENIED; } else *user = NULL; if (pamh->pam_conversation == NULL) { pam_syslog(pamh, LOG_ERR, "pam_get_user: no conv element in pamh"); return PAM_SERVICE_ERR; } if (pamh->user) { /* have one so return it */ *user = pamh->user; return PAM_SUCCESS; } if (pamh->former.fail_user != PAM_SUCCESS) return pamh->former.fail_user; /* will need a prompt */ if (prompt != NULL) use_prompt = prompt; else if (pamh->prompt != NULL) use_prompt = pamh->prompt; else use_prompt = _("login:"); /* If we are resuming an old conversation, we verify that the prompt is the same. Anything else is an error. */ if (pamh->former.want_user) { /* must have a prompt to resume with */ if (! pamh->former.prompt) { pam_syslog(pamh, LOG_ERR, "pam_get_user: failed to resume with prompt" ); return PAM_ABORT; } /* must be the same prompt as last time */ if (strcmp(pamh->former.prompt, use_prompt)) { pam_syslog(pamh, LOG_ERR, "pam_get_user: resumed with different prompt"); return PAM_ABORT; } /* ok, we can resume where we left off last time */ pamh->former.want_user = PAM_FALSE; _pam_overwrite(pamh->former.prompt); _pam_drop(pamh->former.prompt); } /* converse with application -- prompt user for a username */ pmsg = &msg; msg.msg_style = PAM_PROMPT_ECHO_ON; msg.msg = use_prompt; resp = NULL; retval = pamh->pam_conversation-> conv(1, &pmsg, &resp, pamh->pam_conversation->appdata_ptr); if (retval == PAM_CONV_AGAIN) { /* conversation function is waiting for an event - save state */ D(("conversation function is not ready yet")); pamh->former.want_user = PAM_TRUE; pamh->former.prompt = _pam_strdup(use_prompt); } else if (resp == NULL || resp->resp == NULL) { /* * conversation should have given a response */ D(("pam_get_user: no response provided")); retval = PAM_CONV_ERR; pamh->former.fail_user = retval; } else if (retval == PAM_SUCCESS) { /* copy the username */ /* * now we set the PAM_USER item -- this was missing from pre.53 * releases. However, reading the Sun manual, it is part of * the standard API. */ retval = pam_set_item(pamh, PAM_USER, resp->resp); *user = pamh->user; } else pamh->former.fail_user = retval; if (resp) { if (retval != PAM_SUCCESS) pam_syslog(pamh, LOG_WARNING, "unexpected response from failed conversation function"); /* * note 'resp' is allocated by the application and is * correctly free()'d here */ _pam_drop_reply(resp, 1); } D(("completed")); return retval; /* pass on any error from conversation */ } pam/libpam/pam_misc.c0000644000000000000000000002301213261244762011726 0ustar /* pam_misc.c -- This is random stuff * * Copyright (c) Andrew G. Morgan 2000-2003 * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "pam_private.h" #include #include #include #include #include #include char *_pam_StrTok(char *from, const char *format, char **next) /* * this function is a variant of the standard strtok, it differs in that * it takes an additional argument and doesn't nul terminate tokens until * they are actually reached. */ { char table[256], *end; int i; if (from == NULL && (from = *next) == NULL) return from; /* initialize table */ for (i=1; i<256; table[i++] = '\0'); for (i=0; format[i] ; table[(unsigned char)format[i++]] = 'y'); /* look for first non-format char */ while (*from && table[(unsigned char)*from]) { ++from; } if (*from == '[') { /* * special case, "[...]" is considered to be a single * object. Note, however, if one of the format[] chars is * '[' this single string will not be read correctly. * Note, any '[' inside the outer "[...]" pair will survive. * Note, the first ']' will terminate this string, but * that "\]" will get compressed into "]". That is: * * "[..[..\]..]..." --> "..[..].." */ char *to; for (to=end=++from; *end && *end != ']'; ++to, ++end) { if (*end == '\\' && end[1] == ']') ++end; if (to != end) { *to = *end; } } if (to != end) { *to = '\0'; } /* note, this string is stripped of its edges: "..." is what remains */ } else if (*from) { /* simply look for next blank char */ for (end=from; *end && !table[(unsigned char)*end]; ++end); } else { return (*next = NULL); /* no tokens left */ } /* now terminate what we have */ if (*end) *end++ = '\0'; /* indicate what it left */ if (*end) { *next = end; } else { *next = NULL; /* have found last token */ } /* return what we have */ return from; } /* * Safe duplication of character strings. "Paranoid"; don't leave * evidence of old token around for later stack analysis. */ char *_pam_strdup(const char *x) { register char *new=NULL; if (x != NULL) { register int len; len = strlen (x) + 1; /* length of string including NUL */ if ((new = malloc(len)) == NULL) { len = 0; pam_syslog(NULL, LOG_CRIT, "_pam_strdup: failed to get memory"); } else { strcpy (new, x); } x = NULL; } return new; /* return the duplicate or NULL on error */ } /* * Safe duplication of memory buffers. "Paranoid"; don't leave * evidence of old token around for later stack analysis. */ char *_pam_memdup(const char *x, int len) { register char *new=NULL; if (x != NULL) { if ((new = malloc(len)) == NULL) { len = 0; pam_syslog(NULL, LOG_CRIT, "_pam_memdup: failed to get memory"); } else { memcpy (new, x, len); } x = NULL; } return new; /* return the duplicate or NULL on error */ } /* Generate argv, argc from s */ /* caller must free(argv) */ int _pam_mkargv(char *s, char ***argv, int *argc) { int l; int argvlen = 0; char *sbuf, *sbuf_start; char **our_argv = NULL; char **argvbuf; char *argvbufp; #ifdef PAM_DEBUG int count=0; #endif D(("_pam_mkargv called: %s",s)); *argc = 0; l = strlen(s); if (l) { if ((sbuf = sbuf_start = _pam_strdup(s)) == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_mkargv: null returned by _pam_strdup"); D(("arg NULL")); } else { /* Overkill on the malloc, but not large */ argvlen = (l + 1) * ((sizeof(char)) + sizeof(char *)); if ((our_argv = argvbuf = malloc(argvlen)) == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_mkargv: null returned by malloc"); } else { char *tmp=NULL; argvbufp = (char *) argvbuf + (l * sizeof(char *)); D(("[%s]",sbuf)); while ((sbuf = _pam_StrTok(sbuf, " \n\t", &tmp))) { D(("arg #%d",++count)); D(("->[%s]",sbuf)); strcpy(argvbufp, sbuf); D(("copied token")); *argvbuf = argvbufp; argvbufp += strlen(argvbufp) + 1; D(("stepped in argvbufp")); (*argc)++; argvbuf++; sbuf = NULL; D(("loop again?")); } } _pam_drop(sbuf_start); } } *argv = our_argv; D(("_pam_mkargv returned")); return(argvlen); } /* * this function is used to protect the modules from accidental or * semi-mallicious harm that an application may do to confuse the API. */ void _pam_sanitize(pam_handle_t *pamh) { int old_caller_is = pamh->caller_is; /* * this is for security. We reset the auth-tokens here. */ __PAM_TO_MODULE(pamh); pam_set_item(pamh, PAM_AUTHTOK, NULL); pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); pamh->caller_is = old_caller_is; } /* * This function scans the array and replaces the _PAM_ACTION_UNDEF * entries with the default action. */ void _pam_set_default_control(int *control_array, int default_action) { int i; for (i=0; i<_PAM_RETURN_VALUES; ++i) { if (control_array[i] == _PAM_ACTION_UNDEF) { control_array[i] = default_action; } } } /* * This function is used to parse a control string. This string is a * series of tokens of the following form: * * "[ ]*return_code[ ]*=[ ]*action/[ ]". */ #include "pam_tokens.h" void _pam_parse_control(int *control_array, char *tok) { const char *error; int ret; while (*tok) { int act, len; /* skip leading space */ while (isspace((int)*tok) && *++tok); if (!*tok) break; /* identify return code */ for (ret=0; ret<=_PAM_RETURN_VALUES; ++ret) { len = strlen(_pam_token_returns[ret]); if (!strncmp(_pam_token_returns[ret], tok, len)) { break; } } if (ret > _PAM_RETURN_VALUES || !*(tok += len)) { error = "expecting return value"; goto parse_error; } /* observe '=' */ while (isspace((int)*tok) && *++tok); if (!*tok || *tok++ != '=') { error = "expecting '='"; goto parse_error; } /* skip leading space */ while (isspace((int)*tok) && *++tok); if (!*tok) { error = "expecting action"; goto parse_error; } /* observe action type */ for (act=0; act < (-(_PAM_ACTION_UNDEF)); ++act) { len = strlen(_pam_token_actions[act]); if (!strncmp(_pam_token_actions[act], tok, len)) { act *= -1; tok += len; break; } } if (act > 0) { /* * Either we have a number or we have hit an error. In * principle, there is nothing to stop us accepting * negative offsets. (Although we would have to think of * another way of encoding the tokens.) However, I really * think this would be both hard to administer and easily * cause looping problems. So, for now, we will just * allow forward jumps. (AGM 1998/1/7) */ if (!isdigit((int)*tok)) { error = "expecting jump number"; goto parse_error; } /* parse a number */ act = 0; do { act *= 10; act += *tok - '0'; /* XXX - this assumes ascii behavior */ } while (*++tok && isdigit((int)*tok)); if (! act) { /* we do not allow 0 jumps. There is a token ('ignore') for that */ error = "expecting non-zero"; goto parse_error; } } /* set control_array element */ if (ret != _PAM_RETURN_VALUES) { control_array[ret] = act; } else { /* set the default to 'act' */ _pam_set_default_control(control_array, act); } } /* that was a success */ return; parse_error: /* treat everything as bad */ pam_syslog(NULL, LOG_ERR, "pam_parse: %s; [...%s]", error, tok); for (ret=0; ret<_PAM_RETURN_VALUES; control_array[ret++]=_PAM_ACTION_BAD); } pam/libpam/pam_modutil_cleanup.c0000644000000000000000000000046613261244762014167 0ustar /* * $Id$ * * This function provides a common pam_set_data() friendly version of free(). */ #include "pam_modutil_private.h" #include void pam_modutil_cleanup (pam_handle_t *pamh UNUSED, void *data, int error_status UNUSED) { if (data) { /* junk it */ (void) free(data); } } pam/libpam/pam_modutil_getgrgid.c0000644000000000000000000000556313261244762014337 0ustar /* * $Id$ * * This function provides a thread safer version of getgrgid() for use * with PAM modules that care about this sort of thing. * * XXX - or at least it should provide a thread-safe alternative. */ #include "pam_modutil_private.h" #include #include #include #include #include static int intlen(int number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } static int longlen(long number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } struct group * pam_modutil_getgrgid(pam_handle_t *pamh, gid_t gid) { #ifdef HAVE_GETGRGID_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; do { int status; void *new_buffer; struct group *result = NULL; new_buffer = realloc(buffer, sizeof(struct group) + length); if (new_buffer == NULL) { D(("out of memory")); /* no memory for the user - so delete the memory */ if (buffer) { free(buffer); } return NULL; } buffer = new_buffer; /* make the re-entrant call to get the grp structure */ errno = 0; status = getgrgid_r(gid, buffer, sizeof(struct group) + (char *) buffer, length, &result); if (!status && (result == buffer)) { char *data_name; const void *ignore; int i; data_name = malloc(strlen("_pammodutil_getgrgid") + 1 + longlen((long)gid) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getgrgid_%ld_%d", (long) gid, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, result, pam_modutil_cleanup); } if (status == PAM_SUCCESS) { break; } } } else { status = PAM_SUCCESS; } free(data_name); if (status == PAM_SUCCESS) { D(("success")); return result; } D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } else if (errno != ERANGE && errno != EINTR) { /* no sense in repeating the call */ break; } length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); D(("grp structure took %u bytes or so of memory", length+sizeof(struct group))); free(buffer); return NULL; #else /* ie. ifndef HAVE_GETGRGID_R */ /* * Sorry, there does not appear to be a reentrant version of * getgrgid(). So, we use the standard libc function. */ return getgrgid(gid); #endif /* def HAVE_GETGRGID_R */ } pam/libpam/pam_modutil_getgrnam.c0000644000000000000000000000541513261244762014343 0ustar /* * $Id$ * * This function provides a thread safer version of getgrnam() for use * with PAM modules that care about this sort of thing. * * XXX - or at least it should provide a thread-safe alternative. */ #include "pam_modutil_private.h" #include #include #include #include #include static int intlen(int number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } struct group * pam_modutil_getgrnam(pam_handle_t *pamh, const char *group) { #ifdef HAVE_GETGRNAM_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; do { int status; void *new_buffer; struct group *result = NULL; new_buffer = realloc(buffer, sizeof(struct group) + length); if (new_buffer == NULL) { D(("out of memory")); /* no memory for the group - so delete the memory */ if (buffer) { free(buffer); } return NULL; } buffer = new_buffer; /* make the re-entrant call to get the grp structure */ errno = 0; status = getgrnam_r(group, buffer, sizeof(struct group) + (char *) buffer, length, &result); if (!status && (result == buffer)) { char *data_name; const void *ignore; int i; data_name = malloc(strlen("_pammodutil_getgrnam") + 1 + strlen(group) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getgrnam_%s_%d", group, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, result, pam_modutil_cleanup); } if (status == PAM_SUCCESS) { break; } } } else { status = PAM_SUCCESS; } free(data_name); if (status == PAM_SUCCESS) { D(("success")); return result; } D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } else if (errno != ERANGE && errno != EINTR) { /* no sense in repeating the call */ break; } length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); D(("grp structure took %u bytes or so of memory", length+sizeof(struct group))); free(buffer); return NULL; #else /* ie. ifndef HAVE_GETGRNAM_R */ /* * Sorry, there does not appear to be a reentrant version of * getgrnam(). So, we use the standard libc function. */ return getgrnam(group); #endif /* def HAVE_GETGRNAM_R */ } pam/libpam/pam_modutil_getlogin.c0000644000000000000000000000324313261244762014344 0ustar /* * $Id$ * * A central point for invoking getlogin(). Hopefully, this is a * little harder to spoof than all the other versions that are out * there. */ #include "pam_modutil_private.h" #include #include #include #define _PAMMODUTIL_GETLOGIN "_pammodutil_getlogin" const char * pam_modutil_getlogin(pam_handle_t *pamh) { int status; const void *logname; const void *void_curr_tty; const char *curr_tty; char *curr_user; struct utmp *ut, line; status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname); if (status == PAM_SUCCESS) { return logname; } status = pam_get_item(pamh, PAM_TTY, &void_curr_tty); if ((status != PAM_SUCCESS) || (void_curr_tty == NULL)) curr_tty = ttyname(0); else curr_tty = (const char*)void_curr_tty; if (curr_tty == NULL) { return NULL; } if (curr_tty[0] == '/') { /* full path */ const char *t; curr_tty++; if ((t = strchr(curr_tty, '/')) != NULL) { curr_tty = t + 1; } } logname = NULL; setutent(); strncpy(line.ut_line, curr_tty, sizeof(line.ut_line)); if ((ut = getutline(&line)) == NULL) { goto clean_up_and_go_home; } curr_user = calloc(sizeof(line.ut_user)+1, 1); if (curr_user == NULL) { goto clean_up_and_go_home; } strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); /* calloc already zeroed the memory */ status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user, pam_modutil_cleanup); if (status != PAM_SUCCESS) { free(curr_user); goto clean_up_and_go_home; } logname = curr_user; clean_up_and_go_home: endutent(); return logname; } pam/libpam/pam_modutil_getpwnam.c0000644000000000000000000000541413261244762014360 0ustar /* * $Id$ * * This function provides a thread safer version of getpwnam() for use * with PAM modules that care about this sort of thing. * * XXX - or at least it should provide a thread-safe alternative. */ #include "pam_modutil_private.h" #include #include #include #include #include static int intlen(int number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } struct passwd * pam_modutil_getpwnam(pam_handle_t *pamh, const char *user) { #ifdef HAVE_GETPWNAM_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; do { int status; void *new_buffer; struct passwd *result = NULL; new_buffer = realloc(buffer, sizeof(struct passwd) + length); if (new_buffer == NULL) { D(("out of memory")); /* no memory for the user - so delete the memory */ if (buffer) { free(buffer); } return NULL; } buffer = new_buffer; /* make the re-entrant call to get the pwd structure */ errno = 0; status = getpwnam_r(user, buffer, sizeof(struct passwd) + (char *) buffer, length, &result); if (!status && (result == buffer)) { char *data_name; const void *ignore; int i; data_name = malloc(strlen("_pammodutil_getpwnam") + 1 + strlen(user) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getpwnam_%s_%d", user, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, result, pam_modutil_cleanup); } if (status == PAM_SUCCESS) { break; } } } else { status = PAM_SUCCESS; } free(data_name); if (status == PAM_SUCCESS) { D(("success")); return result; } D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } else if (errno != ERANGE && errno != EINTR) { /* no sense in repeating the call */ break; } length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); D(("pwd structure took %u bytes or so of memory", length+sizeof(struct passwd))); free(buffer); return NULL; #else /* ie. ifndef HAVE_GETPWNAM_R */ /* * Sorry, there does not appear to be a reentrant version of * getpwnam(). So, we use the standard libc function. */ return getpwnam(user); #endif /* def HAVE_GETPWNAM_R */ } pam/libpam/pam_modutil_getpwuid.c0000644000000000000000000000564313261244762014372 0ustar /* * $Id$ * * This function provides a thread safer version of getpwuid() for use * with PAM modules that care about this sort of thing. * * XXX - or at least it should provide a thread-safe alternative. */ #include "pam_modutil_private.h" #include #include #include #include #include static int intlen(int number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } static int longlen(long number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } struct passwd * pam_modutil_getpwuid(pam_handle_t *pamh, uid_t uid) { #ifdef HAVE_GETPWUID_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; do { int status; void *new_buffer; struct passwd *result = NULL; new_buffer = realloc(buffer, sizeof(struct passwd) + length); if (new_buffer == NULL) { D(("out of memory")); /* no memory for the user - so delete the memory */ if (buffer) { free(buffer); } return NULL; } buffer = new_buffer; /* make the re-entrant call to get the pwd structure */ errno = 0; status = getpwuid_r(uid, buffer, sizeof(struct passwd) + (char *) buffer, length, &result); if (!status && (result == buffer)) { char *data_name; const void *ignore; int i; data_name = malloc(strlen("_pammodutil_getpwuid") + 1 + longlen((long) uid) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getpwuid_%ld_%d", (long) uid, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, result, pam_modutil_cleanup); } if (status == PAM_SUCCESS) { break; } } } else { status = PAM_SUCCESS; } free(data_name); if (status == PAM_SUCCESS) { D(("success")); return result; } D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } else if (errno != ERANGE && errno != EINTR) { /* no sense in repeating the call */ break; } length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); D(("pwd structure took %u bytes or so of memory", length+sizeof(struct passwd))); free(buffer); return NULL; #else /* ie. ifndef HAVE_GETPWUID_R */ /* * Sorry, there does not appear to be a reentrant version of * getpwuid(). So, we use the standard libc function. */ return getpwuid(uid); #endif /* def HAVE_GETPWUID_R */ } pam/libpam/pam_modutil_getspnam.c0000644000000000000000000000541613261244762014356 0ustar /* * $Id$ * * This function provides a thread safer version of getspnam() for use * with PAM modules that care about this sort of thing. * * XXX - or at least it should provide a thread-safe alternative. */ #include "pam_modutil_private.h" #include #include #include #include #include static int intlen(int number) { int len = 2; while (number != 0) { number /= 10; len++; } return len; } struct spwd * pam_modutil_getspnam(pam_handle_t *pamh, const char *user) { #ifdef HAVE_GETSPNAM_R void *buffer=NULL; size_t length = PWD_INITIAL_LENGTH; do { int status; void *new_buffer; struct spwd *result = NULL; new_buffer = realloc(buffer, sizeof(struct spwd) + length); if (new_buffer == NULL) { D(("out of memory")); /* no memory for the user - so delete the memory */ if (buffer) { free(buffer); } return NULL; } buffer = new_buffer; /* make the re-entrant call to get the spwd structure */ errno = 0; status = getspnam_r(user, buffer, sizeof(struct spwd) + (char *) buffer, length, &result); if (!status && (result == buffer)) { char *data_name; const void *ignore; int i; data_name = malloc(strlen("_pammodutil_getspnam") + 1 + strlen(user) + 1 + intlen(INT_MAX) + 1); if ((pamh != NULL) && (data_name == NULL)) { D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } if (pamh != NULL) { for (i = 0; i < INT_MAX; i++) { sprintf(data_name, "_pammodutil_getspnam_%s_%d", user, i); status = PAM_NO_MODULE_DATA; if (pam_get_data(pamh, data_name, &ignore) != PAM_SUCCESS) { status = pam_set_data(pamh, data_name, result, pam_modutil_cleanup); } if (status == PAM_SUCCESS) { break; } } } else { status = PAM_SUCCESS; } free(data_name); if (status == PAM_SUCCESS) { D(("success")); return result; } D(("was unable to register the data item [%s]", pam_strerror(pamh, status))); free(buffer); return NULL; } else if (errno != ERANGE && errno != EINTR) { /* no sense in repeating the call */ break; } length <<= PWD_LENGTH_SHIFT; } while (length < PWD_ABSURD_PWD_LENGTH); D(("spwd structure took %u bytes or so of memory", length+sizeof(struct spwd))); free(buffer); return NULL; #else /* ie. ifndef HAVE_GETSPNAM_R */ /* * Sorry, there does not appear to be a reentrant version of * getspnam(). So, we use the standard libc function. */ return getspnam(user); #endif /* def HAVE_GETSPNAM_R */ } pam/libpam/pam_modutil_ingroup.c0000644000000000000000000000471513261244762014224 0ustar /* * $Id$ * * This function provides common methods for checking if a user is in a * specified group. */ #include "pam_modutil_private.h" #include #include #include #ifdef HAVE_GETGROUPLIST static int checkgrouplist(const char *user, gid_t primary, gid_t target) { gid_t *grouplist = NULL; int agroups, ngroups, i; ngroups = agroups = 3; do { grouplist = malloc(sizeof(gid_t) * agroups); if (grouplist == NULL) { return 0; } ngroups = agroups; i = getgrouplist(user, primary, grouplist, &ngroups); if ((i < 0) || (ngroups < 1)) { agroups *= 2; free(grouplist); } else { for (i = 0; i < ngroups; i++) { if (grouplist[i] == target) { free(grouplist); return 1; } } free(grouplist); } } while (((i < 0) || (ngroups < 1)) && (agroups < 10000)); return 0; } #endif static int pam_modutil_user_in_group_common(pam_handle_t *pamh UNUSED, struct passwd *pwd, struct group *grp) { int i; if (pwd == NULL) { return 0; } if (grp == NULL) { return 0; } if (pwd->pw_gid == grp->gr_gid) { return 1; } for (i = 0; (grp->gr_mem != NULL) && (grp->gr_mem[i] != NULL); i++) { if (strcmp(pwd->pw_name, grp->gr_mem[i]) == 0) { return 1; } } #ifdef HAVE_GETGROUPLIST if (checkgrouplist(pwd->pw_name, pwd->pw_gid, grp->gr_gid)) { return 1; } #endif return 0; } int pam_modutil_user_in_group_nam_nam(pam_handle_t *pamh, const char *user, const char *group) { struct passwd *pwd; struct group *grp; pwd = pam_modutil_getpwnam(pamh, user); grp = pam_modutil_getgrnam(pamh, group); return pam_modutil_user_in_group_common(pamh, pwd, grp); } int pam_modutil_user_in_group_nam_gid(pam_handle_t *pamh, const char *user, gid_t group) { struct passwd *pwd; struct group *grp; pwd = pam_modutil_getpwnam(pamh, user); grp = pam_modutil_getgrgid(pamh, group); return pam_modutil_user_in_group_common(pamh, pwd, grp); } int pam_modutil_user_in_group_uid_nam(pam_handle_t *pamh, uid_t user, const char *group) { struct passwd *pwd; struct group *grp; pwd = pam_modutil_getpwuid(pamh, user); grp = pam_modutil_getgrnam(pamh, group); return pam_modutil_user_in_group_common(pamh, pwd, grp); } int pam_modutil_user_in_group_uid_gid(pam_handle_t *pamh, uid_t user, gid_t group) { struct passwd *pwd; struct group *grp; pwd = pam_modutil_getpwuid(pamh, user); grp = pam_modutil_getgrgid(pamh, group); return pam_modutil_user_in_group_common(pamh, pwd, grp); } pam/libpam/pam_modutil_ioloop.c0000644000000000000000000000217713261244762014042 0ustar /* * $Id$ * * These functions provides common methods for ensure a complete read or * write occurs. It handles EINTR and partial read/write returns. */ #include "pam_modutil_private.h" #include #include int pam_modutil_read(int fd, char *buffer, int count) { int block, offset = 0; while (count > 0) { block = read(fd, &buffer[offset], count); if (block < 0) { if (errno == EINTR) continue; return block; } if (block == 0) return offset; offset += block; count -= block; } return offset; } int pam_modutil_write(int fd, const char *buffer, int count) { int block, offset = 0; while (count > 0) { block = write(fd, &buffer[offset], count); if (block < 0) { if (errno == EINTR) continue; return block; } if (block == 0) return offset; offset += block; count -= block; } return offset; } pam/libpam/pam_modutil_priv.c0000644000000000000000000000756613261244762013530 0ustar /* * $Id$ * * This file provides two functions: * pam_modutil_drop_priv: * temporarily lower process fs privileges by switching to another uid/gid, * pam_modutil_regain_priv: * regain process fs privileges lowered by pam_modutil_drop_priv(). */ #include "pam_modutil_private.h" #include #include #include #include #include #include /* * Two setfsuid() calls in a row are necessary to check * whether setfsuid() succeeded or not. */ static int change_uid(uid_t uid, uid_t *save) { uid_t tmp = setfsuid(uid); if (save) *save = tmp; return (uid_t) setfsuid(uid) == uid ? 0 : -1; } static int change_gid(gid_t gid, gid_t *save) { gid_t tmp = setfsgid(gid); if (save) *save = tmp; return (gid_t) setfsgid(gid) == gid ? 0 : -1; } static int cleanup(struct pam_modutil_privs *p) { if (p->allocated) { p->allocated = 0; free(p->grplist); } p->grplist = NULL; p->number_of_groups = 0; return -1; } #define PRIV_MAGIC 0x1004000a #define PRIV_MAGIC_DONOTHING 0xdead000a int pam_modutil_drop_priv(pam_handle_t *pamh, struct pam_modutil_privs *p, const struct passwd *pw) { int res; if (p->is_dropped) { pam_syslog(pamh, LOG_CRIT, "pam_modutil_drop_priv: called with dropped privileges"); return -1; } /* * If not root, we can do nothing. * If switching to root, we have nothing to do. * That is, in both cases, we do not care. */ if (geteuid() != 0 || pw->pw_uid == 0) { p->is_dropped = PRIV_MAGIC_DONOTHING; return 0; } if (!p->grplist || p->number_of_groups <= 0) { pam_syslog(pamh, LOG_CRIT, "pam_modutil_drop_priv: called without room for supplementary groups"); return -1; } res = getgroups(0, NULL); if (res < 0) { pam_syslog(pamh, LOG_ERR, "pam_modutil_drop_priv: getgroups failed: %m"); return -1; } p->allocated = 0; if (res > p->number_of_groups) { p->grplist = calloc(res, sizeof(gid_t)); if (!p->grplist) { pam_syslog(pamh, LOG_ERR, "out of memory"); return cleanup(p); } p->allocated = 1; p->number_of_groups = res; } res = getgroups(p->number_of_groups, p->grplist); if (res < 0) { pam_syslog(pamh, LOG_ERR, "pam_modutil_drop_priv: getgroups failed: %m"); return cleanup(p); } p->number_of_groups = res; /* * We should care to leave process credentials in consistent state. * That is, e.g. if change_gid() succeeded but change_uid() failed, * we should try to restore old gid. */ if (setgroups(0, NULL)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_drop_priv: setgroups failed: %m"); return cleanup(p); } if (change_gid(pw->pw_gid, &p->old_gid)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_drop_priv: change_gid failed: %m"); (void) setgroups(p->number_of_groups, p->grplist); return cleanup(p); } if (change_uid(pw->pw_uid, &p->old_uid)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_drop_priv: change_uid failed: %m"); (void) change_gid(p->old_gid, NULL); (void) setgroups(p->number_of_groups, p->grplist); return cleanup(p); } p->is_dropped = PRIV_MAGIC; return 0; } int pam_modutil_regain_priv(pam_handle_t *pamh, struct pam_modutil_privs *p) { switch (p->is_dropped) { case PRIV_MAGIC_DONOTHING: p->is_dropped = 0; return 0; case PRIV_MAGIC: break; default: pam_syslog(pamh, LOG_CRIT, "pam_modutil_regain_priv: called with invalid state"); return -1; } if (change_uid(p->old_uid, NULL)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_regain_priv: change_uid failed: %m"); return cleanup(p); } if (change_gid(p->old_gid, NULL)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_regain_priv: change_gid failed: %m"); return cleanup(p); } if (setgroups(p->number_of_groups, p->grplist)) { pam_syslog(pamh, LOG_ERR, "pam_modutil_regain_priv: setgroups failed: %m"); return cleanup(p); } p->is_dropped = 0; cleanup(p); return 0; } pam/libpam/pam_modutil_private.h0000644000000000000000000000100413261244762014204 0ustar #ifndef PAMMODUTIL_PRIVATE_H #define PAMMODUTIL_PRIVATE_H /* * $Id$ * * Copyright (c) 2001 Andrew Morgan */ #include "config.h" #include #include #include #define PWD_INITIAL_LENGTH 0x400 #define PWD_ABSURD_PWD_LENGTH 0x40001 #define PWD_LENGTH_SHIFT 4 /* 2^4 == 16 */ extern void pam_modutil_cleanup(pam_handle_t *pamh, void *data, int error_status); #endif /* PAMMODUTIL_PRIVATE_H */ pam/libpam/pam_password.c0000644000000000000000000000321613261244762012641 0ustar /* pam_password.c - PAM Password Management */ /* * $Id$ */ #include "pam_private.h" #include #include int pam_chauthtok(pam_handle_t *pamh, int flags) { int retval; D(("called.")); IF_NO_PAMH("pam_chauthtok", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } /* applications are not allowed to set this flags */ if (flags & (PAM_PRELIM_CHECK | PAM_UPDATE_AUTHTOK)) { pam_syslog (pamh, LOG_ERR, "PAM_PRELIM_CHECK or PAM_UPDATE_AUTHTOK set by application"); return PAM_SYSTEM_ERR; } if (pamh->former.choice == PAM_NOT_STACKED) { _pam_start_timer(pamh); /* we try to make the time for a failure independent of the time it takes to fail */ _pam_sanitize(pamh); pamh->former.update = PAM_FALSE; } /* first call to check if there will be a problem */ if (pamh->former.update || (retval = _pam_dispatch(pamh, flags|PAM_PRELIM_CHECK, PAM_CHAUTHTOK)) == PAM_SUCCESS) { D(("completed check ok: former=%d", pamh->former.update)); pamh->former.update = PAM_TRUE; retval = _pam_dispatch(pamh, flags|PAM_UPDATE_AUTHTOK, PAM_CHAUTHTOK); } /* if we completed we should clean up */ if (retval != PAM_INCOMPLETE) { _pam_sanitize(pamh); pamh->former.update = PAM_FALSE; _pam_await_timer(pamh, retval); /* if unsuccessful then wait now */ D(("pam_chauthtok exit %d - %d", retval, pamh->former.choice)); } else { D(("will resume when ready", retval)); } #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_CHAUTHTOK, retval, flags); #endif return retval; } pam/libpam/pam_prelude.c0000644000000000000000000002772013261244762012445 0ustar /* * pam_prelude.c -- prelude reporting * http://www.prelude-ids.org * * (C) Sebastien Tricaud 2005 */ #include #include #ifdef PRELUDE #include #include #include #include "pam_prelude.h" #include "pam_private.h" #define ANALYZER_CLASS "pam" #define ANALYZER_MODEL "PAM" #define ANALYZER_MANUFACTURER "Sebastien Tricaud, http://www.kernel.org/pub/linux/libs/pam/" #define DEFAULT_ANALYZER_NAME "PAM" static const char * pam_get_item_service(const pam_handle_t *pamh) { const void *service = NULL; pam_get_item(pamh, PAM_SERVICE, &service); return service; } static const char * pam_get_item_user(const pam_handle_t *pamh) { const void *user = NULL; pam_get_item(pamh, PAM_USER, &user); return user; } static const char * pam_get_item_user_prompt(const pam_handle_t *pamh) { const void *user_prompt = NULL; pam_get_item(pamh, PAM_USER_PROMPT, &user_prompt); return user_prompt; } static const char * pam_get_item_tty(const pam_handle_t *pamh) { const void *tty = NULL; pam_get_item(pamh, PAM_TTY, &tty); return tty; } static const char * pam_get_item_ruser(const pam_handle_t *pamh) { const void *ruser = NULL; pam_get_item(pamh, PAM_RUSER, &ruser); return ruser; } static const char * pam_get_item_rhost(const pam_handle_t *pamh) { const void *rhost = NULL; pam_get_item(pamh, PAM_RHOST, &rhost); return rhost; } /* Courteously stolen from prelude-lml */ static int generate_additional_data(idmef_alert_t *alert, const char *meaning, const char *data) { int ret; prelude_string_t *str; idmef_additional_data_t *adata; ret = idmef_alert_new_additional_data(alert, &adata, -1); if ( ret < 0 ) return ret; ret = idmef_additional_data_new_meaning(adata, &str); if ( ret < 0 ) return ret; ret = prelude_string_set_ref(str, meaning); if ( ret < 0 ) return ret; return idmef_additional_data_set_string_ref(adata, data); } static int setup_analyzer(const pam_handle_t *pamh, idmef_analyzer_t *analyzer) { int ret; prelude_string_t *string; ret = idmef_analyzer_new_model(analyzer, &string); if ( ret < 0 ) goto err; prelude_string_set_constant(string, ANALYZER_MODEL); ret = idmef_analyzer_new_class(analyzer, &string); if ( ret < 0 ) goto err; prelude_string_set_constant(string, ANALYZER_CLASS); ret = idmef_analyzer_new_manufacturer(analyzer, &string); if ( ret < 0 ) goto err; prelude_string_set_constant(string, ANALYZER_MANUFACTURER); ret = idmef_analyzer_new_version(analyzer, &string); if ( ret < 0 ) goto err; prelude_string_set_constant(string, PAM_VERSION); return 0; err: pam_syslog(pamh, LOG_WARNING, "%s: IDMEF error: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } static void pam_alert_prelude(const char *msg, void *data, pam_handle_t *pamh, int authval) { int ret; idmef_time_t *clienttime; idmef_alert_t *alert; prelude_string_t *str; idmef_message_t *idmef = NULL; idmef_classification_t *class; prelude_client_t *client = (prelude_client_t *)data; idmef_source_t *source; idmef_target_t *target; idmef_user_t *user; idmef_user_id_t *user_id; idmef_process_t *process; idmef_classification_t *classification; idmef_impact_t *impact; idmef_assessment_t *assessment; idmef_node_t *node; idmef_analyzer_t *analyzer; ret = idmef_message_new(&idmef); if ( ret < 0 ) goto err; ret = idmef_message_new_alert(idmef, &alert); if ( ret < 0 ) goto err; ret = idmef_alert_new_classification(alert, &class); if ( ret < 0 ) goto err; ret = idmef_classification_new_text(class, &str); if ( ret < 0 ) goto err; ret = prelude_string_new_ref(&str, msg); if ( ret < 0 ) goto err; idmef_classification_set_text(class, str); ret = idmef_time_new_from_gettimeofday(&clienttime); if ( ret < 0 ) goto err; idmef_alert_set_create_time(alert, clienttime); idmef_alert_set_analyzer(alert, idmef_analyzer_ref(prelude_client_get_analyzer(client)), 0); /********** * SOURCE * **********/ ret = idmef_alert_new_source(alert, &source, -1); if ( ret < 0 ) goto err; /* BEGIN: Sets the user doing authentication stuff */ ret = idmef_source_new_user(source, &user); if ( ret < 0 ) goto err; idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); ret = idmef_user_new_user_id(user, &user_id, 0); if ( ret < 0 ) goto err; idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_ORIGINAL_USER); if ( pam_get_item_ruser(pamh) ) { ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_get_item_ruser(pamh)); if ( ret < 0 ) goto err; idmef_user_id_set_name(user_id, str); } /* END */ /* BEGIN: Adds TTY infos */ if ( pam_get_item_tty(pamh) ) { ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_get_item_tty(pamh)); if ( ret < 0 ) goto err; idmef_user_id_set_tty(user_id, str); } /* END */ /* BEGIN: Sets the source node (rhost) */ ret = idmef_source_new_node(source, &node); if ( ret < 0 ) goto err; idmef_node_set_category(node, IDMEF_NODE_CATEGORY_HOSTS); if ( pam_get_item_rhost(pamh) ) { ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_get_item_rhost(pamh)); if ( ret < 0 ) goto err; idmef_node_set_name(node, str); } /* END */ /* BEGIN: Describe the service */ ret = idmef_source_new_process(source, &process); if ( ret < 0 ) goto err; idmef_process_set_pid(process, getpid()); if ( pam_get_item_service(pamh) ) { ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_get_item_service(pamh)); if ( ret < 0 ) goto err; idmef_process_set_name(process, str); } /* END */ /********** * TARGET * **********/ ret = idmef_alert_new_target(alert, &target, -1); if ( ret < 0 ) goto err; /* BEGIN: Sets the target node */ analyzer = prelude_client_get_analyzer(client); if ( ! analyzer ) goto err; node = idmef_analyzer_get_node(analyzer); if ( ! node ) goto err; idmef_target_set_node(target, node); node = idmef_node_ref(node); if ( ! node ) goto err; /* END */ /* BEGIN: Sets the user doing authentication stuff */ ret = idmef_target_new_user(target, &user); if ( ret < 0 ) goto err; idmef_user_set_category(user, IDMEF_USER_CATEGORY_APPLICATION); ret = idmef_user_new_user_id(user, &user_id, 0); if ( ret < 0 ) goto err; idmef_user_id_set_type(user_id, IDMEF_USER_ID_TYPE_TARGET_USER); if ( pam_get_item_user(pamh) ) { ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_get_item_user(pamh)); if ( ret < 0 ) goto err; idmef_user_id_set_name(user_id, str); } /* END */ /* BEGIN: Short description of the alert */ ret = idmef_alert_new_classification(alert, &classification); if ( ret < 0 ) goto err; ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, authval == PAM_SUCCESS ? "Authentication Success" : "Authentication Failure"); if ( ret < 0 ) goto err; idmef_classification_set_text(classification, str); /* END */ /* BEGIN: Long description of the alert */ ret = idmef_alert_new_assessment(alert, &assessment); if ( ret < 0 ) goto err; ret = idmef_assessment_new_impact(assessment, &impact); if ( ret < 0 ) goto err; ret = prelude_string_new(&str); if ( ret < 0 ) goto err; ret = prelude_string_set_ref(str, pam_strerror (pamh, authval)); if ( ret < 0 ) goto err; idmef_impact_set_description(impact, str); /* END */ /* BEGIN: Adding additional data */ if ( pam_get_item_user_prompt(pamh) ) { ret = generate_additional_data(alert, "Local User Prompt", pam_get_item_user_prompt(pamh)); if ( ret < 0 ) goto err; } /* END */ prelude_client_send_idmef(client, idmef); if ( idmef ) idmef_message_destroy(idmef); return; err: pam_syslog(pamh, LOG_WARNING, "%s: IDMEF error: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); if ( idmef ) idmef_message_destroy(idmef); } static int pam_alert_prelude_init(pam_handle_t *pamh, int authval) { int ret; prelude_client_t *client = NULL; ret = prelude_init(NULL, NULL); if ( ret < 0 ) { pam_syslog(pamh, LOG_WARNING, "%s: Unable to initialize the Prelude library: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } ret = prelude_client_new(&client, DEFAULT_ANALYZER_NAME); if ( ! client ) { pam_syslog(pamh, LOG_WARNING, "%s: Unable to create a prelude client object: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); return -1; } ret = setup_analyzer(pamh, prelude_client_get_analyzer(client)); if ( ret < 0 ) { pam_syslog(pamh, LOG_WARNING, "%s: Unable to setup analyzer: %s\n", prelude_strsource(ret), prelude_strerror(ret)); prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); return -1; } ret = prelude_client_start(client); if ( ret < 0 ) { pam_syslog(pamh, LOG_WARNING, "%s: Unable to initialize prelude client: %s.\n", prelude_strsource(ret), prelude_strerror(ret)); prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_FAILURE); return -1; } pam_alert_prelude("libpam alert" , client, pamh, authval); prelude_client_destroy(client, PRELUDE_CLIENT_EXIT_STATUS_SUCCESS); return 0; } void prelude_send_alert(pam_handle_t *pamh, int authval) { int ret; prelude_log_set_flags(PRELUDE_LOG_FLAGS_SYSLOG); ret = pam_alert_prelude_init(pamh, authval); if ( ret < 0 ) pam_syslog(pamh, LOG_WARNING, "No prelude alert sent"); prelude_deinit(); } #endif /* PRELUDE */ pam/libpam/pam_prelude.h0000644000000000000000000000050713261244762012444 0ustar /* * pam_prelude.h -- prelude ids reporting * http://www.prelude-ids.org * * (C) Sebastien Tricaud 2005 */ #ifndef _SECURITY_PAM_PRELUDE_H #define _SECURITY_PAM_PRELUDE_H #include void prelude_send_alert(pam_handle_t *pamh, int authval); #endif /* _SECURITY_PAM_PRELUDE_H */ pam/libpam/pam_private.h0000644000000000000000000002650713261244762012466 0ustar /* * pam_private.h * * This is the Linux-PAM Library Private Header. It contains things * internal to the Linux-PAM library. Things not needed by either an * application or module. * * Please see end of file for copyright. * * Creator: Marc Ewing. * Maintained: CVS */ #ifndef _PAM_PRIVATE_H #define _PAM_PRIVATE_H #include "config.h" #include #include #include #include /* the Linux-PAM configuration file */ #define PAM_CONFIG "/etc/pam.conf" #define PAM_CONFIG_D "/etc/pam.d" #define PAM_CONFIG_DF "/etc/pam.d/%s" #define PAM_DEFAULT_SERVICE "other" /* lower case */ #define PAM_DEFAULT_SERVICE_FILE PAM_CONFIG_D "/" PAM_DEFAULT_SERVICE #ifdef PAM_LOCKING /* * the Linux-PAM lock file. If it exists Linux-PAM will abort. Use it * to block access to libpam */ #define PAM_LOCK_FILE "/var/lock/subsys/PAM" #endif /* components of the pam_handle structure */ #define _PAM_INVALID_RETVAL -1 /* default value for cached_retval */ struct handler { int handler_type; int (*func)(pam_handle_t *pamh, int flags, int argc, char **argv); int actions[_PAM_RETURN_VALUES]; /* set by authenticate, open_session, chauthtok(1st) consumed by setcred, close_session, chauthtok(2nd) */ int cached_retval; int *cached_retval_p; int argc; char **argv; struct handler *next; char *mod_name; int stack_level; }; #define PAM_HT_MODULE 0 #define PAM_HT_MUST_FAIL 1 #define PAM_HT_SUBSTACK 2 #define PAM_HT_SILENT_MODULE 3 struct loaded_module { char *name; int type; /* PAM_STATIC_MOD or PAM_DYNAMIC_MOD */ void *dl_handle; }; #define PAM_MT_DYNAMIC_MOD 0 #define PAM_MT_STATIC_MOD 1 #define PAM_MT_FAULTY_MOD 2 struct handlers { struct handler *authenticate; struct handler *setcred; struct handler *acct_mgmt; struct handler *open_session; struct handler *close_session; struct handler *chauthtok; }; struct service { struct loaded_module *module; /* Array of modules */ int modules_allocated; int modules_used; int handlers_loaded; struct handlers conf; /* the configured handlers */ struct handlers other; /* the default handlers */ }; /* * Environment helper functions */ #define PAM_ENV_CHUNK 10 /* chunks of memory calloc()'d * * at once */ struct pam_environ { int entries; /* the number of pointers available */ int requested; /* the number of pointers used: * * 1 <= requested <= entries */ char **list; /* the environment storage (a list * * of pointers to malloc() memory) */ }; #include typedef enum { PAM_FALSE, PAM_TRUE } _pam_boolean; struct _pam_fail_delay { _pam_boolean set; unsigned int delay; time_t begin; const void *delay_fn_ptr; }; /* initial state in substack */ struct _pam_substack_state { int impression; int status; }; struct _pam_former_state { /* this is known and set by _pam_dispatch() */ int choice; /* which flavor of module function did we call? */ /* state info for the _pam_dispatch_aux() function */ int depth; /* how deep in the stack were we? */ int impression; /* the impression at that time */ int status; /* the status before returning incomplete */ struct _pam_substack_state *substates; /* array of initial substack states */ /* state info used by pam_get_user() function */ int fail_user; int want_user; char *prompt; /* saved prompt information */ /* state info for the pam_chauthtok() function */ _pam_boolean update; }; struct pam_handle { char *authtok; unsigned caller_is; struct pam_conv *pam_conversation; char *oldauthtok; char *prompt; /* for use by pam_get_user() */ char *service_name; char *user; char *rhost; char *ruser; char *tty; char *xdisplay; char *authtok_type; /* PAM_AUTHTOK_TYPE */ struct pam_data *data; struct pam_environ *env; /* structure to maintain environment list */ struct _pam_fail_delay fail_delay; /* helper function for easy delays */ struct pam_xauth_data xauth; /* auth info for X display */ struct service handlers; struct _pam_former_state former; /* library state - support for event driven applications */ const char *mod_name; /* Name of the module currently executed */ int mod_argc; /* Number of module arguments */ char **mod_argv; /* module arguments */ int choice; /* Which function we call from the module */ #ifdef HAVE_LIBAUDIT int audit_state; /* keep track of reported audit messages */ #endif }; /* Values for select arg to _pam_dispatch() */ #define PAM_NOT_STACKED 0 #define PAM_AUTHENTICATE 1 #define PAM_SETCRED 2 #define PAM_ACCOUNT 3 #define PAM_OPEN_SESSION 4 #define PAM_CLOSE_SESSION 5 #define PAM_CHAUTHTOK 6 #define _PAM_ACTION_IS_JUMP(x) ((x) > 0) #define _PAM_ACTION_IGNORE 0 #define _PAM_ACTION_OK -1 #define _PAM_ACTION_DONE -2 #define _PAM_ACTION_BAD -3 #define _PAM_ACTION_DIE -4 #define _PAM_ACTION_RESET -5 /* Add any new entries here. Will need to change ..._UNDEF and then * need to change pam_tokens.h */ #define _PAM_ACTION_UNDEF -6 /* this is treated as an error ( = _PAM_ACTION_BAD) */ #define PAM_SUBSTACK_MAX_LEVEL 16 /* maximum level of substacks */ /* character tables for parsing config files */ extern const char * const _pam_token_actions[-_PAM_ACTION_UNDEF]; extern const char * const _pam_token_returns[_PAM_RETURN_VALUES+1]; /* * internally defined functions --- these should not be directly * called by applications or modules */ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice); /* Free various allocated structures and dlclose() the libs */ int _pam_free_handlers(pam_handle_t *pamh); /* Parse config file, allocate handler structures, dlopen() */ int _pam_init_handlers(pam_handle_t *pamh); /* Set all hander stuff to 0/NULL - called once from pam_start() */ void _pam_start_handlers(pam_handle_t *pamh); /* environment helper functions */ /* create the environment structure */ int _pam_make_env(pam_handle_t *pamh); /* delete the environment structure */ void _pam_drop_env(pam_handle_t *pamh); /* these functions deal with failure delays as required by the authentication modules and application. Their *interface* is likely to remain the same although their function is hopefully going to improve */ /* reset the timer to no-delay */ void _pam_reset_timer(pam_handle_t *pamh); /* this sets the clock ticking */ void _pam_start_timer(pam_handle_t *pamh); /* this waits for the clock to stop ticking if status != PAM_SUCCESS */ void _pam_await_timer(pam_handle_t *pamh, int status); typedef void (*voidfunc(void))(void); typedef int (*servicefn)(pam_handle_t *, int, int, char **); #ifdef PAM_STATIC /* The next two in ../modules/_pam_static/pam_static.c */ /* Return pointer to data structure used to define a static module */ struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, const char *path); /* Return pointer to function requested from static module */ voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); #else void *_pam_dlopen (const char *mod_path); servicefn _pam_dlsym (void *handle, const char *symbol); void _pam_dlclose (void *handle); const char *_pam_dlerror (void); #endif /* For now we just use a stack and linear search for module data. */ /* If it becomes apparent that there is a lot of data, it should */ /* changed to either a sorted list or a hash table. */ struct pam_data { char *name; void *data; void (*cleanup)(pam_handle_t *pamh, void *data, int error_status); struct pam_data *next; }; void _pam_free_data(pam_handle_t *pamh, int status); char *_pam_StrTok(char *from, const char *format, char **next); char *_pam_strdup(const char *s); char *_pam_memdup(const char *s, int len); int _pam_mkargv(char *s, char ***argv, int *argc); void _pam_sanitize(pam_handle_t *pamh); void _pam_set_default_control(int *control_array, int default_action); void _pam_parse_control(int *control_array, char *tok); #define _PAM_SYSTEM_LOG_PREFIX "PAM" /* * XXX - Take care with this. It could confuse the logic of a trailing * else */ #define IF_NO_PAMH(X,pamh,ERR) \ if ((pamh) == NULL) { \ syslog(LOG_ERR, _PAM_SYSTEM_LOG_PREFIX " " X ": NULL pam handle passed"); \ return ERR; \ } /* * include some helpful macros */ #include /* used to work out where control currently resides (in an application or in a module) */ #define _PAM_CALLED_FROM_MODULE 1 #define _PAM_CALLED_FROM_APP 2 #define __PAM_FROM_MODULE(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_MODULE) #define __PAM_FROM_APP(pamh) ((pamh)->caller_is == _PAM_CALLED_FROM_APP) #define __PAM_TO_MODULE(pamh) \ do { (pamh)->caller_is = _PAM_CALLED_FROM_MODULE; } while (0) #define __PAM_TO_APP(pamh) \ do { (pamh)->caller_is = _PAM_CALLED_FROM_APP; } while (0) #ifdef HAVE_LIBAUDIT extern int _pam_auditlog(pam_handle_t *pamh, int action, int retval, int flags); extern int _pam_audit_end(pam_handle_t *pamh, int pam_status); #endif /* * Copyright (C) 1995 by Red Hat Software, Marc Ewing * Copyright (c) 1996-8,2001 by Andrew G. Morgan * * All rights reserved * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #endif /* _PAM_PRIVATE_H_ */ pam/libpam/pam_session.c0000644000000000000000000000167613261244762012472 0ustar /* pam_session.c - PAM Session Management */ /* * $Id$ */ #include "pam_private.h" #include int pam_open_session(pam_handle_t *pamh, int flags) { int retval; D(("called")); IF_NO_PAMH("pam_open_session", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } retval = _pam_dispatch(pamh, flags, PAM_OPEN_SESSION); #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_OPEN_SESSION, retval, flags); #endif return retval; } int pam_close_session(pam_handle_t *pamh, int flags) { int retval; D(("called")); IF_NO_PAMH("pam_close_session", pamh, PAM_SYSTEM_ERR); if (__PAM_FROM_MODULE(pamh)) { D(("called from module!?")); return PAM_SYSTEM_ERR; } retval = _pam_dispatch(pamh, flags, PAM_CLOSE_SESSION); #ifdef HAVE_LIBAUDIT retval = _pam_auditlog(pamh, PAM_CLOSE_SESSION, retval, flags); #endif return retval; } pam/libpam/pam_start.c0000644000000000000000000000747213261244762012144 0ustar /* pam_start.c */ /* Creator Marc Ewing * Maintained by AGM * * $Id$ * */ #include "pam_private.h" #include #include #include #include #include int pam_start ( const char *service_name, const char *user, const struct pam_conv *pam_conversation, pam_handle_t **pamh) { D(("called pam_start: [%s] [%s] [%p] [%p]" ,service_name, user, pam_conversation, pamh)); if (pamh == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_start: invalid argument: pamh == NULL"); return (PAM_SYSTEM_ERR); } if (service_name == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_start: invalid argument: service == NULL"); return (PAM_SYSTEM_ERR); } if (pam_conversation == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_start: invalid argument: conv == NULL"); return (PAM_SYSTEM_ERR); } if ((*pamh = calloc(1, sizeof(**pamh))) == NULL) { pam_syslog(NULL, LOG_CRIT, "pam_start: calloc failed for *pamh"); return (PAM_BUF_ERR); } /* All service names should be files below /etc/pam.d and nothing else. Forbid paths. */ if (strrchr(service_name, '/') != NULL) service_name = strrchr(service_name, '/') + 1; /* Mark the caller as the application - permission to do certain things is limited to a module or an application */ __PAM_TO_APP(*pamh); if (((*pamh)->service_name = _pam_strdup(service_name)) == NULL) { pam_syslog(*pamh, LOG_CRIT, "pam_start: _pam_strdup failed for service name"); _pam_drop(*pamh); return (PAM_BUF_ERR); } else { char *tmp; for (tmp=(*pamh)->service_name; *tmp; ++tmp) *tmp = tolower(*tmp); /* require lower case */ } if (user) { if (((*pamh)->user = _pam_strdup(user)) == NULL) { pam_syslog(*pamh, LOG_CRIT, "pam_start: _pam_strdup failed for user"); _pam_drop((*pamh)->service_name); _pam_drop(*pamh); return (PAM_BUF_ERR); } } else (*pamh)->user = NULL; (*pamh)->tty = NULL; (*pamh)->prompt = NULL; /* prompt for pam_get_user() */ (*pamh)->ruser = NULL; (*pamh)->rhost = NULL; (*pamh)->authtok = NULL; (*pamh)->oldauthtok = NULL; (*pamh)->fail_delay.delay_fn_ptr = NULL; (*pamh)->former.choice = PAM_NOT_STACKED; (*pamh)->former.substates = NULL; #ifdef HAVE_LIBAUDIT (*pamh)->audit_state = 0; #endif (*pamh)->xdisplay = NULL; (*pamh)->authtok_type = NULL; memset (&((*pamh)->xauth), 0, sizeof ((*pamh)->xauth)); if (((*pamh)->pam_conversation = (struct pam_conv *) malloc(sizeof(struct pam_conv))) == NULL) { pam_syslog(*pamh, LOG_CRIT, "pam_start: malloc failed for pam_conv"); _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); _pam_drop(*pamh); return (PAM_BUF_ERR); } else { memcpy((*pamh)->pam_conversation, pam_conversation, sizeof(struct pam_conv)); } (*pamh)->data = NULL; if ( _pam_make_env(*pamh) != PAM_SUCCESS ) { pam_syslog(*pamh,LOG_ERR,"pam_start: failed to initialize environment"); _pam_drop((*pamh)->pam_conversation); _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); _pam_drop(*pamh); return PAM_ABORT; } _pam_reset_timer(*pamh); /* initialize timer support */ _pam_start_handlers(*pamh); /* cannot fail */ /* According to the SunOS man pages, loading modules and resolving * symbols happens on the first call from the application. */ if ( _pam_init_handlers(*pamh) != PAM_SUCCESS ) { pam_syslog(*pamh, LOG_ERR, "pam_start: failed to initialize handlers"); _pam_drop_env(*pamh); /* purge the environment */ _pam_drop((*pamh)->pam_conversation); _pam_drop((*pamh)->service_name); _pam_drop((*pamh)->user); _pam_drop(*pamh); return PAM_ABORT; } D(("exiting pam_start successfully")); return PAM_SUCCESS; } pam/libpam/pam_static.c0000644000000000000000000001053713261244762012272 0ustar /* * pam_static.c -- static module loading helper functions * * created by Michael K. Johnson, johnsonm@redhat.com */ /* This whole file is only used for PAM_STATIC */ #ifdef PAM_STATIC #include #include #include #include "pam_private.h" #include "pam_static_modules.h" /* * and now for the functions */ /* Return pointer to data structure used to define a static module */ struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, const char *path) { int i; const char *clpath = path; char *lpath, *end; if (strchr(clpath, '/')) { /* ignore path and leading "/" */ clpath = strrchr(path, '/') + 1; } /* create copy to muck with (must free before return) */ lpath = _pam_strdup(clpath); /* chop .so off copy if it exists (or other extension on other platform...) */ end = strstr(lpath, ".so"); if (end) { *end = '\0'; } /* now go find the module */ for (i = 0; static_modules[i] != NULL; i++) { D(("%s=?%s\n", lpath, static_modules[i]->name)); if (static_modules[i]->name && ! strcmp(static_modules[i]->name, lpath)) { break; } } if (static_modules[i] == NULL) { pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); } free(lpath); return (static_modules[i]); } /* Return pointer to function requested from static module * Can't just return void *, because ANSI C disallows casting a * pointer to a function to a void *... * This definition means: * _pam_get_static_sym is a function taking two arguments and * returning a pointer to a function which takes no arguments * and returns void... */ voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { if (! strcmp(symname, "pam_sm_authenticate")) { return ((voidfunc *)mod->pam_sm_authenticate); } else if (! strcmp(symname, "pam_sm_setcred")) { return ((voidfunc *)mod->pam_sm_setcred); } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { return ((voidfunc *)mod->pam_sm_acct_mgmt); } else if (! strcmp(symname, "pam_sm_open_session")) { return ((voidfunc *)mod->pam_sm_open_session); } else if (! strcmp(symname, "pam_sm_close_session")) { return ((voidfunc *)mod->pam_sm_close_session); } else if (! strcmp(symname, "pam_sm_chauthtok")) { return ((voidfunc *)mod->pam_sm_chauthtok); } /* getting to this point is an error */ return ((voidfunc *)NULL); } #else /* ! PAM_STATIC */ typedef int blarg; #endif /* ! PAM_STATIC */ /* * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson * All rights reserved * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ pam/libpam/pam_static_modules.h0000644000000000000000000001261213261244762014023 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ /* Pointers to static module data. */ extern struct pam_module _pam_access_modstruct; extern struct pam_module _pam_cracklib_modstruct; extern struct pam_module _pam_debug_modstruct; extern struct pam_module _pam_deny_modstruct; extern struct pam_module _pam_echo_modstruct; extern struct pam_module _pam_env_modstruct; extern struct pam_module _pam_exec_modstruct; extern struct pam_module _pam_faildelay_modstruct; extern struct pam_module _pam_filter_modstruct; extern struct pam_module _pam_ftp_modstruct; extern struct pam_module _pam_group_modstruct; extern struct pam_module _pam_issue_modstruct; #ifdef HAVE_KEY_MANAGEMENT extern struct pam_module _pam_keyinit_modstruct; #endif extern struct pam_module _pam_lastlog_modstruct; extern struct pam_module _pam_limits_modstruct; extern struct pam_module _pam_listfile_modstruct; extern struct pam_module _pam_localuser_modstruct; extern struct pam_module _pam_loginuid_modstruct; extern struct pam_module _pam_mail_modstruct; extern struct pam_module _pam_mkhomedir_modstruct; extern struct pam_module _pam_motd_modstruct; #ifdef HAVE_UNSHARE extern struct pam_module _pam_namespace_modstruct; #endif extern struct pam_module _pam_nologin_modstruct; extern struct pam_module _pam_permit_modstruct; extern struct pam_module _pam_pwhistory_modstruct; extern struct pam_module _pam_rhosts_modstruct; extern struct pam_module _pam_rootok_modstruct; extern struct pam_module _pam_securetty_modstruct; #ifdef WITH_SELINUX extern struct pam_module _pam_selinux_modstruct; extern struct pam_module _pam_sepermit_modstruct; #endif extern struct pam_module _pam_shells_modstruct; extern struct pam_module _pam_stress_modstruct; extern struct pam_module _pam_succeed_if_modstruct; extern struct pam_module _pam_tally_modstruct; extern struct pam_module _pam_tally2_modstruct; extern struct pam_module _pam_time_modstruct; extern struct pam_module _pam_timestamp_modstruct; #ifdef HAVE_AUDIT_TTY_STATUS extern struct pam_module _pam_tty_audit_modstruct; #endif extern struct pam_module _pam_umask_modstruct; extern struct pam_module _pam_unix_modstruct; extern struct pam_module _pam_userdb_modstruct; extern struct pam_module _pam_warn_modstruct; extern struct pam_module _pam_wheel_modstruct; extern struct pam_module _pam_xauth_modstruct; /* and here is a structure that connects libpam to the above static modules. */ static struct pam_module *static_modules[] = { &_pam_access_modstruct, #ifdef HAVE_LIBCRACK &_pam_cracklib_modstruct, #endif &_pam_debug_modstruct, &_pam_deny_modstruct, &_pam_echo_modstruct, &_pam_env_modstruct, &_pam_exec_modstruct, &_pam_faildelay_modstruct, &_pam_filter_modstruct, &_pam_ftp_modstruct, &_pam_group_modstruct, &_pam_issue_modstruct, #ifdef HAVE_KEY_MANAGEMENT &_pam_keyinit_modstruct, #endif &_pam_lastlog_modstruct, &_pam_limits_modstruct, &_pam_listfile_modstruct, &_pam_localuser_modstruct, &_pam_loginuid_modstruct, &_pam_mail_modstruct, &_pam_mkhomedir_modstruct, &_pam_motd_modstruct, #ifdef HAVE_UNSHARE &_pam_namespace_modstruct, #endif &_pam_nologin_modstruct, &_pam_permit_modstruct, &_pam_pwhistory_modstruct, &_pam_rhosts_modstruct, &_pam_rootok_modstruct, &_pam_securetty_modstruct, #ifdef WITH_SELINUX &_pam_selinux_modstruct, &_pam_sepermit_modstruct, #endif &_pam_shells_modstruct, &_pam_stress_modstruct, &_pam_succeed_if_modstruct, &_pam_tally_modstruct, &_pam_tally2_modstruct, &_pam_time_modstruct, &_pam_timestamp_modstruct, #ifdef HAVE_AUDIT_TTY_STATUS &_pam_tty_audit_modstruct, #endif &_pam_umask_modstruct, &_pam_unix_modstruct, &_pam_userdb_modstruct, &_pam_warn_modstruct, &_pam_wheel_modstruct, &_pam_xauth_modstruct, NULL }; pam/libpam/pam_strerror.c0000644000000000000000000001061613261244762012663 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "pam_private.h" const char *pam_strerror(pam_handle_t *pamh UNUSED, int errnum) { switch (errnum) { case PAM_SUCCESS: return _("Success"); case PAM_ABORT: return _("Critical error - immediate abort"); case PAM_OPEN_ERR: return _("Failed to load module"); case PAM_SYMBOL_ERR: return _("Symbol not found"); case PAM_SERVICE_ERR: return _("Error in service module"); case PAM_SYSTEM_ERR: return _("System error"); case PAM_BUF_ERR: return _("Memory buffer error"); case PAM_PERM_DENIED: return _("Permission denied"); case PAM_AUTH_ERR: return _("Authentication failure"); case PAM_CRED_INSUFFICIENT: return _("Insufficient credentials to access authentication data"); case PAM_AUTHINFO_UNAVAIL: return _("Authentication service cannot retrieve authentication info"); case PAM_USER_UNKNOWN: return _("User not known to the underlying authentication module"); case PAM_MAXTRIES: return _("Have exhausted maximum number of retries for service"); case PAM_NEW_AUTHTOK_REQD: return _("Authentication token is no longer valid; new one required"); case PAM_ACCT_EXPIRED: return _("User account has expired"); case PAM_SESSION_ERR: return _("Cannot make/remove an entry for the specified session"); case PAM_CRED_UNAVAIL: return _("Authentication service cannot retrieve user credentials"); case PAM_CRED_EXPIRED: return _("User credentials expired"); case PAM_CRED_ERR: return _("Failure setting user credentials"); case PAM_NO_MODULE_DATA: return _("No module specific data is present"); case PAM_BAD_ITEM: return _("Bad item passed to pam_*_item()"); case PAM_CONV_ERR: return _("Conversation error"); case PAM_AUTHTOK_ERR: return _("Authentication token manipulation error"); case PAM_AUTHTOK_RECOVERY_ERR: return _("Authentication information cannot be recovered"); case PAM_AUTHTOK_LOCK_BUSY: return _("Authentication token lock busy"); case PAM_AUTHTOK_DISABLE_AGING: return _("Authentication token aging disabled"); case PAM_TRY_AGAIN: return _("Failed preliminary check by password service"); case PAM_IGNORE: return _("The return value should be ignored by PAM dispatch"); case PAM_MODULE_UNKNOWN: return _("Module is unknown"); case PAM_AUTHTOK_EXPIRED: return _("Authentication token expired"); case PAM_CONV_AGAIN: return _("Conversation is waiting for event"); case PAM_INCOMPLETE: return _("Application needs to call libpam again"); } return _("Unknown PAM error"); } pam/libpam/pam_syslog.c0000644000000000000000000000653113261244762012322 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include #include #include #include #include "pam_private.h" #ifndef LOG_AUTHPRIV #define LOG_AUTHPRIV LOG_AUTH #endif static const char * _pam_choice2str (int choice) { switch (choice) { case PAM_AUTHENTICATE: return "auth"; case PAM_SETCRED: return "setcred"; case PAM_ACCOUNT: return "account"; case PAM_OPEN_SESSION: case PAM_CLOSE_SESSION: return "session"; case PAM_CHAUTHTOK: return "chauthtok"; } return ""; } void pam_vsyslog (const pam_handle_t *pamh, int priority, const char *fmt, va_list args) { char *msgbuf1 = NULL, *msgbuf2 = NULL; int save_errno = errno; if (pamh && pamh->mod_name) { if (asprintf (&msgbuf1, "%s(%s:%s):", pamh->mod_name, pamh->service_name?pamh->service_name:"", _pam_choice2str (pamh->choice)) < 0) { syslog (LOG_AUTHPRIV|LOG_ERR, "asprintf: %m"); return; } } errno = save_errno; if (vasprintf (&msgbuf2, fmt, args) < 0) { syslog (LOG_AUTHPRIV|LOG_ERR, "vasprintf: %m"); _pam_drop (msgbuf1); return; } errno = save_errno; syslog (LOG_AUTHPRIV|priority, "%s %s", (msgbuf1 ? msgbuf1 : _PAM_SYSTEM_LOG_PREFIX), msgbuf2); _pam_drop (msgbuf1); _pam_drop (msgbuf2); } void pam_syslog (const pam_handle_t *pamh, int priority, const char *fmt, ...) { va_list args; va_start (args, fmt); pam_vsyslog (pamh, priority, fmt, args); va_end (args); } pam/libpam/pam_tokens.h0000644000000000000000000000741013261244762012307 0ustar /* * pam_tokens.h * * $Id$ * * This is a Linux-PAM Library Private Header file. It contains tokens * that are used when we parse the configuration file(s). * * Please see end of file for copyright. * * Creator: Andrew Morgan. * */ #ifndef _PAM_TOKENS_H #define _PAM_TOKENS_H /* an array of actions */ #ifndef LIBPAM_COMPILE static #endif const char * const _pam_token_actions[-_PAM_ACTION_UNDEF] = { "ignore", /* 0 */ "ok", /* -1 */ "done", /* -2 */ "bad", /* -3 */ "die", /* -4 */ "reset", /* -5 */ }; /* an array of possible return values */ #ifndef LIBPAM_COMPILE static #endif const char * const _pam_token_returns[_PAM_RETURN_VALUES+1] = { "success", /* 0 */ "open_err", /* 1 */ "symbol_err", /* 2 */ "service_err", /* 3 */ "system_err", /* 4 */ "buf_err", /* 5 */ "perm_denied", /* 6 */ "auth_err", /* 7 */ "cred_insufficient", /* 8 */ "authinfo_unavail", /* 9 */ "user_unknown", /* 10 */ "maxtries", /* 11 */ "new_authtok_reqd", /* 12 */ "acct_expired", /* 13 */ "session_err", /* 14 */ "cred_unavail", /* 15 */ "cred_expired", /* 16 */ "cred_err", /* 17 */ "no_module_data", /* 18 */ "conv_err", /* 19 */ "authtok_err", /* 20 */ "authtok_recover_err", /* 21 */ "authtok_lock_busy", /* 22 */ "authtok_disable_aging", /* 23 */ "try_again", /* 24 */ "ignore", /* 25 */ "abort", /* 26 */ "authtok_expired", /* 27 */ "module_unknown", /* 28 */ "bad_item", /* 29 */ "conv_again", /* 30 */ "incomplete", /* 31 */ /* add new return codes here */ "default" /* this is _PAM_RETURN_VALUES and indicates the default return action */ }; /* * Copyright (C) 1998,2001 Andrew G. Morgan * * All rights reserved * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #endif /* _PAM_PRIVATE_H_ */ pam/libpam/pam_vprompt.c0000644000000000000000000000705313261244762012511 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include #include #include #include #include "pam_private.h" int pam_vprompt (pam_handle_t *pamh, int style, char **response, const char *fmt, va_list args) { struct pam_message msg; struct pam_response *pam_resp = NULL; const struct pam_message *pmsg; const struct pam_conv *conv; const void *convp; char *msgbuf; int retval; if (response) *response = NULL; retval = pam_get_item (pamh, PAM_CONV, &convp); if (retval != PAM_SUCCESS) return retval; conv = convp; if (conv == NULL || conv->conv == NULL) { pam_syslog (pamh, LOG_ERR, "no conversation function"); return PAM_SYSTEM_ERR; } if (vasprintf (&msgbuf, fmt, args) < 0) { pam_syslog (pamh, LOG_ERR, "vasprintf: %m"); return PAM_BUF_ERR; } msg.msg_style = style; msg.msg = msgbuf; pmsg = &msg; retval = conv->conv (1, &pmsg, &pam_resp, conv->appdata_ptr); if (retval != PAM_SUCCESS && pam_resp != NULL) pam_syslog(pamh, LOG_WARNING, "unexpected response from failed conversation function"); if (response) *response = pam_resp == NULL ? NULL : pam_resp->resp; else if (pam_resp && pam_resp->resp) { _pam_overwrite (pam_resp->resp); _pam_drop (pam_resp->resp); } _pam_overwrite (msgbuf); _pam_drop (pam_resp); free (msgbuf); if (retval != PAM_SUCCESS) pam_syslog (pamh, LOG_ERR, "conversation failed"); return retval; } int pam_prompt (pam_handle_t *pamh, int style, char **response, const char *fmt, ...) { va_list args; int retval; va_start (args, fmt); retval = pam_vprompt (pamh, style, response, fmt, args); va_end (args); return retval; } pam/libpam_misc/0000755000000000000000000000000013261244762011007 5ustar pam/libpam_misc/Makefile.am0000644000000000000000000000104713261244762013045 0ustar # # Copyright (c) 2005 Thorsten Kukuk # CLEANFILES = *~ EXTRA_DIST = libpam_misc.map include_HEADERS = include/security/pam_misc.h AM_CFLAGS = -I$(top_srcdir)/libpam/include \ -I$(top_srcdir)/libpamc/include -I$(srcdir)/include libpam_misc_la_LDFLAGS = -no-undefined -version-info 82:0:82 if HAVE_VERSIONING libpam_misc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam_misc.map endif libpam_misc_la_LIBADD = $(top_builddir)/libpam/libpam.la lib_LTLIBRARIES = libpam_misc.la libpam_misc_la_SOURCES = help_env.c misc_conv.c pam/libpam_misc/Makefile.in0000644000000000000000000004723013261244762013062 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/libpam_misc.map subdir = libpam_misc DIST_COMMON = $(include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) libpam_misc_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la am_libpam_misc_la_OBJECTS = help_env.lo misc_conv.lo libpam_misc_la_OBJECTS = $(am_libpam_misc_la_OBJECTS) libpam_misc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libpam_misc_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libpam_misc_la_SOURCES) DIST_SOURCES = $(libpam_misc_la_SOURCES) HEADERS = $(include_HEADERS) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ EXTRA_DIST = libpam_misc.map include_HEADERS = include/security/pam_misc.h AM_CFLAGS = -I$(top_srcdir)/libpam/include \ -I$(top_srcdir)/libpamc/include -I$(srcdir)/include libpam_misc_la_LDFLAGS = -no-undefined -version-info 82:0:82 \ $(am__append_1) libpam_misc_la_LIBADD = $(top_builddir)/libpam/libpam.la lib_LTLIBRARIES = libpam_misc.la libpam_misc_la_SOURCES = help_env.c misc_conv.c all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libpam_misc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu libpam_misc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libpam_misc.la: $(libpam_misc_la_OBJECTS) $(libpam_misc_la_DEPENDENCIES) $(libpam_misc_la_LINK) -rpath $(libdir) $(libpam_misc_la_OBJECTS) $(libpam_misc_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/help_env.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc_conv.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(includedir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-includeHEADERS install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-includeHEADERS install-info \ install-info-am install-libLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-includeHEADERS \ uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/libpam_misc/help_env.c0000644000000000000000000000346013261244762012756 0ustar /* * $Id$ * * This file was written by Andrew G. Morgan * */ #include "config.h" #include #include #include #include /* * This function should be used to carefully dispose of the copied * environment. * * usage: env = pam_misc_drop_env(env); */ char **pam_misc_drop_env(char **dump) { int i; for (i=0; dump[i] != NULL; ++i) { D(("dump[%d]=`%s'", i, dump[i])); _pam_overwrite(dump[i]); _pam_drop(dump[i]); } _pam_drop(dump); return NULL; } /* * This function takes the supplied environment and uploads it to be * the PAM one. */ int pam_misc_paste_env(pam_handle_t *pamh, const char * const * user_env) { for (; user_env && *user_env; ++user_env) { int retval; D(("uploading: %s", *user_env)); retval = pam_putenv(pamh, *user_env); if (retval != PAM_SUCCESS) { D(("error setting %s: %s", *user_env, pam_strerror(pamh,retval))); return retval; } } D(("done.")); return PAM_SUCCESS; } /* * This is a wrapper to make pam behave in the way that setenv() does. */ int pam_misc_setenv(pam_handle_t *pamh, const char *name , const char *value, int readonly) { char *tmp; int retval; if (readonly) { const char *etmp; /* we check if the variable is there already */ etmp = pam_getenv(pamh, name); if (etmp != NULL) { D(("failed to set readonly variable: %s", name)); return PAM_PERM_DENIED; /* not allowed to overwrite */ } } if (asprintf(&tmp, "%s=%s", name, value) >= 0) { D(("pam_putt()ing: %s", tmp)); retval = pam_putenv(pamh, tmp); _pam_overwrite(tmp); /* purge */ _pam_drop(tmp); /* forget */ } else { D(("malloc failure")); retval = PAM_BUF_ERR; } return retval; } pam/libpam_misc/include/0000755000000000000000000000000013261244762012432 5ustar pam/libpam_misc/include/security/0000755000000000000000000000000013261244762014301 5ustar pam/libpam_misc/include/security/pam_misc.h0000644000000000000000000000276613261244762016255 0ustar /* $Id$ */ #ifndef __PAMMISC_H #define __PAMMISC_H #include #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* include some useful macros */ #include /* functions defined in pam_misc.* libraries */ extern int misc_conv(int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr); #include extern time_t pam_misc_conv_warn_time; /* time that we should warn user */ extern time_t pam_misc_conv_die_time; /* cut-off time for input */ extern const char *pam_misc_conv_warn_line; /* warning notice */ extern const char *pam_misc_conv_die_line; /* cut-off remark */ extern int pam_misc_conv_died; /* 1 = cut-off time reached (0 not) */ extern int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p); extern void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p); /* * Environment helper functions */ /* transcribe given environment (to pam) */ extern int pam_misc_paste_env(pam_handle_t *pamh , const char * const * user_env); /* delete environment as obtained from (pam_getenvlist) */ extern char **pam_misc_drop_env(char **env); /* provide something like the POSIX setenv function for the (Linux-)PAM * environment. */ extern int pam_misc_setenv(pam_handle_t *pamh, const char *name , const char *value, int readonly); #ifdef __cplusplus } #endif /* def __cplusplus */ #endif /* ndef __PAMMISC_H */ pam/libpam_misc/libpam_misc.map0000644000000000000000000000050513261244762013765 0ustar LIBPAM_MISC_1.0 { global: misc_conv; pam_misc_conv_warn_time; pam_misc_conv_die_time; pam_misc_conv_warn_line; pam_misc_conv_die_line; pam_misc_conv_died; pam_binary_handler_fn; pam_binary_handler_free; pam_misc_paste_env; pam_misc_drop_env; pam_misc_setenv; local: *; }; pam/libpam_misc/misc_conv.c0000644000000000000000000002426713261244762013146 0ustar /* * A generic conversation function for text based applications * * Written by Andrew Morgan */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #define INPUTSIZE PAM_MAX_MSG_SIZE /* maximum length of input+1 */ #define CONV_ECHO_ON 1 /* types of echo state */ #define CONV_ECHO_OFF 0 /* * external timeout definitions - these can be overriden by the * application. */ time_t pam_misc_conv_warn_time = 0; /* time when we warn */ time_t pam_misc_conv_die_time = 0; /* time when we timeout */ const char *pam_misc_conv_warn_line = N_("...Time is running out...\n"); const char *pam_misc_conv_die_line = N_("...Sorry, your time is up!\n"); int pam_misc_conv_died=0; /* application can probe this for timeout */ /* * These functions are for binary prompt manipulation. * The manner in which a binary prompt is processed is application * specific, so these function pointers are provided and can be * initialized by the application prior to the conversation function * being used. */ static void pam_misc_conv_delete_binary(void *appdata UNUSED, pamc_bp_t *delete_me) { PAM_BP_RENEW(delete_me, 0, 0); } int (*pam_binary_handler_fn)(void *appdata, pamc_bp_t *prompt_p) = NULL; void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p) = pam_misc_conv_delete_binary; /* the following code is used to get text input */ static volatile int expired=0; /* return to the previous signal handling */ static void reset_alarm(struct sigaction *o_ptr) { (void) alarm(0); /* stop alarm clock - if still ticking */ (void) sigaction(SIGALRM, o_ptr, NULL); } /* this is where we intercept the alarm signal */ static void time_is_up(int ignore UNUSED) { expired = 1; } /* set the new alarm to hit the time_is_up() function */ static int set_alarm(int delay, struct sigaction *o_ptr) { struct sigaction new_sig; sigemptyset(&new_sig.sa_mask); new_sig.sa_flags = 0; new_sig.sa_handler = time_is_up; if ( sigaction(SIGALRM, &new_sig, o_ptr) ) { return 1; /* setting signal failed */ } if ( alarm(delay) ) { (void) sigaction(SIGALRM, o_ptr, NULL); return 1; /* failed to set alarm */ } return 0; /* all seems to have worked */ } /* return the number of seconds to next alarm. 0 = no delay, -1 = expired */ static int get_delay(void) { time_t now; expired = 0; /* reset flag */ (void) time(&now); /* has the quit time past? */ if (pam_misc_conv_die_time && now >= pam_misc_conv_die_time) { fprintf(stderr,"%s",pam_misc_conv_die_line); pam_misc_conv_died = 1; /* note we do not reset the die_time */ return -1; /* time is up */ } /* has the warning time past? */ if (pam_misc_conv_warn_time && now >= pam_misc_conv_warn_time) { fprintf(stderr, "%s", pam_misc_conv_warn_line); pam_misc_conv_warn_time = 0; /* reset warn_time */ /* indicate remaining delay - if any */ return (pam_misc_conv_die_time ? pam_misc_conv_die_time - now:0 ); } /* indicate possible warning delay */ if (pam_misc_conv_warn_time) return (pam_misc_conv_warn_time - now); else if (pam_misc_conv_die_time) return (pam_misc_conv_die_time - now); else return 0; } /* read a line of input string, giving prompt when appropriate */ static int read_string(int echo, const char *prompt, char **retstr) { struct termios term_before, term_tmp; char line[INPUTSIZE]; struct sigaction old_sig; int delay, nc = -1, have_term = 0; sigset_t oset, nset; D(("called with echo='%s', prompt='%s'.", echo ? "ON":"OFF" , prompt)); if (isatty(STDIN_FILENO)) { /* terminal state */ /* is a terminal so record settings and flush it */ if ( tcgetattr(STDIN_FILENO, &term_before) != 0 ) { D(("")); *retstr = NULL; return -1; } memcpy(&term_tmp, &term_before, sizeof(term_tmp)); if (!echo) { term_tmp.c_lflag &= ~(ECHO); } have_term = 1; /* * We make a simple attempt to block TTY signals from suspending * the conversation without giving PAM a chance to clean up. */ sigemptyset(&nset); sigaddset(&nset, SIGTSTP); (void) sigprocmask(SIG_BLOCK, &nset, &oset); } else if (!echo) { D(("")); } /* set up the signal handling */ delay = get_delay(); /* reading the line */ while (delay >= 0) { /* this may, or may not set echo off -- drop pending input */ if (have_term) (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &term_tmp); fprintf(stderr, "%s", prompt); if ( delay > 0 && set_alarm(delay, &old_sig) ) { D(("")); break; } else { if (have_term) nc = read(STDIN_FILENO, line, INPUTSIZE-1); else /* we must read one line only */ for (nc = 0; nc < INPUTSIZE-1 && (nc?line[nc-1]:0) != '\n'; nc++) { int rv; if ((rv=read(STDIN_FILENO, line+nc, 1)) != 1) { if (rv < 0) nc = rv; break; } } if (have_term) { (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); if (!echo || expired) /* do we need a newline? */ fprintf(stderr,"\n"); } if ( delay > 0 ) { reset_alarm(&old_sig); } if (expired) { delay = get_delay(); } else if (nc > 0) { /* we got some user input */ D(("we got some user input")); if (nc > 0 && line[nc-1] == '\n') { /* terminate */ line[--nc] = '\0'; } else { if (echo) { fprintf(stderr, "\n"); } line[nc] = '\0'; } *retstr = x_strdup(line); _pam_overwrite(line); goto cleanexit; /* return malloc()ed string */ } else if (nc == 0) { /* Ctrl-D */ D(("user did not want to type anything")); *retstr = NULL; if (echo) { fprintf(stderr, "\n"); } goto cleanexit; /* return malloc()ed "" */ } else if (nc == -1) { /* Don't loop forever if read() returns -1. */ D(("error reading input from the user: %m")); if (echo) { fprintf(stderr, "\n"); } *retstr = NULL; goto cleanexit; /* return NULL */ } } } /* getting here implies that the timer expired */ D(("the timer appears to have expired")); *retstr = NULL; _pam_overwrite(line); cleanexit: if (have_term) { (void) sigprocmask(SIG_SETMASK, &oset, NULL); (void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before); } return nc; } /* end of read_string functions */ /* * This conversation function is supposed to be a generic PAM one. * Unfortunately, it is _not_ completely compatible with the Solaris PAM * codebase. * * Namely, for msgm's that contain multiple prompts, this function * interprets "const struct pam_message **msgm" as equivalent to * "const struct pam_message *msgm[]". The Solaris module * implementation interprets the **msgm object as a pointer to a * pointer to an array of "struct pam_message" objects (that is, a * confusing amount of pointer indirection). */ int misc_conv(int num_msg, const struct pam_message **msgm, struct pam_response **response, void *appdata_ptr) { int count=0; struct pam_response *reply; if (num_msg <= 0) return PAM_CONV_ERR; D(("allocating empty response structure array.")); reply = (struct pam_response *) calloc(num_msg, sizeof(struct pam_response)); if (reply == NULL) { D(("no memory for responses")); return PAM_CONV_ERR; } D(("entering conversation function.")); for (count=0; count < num_msg; ++count) { char *string=NULL; int nc; switch (msgm[count]->msg_style) { case PAM_PROMPT_ECHO_OFF: nc = read_string(CONV_ECHO_OFF,msgm[count]->msg, &string); if (nc < 0) { goto failed_conversation; } break; case PAM_PROMPT_ECHO_ON: nc = read_string(CONV_ECHO_ON,msgm[count]->msg, &string); if (nc < 0) { goto failed_conversation; } break; case PAM_ERROR_MSG: if (fprintf(stderr,"%s\n",msgm[count]->msg) < 0) { goto failed_conversation; } break; case PAM_TEXT_INFO: if (fprintf(stdout,"%s\n",msgm[count]->msg) < 0) { goto failed_conversation; } break; case PAM_BINARY_PROMPT: { pamc_bp_t binary_prompt = NULL; if (!msgm[count]->msg || !pam_binary_handler_fn) { goto failed_conversation; } PAM_BP_RENEW(&binary_prompt, PAM_BP_RCONTROL(msgm[count]->msg), PAM_BP_LENGTH(msgm[count]->msg)); PAM_BP_FILL(binary_prompt, 0, PAM_BP_LENGTH(msgm[count]->msg), PAM_BP_RDATA(msgm[count]->msg)); if (pam_binary_handler_fn(appdata_ptr, &binary_prompt) != PAM_SUCCESS || (binary_prompt == NULL)) { goto failed_conversation; } string = (char *) binary_prompt; binary_prompt = NULL; break; } default: fprintf(stderr, _("erroneous conversation (%d)\n"), msgm[count]->msg_style); goto failed_conversation; } if (string) { /* must add to reply array */ /* add string to list of responses */ reply[count].resp_retcode = 0; reply[count].resp = string; string = NULL; } } *response = reply; reply = NULL; return PAM_SUCCESS; failed_conversation: D(("the conversation failed")); if (reply) { for (count=0; countmsg_style) { case PAM_PROMPT_ECHO_ON: case PAM_PROMPT_ECHO_OFF: _pam_overwrite(reply[count].resp); free(reply[count].resp); break; case PAM_BINARY_PROMPT: { void *bt_ptr = reply[count].resp; pam_binary_handler_free(appdata_ptr, bt_ptr); break; } case PAM_ERROR_MSG: case PAM_TEXT_INFO: /* should not actually be able to get here... */ free(reply[count].resp); } reply[count].resp = NULL; } /* forget reply too */ free(reply); reply = NULL; } return PAM_CONV_ERR; } pam/libpamc/0000755000000000000000000000000013261244762010137 5ustar pam/libpamc/License0000644000000000000000000000401213261244762011441 0ustar Unless otherwise *explicitly* stated the following text describes the licensed conditions under which the contents of this libpamc release may be distributed: ------------------------------------------------------------------------- Redistribution and use in source and binary forms of libpamc, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain any existing copyright notice, and this entire permission notice in its entirety, including the disclaimer of warranties. 2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of any author may not be used to endorse or promote products derived from this software without their specific prior written permission. ALTERNATIVELY, this product may be distributed under the terms of the GNU Library General Public License (LGPL), in which case the provisions of the GNU LGPL are required INSTEAD OF the above restrictions. (This clause is necessary due to a potential conflict between the GNU LGPL and the restrictions contained in a BSD-style copyright.) THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------- pam/libpamc/Makefile.am0000644000000000000000000000077213261244762012201 0ustar # # Copyright (c) 2005 Thorsten Kukuk # SUBDIRS = test CLEANFILES = *~ EXTRA_DIST = License libpamc.map include_HEADERS = include/security/pam_client.h noinst_HEADERS = libpamc.h AM_CFLAGS=-I$(top_srcdir)/libpam/include -I$(srcdir)/include libpamc_la_LDFLAGS = -no-undefined -version-info 82:1:82 if HAVE_VERSIONING libpamc_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpamc.map endif lib_LTLIBRARIES = libpamc.la libpamc_la_SOURCES = pamc_client.c pamc_converse.c pamc_load.c pam/libpamc/Makefile.in0000644000000000000000000006174213261244762012216 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/libpamc.map subdir = libpamc DIST_COMMON = $(include_HEADERS) $(noinst_HEADERS) \ $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)" LTLIBRARIES = $(lib_LTLIBRARIES) libpamc_la_LIBADD = am_libpamc_la_OBJECTS = pamc_client.lo pamc_converse.lo pamc_load.lo libpamc_la_OBJECTS = $(am_libpamc_la_OBJECTS) libpamc_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libpamc_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(libpamc_la_SOURCES) DIST_SOURCES = $(libpamc_la_SOURCES) RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive HEADERS = $(include_HEADERS) $(noinst_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = test CLEANFILES = *~ EXTRA_DIST = License libpamc.map include_HEADERS = include/security/pam_client.h noinst_HEADERS = libpamc.h AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(srcdir)/include libpamc_la_LDFLAGS = -no-undefined -version-info 82:1:82 \ $(am__append_1) lib_LTLIBRARIES = libpamc.la libpamc_la_SOURCES = pamc_client.c pamc_converse.c pamc_load.c all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu libpamc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu libpamc/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-libLTLIBRARIES: $(lib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ } uninstall-libLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ done clean-libLTLIBRARIES: -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libpamc.la: $(libpamc_la_OBJECTS) $(libpamc_la_DEPENDENCIES) $(libpamc_la_LINK) -rpath $(libdir) $(libpamc_la_OBJECTS) $(libpamc_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pamc_client.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pamc_converse.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pamc_load.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(includedir)" && rm -f $$files # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(LTLIBRARIES) $(HEADERS) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-includeHEADERS install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-libLTLIBRARIES install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-includeHEADERS uninstall-libLTLIBRARIES .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic \ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am \ install-includeHEADERS install-info install-info-am \ install-libLTLIBRARIES install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-recursive uninstall uninstall-am \ uninstall-includeHEADERS uninstall-libLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/libpamc/include/0000755000000000000000000000000013261244762011562 5ustar pam/libpamc/include/security/0000755000000000000000000000000013261244762013431 5ustar pam/libpamc/include/security/pam_client.h0000644000000000000000000001610713261244762015722 0ustar /* * $Id$ * * Copyright (c) 1999 Andrew G. Morgan * * This header file provides the prototypes for the PAM client API */ #ifndef PAM_CLIENT_H #define PAM_CLIENT_H #ifdef __cplusplus extern "C" { #endif /* def __cplusplus */ #include #include #include #include /* opaque agent handling structure */ typedef struct pamc_handle_s *pamc_handle_t; /* binary prompt structure pointer */ typedef struct { u_int32_t length; u_int8_t control; } *pamc_bp_t; /* * functions provided by libpamc */ /* * Initialize the agent abstraction library */ pamc_handle_t pamc_start(void); /* * Terminate the authentication process */ int pamc_end(pamc_handle_t *pch); /* * force the loading of a specified agent */ int pamc_load(pamc_handle_t pch, const char *agent_id); /* * Single conversation interface for binary prompts */ int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p); /* * disable an agent */ int pamc_disable(pamc_handle_t pch, const char *agent_id); /* * obtain a list of available agents */ char **pamc_list_agents(pamc_handle_t pch); /* * PAM_BP_ MACROS for creating, destroying and manipulating binary prompts */ #include #include #include #ifndef PAM_BP_ASSERT # ifdef NDEBUG # define PAM_BP_ASSERT(x) do {} while (0) # else # define PAM_BP_ASSERT(x) do { printf(__FILE__ "(%d): %s\n", \ __LINE__, x) ; exit(1); } while (0) # endif /* NDEBUG */ #endif /* PAM_BP_ASSERT */ #ifndef PAM_BP_CALLOC # define PAM_BP_CALLOC calloc #endif /* PAM_BP_CALLOC */ #ifndef PAM_BP_FREE # define PAM_BP_FREE free #endif /* PAM_BP_FREE */ #define __PAM_BP_WOCTET(x,y) (*((y) + (u_int8_t *)(x))) #define __PAM_BP_ROCTET(x,y) (*((y) + (const u_int8_t *)(x))) #define PAM_BP_MIN_SIZE (sizeof(u_int32_t) + sizeof(u_int8_t)) #define PAM_BP_MAX_LENGTH 0x20000 /* an advisory limit */ #define PAM_BP_WCONTROL(x) (__PAM_BP_WOCTET(x,4)) #define PAM_BP_RCONTROL(x) (__PAM_BP_ROCTET(x,4)) #define PAM_BP_SIZE(x) ((__PAM_BP_ROCTET(x,0)<<24)+ \ (__PAM_BP_ROCTET(x,1)<<16)+ \ (__PAM_BP_ROCTET(x,2)<< 8)+ \ (__PAM_BP_ROCTET(x,3) )) #define PAM_BP_LENGTH(x) (PAM_BP_SIZE(x) - PAM_BP_MIN_SIZE) #define PAM_BP_WDATA(x) (PAM_BP_MIN_SIZE + (u_int8_t *) (x)) #define PAM_BP_RDATA(x) (PAM_BP_MIN_SIZE + (const u_int8_t *) (x)) /* Note, this macro always '\0' terminates renewed packets */ #define PAM_BP_RENEW(old_p, cntrl, data_length) \ do { \ if (old_p) { \ if (*(old_p)) { \ u_int32_t __size; \ __size = PAM_BP_SIZE(*(old_p)); \ memset(*(old_p), 0, __size); \ PAM_BP_FREE(*(old_p)); \ } \ if (cntrl) { \ u_int32_t __size; \ \ __size = PAM_BP_MIN_SIZE + data_length; \ if ((*(old_p) = PAM_BP_CALLOC(1, 1+__size))) { \ __PAM_BP_WOCTET(*(old_p), 3) = __size & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 2) = (__size>>=8) & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 1) = (__size>>=8) & 0xFF; \ __PAM_BP_WOCTET(*(old_p), 0) = (__size>>=8) & 0xFF; \ (*(old_p))->control = cntrl; \ } else { \ PAM_BP_ASSERT("out of memory for binary prompt"); \ } \ } else { \ *old_p = NULL; \ } \ } else { \ PAM_BP_ASSERT("programming error, invalid binary prompt pointer"); \ } \ } while (0) #define PAM_BP_FILL(prmpt, offset, length, data) \ do { \ size_t bp_length; \ u_int8_t *prompt = (u_int8_t *) (prmpt); \ bp_length = PAM_BP_LENGTH(prompt); \ if (bp_length < ((length)+(offset))) { \ PAM_BP_ASSERT("attempt to write over end of prompt"); \ } \ memcpy((offset) + PAM_BP_WDATA(prompt), (data), (length)); \ } while (0) #define PAM_BP_EXTRACT(prmpt, offset, length, data) \ do { \ size_t __bp_length; \ const u_int8_t *__prompt = (const u_int8_t *) (prmpt); \ __bp_length = PAM_BP_LENGTH(__prompt); \ if (((offset) < 0) || (__bp_length < ((length)+(offset))) \ || ((length) < 0)) { \ PAM_BP_ASSERT("invalid extraction from prompt"); \ } \ memcpy((data), (offset) + PAM_BP_RDATA(__prompt), (length)); \ } while (0) /* Control types */ #define PAM_BPC_FALSE 0 #define PAM_BPC_TRUE 1 #define PAM_BPC_OK 0x01 /* continuation packet */ #define PAM_BPC_SELECT 0x02 /* initialization packet */ #define PAM_BPC_DONE 0x03 /* termination packet */ #define PAM_BPC_FAIL 0x04 /* unable to execute */ /* The following control characters are only legal for echanges between an agent and a client (it is the responsibility of the client to enforce this rule in the face of a rogue server): */ #define PAM_BPC_GETENV 0x41 /* obtain client env.var */ #define PAM_BPC_PUTENV 0x42 /* set client env.var */ #define PAM_BPC_TEXT 0x43 /* display message */ #define PAM_BPC_ERROR 0x44 /* display error message */ #define PAM_BPC_PROMPT 0x45 /* echo'd text prompt */ #define PAM_BPC_PASS 0x46 /* non-echo'd text prompt*/ /* quick check for prompts that are legal for the client (by implication the server too) to send to libpamc */ #define PAM_BPC_FOR_CLIENT(/* pamc_bp_t */ prompt) \ (((prompt)->control <= PAM_BPC_FAIL && (prompt)->control >= PAM_BPC_OK) \ ? PAM_BPC_TRUE:PAM_BPC_FALSE) #ifdef __cplusplus } #endif /* def __cplusplus */ #endif /* PAM_CLIENT_H */ pam/libpamc/libpamc.h0000644000000000000000000000255513261244762011726 0ustar /* * $Id$ * * Copyright (c) Andrew G. Morgan * */ #ifndef LIBPAMC_H #define LIBPAMC_H #include #include #include #include #include #include #include #include #include #include #define _PAMC_DEFAULT_TOP_FD 10 struct pamc_handle_s { struct pamc_agent_s *current; struct pamc_agent_s *chain; struct pamc_blocked_s *blocked_agents; int max_path; char **agent_paths; int combined_status; int highest_fd_to_close; }; typedef struct pamc_blocked_s { char *id; /* terminated */ struct pamc_blocked_s *next; } pamc_blocked_t; typedef struct pamc_agent_s { char *id; int id_length; struct pamc_agent_s *next; int writer; /* write to agent */ int reader; /* read from agent */ pid_t pid; /* agent process id */ } pamc_agent_t; /* used to build a tree of unique, sorted agent ids */ typedef struct pamc_id_node { struct pamc_id_node *left, *right; int child_count; char *agent_id; } pamc_id_node_t; /* internal function */ int __pamc_valid_agent_id(int id_length, const char *id); #define PAMC_SYSTEM_AGENT_PATH "/lib/pamc:/usr/lib/pamc" #define PAMC_SYSTEM_AGENT_SEPARATOR ':' #endif /* LIBPAMC_H */ pam/libpamc/libpamc.map0000644000000000000000000000022413261244762012243 0ustar LIBPAMC_1.0 { global: pamc_start; pamc_end; pamc_load; pamc_converse; pamc_disable; pamc_list_agents; local: *; }; pam/libpamc/pamc_client.c0000644000000000000000000000661113261244762012565 0ustar /* * $Id$ * * Copyright (c) Andrew G. Morgan * * pamc_start and pamc_end */ #include "libpamc.h" /* * liberate path list */ static void __pamc_delete_path_list(pamc_handle_t pch) { int i; for (i=0; pch->agent_paths[i]; ++i) { free(pch->agent_paths[i]); pch->agent_paths[i] = NULL; } free(pch->agent_paths); pch->agent_paths = NULL; } /* * open the pamc library */ pamc_handle_t pamc_start(void) { int i, count, last, this; const char *default_path; pamc_handle_t pch; pch = calloc(1, sizeof(struct pamc_handle_s)); if (pch == NULL) { D(("no memory for *pch")); return NULL; } pch->highest_fd_to_close = _PAMC_DEFAULT_TOP_FD; default_path = getenv("PAMC_AGENT_PATH"); if (default_path == NULL) { default_path = PAMC_SYSTEM_AGENT_PATH; } /* number of individual paths */ for (count=1, i=0; default_path[i]; ++i) { if (default_path[i] == PAMC_SYSTEM_AGENT_SEPARATOR) { ++count; } } pch->agent_paths = calloc(count+1, sizeof(char *)); if (pch->agent_paths == NULL) { D(("no memory for path list")); goto drop_pch; } this = last = i = 0; while ( default_path[i] || (i != last) ) { if ( default_path[i] == PAMC_SYSTEM_AGENT_SEPARATOR || !default_path[i] ) { int length; pch->agent_paths[this] = malloc(length = 1+i-last); if (pch->agent_paths[this] == NULL) { D(("no memory for next path")); goto drop_list; } memcpy(pch->agent_paths[this], default_path + last, i-last); pch->agent_paths[this][i-last] = '\0'; if (length > pch->max_path) { pch->max_path = length; } if (++this == count) { break; } last = ++i; } else { ++i; } } return pch; drop_list: __pamc_delete_path_list(pch); drop_pch: free(pch); return NULL; } /* * shutdown each of the loaded agents and */ static int __pamc_shutdown_agents(pamc_handle_t pch) { int retval = PAM_BPC_TRUE; D(("called")); while (pch->chain) { pid_t pid; int status; pamc_agent_t *this; this = pch->chain; D(("cleaning up agent %p", this)); pch->chain = pch->chain->next; this->next = NULL; D(("cleaning up agent: %s", this->id)); /* close off contact with agent and wait for it to shutdown */ close(this->writer); this->writer = -1; close(this->reader); this->reader = -1; pid = waitpid(this->pid, &status, 0); if (pid == this->pid) { D(("is exit:%d, exit val:%d", WIFEXITED(status), WEXITSTATUS(status))); if (!(WIFEXITED(status) && (WEXITSTATUS(status) == 0))) { retval = PAM_BPC_FALSE; } } else { D(("problem shutting down agent (%s): pid(%d) != waitpid(%d)!?", this->id, this->pid, pid)); retval = PAM_BPC_FALSE; } pid = this->pid = 0; memset(this->id, 0, this->id_length); free(this->id); this->id = NULL; this->id_length = 0; free(this); this = NULL; } return retval; } /* * close the pamc library */ int pamc_end(pamc_handle_t *pch_p) { int retval; if (pch_p == NULL) { D(("called with no pch_p")); return PAM_BPC_FALSE; } if (*pch_p == NULL) { D(("called with no *pch_p")); return PAM_BPC_FALSE; } D(("removing path_list")); __pamc_delete_path_list(*pch_p); D(("shutting down agents")); retval = __pamc_shutdown_agents(*pch_p); D(("freeing *pch_p")); free(*pch_p); *pch_p = NULL; return retval; } pam/libpamc/pamc_converse.c0000644000000000000000000001055713261244762013137 0ustar /* * $Id$ * * Copyright (c) Andrew G. Morgan * * pamc_converse */ #include "libpamc.h" /* * select agent */ static int __pamc_select_agent(pamc_handle_t pch, char *agent_id) { pamc_agent_t *agent; for (agent = pch->chain; agent; agent = agent->next) { if (!strcmp(agent->id, agent_id)) { pch->current = agent; return PAM_BPC_TRUE; } } D(("failed to locate agent")); pch->current = NULL; return PAM_BPC_FALSE; } /* * pass a binary prompt to the active agent and wait for a reply prompt */ int pamc_converse(pamc_handle_t pch, pamc_bp_t *prompt_p) { u_int32_t size, offset=0; u_int8_t control, raw[PAM_BP_MIN_SIZE]; D(("called")); if (pch == NULL) { D(("null pch")); goto pamc_converse_failure; } if (prompt_p == NULL) { D(("null prompt_p")); goto pamc_converse_failure; } if (*prompt_p == NULL) { D(("null *prompt_p")); goto pamc_converse_failure; } /* from here on, failures are interoperability problems.. */ size = PAM_BP_SIZE(*prompt_p); if (size < PAM_BP_MIN_SIZE) { D(("problem with size being too short (%u)", size)); goto pamc_unknown_prompt; } if (PAM_BPC_FOR_CLIENT(*prompt_p) != PAM_BPC_TRUE) { D(("*prompt_p is not legal for the client to use")); goto pamc_unknown_prompt; } /* do we need to select the agent? */ if ((*prompt_p)->control == PAM_BPC_SELECT) { char *rawh; size_t i; int retval; D(("selecting a specified agent")); rawh = (char *) *prompt_p; for (i = PAM_BP_MIN_SIZE; i= size) || !__pamc_valid_agent_id(i-PAM_BP_MIN_SIZE, rawh + PAM_BP_MIN_SIZE) ) { goto pamc_unknown_prompt; } rawh[i] = '\0'; retval = pamc_load(pch, PAM_BP_MIN_SIZE + rawh); if (retval == PAM_BPC_TRUE) { retval = __pamc_select_agent(pch, PAM_BP_MIN_SIZE + rawh); } rawh[i] = '/'; if (retval != PAM_BPC_TRUE) { goto pamc_unknown_prompt; } D(("agent is loaded")); } if (pch->current == NULL) { D(("unable to address agent")); goto pamc_unknown_prompt; } /* pump all of the prompt into the agent */ do { int rval = write(pch->current->writer, offset + (const u_int8_t *) (*prompt_p), size - offset); if (rval == -1) { switch (errno) { case EINTR: break; default: D(("problem writing to agent: %m")); goto pamc_unknown_prompt; } } else { offset += rval; } } while (offset < size); D(("whole prompt sent to agent")); /* read size and control for response prompt */ offset = 0; memset(raw, 0, sizeof(raw)); do { int rval; rval = read(pch->current->reader, raw + offset, PAM_BP_MIN_SIZE - offset); if (rval == -1) { switch (errno) { case EINTR: break; default: D(("problem reading from agent: %m")); goto pamc_unknown_prompt; } } else if (rval) { offset += rval; } else { D(("agent has closed its output pipe - nothing more to read")); goto pamc_converse_failure; } } while (offset < PAM_BP_MIN_SIZE); /* construct the whole reply prompt */ size = PAM_BP_SIZE(raw); control = PAM_BP_RCONTROL(raw); memset(raw, 0, sizeof(raw)); D(("agent replied with prompt of size %d and control %u", size, control)); PAM_BP_RENEW(prompt_p, control, size - PAM_BP_MIN_SIZE); if (*prompt_p == NULL) { D(("problem making a new prompt for reply")); goto pamc_unknown_prompt; } /* read the rest of the reply prompt -- note offset has the correct value from the previous loop */ while (offset < size) { int rval = read(pch->current->reader, offset + (u_int8_t *) *prompt_p, size-offset); if (rval == -1) { switch (errno) { case EINTR: break; default: D(("problem reading from agent: %m")); goto pamc_unknown_prompt; } } else if (rval) { offset += rval; } else { D(("problem reading prompt (%d) with %d to go", size, size-offset)); goto pamc_converse_failure; } } D(("returning success")); return PAM_BPC_TRUE; pamc_converse_failure: D(("conversation failure")); PAM_BP_RENEW(prompt_p, 0, 0); return PAM_BPC_FALSE; pamc_unknown_prompt: /* the server is trying something that the client does not support */ D(("unknown prompt")); PAM_BP_RENEW(prompt_p, PAM_BPC_FAIL, 0); return PAM_BPC_TRUE; } pam/libpamc/pamc_load.c0000644000000000000000000002361313261244762012227 0ustar /* * $Id$ * * Copyright (c) 1999 Andrew G. Morgan * * pamc_load */ #include "libpamc.h" static int __pamc_exec_agent(pamc_handle_t pch, pamc_agent_t *agent) { char *full_path; int found_agent, length, reset_length, to_agent[2], from_agent[2]; int return_code = PAM_BPC_FAIL; if (agent->id[agent->id_length] != '\0') { PAM_BP_ASSERT("libpamc: internal error agent_id not terminated"); } for (length=0; (length < agent->id_length); ++length) { switch (agent->id[length]) { case '/': D(("ill formed agent id")); return PAM_BPC_FAIL; } } /* enough memory for any path + this agent */ reset_length = 3 + pch->max_path + agent->id_length; D(("reset_length = %d (3+%d+%d)", reset_length, pch->max_path, agent->id_length)); full_path = malloc(reset_length); if (full_path == NULL) { D(("no memory for agent path")); return PAM_BPC_FAIL; } found_agent = 0; for (length=0; pch->agent_paths[length]; ++length) { struct stat buf; D(("path: [%s]", pch->agent_paths[length])); D(("agent id: [%s]", agent->id)); sprintf(full_path, "%s/%s", pch->agent_paths[length], agent->id); D(("looking for agent here: [%s]\n", full_path)); if (stat(full_path, &buf) == 0) { D(("file existis")); found_agent = 1; break; } } if (! found_agent) { D(("no agent was found")); goto free_and_return; } if (pipe(to_agent)) { D(("failed to open pipe to agent")); goto free_and_return; } if (pipe(from_agent)) { D(("failed to open pipe from agent")); goto close_the_agent; } agent->pid = fork(); if (agent->pid == -1) { D(("failed to fork for agent")); goto close_both_pipes; } else if (agent->pid == 0) { int i; dup2(from_agent[1], STDOUT_FILENO); dup2(to_agent[0], STDIN_FILENO); /* we close all of the files that have filedescriptors lower and equal to twice the highest we have seen, The idea is that we don't want to leak filedescriptors to agents from a privileged client application. XXX - this is a heuristic at this point. There is a growing need for an extra 'set param' libpamc function, that could be used to supply info like the highest fd to close etc.. */ if (from_agent[1] > pch->highest_fd_to_close) { pch->highest_fd_to_close = 2*from_agent[1]; } for (i=0; i <= pch->highest_fd_to_close; ++i) { switch (i) { case STDOUT_FILENO: case STDERR_FILENO: case STDIN_FILENO: /* only these three remain open */ break; default: (void) close(i); /* don't care if its not open */ } } /* we make no attempt to drop other privileges - this library has no idea how that would be done in the general case. It is up to the client application (when calling pamc_converse) to make sure no privilege will leak into an (untrusted) agent. */ /* we propogate no environment - future versions of this library may have the ability to audit all agent transactions. */ D(("exec'ing agent %s", full_path)); execle(full_path, "pam-agent", NULL, NULL); D(("exec failed")); _exit(1); } close(to_agent[0]); close(from_agent[1]); agent->writer = to_agent[1]; agent->reader = from_agent[0]; return_code = PAM_BPC_TRUE; goto free_and_return; close_both_pipes: close(from_agent[0]); close(from_agent[1]); close_the_agent: close(to_agent[0]); close(to_agent[1]); free_and_return: memset(full_path, 0, reset_length); free(full_path); D(("returning %d", return_code)); return return_code; } /* * has the named agent been loaded? */ static int __pamc_agent_is_enabled(pamc_handle_t pch, const char *agent_id) { pamc_agent_t *agent; for (agent = pch->chain; agent; agent = agent->next) { if (!strcmp(agent->id, agent_id)) { D(("agent already loaded")); return PAM_BPC_TRUE; } } D(("agent is not loaded")); return PAM_BPC_FALSE; } /* * has the named agent been disabled? */ static int __pamc_agent_is_disabled(pamc_handle_t pch, const char *agent_id) { pamc_blocked_t *blocked; for (blocked=pch->blocked_agents; blocked; blocked = blocked->next) { if (!strcmp(agent_id, blocked->id)) { D(("agent is disabled")); return PAM_BPC_TRUE; } } D(("agent is not disabled")); return PAM_BPC_FALSE; } /* * disable an agent */ int pamc_disable(pamc_handle_t pch, const char *agent_id) { pamc_blocked_t *block; if (pch == NULL) { D(("pch is NULL")); return PAM_BPC_FALSE; } if (agent_id == NULL) { D(("agent_id is NULL")); return PAM_BPC_FALSE; } if (__pamc_agent_is_enabled(pch, agent_id) != PAM_BPC_FALSE) { D(("agent is already loaded")); return PAM_BPC_FALSE; } if (__pamc_agent_is_disabled(pch, agent_id) != PAM_BPC_FALSE) { D(("agent is already disabled")); return PAM_BPC_TRUE; } block = calloc(1, sizeof(pamc_blocked_t)); if (block == NULL) { D(("no memory for new blocking structure")); return PAM_BPC_FALSE; } block->id = malloc(1 + strlen(agent_id)); if (block->id == NULL) { D(("no memory for agent id")); free(block); return PAM_BPC_FALSE; } strcpy(block->id, agent_id); block->next = pch->blocked_agents; pch->blocked_agents = block; return PAM_BPC_TRUE; } /* * force the loading of a particular agent */ int pamc_load(pamc_handle_t pch, const char *agent_id) { pamc_agent_t *agent; int length; /* santity checking */ if (pch == NULL) { D(("pch is NULL")); return PAM_BPC_FALSE; } if (agent_id == NULL) { D(("agent_id is NULL")); return PAM_BPC_FALSE; } if (__pamc_agent_is_disabled(pch, agent_id) != PAM_BPC_FALSE) { D(("sorry agent is disabled")); return PAM_BPC_FALSE; } length = strlen(agent_id); /* scan list to see if agent is loaded */ if (__pamc_agent_is_enabled(pch, agent_id) == PAM_BPC_TRUE) { D(("no need to load an already loaded agent (%s)", agent_id)); return PAM_BPC_TRUE; } /* not in the list, so we need to load it and add it to the head of the chain */ agent = calloc(1, sizeof(pamc_agent_t)); if (agent == NULL) { D(("no memory for new agent")); return PAM_BPC_FALSE; } agent->id = calloc(1, 1+length); if (agent->id == NULL) { D(("no memory for new agent's id")); goto fail_free_agent; } memcpy(agent->id, agent_id, length); agent->id[length] = '\0'; agent->id_length = length; if (__pamc_exec_agent(pch, agent) != PAM_BPC_TRUE) { D(("unable to exec agent")); goto fail_free_agent_id; } agent->next = pch->chain; pch->chain = agent; return PAM_BPC_TRUE; fail_free_agent_id: memset(agent->id, 0, agent->id_length); free(agent->id); memset(agent, 0, sizeof(*agent)); fail_free_agent: free(agent); return PAM_BPC_FALSE; } /* * what's a valid agent name? */ int __pamc_valid_agent_id(int id_length, const char *id) { int post, i; for (i=post=0 ; i < id_length; ++i) { int ch = id[i++]; if (isalpha(ch) || isdigit(ch) || (ch == '_')) { continue; } else if (post && (ch == '.')) { continue; } else if ((i > 1) && (!post) && (ch == '@')) { post = 1; } else { D(("id=%s contains '%c' which is illegal", id, ch)); return 0; } } if (!i) { D(("length of id is 0")); return 0; } else { return 1; /* id is valid */ } } /* * building a tree of available agent names */ static pamc_id_node_t *__pamc_add_node(pamc_id_node_t *root, const char *id, int *counter) { if (root) { int cmp; if ((cmp = strcmp(id, root->agent_id))) { if (cmp > 0) { root->right = __pamc_add_node(root->right, id, &(root->child_count)); } else { root->left = __pamc_add_node(root->left, id, &(root->child_count)); } } return root; } else { pamc_id_node_t *node = calloc(1, sizeof(pamc_id_node_t)); if (node) { node->agent_id = malloc(1+strlen(id)); if (node->agent_id) { strcpy(node->agent_id, id); } else { free(node); node = NULL; } } (*counter)++; return node; } } /* * drop all of the tree and any remaining ids */ static pamc_id_node_t *__pamc_liberate_nodes(pamc_id_node_t *tree) { if (tree) { if (tree->agent_id) { free(tree->agent_id); tree->agent_id = NULL; } tree->left = __pamc_liberate_nodes(tree->left); tree->right = __pamc_liberate_nodes(tree->right); tree->child_count = 0; free(tree); } return NULL; } /* * fill a list with the contents of the tree (in ascii order) */ static void __pamc_fill_list_from_tree(pamc_id_node_t *tree, char **agent_list, int *counter) { if (tree) { __pamc_fill_list_from_tree(tree->left, agent_list, counter); agent_list[(*counter)++] = tree->agent_id; tree->agent_id = NULL; __pamc_fill_list_from_tree(tree->right, agent_list, counter); } } /* * get a list of the available agents */ char **pamc_list_agents(pamc_handle_t pch) { int i, total_agent_count=0; pamc_id_node_t *tree = NULL; char **agent_list; /* loop over agent paths */ for (i=0; pch->agent_paths[i]; ++i) { DIR *dir; dir = opendir(pch->agent_paths[i]); if (dir) { struct dirent *item; while ((item = readdir(dir))) { /* this is a cheat on recognizing agent_ids */ if (!__pamc_valid_agent_id(strlen(item->d_name), item->d_name)) { continue; } tree = __pamc_add_node(tree, item->d_name, &total_agent_count); } closedir(dir); } } /* now, we build a list of ids */ D(("total of %d available agents\n", total_agent_count)); agent_list = calloc(total_agent_count+1, sizeof(char *)); if (agent_list) { int counter=0; __pamc_fill_list_from_tree(tree, agent_list, &counter); if (counter != total_agent_count) { PAM_BP_ASSERT("libpamc: internal error transcribing tree"); } } else { D(("no memory for agent list")); } __pamc_liberate_nodes(tree); return agent_list; } pam/libpamc/test/0000755000000000000000000000000013261244762011116 5ustar pam/libpamc/test/Makefile.am0000644000000000000000000000041613261244762013153 0ustar # # Copyright (c) 2005 Thorsten Kukuk # AUTOMAKE_OPTIONS = 1.6 gnits CLEANFILES = *~ */*~ EXTRA_DIST = agents/secret@here modules/Makefile modules/pam_secret.c \ regress/Makefile regress/run_test.sh regress/test.libpamc.c \ regress/test.secret@here pam/libpamc/test/Makefile.in0000644000000000000000000002703313261244762013170 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = libpamc/test DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ AUTOMAKE_OPTIONS = 1.6 gnits CLEANFILES = *~ */*~ EXTRA_DIST = agents/secret@here modules/Makefile modules/pam_secret.c \ regress/Makefile regress/run_test.sh regress/test.libpamc.c \ regress/test.secret@here all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnits libpamc/test/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnits libpamc/test/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags: TAGS TAGS: ctags: CTAGS CTAGS: distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ distclean distclean-generic distclean-libtool distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/libpamc/test/agents/0000755000000000000000000000000013261244762012377 5ustar pam/libpamc/test/agents/secret@here0000755000000000000000000001545713261244762014572 0ustar #!/usr/bin/perl # # This is a simple example PAM authentication agent, it implements a # simple shared secret authentication scheme. The PAM module pam_secret.so # is its counter part. Both the agent and the remote server are able to # authenticate one another, but the server is given the opportunity to # ignore a failed authentication. # $^W = 1; use strict; use IPC::Open2; $| = 1; # display extra information to STDERR my $debug = 0; if (scalar @ARGV) { $debug = 1; } # Globals my %state; my $default_key; my $next_key = $$; # loop over binary prompts for (;;) { my ($control, $data) = ReadBinaryPrompt(); my ($reply_control, $reply_data); if ($control == 0) { if ($debug) { print STDERR "agent: no packet to read\n"; } last; } elsif ($control == 0x02) { ($reply_control, $reply_data) = HandleAgentSelection($data); } elsif ($control == 0x01) { ($reply_control, $reply_data) = HandleContinuation($data); } else { if ($debug) { print STDERR "agent: unrecognized packet $control {$data} to read\n"; } ($reply_control, $reply_data) = (0x04, ""); } WriteBinaryPrompt($reply_control, $reply_data); } # Only willing to exit well if we've completed our authentication exchange if (scalar keys %state) { if ($debug) { print STDERR "The following sessions are still active:\n "; print STDERR join ', ', keys %state; print STDERR "\n"; } exit 1; } else { exit 0; } sub HandleAgentSelection ($) { my ($data) = @_; unless ( $data =~ /^([a-zA-Z0-9_]+\@?[a-zA-Z0-9_.]*)\/(.*)$/ ) { return (0x04, ""); } my ($agent_name, $payload) = ($1, $2); if ($debug) { print STDERR "agent: ". "agent=$agent_name, payload=$payload\n"; } # this agent has a defined name if ($agent_name ne "secret\@here") { if ($debug) { print STDERR "bad agent name: [$agent_name]\n"; } return (0x04, ""); } # the selection request is acompanied with a hexadecimal cookie my @tokens = split '\|', $payload; unless ((scalar @tokens) == 2) { if ($debug) { print STDERR "bad payload\n"; } return (0x04, ""); } unless ($tokens[1] =~ /^[a-z0-9]+$/) { if ($debug) { print STDERR "bad server cookie\n"; } return (0x04, ""); } my $shared_secret = IdentifyLocalSecret($tokens[0]); unless (defined $shared_secret) { # make a secret up if ($debug) { print STDERR "agent: cannot authenticate user\n"; } $shared_secret = GetRandom(); } my $local_cookie = GetRandom(); $default_key = $next_key++; $state{$default_key} = $local_cookie ."|". $tokens[1] ."|". $shared_secret; if ($debug) { print STDERR "agent: \$state{$default_key} = $state{$default_key}\n"; } return (0x01, $default_key ."|". $local_cookie); } sub HandleContinuation ($) { my ($data) = @_; my ($key, $server_digest) = split '\|', $data; unless (defined $state{$key}) { # retries and out of sequence prompts are not permitted return (0x04, ""); } my $expected_digest = CreateDigest($state{$key}); my ($local_cookie, $remote_cookie, $shared_secret) = split '\|', $state{$key}; delete $state{$key}; unless ($expected_digest eq $server_digest) { if ($debug) { print STDERR "agent: don't trust server - faking reply\n"; print STDERR "agent: got ($server_digest)\n"; print STDERR "agent: expected ($expected_digest)\n"; } ## FIXME: Agent should exchange a prompt with the client warning ## that the server is faking us out. return (0x03, CreateDigest($expected_digest . $data . GetRandom())); } if ($debug) { print STDERR "agent: server appears to know the secret\n"; } my $session_authenticated_ticket = CreateDigest($remote_cookie."|".$shared_secret."|".$local_cookie); # FIXME: Agent should set a derived session key environment # variable (available for the client (and its children) to sign # future data exchanges. if ($debug) { print STDERR "agent: should putenv(" ."\"AUTH_SESSION_TICKET=$session_authenticated_ticket\")\n"; } # return agent's authenticating digest return (0x03, CreateDigest($shared_secret."|".$remote_cookie ."|".$local_cookie)); } sub ReadBinaryPrompt { my $buffer = " "; my $count = read(STDIN, $buffer, 5); if ($count == 0) { # no more packets to read return (0, ""); } if ($count != 5) { # broken packet header return (-1, ""); } my ($length, $control) = unpack("N C", $buffer); if ($length < 5) { # broken packet length return (-1, ""); } my $data = ""; $length -= 5; while ($count = read(STDIN, $buffer, $length)) { $data .= $buffer; if ($count != $length) { $length -= $count; next; } if ($debug) { print STDERR "agent: ". "data is [$data]\n"; } return ($control, $data); } # broken packet data return (-1, ""); } sub WriteBinaryPrompt ($$) { my ($control, $data) = @_; my $length = 5 + length($data); if ($debug) { printf STDERR "agent: ". "{%d|0x%.2x|%s}\n", $length, $control, $data; } my $bp = pack("N C a*", $length, $control, $data); print STDOUT $bp; if ($debug) { printf STDERR "agent: ". "agent has replied\n"; } } ## ## Here is where we parse the simple secret file ## The format of this file is a list of lines of the following form: ## ## user@client0.host.name secret_string1 ## user@client1.host.name secret_string2 ## user@client2.host.name secret_string3 ## sub IdentifyLocalSecret ($) { my ($identifier) = @_; my $secret; if (open SECRETS, "< ". (getpwuid($<))[7] ."/.secret\@here") { my $line; while (defined ($line = )) { my ($id, $sec) = split /[\s]+/, $line; if ((defined $id) && ($id eq $identifier)) { $secret = $sec; last; } } close SECRETS; } return $secret; } ## Here is where we generate a message digest sub CreateDigest ($) { my ($data) = @_; my $pid = open2(\*MD5out, \*MD5in, "/usr/bin/md5sum -") or die "you'll need /usr/bin/md5sum installed"; my $oldfd = select MD5in; $|=1; select $oldfd; if ($debug) { print STDERR "agent: ". "telling md5: <$data>\n"; } print MD5in "$data"; close MD5in; my $reply = ; ($reply) = split /\s/, $reply; if ($debug) { print STDERR "agent: ". "md5 said: <$reply>\n"; } close MD5out; return $reply; } ## get a random number sub GetRandom { if ( -r "/dev/urandom" ) { open RANDOM, "< /dev/urandom" or die "crazy"; my $i; my $reply = ""; for ($i=0; $i<4; ++$i) { my $buffer = " "; while (read(RANDOM, $buffer, 4) != 4) { ; } $reply .= sprintf "%.8x", unpack("N", $buffer); if ($debug) { print STDERR "growing reply: [$reply]\n"; } } close RANDOM; return $reply; } else { print STDERR "agent: ". "[got linux?]\n"; return "%.8x%.8x%.8x%.8x", time, time, time, time; } } pam/libpamc/test/modules/0000755000000000000000000000000013261244762012566 5ustar pam/libpamc/test/modules/Makefile0000644000000000000000000000022213261244762014222 0ustar CFLAGS = -g -fPIC -I"../../include" pam_secret.so: pam_secret.o ld -x --shared -o pam_secret.so pam_secret.o -lc .o.c: clean: rm -f *.so *.o pam/libpamc/test/modules/pam_secret.c0000644000000000000000000004076213261244762015065 0ustar /* * $Id$ * * Copyright (c) 1999 Andrew G. Morgan */ /* * WARNING: AS WRITTEN THIS CODE IS NOT SECURE. THE MD5 IMPLEMENTATION * NEEDS TO BE INTEGRATED MORE NATIVELY. */ #include #include #include #include #include #include #include #include #include /* * This is a sample module that demonstrates the use of binary prompts * and how they can be used to implement sophisticated authentication * schemes. */ struct ps_state_s { int retval; /* last retval returned by the authentication fn */ int state; /* what state the module was in when it returned incomplete */ char *username; /* the name of the local user */ char server_cookie[33]; /* storage for 32 bytes of server cookie */ char client_cookie[33]; /* storage for 32 bytes of client cookie */ char *secret_data; /* pointer to terminated secret_data */ int invalid_secret; /* indication of whether the secret is valid */ pamc_bp_t current_prompt; /* place to store the current prompt */ pamc_bp_t current_reply; /* place to receive the reply prompt */ }; #define PS_STATE_ID "PAM_SECRET__STATE" #define PS_AGENT_ID "secret@here" #define PS_STATE_DEAD 0 #define PS_STATE_INIT 1 #define PS_STATE_PROMPT1 2 #define PS_STATE_PROMPT2 3 #define MAX_LEN_HOSTNAME 512 #define MAX_FILE_LINE_LEN 1024 /* * Routine for generating 16*8 bits of random data represented in ASCII hex */ static int generate_cookie(unsigned char *buffer_33) { static const char hexarray[] = "0123456789abcdef"; int i, fd; /* fill buffer_33 with 32 hex characters (lower case) + '\0' */ fd = open("/dev/urandom", O_RDONLY); if (fd < 0) { D(("failed to open /dev/urandom")); return 0; } read(fd, buffer_33 + 16, 16); close(fd); /* expand top 16 bytes into 32 nibbles */ for (i=0; i<16; ++i) { buffer_33[2*i ] = hexarray[(buffer_33[16+i] & 0xf0)>>4]; buffer_33[2*i+1] = hexarray[(buffer_33[16+i] & 0x0f)]; } buffer_33[32] = '\0'; return 1; } /* * XXX - This is a hack, and is fundamentally insecure. Its subject to * all sorts of attacks not to mention the fact that all our secrets * will be displayed on the command line for someone doing 'ps' to * see. This is just for programming convenience in this instance, it * needs to be replaced with the md5 code. Although I am loath to * add yet another instance of md5 code to the Linux-PAM source code. * [Need to think of a cleaner way to do this for the distribution as * a whole...] */ #define COMMAND_FORMAT "/bin/echo -n '%s|%s|%s'|/usr/bin/md5sum -" int create_digest(const char *d1, const char *d2, const char *d3, char *buffer_33) { int length; char *buffer; FILE *pipe; length = strlen(d1)+strlen(d2)+strlen(d3)+sizeof(COMMAND_FORMAT); buffer = malloc(length); if (buffer == NULL) { D(("out of memory")); return 0; } sprintf(buffer, COMMAND_FORMAT, d1,d2,d3); D(("executing pipe [%s]", buffer)); pipe = popen(buffer, "r"); memset(buffer, 0, length); free(buffer); if (pipe == NULL) { D(("failed to launch pipe")); return 0; } if (fgets(buffer_33, 33, pipe) == NULL) { D(("failed to read digest")); return 0; } if (strlen(buffer_33) != 32) { D(("digest was not 32 chars")); return 0; } fclose(pipe); D(("done [%s]", buffer_33)); return 1; } /* * method to attempt to instruct the application's conversation function */ static int converse(pam_handle_t *pamh, struct ps_state_s *new) { int retval; struct pam_conv *conv; D(("called")); retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); if (retval == PAM_SUCCESS) { struct pam_message msg; struct pam_response *single_reply; const struct pam_message *msg_ptr; memset(&msg, 0, sizeof(msg)); msg.msg_style = PAM_BINARY_PROMPT; msg.msg = (const char *) new->current_prompt; msg_ptr = &msg; single_reply = NULL; retval = conv->conv(1, &msg_ptr, &single_reply, conv->appdata_ptr); if (retval == PAM_SUCCESS) { if ((single_reply == NULL) || (single_reply->resp == NULL)) { retval == PAM_CONV_ERR; } else { new->current_reply = (pamc_bp_t) single_reply->resp; single_reply->resp = NULL; } } if (single_reply) { free(single_reply); } } #ifdef PAM_DEBUG if (retval == PAM_SUCCESS) { D(("reply has length=%d and control=%u", PAM_BP_LENGTH(new->current_reply), PAM_BP_CONTROL(new->current_reply))); } D(("returning %s", pam_strerror(pamh, retval))); #endif return retval; } /* * identify the secret in question */ #define SECRET_FILE_FORMAT "%s/.secret@here" char *identify_secret(char *identity, const char *user) { struct passwd *pwd; char *temp; FILE *secrets; int length_id; pwd = getpwnam(user); if ((pwd == NULL) || (pwd->pw_dir == NULL)) { D(("user [%s] is not known", user)); return NULL; } length_id = strlen(pwd->pw_dir) + sizeof(SECRET_FILE_FORMAT); temp = malloc(length_id); if (temp == NULL) { D(("out of memory")); pwd = NULL; return NULL; } sprintf(temp, SECRET_FILE_FORMAT, pwd->pw_dir); pwd = NULL; D(("opening key file [%s]", temp)); secrets = fopen(temp, "r"); memset(temp, 0, length_id); if (secrets == NULL) { D(("failed to open key file")); return NULL; } length_id = strlen(identity); temp = malloc(MAX_FILE_LINE_LEN); for (;;) { char *secret = NULL; if (fgets(temp, MAX_FILE_LINE_LEN, secrets) == NULL) { fclose(secrets); return NULL; } D(("cf[%s][%s]", identity, temp)); if (memcmp(temp, identity, length_id)) { continue; } D(("found entry")); fclose(secrets); for (secret=temp+length_id; *secret; ++secret) { if (!(*secret == ' ' || *secret == '\n' || *secret == '\t')) { break; } } memmove(temp, secret, MAX_FILE_LINE_LEN-(secret-(temp+length_id))); secret = temp; for (; *secret; ++secret) { if (*secret == ' ' || *secret == '\n' || *secret == '\t') { break; } } if (*secret) { *secret = '\0'; } D(("secret found [%s]", temp)); return temp; } /* NOT REACHED */ } /* * function to perform the two message authentication process * (with support for event driven conversation functions) */ static int auth_sequence(pam_handle_t *pamh, const struct ps_state_s *old, struct ps_state_s *new) { const char *rhostname; const char *rusername; int retval; retval = pam_get_item(pamh, PAM_RUSER, (const void **) &rusername); if ((retval != PAM_SUCCESS) || (rusername == NULL)) { D(("failed to obtain an rusername")); new->state = PS_STATE_DEAD; return PAM_AUTH_ERR; } retval = pam_get_item(pamh, PAM_RHOST, (const void **) &rhostname); if ((retval != PAM_SUCCESS) || (rhostname == NULL)) { D(("failed to identify local hostname: ", pam_strerror(pamh, retval))); new->state = PS_STATE_DEAD; return PAM_AUTH_ERR; } D(("switch on new->state=%d [%s@%s]", new->state, rusername, rhostname)); switch (new->state) { case PS_STATE_INIT: { const char *user = NULL; retval = pam_get_user(pamh, &user, NULL); if ((retval == PAM_SUCCESS) && (user == NULL)) { D(("success but no username?")); new->state = PS_STATE_DEAD; retval = PAM_USER_UNKNOWN; } if (retval != PAM_SUCCESS) { if (retval == PAM_CONV_AGAIN) { retval = PAM_INCOMPLETE; } else { new->state = PS_STATE_DEAD; } D(("state init failed: %s", pam_strerror(pamh, retval))); return retval; } /* nothing else in this 'case' can be retried */ new->username = strdup(user); if (new->username == NULL) { D(("out of memory")); new->state = PS_STATE_DEAD; return PAM_BUF_ERR; } if (! generate_cookie(new->server_cookie)) { D(("problem generating server cookie")); new->state = PS_STATE_DEAD; return PAM_ABORT; } new->current_prompt = NULL; PAM_BP_RENEW(&new->current_prompt, PAM_BPC_SELECT, sizeof(PS_AGENT_ID) + strlen(rusername) + 1 + strlen(rhostname) + 1 + 32); sprintf(PAM_BP_WDATA(new->current_prompt), PS_AGENT_ID "/%s@%s|%.32s", rusername, rhostname, new->server_cookie); /* note, the BP is guaranteed by the spec to be terminated */ D(("initialization packet [%s]", PAM_BP_DATA(new->current_prompt))); /* fall through */ new->state = PS_STATE_PROMPT1; D(("fall through to state_prompt1")); } case PS_STATE_PROMPT1: { int i, length; /* send {secret@here/jdoe@client.host|} */ retval = converse(pamh, new); if (retval != PAM_SUCCESS) { if (retval == PAM_CONV_AGAIN) { D(("conversation failed to complete")); return PAM_INCOMPLETE; } else { new->state = PS_STATE_DEAD; return retval; } } if (retval != PAM_SUCCESS) { D(("failed to read ruser@rhost")); new->state = PS_STATE_DEAD; return PAM_AUTH_ERR; } /* expect to receive the following {|} */ if (new->current_reply == NULL) { D(("converstation returned [%s] but gave no reply", pam_strerror(pamh, retval))); new->state = PS_STATE_DEAD; return PAM_CONV_ERR; } /* find | */ length = PAM_BP_LENGTH(new->current_reply); for (i=0; icurrent_reply)[i] == '|') { break; } } if (i >= length) { D(("malformed response (no |) of length %d", length)); new->state = PS_STATE_DEAD; return PAM_CONV_ERR; } if ((length - ++i) != 32) { D(("cookie is incorrect length (%d,%d) %d != 32", length, i, length-i)); new->state = PS_STATE_DEAD; return PAM_CONV_ERR; } /* copy client cookie */ memcpy(new->client_cookie, PAM_BP_RDATA(new->current_reply)+i, 32); /* generate a prompt that is length(seqid) + length(|) + 32 long */ PAM_BP_RENEW(&new->current_prompt, PAM_BPC_OK, i+32); /* copy the head of the response prompt */ memcpy(PAM_BP_WDATA(new->current_prompt), PAM_BP_RDATA(new->current_reply), i); PAM_BP_RENEW(&new->current_reply, 0, 0); /* look up the secret */ new->invalid_secret = 0; if (new->secret_data == NULL) { char *ruser_rhost; ruser_rhost = malloc(strlen(rusername)+2+strlen(rhostname)); if (ruser_rhost == NULL) { D(("out of memory")); new->state = PS_STATE_DEAD; return PAM_BUF_ERR; } sprintf(ruser_rhost, "%s@%s", rusername, rhostname); new->secret_data = identify_secret(ruser_rhost, new->username); memset(ruser_rhost, 0, strlen(ruser_rhost)); free(ruser_rhost); } if (new->secret_data == NULL) { D(("secret not found for user")); new->invalid_secret = 1; /* need to make up a secret */ new->secret_data = malloc(32 + 1); if (new->secret_data == NULL) { D(("out of memory")); new->state = PS_STATE_DEAD; return PAM_BUF_ERR; } if (! generate_cookie(new->secret_data)) { D(("what's up - no fake cookie generated?")); new->state = PS_STATE_DEAD; return PAM_ABORT; } } /* construct md5[||] */ if (! create_digest(new->client_cookie, new->server_cookie, new->secret_data, PAM_BP_WDATA(new->current_prompt)+i)) { D(("md5 digesting failed")); new->state = PS_STATE_DEAD; return PAM_ABORT; } /* prompt2 is now constructed - fall through to send it */ } case PS_STATE_PROMPT2: { /* send {|md5[||]} */ retval = converse(pamh, new); if (retval != PAM_SUCCESS) { if (retval == PAM_CONV_AGAIN) { D(("conversation failed to complete")); return PAM_INCOMPLETE; } else { new->state = PS_STATE_DEAD; return retval; } } /* After we complete this section, we should not be able to recall this authentication function. So, we force all future calls into the weeds. */ new->state = PS_STATE_DEAD; /* expect reply:{md5[||]} */ { int cf; char expectation[33]; if (!create_digest(new->secret_data, new->server_cookie, new->client_cookie, expectation)) { new->state = PS_STATE_DEAD; return PAM_ABORT; } cf = strcmp(expectation, PAM_BP_RDATA(new->current_reply)); memset(expectation, 0, sizeof(expectation)); if (cf || new->invalid_secret) { D(("failed to authenticate")); return PAM_AUTH_ERR; } } D(("correctly authenticated :)")); return PAM_SUCCESS; } default: new->state = PS_STATE_DEAD; case PS_STATE_DEAD: D(("state is currently dead/unknown")); return PAM_AUTH_ERR; } fprintf(stderr, "pam_secret: this should not be reached\n"); return PAM_ABORT; } static void clean_data(pam_handle_t *pamh, void *datum, int error_status) { struct ps_state_s *data = datum; D(("liberating datum=%p", datum)); if (data) { D(("renew prompt")); PAM_BP_RENEW(&data->current_prompt, 0, 0); D(("renew reply")); PAM_BP_RENEW(&data->current_reply, 0, 0); D(("overwrite datum")); memset(data, 0, sizeof(struct ps_state_s)); D(("liberate datum")); free(data); } D(("done.")); } /* * front end for the authentication function */ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval; struct ps_state_s *new_data; const struct ps_state_s *old_data; D(("called")); new_data = calloc(1, sizeof(struct ps_state_s)); if (new_data == NULL) { D(("out of memory")); return PAM_BUF_ERR; } new_data->retval = PAM_SUCCESS; retval = pam_get_data(pamh, PS_STATE_ID, (const void **) &old_data); if (retval == PAM_SUCCESS) { new_data->state = old_data->state; memcpy(new_data->server_cookie, old_data->server_cookie, 32); memcpy(new_data->client_cookie, old_data->client_cookie, 32); if (old_data->username) { new_data->username = strdup(old_data->username); } if (old_data->secret_data) { new_data->secret_data = strdup(old_data->secret_data); } if (old_data->current_prompt) { int length; length = PAM_BP_LENGTH(old_data->current_prompt); PAM_BP_RENEW(&new_data->current_prompt, PAM_BP_CONTROL(old_data->current_prompt), length); PAM_BP_FILL(new_data->current_prompt, 0, length, PAM_BP_RDATA(old_data->current_prompt)); } /* don't need to duplicate current_reply */ } else { old_data = NULL; new_data->state = PS_STATE_INIT; } D(("call auth_sequence")); new_data->retval = auth_sequence(pamh, old_data, new_data); D(("returned from auth_sequence")); retval = pam_set_data(pamh, PS_STATE_ID, new_data, clean_data); if (retval != PAM_SUCCESS) { D(("unable to store new_data")); } else { retval = new_data->retval; } old_data = new_data = NULL; D(("done (%d)", retval)); return retval; } /* * front end for the credential setting function */ #define AUTH_SESSION_TICKET_ENV_FORMAT "AUTH_SESSION_TICKET=" int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval; const struct ps_state_s *old_data; D(("called")); /* XXX - need to pay attention to the various flavors of call */ /* XXX - need provide an option to turn this feature on/off: if other modules want to supply an AUTH_SESSION_TICKET, we should leave it up to the admin which module dominiates. */ retval = pam_get_data(pamh, PS_STATE_ID, (const void **) &old_data); if (retval != PAM_SUCCESS) { D(("no data to base decision on")); return PAM_AUTH_ERR; } /* * If ok, export a derived shared secret session ticket to the * client's PAM environment - the ticket has the form * * AUTH_SESSION_TICKET = * md5[||] * * This is a precursor to supporting a spoof resistant trusted * path mechanism. This shared secret ticket can be used to add * a hard-to-guess checksum to further authentication data. */ retval = old_data->retval; if (retval == PAM_SUCCESS) { char envticket[sizeof(AUTH_SESSION_TICKET_ENV_FORMAT)+32]; memcpy(envticket, AUTH_SESSION_TICKET_ENV_FORMAT, sizeof(AUTH_SESSION_TICKET_ENV_FORMAT)); if (! create_digest(old_data->server_cookie, old_data->secret_data, old_data->client_cookie, envticket+sizeof(AUTH_SESSION_TICKET_ENV_FORMAT)-1 )) { D(("unable to generate a digest for session ticket")); return PAM_ABORT; } D(("putenv[%s]", envticket)); retval = pam_putenv(pamh, envticket); memset(envticket, 0, sizeof(envticket)); } old_data = NULL; D(("done (%d)", retval)); return retval; } pam/libpamc/test/regress/0000755000000000000000000000000013261244762012570 5ustar pam/libpamc/test/regress/Makefile0000644000000000000000000000022013261244762014222 0ustar CFLAGS = -g -I ../../include test.libpamc: test.libpamc.o $(CC) -o $@ $(CFLAGS) $< -L ../.. -lpamc clean: rm -f test.libpamc test.libpamc.o pam/libpamc/test/regress/run_test.sh0000755000000000000000000000017713261244762014777 0ustar #!/bin/sh LD_LIBRARY_PATH=../.. ; export LD_LIBRARY_PATH PAMC_AGENT_PATH="../agents" ; export PAMC_AGENT_PATH ./test.libpamc pam/libpamc/test/regress/test.libpamc.c0000644000000000000000000002161313261244762015324 0ustar /* * This is a small test program for testing libpamc against the * secret@here agent. It does the same as the test.secret@here perl * script in this directory, but via the libpamc API. */ #include #include #include #include struct internal_packet { int length; int at; char *buffer; }; void append_data(struct internal_packet *packet, int extra, const char *data) { if ((extra + packet->at) >= packet->length) { if (packet->length == 0) { packet->length = 1000; } /* make sure we have at least a char extra space available */ while (packet->length <= (extra + packet->at)) { packet->length <<= 1; } packet->buffer = realloc(packet->buffer, packet->length); if (packet->buffer == NULL) { fprintf(stderr, "out of memory\n"); exit(1); } } if (data != NULL) { memcpy(packet->at + packet->buffer, data, extra); } packet->at += extra; /* assisting string manipulation */ packet->buffer[packet->at] = '\0'; } void append_string(struct internal_packet *packet, const char *string, int with_nul) { append_data(packet, strlen(string) + (with_nul ? 1:0), string); } char *identify_secret(char *identity) { struct internal_packet temp_packet; FILE *secrets; int length_id; temp_packet.length = temp_packet.at = 0; temp_packet.buffer = NULL; append_string(&temp_packet, "/home/", 0); append_string(&temp_packet, getlogin(), 0); append_string(&temp_packet, "/.secret@here", 1); secrets = fopen(temp_packet.buffer, "r"); if (secrets == NULL) { fprintf(stderr, "server: failed to open\n [%s]\n", temp_packet.buffer); exit(1); } length_id = strlen(identity); for (;;) { char *secret = NULL; temp_packet.at = 0; if (fgets(temp_packet.buffer, temp_packet.length, secrets) == NULL) { fclose(secrets); return NULL; } if (memcmp(temp_packet.buffer, identity, length_id)) { continue; } fclose(secrets); for (secret=temp_packet.buffer; *secret; ++secret) { if (*secret == ' ' || *secret == '\n' || *secret == '\t') { break; } } for (; *secret; ++secret) { if (!(*secret == ' ' || *secret == '\n' || *secret == '\t')) { break; } } for (temp_packet.buffer=secret; *temp_packet.buffer; ++temp_packet.buffer) { if (*temp_packet.buffer == ' ' || *temp_packet.buffer == '\n' || *temp_packet.buffer == '\t') { break; } } if (*temp_packet.buffer) { *temp_packet.buffer = '\0'; } return secret; } /* NOT REACHED */ } /* * This is a hack, and is fundamentally insecure. All our secrets will be * displayed on the command line for someone doing 'ps' to see. This * is just for programming convenience in this instance, since this * program is simply a regression test. The pam_secret module should * not do this, but make use of md5 routines directly. */ char *create_digest(int length, const char *raw) { struct internal_packet temp_packet; FILE *pipe; temp_packet.length = temp_packet.at = 0; temp_packet.buffer = NULL; append_string(&temp_packet, "echo -n '", 0); append_string(&temp_packet, raw, 0); append_string(&temp_packet, "'|/usr/bin/md5sum -", 1); fprintf(stderr, "am attempting to run [%s]\n", temp_packet.buffer); pipe = popen(temp_packet.buffer, "r"); if (pipe == NULL) { fprintf(stderr, "server: failed to run\n [%s]\n", temp_packet.buffer); exit(1); } temp_packet.at = 0; append_data(&temp_packet, 32, NULL); if (fgets(temp_packet.buffer, 33, pipe) == NULL) { fprintf(stderr, "server: failed to read digest\n"); exit(1); } if (strlen(temp_packet.buffer) != 32) { fprintf(stderr, "server: digest was not 32 chars?? [%s]\n", temp_packet.buffer); exit(1); } fclose(pipe); return temp_packet.buffer; } void packet_to_prompt(pamc_bp_t *prompt_p, u_int8_t control, struct internal_packet *packet) { PAM_BP_RENEW(prompt_p, control, packet->at); PAM_BP_FILL(*prompt_p, 0, packet->at, packet->buffer); packet->at = 0; } void prompt_to_packet(pamc_bp_t prompt, struct internal_packet *packet) { int data_length; data_length = PAM_BP_LENGTH(prompt); packet->at = 0; append_data(packet, data_length, NULL); PAM_BP_EXTRACT(prompt, 0, data_length, packet->buffer); fprintf(stderr, "server received[%d]: {%d|0x%.2x|%s}\n", data_length, PAM_BP_SIZE(prompt), PAM_BP_RCONTROL(prompt), PAM_BP_RDATA(prompt)); } int main(int argc, char **argv) { pamc_handle_t pch; pamc_bp_t prompt = NULL; struct internal_packet packet_data, *packet; char *temp_string, *secret, *user, *a_cookie, *seqid, *digest; const char *cookie = "123451234512345"; int retval; packet = &packet_data; packet->length = 0; packet->at = 0; packet->buffer = NULL; pch = pamc_start(); if (pch == NULL) { fprintf(stderr, "server: unable to get a handle from libpamc\n"); exit(1); } temp_string = getlogin(); if (temp_string == NULL) { fprintf(stderr, "server: who are you?\n"); exit(1); } #define DOMAIN "@local.host" user = malloc(1+strlen(temp_string)+strlen(DOMAIN)); if (user == NULL) { fprintf(stderr, "server: out of memory for user id\n"); exit(1); } sprintf(user, "%s%s", temp_string, DOMAIN); append_string(packet, "secret@here/", 0); append_string(packet, user, 0); append_string(packet, "|", 0); append_string(packet, cookie, 0); packet_to_prompt(&prompt, PAM_BPC_SELECT, packet); /* get the library to accept the first packet (which should load the secret@here agent) */ retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after conversation\n"); if (PAM_BP_RCONTROL(prompt) != PAM_BPC_OK) { fprintf(stderr, "server: prompt had unexpected control type: %u\n", PAM_BP_RCONTROL(prompt)); exit(1); } fprintf(stderr, "server: got a prompt back\n"); prompt_to_packet(prompt, packet); temp_string = strtok(packet->buffer, "|"); if (temp_string == NULL) { fprintf(stderr, "server: prompt does not contain anything"); exit(1); } seqid = strdup(temp_string); if (seqid == NULL) { fprintf(stderr, "server: unable to store sequence id\n"); } temp_string = strtok(NULL, "|"); if (temp_string == NULL) { fprintf(stderr, "server: no cookie from agent\n"); exit(1); } a_cookie = strdup(temp_string); if (a_cookie == NULL) { fprintf(stderr, "server: no memory to store agent cookie\n"); exit(1); } fprintf(stderr, "server: agent responded with {%s|%s}\n", seqid, a_cookie); secret = identify_secret(user); fprintf(stderr, "server: secret=%s\n", secret); /* now, we construct the response */ packet->at = 0; append_string(packet, a_cookie, 0); append_string(packet, "|", 0); append_string(packet, cookie, 0); append_string(packet, "|", 0); append_string(packet, secret, 0); fprintf(stderr, "server: get digest of %s\n", packet->buffer); digest = create_digest(packet->at, packet->buffer); fprintf(stderr, "server: secret=%s, digest=%s\n", secret, digest); packet->at = 0; append_string(packet, seqid, 0); append_string(packet, "|", 0); append_string(packet, digest, 0); packet_to_prompt(&prompt, PAM_BPC_OK, packet); retval = pamc_converse(pch, &prompt); fprintf(stderr, "server: after 2nd conversation\n"); if (PAM_BP_RCONTROL(prompt) != PAM_BPC_DONE) { fprintf(stderr, "server: 2nd prompt had unexpected control type: %u\n", PAM_BP_RCONTROL(prompt)); exit(1); } prompt_to_packet(prompt, packet); PAM_BP_RENEW(&prompt, 0, 0); temp_string = strtok(packet->buffer, "|"); if (temp_string == NULL) { fprintf(stderr, "no digest from agent\n"); exit(1); } temp_string = strdup(temp_string); packet->at = 0; append_string(packet, secret, 0); append_string(packet, "|", 0); append_string(packet, cookie, 0); append_string(packet, "|", 0); append_string(packet, a_cookie, 0); fprintf(stderr, "server: get digest of %s\n", packet->buffer); digest = create_digest(packet->at, packet->buffer); fprintf(stderr, "server: digest=%s\n", digest); if (strcmp(digest, temp_string)) { fprintf(stderr, "server: agent doesn't know the secret\n"); fprintf(stderr, "server: agent says: [%s]\n" "server: server says: [%s]\n", temp_string, digest); exit(1); } else { fprintf(stderr, "server: agent seems to know the secret\n"); packet->at = 0; append_string(packet, cookie, 0); append_string(packet, "|", 0); append_string(packet, secret, 0); append_string(packet, "|", 0); append_string(packet, a_cookie, 0); digest = create_digest(packet->at, packet->buffer); fprintf(stderr, "server: putenv(\"AUTH_SESSION_TICKET=%s\")\n", digest); } retval = pamc_end(&pch); fprintf(stderr, "server: agent(s) were %shappy to terminate\n", retval == PAM_BPC_TRUE ? "":"un"); exit(!retval); } pam/libpamc/test/regress/test.secret@here0000755000000000000000000000707313261244762015734 0ustar #!/usr/bin/perl ## ## this is a test script for regressing changes to the secret@here PAM ## agent ## $^W = 1; use strict; use IPC::Open2; $| = 1; my $whoami = `/usr/bin/whoami`; chomp $whoami; my $cookie = "12345"; my $user_domain = "$whoami\@local.host"; my $pid = open2(\*Reader, \*Writer, "../agents/secret\@here blah") or die "failed to load secret\@here agent"; unless (-f (getpwuid($<))[7]."/.secret\@here") { print STDERR "server: ". "no " .(getpwuid($<))[7]. "/.secret\@here file\n"; die "no config file"; } WriteBinaryPrompt(\*Writer, 0x02, "secret\@here/$user_domain|$cookie"); my ($control, $data) = ReadBinaryPrompt(\*Reader); print STDERR "server: ". "reply: control=$control, data=$data\n"; if ($control != 1) { die "expected 1 (OK) for the first agent reply; got $control"; } my ($seqid, $a_cookie) = split '\|', $data; # server needs to convince agent that it knows the secret before # agent will give a valid response my $secret = IdentifyLocalSecret($user_domain); my $digest = CreateDigest($a_cookie."|".$cookie."|".$secret); print STDERR "server: ". "digest = $digest\n"; WriteBinaryPrompt(\*Writer, 0x01, "$seqid|$digest"); # The agent will authenticate us and then reply with its # authenticating digest. we check that before we're done. ($control, $data) = ReadBinaryPrompt(\*Reader); if ($control != 0x03) { die "server: agent did not reply with a 'done' prompt ($control)\n"; } unless ($data eq CreateDigest($secret."|".$cookie."|".$a_cookie)) { die "server: agent is not authenticated\n"; } print STDERR "server: agent appears to know secret\n"; my $session_authenticated_ticket = CreateDigest($cookie."|".$secret."|".$a_cookie); print STDERR "server: should putenv(" ."\"AUTH_SESSION_TICKET=$session_authenticated_ticket\")\n"; exit 0; sub CreateDigest ($) { my ($data) = @_; my $pid = open2(\*MD5out, \*MD5in, "/usr/bin/md5sum -") or die "you'll need /usr/bin/md5sum installed"; my $oldfd = select MD5in; $|=1; select $oldfd; print MD5in "$data"; close MD5in; my $reply = ; ($reply) = split /\s/, $reply; print STDERR "server: ". "md5 said: <$reply>\n"; close MD5out; return $reply; } sub ReadBinaryPrompt ($) { my ($fd) = @_; my $buffer = " "; my $count = read($fd, $buffer, 5); if ($count == 0) { # no more packets to read return (0, ""); } if ($count != 5) { # broken packet header return (-1, ""); } my ($length, $control) = unpack("N C", $buffer); if ($length < 5) { # broken packet length return (-1, ""); } my $data = ""; $length -= 5; while ($count = read($fd, $buffer, $length)) { $data .= $buffer; if ($count != $length) { $length -= $count; next; } print STDERR "server: ". "data is [$data]\n"; return ($control, $data); } # broken packet data return (-1, ""); } sub WriteBinaryPrompt ($$$) { my ($fd, $control, $data) = @_; my $length = 5 + length($data); printf STDERR "server: ". "{%d|0x%.2x|%s}\n", $length, $control, $data; my $bp = pack("N C a*", $length, $control, $data); print $fd $bp; print STDERR "server: ". "control passed to agent\@here\n"; } sub IdentifyLocalSecret ($) { my ($identifier) = @_; my $secret; my $whoami = `/usr/bin/whoami` ; chomp $whoami; if (open SECRETS, "< " .(getpwuid($<))[7]. "/.secret\@here") { my $line; while (defined ($line = )) { my ($id, $sec) = split /[\s]/, $line; if ((defined $id) && ($id eq $identifier)) { $secret = $sec; last; } } close SECRETS; } return $secret; } pam/m4/0000755000000000000000000000000013261244762007050 5ustar pam/m4/gettext.m40000644000000000000000000006070013261244762011001 0ustar # gettext.m4 serial 53 (gettext-0.15) dnl Copyright (C) 1995-2006 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2005. dnl Macro to add for using GNU gettext. dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]). dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The dnl default (if it is not specified or empty) is 'no-libtool'. dnl INTLSYMBOL should be 'external' for packages with no intl directory, dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory. dnl If INTLSYMBOL is 'use-libtool', then a libtool library dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static, dnl depending on --{enable,disable}-{shared,static} and on the presence of dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library dnl $(top_builddir)/intl/libintl.a will be created. dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext dnl implementations (in libc or libintl) without the ngettext() function dnl will be ignored. If NEEDSYMBOL is specified and is dnl 'need-formatstring-macros', then GNU gettext implementations that don't dnl support the ISO C 99 formatstring macros will be ignored. dnl INTLDIR is used to find the intl libraries. If empty, dnl the value `$(top_builddir)/intl/' is used. dnl dnl The result of the configuration is one of three cases: dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled dnl and used. dnl Catalog format: GNU --> install in $(datadir) dnl Catalog extension: .mo after installation, .gmo in source tree dnl 2) GNU gettext has been found in the system's C library. dnl Catalog format: GNU --> install in $(datadir) dnl Catalog extension: .mo after installation, .gmo in source tree dnl 3) No internationalization, always use English msgid. dnl Catalog format: none dnl Catalog extension: none dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur. dnl The use of .gmo is historical (it was needed to avoid overwriting the dnl GNU format catalogs when building on a platform with an X/Open gettext), dnl but we keep it in order not to force irrelevant filename changes on the dnl maintainers. dnl AC_DEFUN([AM_GNU_GETTEXT], [ dnl Argument checking. ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], , [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT ])])])])]) ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], , [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT ])])])]) define([gt_included_intl], ifelse([$1], [external], [no], [yes])) define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], [])) AC_REQUIRE([AM_PO_SUBDIRS])dnl ifelse(gt_included_intl, yes, [ AC_REQUIRE([AM_INTL_SUBDIR])dnl ]) dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) dnl Sometimes libintl requires libiconv, so first search for libiconv. dnl Ideally we would do this search only after the dnl if test "$USE_NLS" = "yes"; then dnl if test "$gt_cv_func_gnugettext_libc" != "yes"; then dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT dnl the configure script would need to contain the same shell code dnl again, outside any 'if'. There are two solutions: dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'. dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE. dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not dnl documented, we avoid it. ifelse(gt_included_intl, yes, , [ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) ]) dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation. gt_INTL_MACOSX dnl Set USE_NLS. AC_REQUIRE([AM_NLS]) ifelse(gt_included_intl, yes, [ BUILD_INCLUDED_LIBINTL=no USE_INCLUDED_LIBINTL=no ]) LIBINTL= LTLIBINTL= POSUB= dnl If we use NLS figure out what method if test "$USE_NLS" = "yes"; then gt_use_preinstalled_gnugettext=no ifelse(gt_included_intl, yes, [ AC_MSG_CHECKING([whether included gettext is requested]) AC_ARG_WITH(included-gettext, [ --with-included-gettext use the GNU gettext library included here], nls_cv_force_use_gnu_gettext=$withval, nls_cv_force_use_gnu_gettext=no) AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" if test "$nls_cv_force_use_gnu_gettext" != "yes"; then ]) dnl User does not insist on using GNU NLS library. Figure out what dnl to use. If GNU gettext is available we use this. Else we have dnl to fall back to GNU NLS library. dnl Add a version number to the cache macros. define([gt_api_version], ifelse([$2], [need-formatstring-macros], 3, ifelse([$2], [need-ngettext], 2, 1))) define([gt_cv_func_gnugettext_libc], [gt_cv_func_gnugettext]gt_api_version[_libc]) define([gt_cv_func_gnugettext_libintl], [gt_cv_func_gnugettext]gt_api_version[_libintl]) AC_CACHE_CHECK([for GNU gettext in libc], gt_cv_func_gnugettext_libc, [AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; ]], [])[extern int _nl_msg_cat_cntr; extern int *_nl_domain_bindings;], [bindtextdomain ("", ""); return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_domain_bindings], gt_cv_func_gnugettext_libc=yes, gt_cv_func_gnugettext_libc=no)]) if test "$gt_cv_func_gnugettext_libc" != "yes"; then dnl Sometimes libintl requires libiconv, so first search for libiconv. ifelse(gt_included_intl, yes, , [ AM_ICONV_LINK ]) dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv]) dnl because that would add "-liconv" to LIBINTL and LTLIBINTL dnl even if libiconv doesn't exist. AC_LIB_LINKFLAGS_BODY([intl]) AC_CACHE_CHECK([for GNU gettext in libintl], gt_cv_func_gnugettext_libintl, [gt_save_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $INCINTL" gt_save_LIBS="$LIBS" LIBS="$LIBS $LIBINTL" dnl Now see whether libintl exists and does not depend on libiconv. AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; ]], [])[extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (const char *);], [bindtextdomain ("", ""); return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias ("")], gt_cv_func_gnugettext_libintl=yes, gt_cv_func_gnugettext_libintl=no) dnl Now see whether libintl exists and depends on libiconv. if test "$gt_cv_func_gnugettext_libintl" != yes && test -n "$LIBICONV"; then LIBS="$LIBS $LIBICONV" AC_TRY_LINK([#include ]ifelse([$2], [need-formatstring-macros], [[#ifndef __GNU_GETTEXT_SUPPORTED_REVISION #define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) #endif typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; ]], [])[extern int _nl_msg_cat_cntr; extern #ifdef __cplusplus "C" #endif const char *_nl_expand_alias (const char *);], [bindtextdomain ("", ""); return * gettext ("")]ifelse([$2], [need-ngettext], [ + * ngettext ("", "", 0)], [])[ + _nl_msg_cat_cntr + *_nl_expand_alias ("")], [LIBINTL="$LIBINTL $LIBICONV" LTLIBINTL="$LTLIBINTL $LTLIBICONV" gt_cv_func_gnugettext_libintl=yes ]) fi CPPFLAGS="$gt_save_CPPFLAGS" LIBS="$gt_save_LIBS"]) fi dnl If an already present or preinstalled GNU gettext() is found, dnl use it. But if this macro is used in GNU gettext, and GNU dnl gettext is already preinstalled in libintl, we update this dnl libintl. (Cf. the install rule in intl/Makefile.in.) if test "$gt_cv_func_gnugettext_libc" = "yes" \ || { test "$gt_cv_func_gnugettext_libintl" = "yes" \ && test "$PACKAGE" != gettext-runtime \ && test "$PACKAGE" != gettext-tools; }; then gt_use_preinstalled_gnugettext=yes else dnl Reset the values set by searching for libintl. LIBINTL= LTLIBINTL= INCINTL= fi ifelse(gt_included_intl, yes, [ if test "$gt_use_preinstalled_gnugettext" != "yes"; then dnl GNU gettext is not found in the C library. dnl Fall back on included GNU gettext library. nls_cv_use_gnu_gettext=yes fi fi if test "$nls_cv_use_gnu_gettext" = "yes"; then dnl Mark actions used to generate GNU NLS library. BUILD_INCLUDED_LIBINTL=yes USE_INCLUDED_LIBINTL=yes LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV $LIBTHREAD" LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV $LTLIBTHREAD" LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'` fi CATOBJEXT= if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then dnl Mark actions to use GNU gettext tools. CATOBJEXT=.gmo fi ]) if test -n "$INTL_MACOSX_LIBS"; then if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then dnl Some extra flags are needed during linking. LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" fi fi if test "$gt_use_preinstalled_gnugettext" = "yes" \ || test "$nls_cv_use_gnu_gettext" = "yes"; then AC_DEFINE(ENABLE_NLS, 1, [Define to 1 if translation of program messages to the user's native language is requested.]) else USE_NLS=no fi fi AC_MSG_CHECKING([whether to use NLS]) AC_MSG_RESULT([$USE_NLS]) if test "$USE_NLS" = "yes"; then AC_MSG_CHECKING([where the gettext function comes from]) if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext_libintl" = "yes"; then gt_source="external libintl" else gt_source="libc" fi else gt_source="included intl directory" fi AC_MSG_RESULT([$gt_source]) fi if test "$USE_NLS" = "yes"; then if test "$gt_use_preinstalled_gnugettext" = "yes"; then if test "$gt_cv_func_gnugettext_libintl" = "yes"; then AC_MSG_CHECKING([how to link with libintl]) AC_MSG_RESULT([$LIBINTL]) AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL]) fi dnl For backward compatibility. Some packages may be using this. AC_DEFINE(HAVE_GETTEXT, 1, [Define if the GNU gettext() function is already present or preinstalled.]) AC_DEFINE(HAVE_DCGETTEXT, 1, [Define if the GNU dcgettext() function is already present or preinstalled.]) fi dnl We need to process the po/ directory. POSUB=po fi ifelse(gt_included_intl, yes, [ dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL dnl to 'yes' because some of the testsuite requires it. if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then BUILD_INCLUDED_LIBINTL=yes fi dnl Make all variables we use known to autoconf. AC_SUBST(BUILD_INCLUDED_LIBINTL) AC_SUBST(USE_INCLUDED_LIBINTL) AC_SUBST(CATOBJEXT) dnl For backward compatibility. Some configure.ins may be using this. nls_cv_header_intl= nls_cv_header_libgt= dnl For backward compatibility. Some Makefiles may be using this. DATADIRNAME=share AC_SUBST(DATADIRNAME) dnl For backward compatibility. Some Makefiles may be using this. INSTOBJEXT=.mo AC_SUBST(INSTOBJEXT) dnl For backward compatibility. Some Makefiles may be using this. GENCAT=gencat AC_SUBST(GENCAT) dnl For backward compatibility. Some Makefiles may be using this. INTLOBJS= if test "$USE_INCLUDED_LIBINTL" = yes; then INTLOBJS="\$(GETTOBJS)" fi AC_SUBST(INTLOBJS) dnl Enable libtool support if the surrounding package wishes it. INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX) ]) dnl For backward compatibility. Some Makefiles may be using this. INTLLIBS="$LIBINTL" AC_SUBST(INTLLIBS) dnl Make all documented variables known to autoconf. AC_SUBST(LIBINTL) AC_SUBST(LTLIBINTL) AC_SUBST(POSUB) ]) dnl Checks for all prerequisites of the intl subdirectory, dnl except for INTL_LIBTOOL_SUFFIX_PREFIX (and possibly LIBTOOL), INTLOBJS, dnl USE_INCLUDED_LIBINTL, BUILD_INCLUDED_LIBINTL. AC_DEFUN([AM_INTL_SUBDIR], [ AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([gt_GLIBC2])dnl AC_REQUIRE([AC_PROG_RANLIB])dnl AC_REQUIRE([gl_VISIBILITY])dnl AC_REQUIRE([gt_INTL_SUBDIR_CORE])dnl AC_REQUIRE([bh_C_SIGNED])dnl AC_REQUIRE([gl_AC_TYPE_LONG_LONG])dnl AC_REQUIRE([gt_TYPE_LONGDOUBLE])dnl AC_REQUIRE([gt_TYPE_WCHAR_T])dnl AC_REQUIRE([gt_TYPE_WINT_T])dnl AC_REQUIRE([gl_AC_HEADER_INTTYPES_H]) AC_REQUIRE([gt_TYPE_INTMAX_T]) AC_REQUIRE([gt_PRINTF_POSIX]) AC_REQUIRE([gl_GLIBC21])dnl AC_REQUIRE([gl_XSIZE])dnl AC_REQUIRE([gt_INTL_MACOSX])dnl AC_CHECK_TYPE([ptrdiff_t], , [AC_DEFINE([ptrdiff_t], [long], [Define as the type of the result of subtracting two pointers, if the system doesn't define it.]) ]) AC_CHECK_HEADERS([stddef.h stdlib.h string.h]) AC_CHECK_FUNCS([asprintf fwprintf putenv setenv setlocale snprintf wcslen]) dnl Use the _snprintf function only if it is declared (because on NetBSD it dnl is defined as a weak alias of snprintf; we prefer to use the latter). gt_CHECK_DECL(_snprintf, [#include ]) gt_CHECK_DECL(_snwprintf, [#include ]) dnl Use the *_unlocked functions only if they are declared. dnl (because some of them were defined without being declared in Solaris dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built dnl on Solaris 2.5.1 to run on Solaris 2.6). dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13. gt_CHECK_DECL(getc_unlocked, [#include ]) case $gt_cv_func_printf_posix in *yes) HAVE_POSIX_PRINTF=1 ;; *) HAVE_POSIX_PRINTF=0 ;; esac AC_SUBST([HAVE_POSIX_PRINTF]) if test "$ac_cv_func_asprintf" = yes; then HAVE_ASPRINTF=1 else HAVE_ASPRINTF=0 fi AC_SUBST([HAVE_ASPRINTF]) if test "$ac_cv_func_snprintf" = yes; then HAVE_SNPRINTF=1 else HAVE_SNPRINTF=0 fi AC_SUBST([HAVE_SNPRINTF]) if test "$ac_cv_func_wprintf" = yes; then HAVE_WPRINTF=1 else HAVE_WPRINTF=0 fi AC_SUBST([HAVE_WPRINTF]) AM_LANGINFO_CODESET gt_LC_MESSAGES dnl Compilation on mingw and Cygwin needs special Makefile rules, because dnl 1. when we install a shared library, we must arrange to export dnl auxiliary pointer variables for every exported variable, dnl 2. when we install a shared library and a static library simultaneously, dnl the include file specifies __declspec(dllimport) and therefore we dnl must arrange to define the auxiliary pointer variables for the dnl exported variables _also_ in the static library. if test "$enable_shared" = yes; then case "$host_os" in cygwin*) is_woe32dll=yes ;; *) is_woe32dll=no ;; esac else is_woe32dll=no fi WOE32DLL=$is_woe32dll AC_SUBST([WOE32DLL]) dnl Rename some macros and functions used for locking. AH_BOTTOM([ #define __libc_lock_t gl_lock_t #define __libc_lock_define gl_lock_define #define __libc_lock_define_initialized gl_lock_define_initialized #define __libc_lock_init gl_lock_init #define __libc_lock_lock gl_lock_lock #define __libc_lock_unlock gl_lock_unlock #define __libc_lock_recursive_t gl_recursive_lock_t #define __libc_lock_define_recursive gl_recursive_lock_define #define __libc_lock_define_initialized_recursive gl_recursive_lock_define_initialized #define __libc_lock_init_recursive gl_recursive_lock_init #define __libc_lock_lock_recursive gl_recursive_lock_lock #define __libc_lock_unlock_recursive gl_recursive_lock_unlock #define glthread_in_use libintl_thread_in_use #define glthread_lock_init libintl_lock_init #define glthread_lock_lock libintl_lock_lock #define glthread_lock_unlock libintl_lock_unlock #define glthread_lock_destroy libintl_lock_destroy #define glthread_rwlock_init libintl_rwlock_init #define glthread_rwlock_rdlock libintl_rwlock_rdlock #define glthread_rwlock_wrlock libintl_rwlock_wrlock #define glthread_rwlock_unlock libintl_rwlock_unlock #define glthread_rwlock_destroy libintl_rwlock_destroy #define glthread_recursive_lock_init libintl_recursive_lock_init #define glthread_recursive_lock_lock libintl_recursive_lock_lock #define glthread_recursive_lock_unlock libintl_recursive_lock_unlock #define glthread_recursive_lock_destroy libintl_recursive_lock_destroy #define glthread_once libintl_once #define glthread_once_call libintl_once_call #define glthread_once_singlethreaded libintl_once_singlethreaded ]) ]) dnl Checks for the core files of the intl subdirectory: dnl dcigettext.c dnl eval-plural.h dnl explodename.c dnl finddomain.c dnl gettextP.h dnl gmo.h dnl hash-string.h hash-string.c dnl l10nflist.c dnl libgnuintl.h.in (except the *printf stuff) dnl loadinfo.h dnl loadmsgcat.c dnl localealias.c dnl log.c dnl plural-exp.h plural-exp.c dnl plural.y dnl Used by libglocale. AC_DEFUN([gt_INTL_SUBDIR_CORE], [ AC_REQUIRE([AC_C_INLINE])dnl AC_REQUIRE([AC_TYPE_SIZE_T])dnl AC_REQUIRE([gl_AC_HEADER_STDINT_H]) AC_REQUIRE([AC_FUNC_ALLOCA])dnl AC_REQUIRE([AC_FUNC_MMAP])dnl AC_REQUIRE([gt_INTDIV0])dnl AC_REQUIRE([gl_AC_TYPE_UINTMAX_T])dnl AC_REQUIRE([gl_HEADER_INTTYPES_H])dnl AC_REQUIRE([gt_INTTYPES_PRI])dnl AC_REQUIRE([gl_LOCK])dnl AC_TRY_LINK( [int foo (int a) { a = __builtin_expect (a, 10); return a == 10 ? 0 : 1; }], [], [AC_DEFINE([HAVE_BUILTIN_EXPECT], 1, [Define to 1 if the compiler understands __builtin_expect.])]) AC_CHECK_HEADERS([argz.h limits.h unistd.h sys/param.h]) AC_CHECK_FUNCS([getcwd getegid geteuid getgid getuid mempcpy munmap \ stpcpy strcasecmp strdup strtoul tsearch argz_count argz_stringify \ argz_next __fsetlocking]) dnl Use the *_unlocked functions only if they are declared. dnl (because some of them were defined without being declared in Solaris dnl 2.5.1 but were removed in Solaris 2.6, whereas we want binaries built dnl on Solaris 2.5.1 to run on Solaris 2.6). dnl Don't use AC_CHECK_DECLS because it isn't supported in autoconf-2.13. gt_CHECK_DECL(feof_unlocked, [#include ]) gt_CHECK_DECL(fgets_unlocked, [#include ]) AM_ICONV dnl glibc >= 2.4 has a NL_LOCALE_NAME macro when _GNU_SOURCE is defined, dnl and a _NL_LOCALE_NAME macro always. AC_CACHE_CHECK([for NL_LOCALE_NAME macro], gt_cv_nl_locale_name, [AC_TRY_LINK([#include #include ], [char* cs = nl_langinfo(_NL_LOCALE_NAME(LC_MESSAGES));], gt_cv_nl_locale_name=yes, gt_cv_nl_locale_name=no) ]) if test $gt_cv_nl_locale_name = yes; then AC_DEFINE(HAVE_NL_LOCALE_NAME, 1, [Define if you have and it defines the NL_LOCALE_NAME macro if _GNU_SOURCE is defined.]) fi dnl intl/plural.c is generated from intl/plural.y. It requires bison, dnl because plural.y uses bison specific features. It requires at least dnl bison-1.26 because earlier versions generate a plural.c that doesn't dnl compile. dnl bison is only needed for the maintainer (who touches plural.y). But in dnl order to avoid separate Makefiles or --enable-maintainer-mode, we put dnl the rule in general Makefile. Now, some people carelessly touch the dnl files or have a broken "make" program, hence the plural.c rule will dnl sometimes fire. To avoid an error, defines BISON to ":" if it is not dnl present or too old. AC_CHECK_PROGS([INTLBISON], [bison]) if test -z "$INTLBISON"; then ac_verc_fail=yes else dnl Found it, now check the version. AC_MSG_CHECKING([version of bison]) changequote(<<,>>)dnl ac_prog_version=`$INTLBISON --version 2>&1 | sed -n 's/^.*GNU Bison.* \([0-9]*\.[0-9.]*\).*$/\1/p'` case $ac_prog_version in '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;; 1.2[6-9]* | 1.[3-9][0-9]* | [2-9].*) changequote([,])dnl ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;; *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;; esac AC_MSG_RESULT([$ac_prog_version]) fi if test $ac_verc_fail = yes; then INTLBISON=: fi ]) dnl Checks for special options needed on MacOS X. dnl Defines INTL_MACOSX_LIBS. AC_DEFUN([gt_INTL_MACOSX], [ dnl Check for API introduced in MacOS X 10.2. AC_CACHE_CHECK([for CFPreferencesCopyAppValue], gt_cv_func_CFPreferencesCopyAppValue, [gt_save_LIBS="$LIBS" LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" AC_TRY_LINK([#include ], [CFPreferencesCopyAppValue(NULL, NULL)], [gt_cv_func_CFPreferencesCopyAppValue=yes], [gt_cv_func_CFPreferencesCopyAppValue=no]) LIBS="$gt_save_LIBS"]) if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], 1, [Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in the CoreFoundation framework.]) fi dnl Check for API introduced in MacOS X 10.3. AC_CACHE_CHECK([for CFLocaleCopyCurrent], gt_cv_func_CFLocaleCopyCurrent, [gt_save_LIBS="$LIBS" LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" AC_TRY_LINK([#include ], [CFLocaleCopyCurrent();], [gt_cv_func_CFLocaleCopyCurrent=yes], [gt_cv_func_CFLocaleCopyCurrent=no]) LIBS="$gt_save_LIBS"]) if test $gt_cv_func_CFLocaleCopyCurrent = yes; then AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], 1, [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.]) fi INTL_MACOSX_LIBS= if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" fi AC_SUBST([INTL_MACOSX_LIBS]) ]) dnl gt_CHECK_DECL(FUNC, INCLUDES) dnl Check whether a function is declared. AC_DEFUN([gt_CHECK_DECL], [ AC_CACHE_CHECK([whether $1 is declared], ac_cv_have_decl_$1, [AC_TRY_COMPILE([$2], [ #ifndef $1 char *p = (char *) $1; #endif ], ac_cv_have_decl_$1=yes, ac_cv_have_decl_$1=no)]) if test $ac_cv_have_decl_$1 = yes; then gt_value=1 else gt_value=0 fi AC_DEFINE_UNQUOTED([HAVE_DECL_]translit($1, [a-z], [A-Z]), [$gt_value], [Define to 1 if you have the declaration of `$1', and to 0 if you don't.]) ]) dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version]) AC_DEFUN([AM_GNU_GETTEXT_VERSION], []) pam/m4/iconv.m40000644000000000000000000000642613261244762010440 0ustar # iconv.m4 serial AM4 (gettext-0.11.3) dnl Copyright (C) 2000-2002 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Bruno Haible. AC_DEFUN([AM_ICONV_LINKFLAGS_BODY], [ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY. AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV dnl accordingly. AC_LIB_LINKFLAGS_BODY([iconv]) ]) AC_DEFUN([AM_ICONV_LINK], [ dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and dnl those with the standalone portable GNU libiconv installed). dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV dnl accordingly. AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY]) dnl Add $INCICONV to CPPFLAGS before performing the following checks, dnl because if the user has installed libiconv and not disabled its use dnl via --without-libiconv-prefix, he wants to use it. The first dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed. am_save_CPPFLAGS="$CPPFLAGS" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV]) AC_CACHE_CHECK(for iconv, am_cv_func_iconv, [ am_cv_func_iconv="no, consider installing GNU libiconv" am_cv_lib_iconv=no AC_TRY_LINK([#include #include ], [iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd);], am_cv_func_iconv=yes) if test "$am_cv_func_iconv" != yes; then am_save_LIBS="$LIBS" LIBS="$LIBS $LIBICONV" AC_TRY_LINK([#include #include ], [iconv_t cd = iconv_open("",""); iconv(cd,NULL,NULL,NULL,NULL); iconv_close(cd);], am_cv_lib_iconv=yes am_cv_func_iconv=yes) LIBS="$am_save_LIBS" fi ]) if test "$am_cv_func_iconv" = yes; then AC_DEFINE(HAVE_ICONV, 1, [Define if you have the iconv() function.]) fi if test "$am_cv_lib_iconv" = yes; then AC_MSG_CHECKING([how to link with libiconv]) AC_MSG_RESULT([$LIBICONV]) else dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV dnl either. CPPFLAGS="$am_save_CPPFLAGS" LIBICONV= LTLIBICONV= fi AC_SUBST(LIBICONV) AC_SUBST(LTLIBICONV) ]) AC_DEFUN([AM_ICONV], [ AM_ICONV_LINK if test "$am_cv_func_iconv" = yes; then AC_MSG_CHECKING([for iconv declaration]) AC_CACHE_VAL(am_cv_proto_iconv, [ AC_TRY_COMPILE([ #include #include extern #ifdef __cplusplus "C" #endif #if defined(__STDC__) || defined(__cplusplus) size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft); #else size_t iconv(); #endif ], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const") am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"]) am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'` AC_MSG_RESULT([$]{ac_t:- }[$]am_cv_proto_iconv) AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1, [Define as const if the declaration of iconv() needs const.]) fi ]) pam/m4/japhar_grep_cflags.m40000644000000000000000000000157013261244762013116 0ustar dnl dnl JAPHAR_GREP_CFLAGS(flag, cmd_if_missing, cmd_if_present) dnl dnl From Japhar. Report changes to japhar@hungry.com dnl AC_DEFUN([JAPHAR_GREP_CFLAGS], [case "$CFLAGS" in "$1" | "$1 "* | *" $1" | *" $1 "* ) ifelse($#, 3, [$3], [:]) ;; *) $2 ;; esac ]) dnl dnl Test for __attribute__ ((unused)) dnl Based on code from the tcpdump version 3.7.2 source. dnl AC_DEFUN([AC_C___ATTRIBUTE__], [ AC_MSG_CHECKING(for __attribute__) AC_CACHE_VAL(ac_cv___attribute__, [ AC_TRY_COMPILE([ #include static void foo (void) __attribute__ ((unused)); static void foo (void) { exit(1); } ], [ exit (0); ], ac_cv___attribute__=yes, ac_cv___attribute__=no)]) if test "$ac_cv___attribute__" = "yes"; then AC_DEFINE(UNUSED, __attribute__ ((unused)), [define if your compiler has __att ribute__ ((unused))]) else AC_DEFINE(UNUSED,,) fi AC_MSG_RESULT($ac_cv___attribute__) ]) pam/m4/jh_path_xml_catalog.m40000644000000000000000000000321713261244762013304 0ustar # Checks the location of the XML Catalog # Usage: # JH_PATH_XML_CATALOG([ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # Defines XMLCATALOG and XML_CATALOG_FILE substitutions AC_DEFUN([JH_PATH_XML_CATALOG], [ # check for the presence of the XML catalog AC_ARG_WITH([xml-catalog], AC_HELP_STRING([--with-xml-catalog=CATALOG], [path to xml catalog to use]),, [with_xml_catalog=/etc/xml/catalog]) jh_found_xmlcatalog=true XML_CATALOG_FILE="$with_xml_catalog" AC_SUBST([XML_CATALOG_FILE]) AC_MSG_CHECKING([for XML catalog ($XML_CATALOG_FILE)]) if test -f "$XML_CATALOG_FILE"; then AC_MSG_RESULT([found]) else jh_found_xmlcatalog=false AC_MSG_RESULT([not found]) fi # check for the xmlcatalog program AC_PATH_PROG(XMLCATALOG, xmlcatalog, no) if test "x$XMLCATALOG" = xno; then jh_found_xmlcatalog=false fi if $jh_found_xmlcatalog; then ifelse([$1],,[:],[$1]) else ifelse([$2],,[AC_MSG_ERROR([could not find XML catalog])],[$2]) fi ]) # Checks if a particular URI appears in the XML catalog # Usage: # JH_CHECK_XML_CATALOG(URI, [FRIENDLY-NAME], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) AC_DEFUN([JH_CHECK_XML_CATALOG], [ AC_REQUIRE([JH_PATH_XML_CATALOG],[JH_PATH_XML_CATALOG(,[:])])dnl AC_MSG_CHECKING([for ifelse([$2],,[$1],[$2]) in XML catalog]) if $jh_found_xmlcatalog && \ AC_RUN_LOG([$XMLCATALOG --noout "$XML_CATALOG_FILE" "$1" >&2]); then AC_MSG_RESULT([found]) ifelse([$3],,,[$3 ])dnl else AC_MSG_RESULT([not found]) ifelse([$4],, [AC_MSG_ERROR([could not find ifelse([$2],,[$1],[$2]) in XML catalog])], [$4]) fi ]) pam/m4/ld-O1.m40000644000000000000000000000102113261244762010160 0ustar # ld-O1.m4 serial 3 # Test if ld supports -O1 AC_DEFUN([PAM_LD_O1], [ AC_CACHE_CHECK(whether ld supports -O1, pam_cv_ld_O1, [ dnl cat > conftest.c <&AS_MESSAGE_LOG_FD]) then pam_cv_ld_O1=yes LDFLAGS="$LDFLAGS -Wl,-O1" else pam_cv_ld_O1=no fi rm -f conftest*]) AC_SUBST(pam_cv_ld_O1) ] ) pam/m4/ld-as-needed.m40000644000000000000000000000113313261244762011532 0ustar # ld-as-needed.m4 serial 2 # Test if ld supports --as-needed AC_DEFUN([PAM_LD_AS_NEEDED], [ AC_CACHE_CHECK(whether ld supports --as-needed, pam_cv_ld_as_needed, [ dnl cat > conftest.c <&AS_MESSAGE_LOG_FD]) then pam_cv_ld_as_needed=yes LDFLAGS="$LDFLAGS -Wl,--as-needed" else pam_cv_ld_as_needed=no fi rm -f conftest*]) AC_SUBST(pam_cv_ld_as_needed) ] ) pam/m4/ld-no-undefined.m40000644000000000000000000000117113261244762012262 0ustar # ld-no-undefined.m4 serial 1 # Test if ld supports --no-undefined AC_DEFUN([PAM_LD_NO_UNDEFINED], [ AC_CACHE_CHECK(whether ld supports --no-undefined, pam_cv_ld_no_undefined, [ dnl cat > conftest.c <&AS_MESSAGE_LOG_FD]) then pam_cv_ld_no_undefined=yes LDFLAGS="$LDFLAGS -Wl,--no-undefined" else pam_cv_ld_no_undefined=no fi rm -f conftest*]) AC_SUBST(pam_cv_ld_no_undefined) ] ) pam/m4/lib-ld.m40000644000000000000000000000653113261244762010462 0ustar # lib-ld.m4 serial 3 (gettext-0.13) dnl Copyright (C) 1996-2003 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl Subroutines of libtool.m4, dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision dnl with libtool.m4. dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no. AC_DEFUN([AC_LIB_PROG_LD_GNU], [AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld, [# I'd rather use --version here, but apparently some GNU ld's only accept -v. case `$LD -v 2>&1 conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by GCC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]* | [A-Za-z]:[\\/]*)] [re_direlt='/[^/][^/]*/\.\./'] # Canonicalize the path of ld ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(acl_cv_path_LD, [if test -z "$LD"; then IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" for ac_dir in $PATH; do test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then acl_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some GNU ld's only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in *GNU* | *'with BFD'*) test "$with_gnu_ld" != no && break ;; *) test "$with_gnu_ld" != yes && break ;; esac fi done IFS="$ac_save_ifs" else acl_cv_path_LD="$LD" # Let the user override the test with a path. fi]) LD="$acl_cv_path_LD" if test -n "$LD"; then AC_MSG_RESULT($LD) else AC_MSG_RESULT(no) fi test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) AC_LIB_PROG_LD_GNU ]) pam/m4/lib-link.m40000644000000000000000000006304613261244762011024 0ustar # lib-link.m4 serial 8 (gettext-0.15) dnl Copyright (C) 2001-2006 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Bruno Haible. AC_PREREQ(2.50) dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and dnl the libraries corresponding to explicit and implicit dependencies. dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and dnl augments the CPPFLAGS variable. AC_DEFUN([AC_LIB_LINKFLAGS], [ AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) define([Name],[translit([$1],[./-], [___])]) define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [ AC_LIB_LINKFLAGS_BODY([$1], [$2]) ac_cv_lib[]Name[]_libs="$LIB[]NAME" ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME" ac_cv_lib[]Name[]_cppflags="$INC[]NAME" ]) LIB[]NAME="$ac_cv_lib[]Name[]_libs" LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs" INC[]NAME="$ac_cv_lib[]Name[]_cppflags" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) AC_SUBST([LIB]NAME) AC_SUBST([LTLIB]NAME) dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the dnl results of this search when this library appears as a dependency. HAVE_LIB[]NAME=yes undefine([Name]) undefine([NAME]) ]) dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode) dnl searches for libname and the libraries corresponding to explicit and dnl implicit dependencies, together with the specified include files and dnl the ability to compile and link the specified testcode. If found, it dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty. AC_DEFUN([AC_LIB_HAVE_LINKFLAGS], [ AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) AC_REQUIRE([AC_LIB_RPATH]) define([Name],[translit([$1],[./-], [___])]) define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME dnl accordingly. AC_LIB_LINKFLAGS_BODY([$1], [$2]) dnl Add $INC[]NAME to CPPFLAGS before performing the following checks, dnl because if the user has installed lib[]Name and not disabled its use dnl via --without-lib[]Name-prefix, he wants to use it. ac_save_CPPFLAGS="$CPPFLAGS" AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME) AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [ ac_save_LIBS="$LIBS" LIBS="$LIBS $LIB[]NAME" AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no]) LIBS="$ac_save_LIBS" ]) if test "$ac_cv_lib[]Name" = yes; then HAVE_LIB[]NAME=yes AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.]) AC_MSG_CHECKING([how to link with lib[]$1]) AC_MSG_RESULT([$LIB[]NAME]) else HAVE_LIB[]NAME=no dnl If $LIB[]NAME didn't lead to a usable library, we don't need dnl $INC[]NAME either. CPPFLAGS="$ac_save_CPPFLAGS" LIB[]NAME= LTLIB[]NAME= fi AC_SUBST([HAVE_LIB]NAME) AC_SUBST([LIB]NAME) AC_SUBST([LTLIB]NAME) undefine([Name]) undefine([NAME]) ]) dnl Determine the platform dependent parameters needed to use rpath: dnl libext, shlibext, hardcode_libdir_flag_spec, hardcode_libdir_separator, dnl hardcode_direct, hardcode_minus_L. AC_DEFUN([AC_LIB_RPATH], [ dnl Tell automake >= 1.10 to complain if config.rpath is missing. m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])]) AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh . ./conftest.sh rm -f ./conftest.sh acl_cv_rpath=done ]) wl="$acl_cv_wl" libext="$acl_cv_libext" shlibext="$acl_cv_shlibext" hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" hardcode_direct="$acl_cv_hardcode_direct" hardcode_minus_L="$acl_cv_hardcode_minus_L" dnl Determine whether the user wants rpath handling at all. AC_ARG_ENABLE(rpath, [ --disable-rpath do not hardcode runtime library paths], :, enable_rpath=yes) ]) dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and dnl the libraries corresponding to explicit and implicit dependencies. dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables. AC_DEFUN([AC_LIB_LINKFLAGS_BODY], [ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-], [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])]) dnl By default, look in $includedir and $libdir. use_additional=yes AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) AC_LIB_ARG_WITH([lib$1-prefix], [ --with-lib$1-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib --without-lib$1-prefix don't search for lib$1 in includedir and libdir], [ if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) else additional_includedir="$withval/include" additional_libdir="$withval/$acl_libdirstem" fi fi ]) dnl Search the library and its dependencies in $additional_libdir and dnl $LDFLAGS. Using breadth-first-seach. LIB[]NAME= LTLIB[]NAME= INC[]NAME= rpathdirs= ltrpathdirs= names_already_handled= names_next_round='$1 $2' while test -n "$names_next_round"; do names_this_round="$names_next_round" names_next_round= for name in $names_this_round; do already_handled= for n in $names_already_handled; do if test "$n" = "$name"; then already_handled=yes break fi done if test -z "$already_handled"; then names_already_handled="$names_already_handled $name" dnl See if it was already located by an earlier AC_LIB_LINKFLAGS dnl or AC_LIB_HAVE_LINKFLAGS call. uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'` eval value=\"\$HAVE_LIB$uppername\" if test -n "$value"; then if test "$value" = yes; then eval value=\"\$LIB$uppername\" test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value" eval value=\"\$LTLIB$uppername\" test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value" else dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined dnl that this library doesn't exist. So just drop it. : fi else dnl Search the library lib$name in $additional_libdir and $LDFLAGS dnl and the already constructed $LIBNAME/$LTLIBNAME. found_dir= found_la= found_so= found_a= if test $use_additional = yes; then if test -n "$shlibext" && test -f "$additional_libdir/lib$name.$shlibext"; then found_dir="$additional_libdir" found_so="$additional_libdir/lib$name.$shlibext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi else if test -f "$additional_libdir/lib$name.$libext"; then found_dir="$additional_libdir" found_a="$additional_libdir/lib$name.$libext" if test -f "$additional_libdir/lib$name.la"; then found_la="$additional_libdir/lib$name.la" fi fi fi fi if test "X$found_dir" = "X"; then for x in $LDFLAGS $LTLIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) case "$x" in -L*) dir=`echo "X$x" | sed -e 's/^X-L//'` if test -n "$shlibext" && test -f "$dir/lib$name.$shlibext"; then found_dir="$dir" found_so="$dir/lib$name.$shlibext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi else if test -f "$dir/lib$name.$libext"; then found_dir="$dir" found_a="$dir/lib$name.$libext" if test -f "$dir/lib$name.la"; then found_la="$dir/lib$name.la" fi fi fi ;; esac if test "X$found_dir" != "X"; then break fi done fi if test "X$found_dir" != "X"; then dnl Found the library. LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name" if test "X$found_so" != "X"; then dnl Linking with a shared library. We attempt to hardcode its dnl directory into the executable's runpath, unless it's the dnl standard /usr/lib. if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then dnl No hardcoding is needed. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else dnl Use an explicit option to hardcode DIR into the resulting dnl binary. dnl Potentially add DIR to ltrpathdirs. dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. haveit= for x in $ltrpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $found_dir" fi dnl The hardcoding into $LIBNAME is system dependent. if test "$hardcode_direct" = yes; then dnl Using DIR/libNAME.so during linking hardcodes DIR into the dnl resulting binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then dnl Use an explicit option to hardcode DIR into the resulting dnl binary. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" dnl Potentially add DIR to rpathdirs. dnl The rpathdirs will be appended to $LIBNAME at the end. haveit= for x in $rpathdirs; do if test "X$x" = "X$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $found_dir" fi else dnl Rely on "-L$found_dir". dnl But don't add it if it's already contained in the LDFLAGS dnl or the already constructed $LIBNAME haveit= for x in $LDFLAGS $LIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$found_dir"; then haveit=yes break fi done if test -z "$haveit"; then LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir" fi if test "$hardcode_minus_L" != no; then dnl FIXME: Not sure whether we should use dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" dnl here. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so" else dnl We cannot use $hardcode_runpath_var and LD_RUN_PATH dnl here, because this doesn't fit in flags passed to the dnl compiler. So give up. No hardcoding. This affects only dnl very old systems. dnl FIXME: Not sure whether we should use dnl "-L$found_dir -l$name" or "-L$found_dir $found_so" dnl here. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" fi fi fi fi else if test "X$found_a" != "X"; then dnl Linking with a static library. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a" else dnl We shouldn't come here, but anyway it's good to have a dnl fallback. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name" fi fi dnl Assume the include files are nearby. additional_includedir= case "$found_dir" in */$acl_libdirstem | */$acl_libdirstem/) basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` additional_includedir="$basedir/include" ;; esac if test "X$additional_includedir" != "X"; then dnl Potentially add $additional_includedir to $INCNAME. dnl But don't add it dnl 1. if it's the standard /usr/include, dnl 2. if it's /usr/local/include and we are using GCC on Linux, dnl 3. if it's already present in $CPPFLAGS or the already dnl constructed $INCNAME, dnl 4. if it doesn't exist as a directory. if test "X$additional_includedir" != "X/usr/include"; then haveit= if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then for x in $CPPFLAGS $INC[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_includedir"; then dnl Really add $additional_includedir to $INCNAME. INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir" fi fi fi fi fi dnl Look for dependencies. if test -n "$found_la"; then dnl Read the .la file. It defines the variables dnl dlname, library_names, old_library, dependency_libs, current, dnl age, revision, installed, dlopen, dlpreopen, libdir. save_libdir="$libdir" case "$found_la" in */* | *\\*) . "$found_la" ;; *) . "./$found_la" ;; esac libdir="$save_libdir" dnl We use only dependency_libs. for dep in $dependency_libs; do case "$dep" in -L*) additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME. dnl But don't add it dnl 1. if it's the standard /usr/lib, dnl 2. if it's /usr/local/lib and we are using GCC on Linux, dnl 3. if it's already present in $LDFLAGS or the already dnl constructed $LIBNAME, dnl 4. if it doesn't exist as a directory. if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then haveit= if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then haveit= for x in $LDFLAGS $LIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LIBNAME. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir" fi fi haveit= for x in $LDFLAGS $LTLIB[]NAME; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LTLIBNAME. LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir" fi fi fi fi ;; -R*) dir=`echo "X$dep" | sed -e 's/^X-R//'` if test "$enable_rpath" != no; then dnl Potentially add DIR to rpathdirs. dnl The rpathdirs will be appended to $LIBNAME at the end. haveit= for x in $rpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then rpathdirs="$rpathdirs $dir" fi dnl Potentially add DIR to ltrpathdirs. dnl The ltrpathdirs will be appended to $LTLIBNAME at the end. haveit= for x in $ltrpathdirs; do if test "X$x" = "X$dir"; then haveit=yes break fi done if test -z "$haveit"; then ltrpathdirs="$ltrpathdirs $dir" fi fi ;; -l*) dnl Handle this in the next round. names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` ;; *.la) dnl Handle this in the next round. Throw away the .la's dnl directory; it is already contained in a preceding -L dnl option. names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` ;; *) dnl Most likely an immediate library name. LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep" LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep" ;; esac done fi else dnl Didn't find the library; assume it is in the system directories dnl known to the linker and runtime loader. (All the system dnl directories known to the linker should also be known to the dnl runtime loader, otherwise the system is severely misconfigured.) LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name" LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name" fi fi fi done done if test "X$rpathdirs" != "X"; then if test -n "$hardcode_libdir_separator"; then dnl Weird platform: only the last -rpath option counts, the user must dnl pass all path elements in one option. We can arrange that for a dnl single library, but not when more than one $LIBNAMEs are used. alldirs= for found_dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$found_dir" done dnl Note: hardcode_libdir_flag_spec uses $libdir and $wl. acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" else dnl The -rpath options are cumulative. for found_dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$found_dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag" done fi fi if test "X$ltrpathdirs" != "X"; then dnl When using libtool, the option that works for both libraries and dnl executables is -R. The -R options are cumulative. for found_dir in $ltrpathdirs; do LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir" done fi ]) dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR, dnl unless already present in VAR. dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes dnl contains two or three consecutive elements that belong together. AC_DEFUN([AC_LIB_APPENDTOVAR], [ for element in [$2]; do haveit= for x in $[$1]; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X$element"; then haveit=yes break fi done if test -z "$haveit"; then [$1]="${[$1]}${[$1]:+ }$element" fi done ]) dnl For those cases where a variable contains several -L and -l options dnl referring to unknown libraries and directories, this macro determines the dnl necessary additional linker options for the runtime path. dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL]) dnl sets LDADDVAR to linker options needed together with LIBSVALUE. dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed, dnl otherwise linking without libtool is assumed. AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS], [ AC_REQUIRE([AC_LIB_RPATH]) AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) $1= if test "$enable_rpath" != no; then if test -n "$hardcode_libdir_flag_spec" && test "$hardcode_minus_L" = no; then dnl Use an explicit option to hardcode directories into the resulting dnl binary. rpathdirs= next= for opt in $2; do if test -n "$next"; then dir="$next" dnl No need to hardcode the standard /usr/lib. if test "X$dir" != "X/usr/$acl_libdirstem"; then rpathdirs="$rpathdirs $dir" fi next= else case $opt in -L) next=yes ;; -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'` dnl No need to hardcode the standard /usr/lib. if test "X$dir" != "X/usr/$acl_libdirstem"; then rpathdirs="$rpathdirs $dir" fi next= ;; *) next= ;; esac fi done if test "X$rpathdirs" != "X"; then if test -n ""$3""; then dnl libtool is used for linking. Use -R options. for dir in $rpathdirs; do $1="${$1}${$1:+ }-R$dir" done else dnl The linker is used for linking directly. if test -n "$hardcode_libdir_separator"; then dnl Weird platform: only the last -rpath option counts, the user dnl must pass all path elements in one option. alldirs= for dir in $rpathdirs; do alldirs="${alldirs}${alldirs:+$hardcode_libdir_separator}$dir" done acl_save_libdir="$libdir" libdir="$alldirs" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" $1="$flag" else dnl The -rpath options are cumulative. for dir in $rpathdirs; do acl_save_libdir="$libdir" libdir="$dir" eval flag=\"$hardcode_libdir_flag_spec\" libdir="$acl_save_libdir" $1="${$1}${$1:+ }$flag" done fi fi fi fi fi AC_SUBST([$1]) ]) pam/m4/lib-prefix.m40000644000000000000000000001503613261244762011360 0ustar # lib-prefix.m4 serial 5 (gettext-0.15) dnl Copyright (C) 2001-2005 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl From Bruno Haible. dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't dnl require excessive bracketing. ifdef([AC_HELP_STRING], [AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])], [AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])]) dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed dnl to access previously installed libraries. The basic assumption is that dnl a user will want packages to use other packages he previously installed dnl with the same --prefix option. dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate dnl libraries, but is otherwise very convenient. AC_DEFUN([AC_LIB_PREFIX], [ AC_BEFORE([$0], [AC_LIB_LINKFLAGS]) AC_REQUIRE([AC_PROG_CC]) AC_REQUIRE([AC_CANONICAL_HOST]) AC_REQUIRE([AC_LIB_PREPARE_MULTILIB]) AC_REQUIRE([AC_LIB_PREPARE_PREFIX]) dnl By default, look in $includedir and $libdir. use_additional=yes AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) AC_LIB_ARG_WITH([lib-prefix], [ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib --without-lib-prefix don't search for libraries in includedir and libdir], [ if test "X$withval" = "Xno"; then use_additional=no else if test "X$withval" = "X"; then AC_LIB_WITH_FINAL_PREFIX([ eval additional_includedir=\"$includedir\" eval additional_libdir=\"$libdir\" ]) else additional_includedir="$withval/include" additional_libdir="$withval/$acl_libdirstem" fi fi ]) if test $use_additional = yes; then dnl Potentially add $additional_includedir to $CPPFLAGS. dnl But don't add it dnl 1. if it's the standard /usr/include, dnl 2. if it's already present in $CPPFLAGS, dnl 3. if it's /usr/local/include and we are using GCC on Linux, dnl 4. if it doesn't exist as a directory. if test "X$additional_includedir" != "X/usr/include"; then haveit= for x in $CPPFLAGS; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-I$additional_includedir"; then haveit=yes break fi done if test -z "$haveit"; then if test "X$additional_includedir" = "X/usr/local/include"; then if test -n "$GCC"; then case $host_os in linux* | gnu* | k*bsd*-gnu) haveit=yes;; esac fi fi if test -z "$haveit"; then if test -d "$additional_includedir"; then dnl Really add $additional_includedir to $CPPFLAGS. CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir" fi fi fi fi dnl Potentially add $additional_libdir to $LDFLAGS. dnl But don't add it dnl 1. if it's the standard /usr/lib, dnl 2. if it's already present in $LDFLAGS, dnl 3. if it's /usr/local/lib and we are using GCC on Linux, dnl 4. if it doesn't exist as a directory. if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then haveit= for x in $LDFLAGS; do AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"]) if test "X$x" = "X-L$additional_libdir"; then haveit=yes break fi done if test -z "$haveit"; then if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then if test -n "$GCC"; then case $host_os in linux*) haveit=yes;; esac fi fi if test -z "$haveit"; then if test -d "$additional_libdir"; then dnl Really add $additional_libdir to $LDFLAGS. LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir" fi fi fi fi fi ]) dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix, dnl acl_final_exec_prefix, containing the values to which $prefix and dnl $exec_prefix will expand at the end of the configure script. AC_DEFUN([AC_LIB_PREPARE_PREFIX], [ dnl Unfortunately, prefix and exec_prefix get only finally determined dnl at the end of configure. if test "X$prefix" = "XNONE"; then acl_final_prefix="$ac_default_prefix" else acl_final_prefix="$prefix" fi if test "X$exec_prefix" = "XNONE"; then acl_final_exec_prefix='${prefix}' else acl_final_exec_prefix="$exec_prefix" fi acl_save_prefix="$prefix" prefix="$acl_final_prefix" eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" prefix="$acl_save_prefix" ]) dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the dnl variables prefix and exec_prefix bound to the values they will have dnl at the end of the configure script. AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX], [ acl_save_prefix="$prefix" prefix="$acl_final_prefix" acl_save_exec_prefix="$exec_prefix" exec_prefix="$acl_final_exec_prefix" $1 exec_prefix="$acl_save_exec_prefix" prefix="$acl_save_prefix" ]) dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing dnl the basename of the libdir, either "lib" or "lib64". AC_DEFUN([AC_LIB_PREPARE_MULTILIB], [ dnl There is no formal standard regarding lib and lib64. The current dnl practice is that on a system supporting 32-bit and 64-bit instruction dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit dnl libraries go under $prefix/lib. We determine the compiler's default dnl mode by looking at the compiler's library search path. If at least dnl of its elements ends in /lib64 or points to a directory whose absolute dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the dnl default, namely "lib". acl_libdirstem=lib searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` if test -n "$searchpath"; then acl_save_IFS="${IFS= }"; IFS=":" for searchdir in $searchpath; do if test -d "$searchdir"; then case "$searchdir" in */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; *) searchdir=`cd "$searchdir" && pwd` case "$searchdir" in */lib64 ) acl_libdirstem=lib64 ;; esac ;; esac fi done IFS="$acl_save_IFS" fi ]) pam/m4/libprelude.m40000644000000000000000000001666113261244762011453 0ustar dnl Autoconf macros for libprelude dnl $id$ # Modified for LIBPRELUDE -- Yoann Vandoorselaere # Modified for LIBGNUTLS -- nmav # Configure paths for LIBGCRYPT # Shamelessly stolen from the one of XDELTA by Owen Taylor # Werner Koch 99-12-09 dnl AM_PATH_LIBPRELUDE([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) dnl Test for libprelude, and define LIBPRELUDE_PREFIX, LIBPRELUDE_CFLAGS, LIBPRELUDE_PTHREAD_CFLAGS, dnl LIBPRELUDE_LDFLAGS, and LIBPRELUDE_LIBS dnl AC_DEFUN([AM_PATH_LIBPRELUDE], [dnl dnl Get the cflags and libraries from the libprelude-config script dnl AC_ARG_WITH(libprelude-prefix, AC_HELP_STRING(--with-libprelude-prefix=PFX, Prefix where libprelude is installed (optional)), libprelude_config_prefix="$withval", libprelude_config_prefix="") if test x$libprelude_config_prefix != x ; then if test x${LIBPRELUDE_CONFIG+set} != xset ; then LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config fi fi AC_PATH_PROG(LIBPRELUDE_CONFIG, libprelude-config, no) min_libprelude_version=ifelse([$1], ,0.1.0,$1) AC_MSG_CHECKING(for libprelude - version >= $min_libprelude_version) no_libprelude="" if test "$LIBPRELUDE_CONFIG" = "no" ; then no_libprelude=yes else LIBPRELUDE_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --cflags` LIBPRELUDE_PTHREAD_CFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --pthread-cflags` LIBPRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG $libprelude_config_args --ldflags` LIBPRELUDE_LIBS=`$LIBPRELUDE_CONFIG $libprelude_config_args --libs` LIBPRELUDE_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --prefix` LIBPRELUDE_CONFIG_PREFIX=`$LIBPRELUDE_CONFIG $libprelude_config_args --config-prefix` libprelude_config_version=`$LIBPRELUDE_CONFIG $libprelude_config_args --version` ac_save_CFLAGS="$CFLAGS" ac_save_LDFLAGS="$LDFLAGS" ac_save_LIBS="$LIBS" CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" dnl dnl Now check if the installed libprelude is sufficiently new. Also sanity dnl checks the results of libprelude-config to some extent dnl rm -f conf.libpreludetest AC_TRY_RUN([ #include #include #include #include int main () { system ("touch conf.libpreludetest"); if( strcmp( prelude_check_version(NULL), "$libprelude_config_version" ) ) { printf("\n*** 'libprelude-config --version' returned %s, but LIBPRELUDE (%s)\n", "$libprelude_config_version", prelude_check_version(NULL) ); printf("*** was found! If libprelude-config was correct, then it is best\n"); printf("*** to remove the old version of LIBPRELUDE. You may also be able to fix the error\n"); printf("*** by modifying your LD_LIBRARY_PATH enviroment variable, or by editing\n"); printf("*** /etc/ld.so.conf. Make sure you have run ldconfig if that is\n"); printf("*** required on your system.\n"); printf("*** If libprelude-config was wrong, set the environment variable LIBPRELUDE_CONFIG\n"); printf("*** to point to the correct copy of libprelude-config, and remove the file config.cache\n"); printf("*** before re-running configure\n"); } else if ( strcmp(prelude_check_version(NULL), LIBPRELUDE_VERSION ) ) { printf("\n*** LIBPRELUDE header file (version %s) does not match\n", LIBPRELUDE_VERSION); printf("*** library (version %s)\n", prelude_check_version(NULL) ); } else { if ( prelude_check_version( "$min_libprelude_version" ) ) { return 0; } else { printf("no\n*** An old version of LIBPRELUDE (%s) was found.\n", prelude_check_version(NULL) ); printf("*** You need a version of LIBPRELUDE newer than %s. The latest version of\n", "$min_libprelude_version" ); printf("*** LIBPRELUDE is always available from http://www.prelude-ids.org/download/releases.\n"); printf("*** \n"); printf("*** If you have already installed a sufficiently new version, this error\n"); printf("*** probably means that the wrong copy of the libprelude-config shell script is\n"); printf("*** being found. The easiest way to fix this is to remove the old version\n"); printf("*** of LIBPRELUDE, but you can also set the LIBPRELUDE_CONFIG environment to point to the\n"); printf("*** correct copy of libprelude-config. (In this case, you will have to\n"); printf("*** modify your LD_LIBRARY_PATH enviroment variable, or edit /etc/ld.so.conf\n"); printf("*** so that the correct libraries are found at run-time))\n"); } } return 1; } ],, no_libprelude=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"]) CFLAGS="$ac_save_CFLAGS" LIBS="$ac_save_LIBS" LDFLAGS="$ac_save_LDFLAGS" fi if test "x$no_libprelude" = x ; then AC_MSG_RESULT(yes) ifelse([$2], , :, [$2]) else if test -f conf.libpreludetest ; then : else AC_MSG_RESULT(no) fi if test "$LIBPRELUDE_CONFIG" = "no" ; then echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" echo "*** If LIBPRELUDE was installed in PREFIX, make sure PREFIX/bin is in" echo "*** your path, or set the LIBPRELUDE_CONFIG environment variable to the" echo "*** full path to libprelude-config." else if test -f conf.libpreludetest ; then : else echo "*** Could not run libprelude test program, checking why..." CFLAGS="$CFLAGS $LIBPRELUDE_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" AC_TRY_LINK([ #include #include #include #include ], [ return !!prelude_check_version(NULL); ], [ echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point" echo "*** to the installed location Also, make sure you have run ldconfig if that" echo "*** is required on your system" echo "***" echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" echo "***" ], [ echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" ]) CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" LIBS="$ac_save_LIBS" fi fi LIBPRELUDE_CFLAGS="" LIBPRELUDE_LDFLAGS="" LIBPRELUDE_LIBS="" ifelse([$3], , :, [$3]) fi rm -f conf.libpreludetest AC_SUBST(LIBPRELUDE_CFLAGS) AC_SUBST(LIBPRELUDE_PTHREAD_CFLAGS) AC_SUBST(LIBPRELUDE_LDFLAGS) AC_SUBST(LIBPRELUDE_LIBS) AC_SUBST(LIBPRELUDE_PREFIX) AC_SUBST(LIBPRELUDE_CONFIG_PREFIX) ]) dnl *-*wedit:notab*-* Please keep this as the last line. pam/m4/libtool.m40000644000000000000000000077317613261244762011003 0ustar # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- # # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. m4_define([_LT_COPYING], [dnl # Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, # 2006, 2007, 2008 Free Software Foundation, Inc. # Written by Gordon Matzigkeit, 1996 # # This file is part of GNU Libtool. # # GNU Libtool is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License as # published by the Free Software Foundation; either version 2 of # the License, or (at your option) any later version. # # As a special exception to the GNU General Public License, # if you distribute this file as part of a program or library that # is built using GNU Libtool, you may include this file under the # same distribution terms that you use for the rest of that program. # # GNU Libtool is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU Libtool; see the file COPYING. If not, a copy # can be downloaded from http://www.gnu.org/licenses/gpl.html, or # obtained by writing to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ]) # serial 56 LT_INIT # LT_PREREQ(VERSION) # ------------------ # Complain and exit if this libtool version is less that VERSION. m4_defun([LT_PREREQ], [m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1, [m4_default([$3], [m4_fatal([Libtool version $1 or higher is required], 63)])], [$2])]) # _LT_CHECK_BUILDDIR # ------------------ # Complain if the absolute build directory name contains unusual characters m4_defun([_LT_CHECK_BUILDDIR], [case `pwd` in *\ * | *\ *) AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;; esac ]) # LT_INIT([OPTIONS]) # ------------------ AC_DEFUN([LT_INIT], [AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT AC_BEFORE([$0], [LT_LANG])dnl AC_BEFORE([$0], [LT_OUTPUT])dnl AC_BEFORE([$0], [LTDL_INIT])dnl m4_require([_LT_CHECK_BUILDDIR])dnl dnl Autoconf doesn't catch unexpanded LT_ macros by default: m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4 dnl unless we require an AC_DEFUNed macro: AC_REQUIRE([LTOPTIONS_VERSION])dnl AC_REQUIRE([LTSUGAR_VERSION])dnl AC_REQUIRE([LTVERSION_VERSION])dnl AC_REQUIRE([LTOBSOLETE_VERSION])dnl m4_require([_LT_PROG_LTMAIN])dnl dnl Parse OPTIONS _LT_SET_OPTIONS([$0], [$1]) # This can be used to rebuild libtool when needed LIBTOOL_DEPS="$ltmain" # Always use our own libtool. LIBTOOL='$(SHELL) $(top_builddir)/libtool' AC_SUBST(LIBTOOL)dnl _LT_SETUP # Only expand once: m4_define([LT_INIT]) ])# LT_INIT # Old names: AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT]) AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PROG_LIBTOOL], []) dnl AC_DEFUN([AM_PROG_LIBTOOL], []) # _LT_CC_BASENAME(CC) # ------------------- # Calculate cc_basename. Skip known compiler wrappers and cross-prefix. m4_defun([_LT_CC_BASENAME], [for cc_temp in $1""; do case $cc_temp in compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;; distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;; \-*) ;; *) break;; esac done cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"` ]) # _LT_FILEUTILS_DEFAULTS # ---------------------- # It is okay to use these file commands and assume they have been set # sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'. m4_defun([_LT_FILEUTILS_DEFAULTS], [: ${CP="cp -f"} : ${MV="mv -f"} : ${RM="rm -f"} ])# _LT_FILEUTILS_DEFAULTS # _LT_SETUP # --------- m4_defun([_LT_SETUP], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl _LT_DECL([], [host_alias], [0], [The host system])dnl _LT_DECL([], [host], [0])dnl _LT_DECL([], [host_os], [0])dnl dnl _LT_DECL([], [build_alias], [0], [The build system])dnl _LT_DECL([], [build], [0])dnl _LT_DECL([], [build_os], [0])dnl dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl dnl AC_REQUIRE([AC_PROG_LN_S])dnl test -z "$LN_S" && LN_S="ln -s" _LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl dnl AC_REQUIRE([LT_CMD_MAX_LEN])dnl _LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl _LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_CHECK_SHELL_FEATURES])dnl m4_require([_LT_CMD_RELOAD])dnl m4_require([_LT_CHECK_MAGIC_METHOD])dnl m4_require([_LT_CMD_OLD_ARCHIVE])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl _LT_CONFIG_LIBTOOL_INIT([ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes INIT. if test -n "\${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi ]) if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi _LT_CHECK_OBJDIR m4_require([_LT_TAG_COMPILER])dnl _LT_PROG_ECHO_BACKSLASH case $host_os in aix3*) # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi ;; esac # Sed substitution that helps us do robust quoting. It backslashifies # metacharacters that are still active within double-quoted strings. sed_quote_subst='s/\([["`$\\]]\)/\\\1/g' # Same as above, but do not quote variable references. double_quote_subst='s/\([["`\\]]\)/\\\1/g' # Sed substitution to delay expansion of an escaped shell variable in a # double_quote_subst'ed string. delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' # Sed substitution to delay expansion of an escaped single quote. delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' # Sed substitution to avoid accidental globbing in evaled expressions no_glob_subst='s/\*/\\\*/g' # Global variables: ofile=libtool can_build_shared=yes # All known linkers require a `.a' archive for static linking (except MSVC, # which needs '.lib'). libext=a with_gnu_ld="$lt_cv_prog_gnu_ld" old_CC="$CC" old_CFLAGS="$CFLAGS" # Set sane defaults for various variables test -z "$CC" && CC=cc test -z "$LTCC" && LTCC=$CC test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS test -z "$LD" && LD=ld test -z "$ac_objext" && ac_objext=o _LT_CC_BASENAME([$compiler]) # Only perform the check for file, if the check method requires it test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then _LT_PATH_MAGIC fi ;; esac # Use C for the default configuration in the libtool script LT_SUPPORTED_TAG([CC]) _LT_LANG_C_CONFIG _LT_LANG_DEFAULT_CONFIG _LT_CONFIG_COMMANDS ])# _LT_SETUP # _LT_PROG_LTMAIN # --------------- # Note that this code is called both from `configure', and `config.status' # now that we use AC_CONFIG_COMMANDS to generate libtool. Notably, # `config.status' has no value for ac_aux_dir unless we are using Automake, # so we pass a copy along to make sure it has a sensible value anyway. m4_defun([_LT_PROG_LTMAIN], [m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl _LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir']) ltmain="$ac_aux_dir/ltmain.sh" ])# _LT_PROG_LTMAIN ## ------------------------------------- ## ## Accumulate code for creating libtool. ## ## ------------------------------------- ## # So that we can recreate a full libtool script including additional # tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS # in macros and then make a single call at the end using the `libtool' # label. # _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS]) # ---------------------------------------- # Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL_INIT], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_INIT], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_INIT]) # _LT_CONFIG_LIBTOOL([COMMANDS]) # ------------------------------ # Register COMMANDS to be passed to AC_CONFIG_COMMANDS later. m4_define([_LT_CONFIG_LIBTOOL], [m4_ifval([$1], [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS], [$1 ])])]) # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS]) # _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS]) # ----------------------------------------------------- m4_defun([_LT_CONFIG_SAVE_COMMANDS], [_LT_CONFIG_LIBTOOL([$1]) _LT_CONFIG_LIBTOOL_INIT([$2]) ]) # _LT_FORMAT_COMMENT([COMMENT]) # ----------------------------- # Add leading comment marks to the start of each line, and a trailing # full-stop to the whole comment if one is not present already. m4_define([_LT_FORMAT_COMMENT], [m4_ifval([$1], [ m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])], [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.]) )]) ## ------------------------ ## ## FIXME: Eliminate VARNAME ## ## ------------------------ ## # _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?]) # ------------------------------------------------------------------- # CONFIGNAME is the name given to the value in the libtool script. # VARNAME is the (base) name used in the configure script. # VALUE may be 0, 1 or 2 for a computed quote escaped value based on # VARNAME. Any other value will be used directly. m4_define([_LT_DECL], [lt_if_append_uniq([lt_decl_varnames], [$2], [, ], [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name], [m4_ifval([$1], [$1], [$2])]) lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3]) m4_ifval([$4], [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])]) lt_dict_add_subkey([lt_decl_dict], [$2], [tagged?], [m4_ifval([$5], [yes], [no])])]) ]) # _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION]) # -------------------------------------------------------- m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])]) # lt_decl_tag_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_tag_varnames], [_lt_decl_filter([tagged?], [yes], $@)]) # _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..]) # --------------------------------------------------------- m4_define([_lt_decl_filter], [m4_case([$#], [0], [m4_fatal([$0: too few arguments: $#])], [1], [m4_fatal([$0: too few arguments: $#: $1])], [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)], [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)], [lt_dict_filter([lt_decl_dict], $@)])[]dnl ]) # lt_decl_quote_varnames([SEPARATOR], [VARNAME1...]) # -------------------------------------------------- m4_define([lt_decl_quote_varnames], [_lt_decl_filter([value], [1], $@)]) # lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_dquote_varnames], [_lt_decl_filter([value], [2], $@)]) # lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...]) # --------------------------------------------------- m4_define([lt_decl_varnames_tagged], [m4_assert([$# <= 2])dnl _$0(m4_quote(m4_default([$1], [[, ]])), m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]), m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))]) m4_define([_lt_decl_varnames_tagged], [m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])]) # lt_decl_all_varnames([SEPARATOR], [VARNAME1...]) # ------------------------------------------------ m4_define([lt_decl_all_varnames], [_$0(m4_quote(m4_default([$1], [[, ]])), m4_if([$2], [], m4_quote(lt_decl_varnames), m4_quote(m4_shift($@))))[]dnl ]) m4_define([_lt_decl_all_varnames], [lt_join($@, lt_decl_varnames_tagged([$1], lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl ]) # _LT_CONFIG_STATUS_DECLARE([VARNAME]) # ------------------------------------ # Quote a variable value, and forward it to `config.status' so that its # declaration there will have the same value as in `configure'. VARNAME # must have a single quote delimited value for this to work. m4_define([_LT_CONFIG_STATUS_DECLARE], [$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`']) # _LT_CONFIG_STATUS_DECLARATIONS # ------------------------------ # We delimit libtool config variables with single quotes, so when # we write them to config.status, we have to be sure to quote all # embedded single quotes properly. In configure, this macro expands # each variable declared with _LT_DECL (and _LT_TAGDECL) into: # # ='`$ECHO "X$" | $Xsed -e "$delay_single_quote_subst"`' m4_defun([_LT_CONFIG_STATUS_DECLARATIONS], [m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames), [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAGS # ---------------- # Output comment and list of tags supported by the script m4_defun([_LT_LIBTOOL_TAGS], [_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl available_tags="_LT_TAGS"dnl ]) # _LT_LIBTOOL_DECLARE(VARNAME, [TAG]) # ----------------------------------- # Extract the dictionary values for VARNAME (optionally with TAG) and # expand to a commented shell variable setting: # # # Some comment about what VAR is for. # visible_name=$lt_internal_name m4_define([_LT_LIBTOOL_DECLARE], [_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [description])))[]dnl m4_pushdef([_libtool_name], m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])), [0], [_libtool_name=[$]$1], [1], [_libtool_name=$lt_[]$1], [2], [_libtool_name=$lt_[]$1], [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl ]) # _LT_LIBTOOL_CONFIG_VARS # ----------------------- # Produce commented declarations of non-tagged libtool config variables # suitable for insertion in the LIBTOOL CONFIG section of the `libtool' # script. Tagged libtool config variables (even for the LIBTOOL CONFIG # section) are produced by _LT_LIBTOOL_TAG_VARS. m4_defun([_LT_LIBTOOL_CONFIG_VARS], [m4_foreach([_lt_var], m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])]) # _LT_LIBTOOL_TAG_VARS(TAG) # ------------------------- m4_define([_LT_LIBTOOL_TAG_VARS], [m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames), [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])]) # _LT_TAGVAR(VARNAME, [TAGNAME]) # ------------------------------ m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])]) # _LT_CONFIG_COMMANDS # ------------------- # Send accumulated output to $CONFIG_STATUS. Thanks to the lists of # variables for single and double quote escaping we saved from calls # to _LT_DECL, we can put quote escaped variables declarations # into `config.status', and then the shell code to quote escape them in # for loops in `config.status'. Finally, any additional code accumulated # from calls to _LT_CONFIG_LIBTOOL_INIT is expanded. m4_defun([_LT_CONFIG_COMMANDS], [AC_PROVIDE_IFELSE([LT_OUTPUT], dnl If the libtool generation code has been placed in $CONFIG_LT, dnl instead of duplicating it all over again into config.status, dnl then we will have config.status run $CONFIG_LT later, so it dnl needs to know what name is stored there: [AC_CONFIG_COMMANDS([libtool], [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])], dnl If the libtool generation code is destined for config.status, dnl expand the accumulated commands and init code now: [AC_CONFIG_COMMANDS([libtool], [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])]) ])#_LT_CONFIG_COMMANDS # Initialize. m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT], [ # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH sed_quote_subst='$sed_quote_subst' double_quote_subst='$double_quote_subst' delay_variable_subst='$delay_variable_subst' _LT_CONFIG_STATUS_DECLARATIONS LTCC='$LTCC' LTCFLAGS='$LTCFLAGS' compiler='$compiler_DEFAULT' # Quote evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_quote_varnames); do case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Double-quote double-evaled strings. for var in lt_decl_all_varnames([[ \ ]], lt_decl_dquote_varnames); do case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in *[[\\\\\\\`\\"\\\$]]*) eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ;; *) eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" ;; esac done # Fix-up fallback echo if it was mangled by the above quoting rules. case \$lt_ECHO in *'\\\[$]0 --fallback-echo"')dnl " lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\` ;; esac _LT_OUTPUT_LIBTOOL_INIT ]) # LT_OUTPUT # --------- # This macro allows early generation of the libtool script (before # AC_OUTPUT is called), incase it is used in configure for compilation # tests. AC_DEFUN([LT_OUTPUT], [: ${CONFIG_LT=./config.lt} AC_MSG_NOTICE([creating $CONFIG_LT]) cat >"$CONFIG_LT" <<_LTEOF #! $SHELL # Generated by $as_me. # Run this file to recreate a libtool stub with the current configuration. lt_cl_silent=false SHELL=\${CONFIG_SHELL-$SHELL} _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AS_SHELL_SANITIZE _AS_PREPARE exec AS_MESSAGE_FD>&1 exec AS_MESSAGE_LOG_FD>>config.log { echo AS_BOX([Running $as_me.]) } >&AS_MESSAGE_LOG_FD lt_cl_help="\ \`$as_me' creates a local libtool stub from the current configuration, for use in further configure time tests before the real libtool is generated. Usage: $[0] [[OPTIONS]] -h, --help print this help, then exit -V, --version print version number, then exit -q, --quiet do not print progress messages -d, --debug don't remove temporary files Report bugs to ." lt_cl_version="\ m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION]) configured by $[0], generated by m4_PACKAGE_STRING. Copyright (C) 2008 Free Software Foundation, Inc. This config.lt script is free software; the Free Software Foundation gives unlimited permision to copy, distribute and modify it." while test $[#] != 0 do case $[1] in --version | --v* | -V ) echo "$lt_cl_version"; exit 0 ;; --help | --h* | -h ) echo "$lt_cl_help"; exit 0 ;; --debug | --d* | -d ) debug=: ;; --quiet | --q* | --silent | --s* | -q ) lt_cl_silent=: ;; -*) AC_MSG_ERROR([unrecognized option: $[1] Try \`$[0] --help' for more information.]) ;; *) AC_MSG_ERROR([unrecognized argument: $[1] Try \`$[0] --help' for more information.]) ;; esac shift done if $lt_cl_silent; then exec AS_MESSAGE_FD>/dev/null fi _LTEOF cat >>"$CONFIG_LT" <<_LTEOF _LT_OUTPUT_LIBTOOL_COMMANDS_INIT _LTEOF cat >>"$CONFIG_LT" <<\_LTEOF AC_MSG_NOTICE([creating $ofile]) _LT_OUTPUT_LIBTOOL_COMMANDS AS_EXIT(0) _LTEOF chmod +x "$CONFIG_LT" # configure is writing to config.log, but config.lt does its own redirection, # appending to config.log, which fails on DOS, as config.log is still kept # open by configure. Here we exec the FD to /dev/null, effectively closing # config.log, so it can be properly (re)opened and appended to by config.lt. if test "$no_create" != yes; then lt_cl_success=: test "$silent" = yes && lt_config_lt_args="$lt_config_lt_args --quiet" exec AS_MESSAGE_LOG_FD>/dev/null $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false exec AS_MESSAGE_LOG_FD>>config.log $lt_cl_success || AS_EXIT(1) fi ])# LT_OUTPUT # _LT_CONFIG(TAG) # --------------- # If TAG is the built-in tag, create an initial libtool script with a # default configuration from the untagged config vars. Otherwise add code # to config.status for appending the configuration named by TAG from the # matching tagged config vars. m4_defun([_LT_CONFIG], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_CONFIG_SAVE_COMMANDS([ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl m4_if(_LT_TAG, [C], [ # See if we are running on zsh, and set the options which allow our # commands through without removal of \ escapes. if test -n "${ZSH_VERSION+set}" ; then setopt NO_GLOB_SUBST fi cfgfile="${ofile}T" trap "$RM \"$cfgfile\"; exit 1" 1 2 15 $RM "$cfgfile" cat <<_LT_EOF >> "$cfgfile" #! $SHELL # `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services. # Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION # Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: # NOTE: Changes made to this file will be lost: look at ltmain.sh. # _LT_COPYING _LT_LIBTOOL_TAGS # ### BEGIN LIBTOOL CONFIG _LT_LIBTOOL_CONFIG_VARS _LT_LIBTOOL_TAG_VARS # ### END LIBTOOL CONFIG _LT_EOF case $host_os in aix3*) cat <<\_LT_EOF >> "$cfgfile" # AIX sometimes has problems with the GCC collect2 program. For some # reason, if we set the COLLECT_NAMES environment variable, the problems # vanish in a puff of smoke. if test "X${COLLECT_NAMES+set}" != Xset; then COLLECT_NAMES= export COLLECT_NAMES fi _LT_EOF ;; esac _LT_PROG_LTMAIN # We use sed instead of cat because bash on DJGPP gets confused if # if finds mixed CR/LF and LF-only lines. Since sed operates in # text mode, it properly converts lines to CR/LF. This bash problem # is reportedly fixed, but why not run on old versions too? sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) _LT_PROG_XSI_SHELLFNS sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \ || (rm -f "$cfgfile"; exit 1) mv -f "$cfgfile" "$ofile" || (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") chmod +x "$ofile" ], [cat <<_LT_EOF >> "$ofile" dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded dnl in a comment (ie after a #). # ### BEGIN LIBTOOL TAG CONFIG: $1 _LT_LIBTOOL_TAG_VARS(_LT_TAG) # ### END LIBTOOL TAG CONFIG: $1 _LT_EOF ])dnl /m4_if ], [m4_if([$1], [], [ PACKAGE='$PACKAGE' VERSION='$VERSION' TIMESTAMP='$TIMESTAMP' RM='$RM' ofile='$ofile'], []) ])dnl /_LT_CONFIG_SAVE_COMMANDS ])# _LT_CONFIG # LT_SUPPORTED_TAG(TAG) # --------------------- # Trace this macro to discover what tags are supported by the libtool # --tag option, using: # autoconf --trace 'LT_SUPPORTED_TAG:$1' AC_DEFUN([LT_SUPPORTED_TAG], []) # C support is built-in for now m4_define([_LT_LANG_C_enabled], []) m4_define([_LT_TAGS], []) # LT_LANG(LANG) # ------------- # Enable libtool support for the given language if not already enabled. AC_DEFUN([LT_LANG], [AC_BEFORE([$0], [LT_OUTPUT])dnl m4_case([$1], [C], [_LT_LANG(C)], [C++], [_LT_LANG(CXX)], [Java], [_LT_LANG(GCJ)], [Fortran 77], [_LT_LANG(F77)], [Fortran], [_LT_LANG(FC)], [Windows Resource], [_LT_LANG(RC)], [m4_ifdef([_LT_LANG_]$1[_CONFIG], [_LT_LANG($1)], [m4_fatal([$0: unsupported language: "$1"])])])dnl ])# LT_LANG # _LT_LANG(LANGNAME) # ------------------ m4_defun([_LT_LANG], [m4_ifdef([_LT_LANG_]$1[_enabled], [], [LT_SUPPORTED_TAG([$1])dnl m4_append([_LT_TAGS], [$1 ])dnl m4_define([_LT_LANG_]$1[_enabled], [])dnl _LT_LANG_$1_CONFIG($1)])dnl ])# _LT_LANG # _LT_LANG_DEFAULT_CONFIG # ----------------------- m4_defun([_LT_LANG_DEFAULT_CONFIG], [AC_PROVIDE_IFELSE([AC_PROG_CXX], [LT_LANG(CXX)], [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])]) AC_PROVIDE_IFELSE([AC_PROG_F77], [LT_LANG(F77)], [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])]) AC_PROVIDE_IFELSE([AC_PROG_FC], [LT_LANG(FC)], [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])]) dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal dnl pulling things in needlessly. AC_PROVIDE_IFELSE([AC_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([A][M_PROG_GCJ], [LT_LANG(GCJ)], [AC_PROVIDE_IFELSE([LT_PROG_GCJ], [LT_LANG(GCJ)], [m4_ifdef([AC_PROG_GCJ], [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([A][M_PROG_GCJ], [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])]) m4_ifdef([LT_PROG_GCJ], [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])]) AC_PROVIDE_IFELSE([LT_PROG_RC], [LT_LANG(RC)], [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])]) ])# _LT_LANG_DEFAULT_CONFIG # Obsolete macros: AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)]) AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)]) AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)]) AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_CXX], []) dnl AC_DEFUN([AC_LIBTOOL_F77], []) dnl AC_DEFUN([AC_LIBTOOL_FC], []) dnl AC_DEFUN([AC_LIBTOOL_GCJ], []) # _LT_TAG_COMPILER # ---------------- m4_defun([_LT_TAG_COMPILER], [AC_REQUIRE([AC_PROG_CC])dnl _LT_DECL([LTCC], [CC], [1], [A C compiler])dnl _LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl _LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl _LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl # If no C compiler was specified, use CC. LTCC=${LTCC-"$CC"} # If no C compiler flags were specified, use CFLAGS. LTCFLAGS=${LTCFLAGS-"$CFLAGS"} # Allow CC to be a program name with arguments. compiler=$CC ])# _LT_TAG_COMPILER # _LT_COMPILER_BOILERPLATE # ------------------------ # Check for compiler boilerplate output or warnings with # the simple compiler test code. m4_defun([_LT_COMPILER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" >conftest.$ac_ext eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_compiler_boilerplate=`cat conftest.err` $RM conftest* ])# _LT_COMPILER_BOILERPLATE # _LT_LINKER_BOILERPLATE # ---------------------- # Check for linker boilerplate output or warnings with # the simple link test code. m4_defun([_LT_LINKER_BOILERPLATE], [m4_require([_LT_DECL_SED])dnl ac_outfile=conftest.$ac_objext echo "$lt_simple_link_test_code" >conftest.$ac_ext eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err _lt_linker_boilerplate=`cat conftest.err` $RM -r conftest* ])# _LT_LINKER_BOILERPLATE # _LT_REQUIRED_DARWIN_CHECKS # ------------------------- m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[ case $host_os in rhapsody* | darwin*) AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:]) AC_CHECK_TOOL([NMEDIT], [nmedit], [:]) AC_CHECK_TOOL([LIPO], [lipo], [:]) AC_CHECK_TOOL([OTOOL], [otool], [:]) AC_CHECK_TOOL([OTOOL64], [otool64], [:]) _LT_DECL([], [DSYMUTIL], [1], [Tool to manipulate archived DWARF debug symbol files on Mac OS X]) _LT_DECL([], [NMEDIT], [1], [Tool to change global to local symbols on Mac OS X]) _LT_DECL([], [LIPO], [1], [Tool to manipulate fat objects and archives on Mac OS X]) _LT_DECL([], [OTOOL], [1], [ldd/readelf like tool for Mach-O binaries on Mac OS X]) _LT_DECL([], [OTOOL64], [1], [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4]) AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod], [lt_cv_apple_cc_single_mod=no if test -z "${LT_MULTI_MODULE}"; then # By default we will add the -single_module flag. You can override # by either setting the environment variable LT_MULTI_MODULE # non-empty at configure time, or by adding -multi_module to the # link flags. rm -rf libconftest.dylib* echo "int foo(void){return 1;}" > conftest.c echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err _lt_result=$? if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then lt_cv_apple_cc_single_mod=yes else cat conftest.err >&AS_MESSAGE_LOG_FD fi rm -rf libconftest.dylib* rm -f conftest.* fi]) AC_CACHE_CHECK([for -exported_symbols_list linker flag], [lt_cv_ld_exported_symbols_list], [lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [lt_cv_ld_exported_symbols_list=yes], [lt_cv_ld_exported_symbols_list=no]) LDFLAGS="$save_LDFLAGS" ]) case $host_os in rhapsody* | darwin1.[[012]]) _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;; darwin1.*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; darwin*) # darwin 5.x on # if running on 10.5 or later, the deployment target defaults # to the OS version, if on x86, and 10.4, the deployment # target defaults to 10.4. Don't you love it? case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; 10.[[012]]*) _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;; 10.*) _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;; esac ;; esac if test "$lt_cv_apple_cc_single_mod" = "yes"; then _lt_dar_single_mod='$single_module' fi if test "$lt_cv_ld_exported_symbols_list" = "yes"; then _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym' else _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}' fi if test "$DSYMUTIL" != ":"; then _lt_dsymutil='~$DSYMUTIL $lib || :' else _lt_dsymutil= fi ;; esac ]) # _LT_DARWIN_LINKER_FEATURES # -------------------------- # Checks for linker and compiler features on darwin m4_defun([_LT_DARWIN_LINKER_FEATURES], [ m4_require([_LT_REQUIRED_DARWIN_CHECKS]) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(whole_archive_flag_spec, $1)='' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined" case $cc_basename in ifort*) _lt_dar_can_shared=yes ;; *) _lt_dar_can_shared=$GCC ;; esac if test "$_lt_dar_can_shared" = "yes"; then output_verbose_link_cmd=echo _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}" _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}" _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}" m4_if([$1], [CXX], [ if test "$lt_cv_apple_cc_single_mod" != "yes"; then _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}" _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}" fi ],[]) else _LT_TAGVAR(ld_shlibs, $1)=no fi ]) # _LT_SYS_MODULE_PATH_AIX # ----------------------- # Links a minimal program and checks the executable # for the system default hardcoded library path. In most cases, # this is /usr/lib:/lib, but when the MPI compilers are used # the location of the communication and MPI libs are included too. # If we don't find anything, use the default library path according # to the aix ld manual. m4_defun([_LT_SYS_MODULE_PATH_AIX], [m4_require([_LT_DECL_SED])dnl AC_LINK_IFELSE(AC_LANG_PROGRAM,[ lt_aix_libpath_sed=' /Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/ p } }' aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` # Check for a 64-bit object if we didn't find anything. if test -z "$aix_libpath"; then aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi],[]) if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi ])# _LT_SYS_MODULE_PATH_AIX # _LT_SHELL_INIT(ARG) # ------------------- m4_define([_LT_SHELL_INIT], [ifdef([AC_DIVERSION_NOTICE], [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)], [AC_DIVERT_PUSH(NOTICE)]) $1 AC_DIVERT_POP ])# _LT_SHELL_INIT # _LT_PROG_ECHO_BACKSLASH # ----------------------- # Add some code to the start of the generated configure script which # will find an echo command which doesn't interpret backslashes. m4_defun([_LT_PROG_ECHO_BACKSLASH], [_LT_SHELL_INIT([ # Check that we are running under the correct shell. SHELL=${CONFIG_SHELL-/bin/sh} case X$lt_ECHO in X*--fallback-echo) # Remove one level of quotation (which was required for Make). ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','` ;; esac ECHO=${lt_ECHO-echo} if test "X[$]1" = X--no-reexec; then # Discard the --no-reexec flag, and continue. shift elif test "X[$]1" = X--fallback-echo; then # Avoid inline document here, it may be left over : elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then # Yippee, $ECHO works! : else # Restart under the correct shell. exec $SHELL "[$]0" --no-reexec ${1+"[$]@"} fi if test "X[$]1" = X--fallback-echo; then # used as fallback echo shift cat <<_LT_EOF [$]* _LT_EOF exit 0 fi # The HP-UX ksh and POSIX shell print the target directory to stdout # if CDPATH is set. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH if test -z "$lt_ECHO"; then if test "X${echo_test_string+set}" != Xset; then # find a string as large as possible, as long as the shell can cope with it for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ... if { echo_test_string=`eval $cmd`; } 2>/dev/null && { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null then break fi done fi if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then : else # The Solaris, AIX, and Digital Unix default echo programs unquote # backslashes. This makes it impossible to quote backslashes using # echo "$something" | sed 's/\\/\\\\/g' # # So, first we look for a working echo in the user's PATH. lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for dir in $PATH /usr/ucb; do IFS="$lt_save_ifs" if (test -f $dir/echo || test -f $dir/echo$ac_exeext) && test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' && echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then ECHO="$dir/echo" break fi done IFS="$lt_save_ifs" if test "X$ECHO" = Xecho; then # We didn't find a better echo, so look for alternatives. if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # This shell has a builtin print -r that does the trick. ECHO='print -r' elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } && test "X$CONFIG_SHELL" != X/bin/ksh; then # If we have ksh, try running configure again with it. ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh} export ORIGINAL_CONFIG_SHELL CONFIG_SHELL=/bin/ksh export CONFIG_SHELL exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"} else # Try using printf. ECHO='printf %s\n' if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' && echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then # Cool, printf works : elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL export CONFIG_SHELL SHELL="$CONFIG_SHELL" export SHELL ECHO="$CONFIG_SHELL [$]0 --fallback-echo" elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` && test "X$echo_testing_string" = 'X\t' && echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` && test "X$echo_testing_string" = "X$echo_test_string"; then ECHO="$CONFIG_SHELL [$]0 --fallback-echo" else # maybe with a smaller string... prev=: for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null then break fi prev="$cmd" done if test "$prev" != 'sed 50q "[$]0"'; then echo_test_string=`eval $prev` export echo_test_string exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"} else # Oops. We lost completely, so just stick with echo. ECHO=echo fi fi fi fi fi fi # Copy echo and quote the copy suitably for passing to libtool from # the Makefile, instead of quoting the original, which is used later. lt_ECHO=$ECHO if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo" fi AC_SUBST(lt_ECHO) ]) _LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts]) _LT_DECL([], [ECHO], [1], [An echo program that does not interpret backslashes]) ])# _LT_PROG_ECHO_BACKSLASH # _LT_ENABLE_LOCK # --------------- m4_defun([_LT_ENABLE_LOCK], [AC_ARG_ENABLE([libtool-lock], [AS_HELP_STRING([--disable-libtool-lock], [avoid locking (might break parallel builds)])]) test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes # Some flags need to be propagated to the compiler or linker for good # libtool support. case $host in ia64-*-hpux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) HPUX_IA64_MODE="32" ;; *ELF-64*) HPUX_IA64_MODE="64" ;; esac fi rm -rf conftest* ;; *-*-irix6*) # Find out which ABI we are using. echo '[#]line __oline__ "configure"' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then if test "$lt_cv_prog_gnu_ld" = yes; then case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -melf32bsmip" ;; *N32*) LD="${LD-ld} -melf32bmipn32" ;; *64-bit*) LD="${LD-ld} -melf64bmip" ;; esac else case `/usr/bin/file conftest.$ac_objext` in *32-bit*) LD="${LD-ld} -32" ;; *N32*) LD="${LD-ld} -n32" ;; *64-bit*) LD="${LD-ld} -64" ;; esac fi fi rm -rf conftest* ;; x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *32-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_i386_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_i386" ;; ppc64-*linux*|powerpc64-*linux*) LD="${LD-ld} -m elf32ppclinux" ;; s390x-*linux*) LD="${LD-ld} -m elf_s390" ;; sparc64-*linux*) LD="${LD-ld} -m elf32_sparc" ;; esac ;; *64-bit*) case $host in x86_64-*kfreebsd*-gnu) LD="${LD-ld} -m elf_x86_64_fbsd" ;; x86_64-*linux*) LD="${LD-ld} -m elf_x86_64" ;; ppc*-*linux*|powerpc*-*linux*) LD="${LD-ld} -m elf64ppc" ;; s390*-*linux*|s390*-*tpf*) LD="${LD-ld} -m elf64_s390" ;; sparc*-*linux*) LD="${LD-ld} -m elf64_sparc" ;; esac ;; esac fi rm -rf conftest* ;; *-*-sco3.2v5*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -belf" AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, [AC_LANG_PUSH(C) AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no]) AC_LANG_POP]) if test x"$lt_cv_cc_needs_belf" != x"yes"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS="$SAVE_CFLAGS" fi ;; sparc*-*solaris*) # Find out which ABI we are using. echo 'int i;' > conftest.$ac_ext if AC_TRY_EVAL(ac_compile); then case `/usr/bin/file conftest.o` in *64-bit*) case $lt_cv_prog_gnu_ld in yes*) LD="${LD-ld} -m elf64_sparc" ;; *) if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then LD="${LD-ld} -64" fi ;; esac ;; esac fi rm -rf conftest* ;; esac need_locks="$enable_libtool_lock" ])# _LT_ENABLE_LOCK # _LT_CMD_OLD_ARCHIVE # ------------------- m4_defun([_LT_CMD_OLD_ARCHIVE], [AC_CHECK_TOOL(AR, ar, false) test -z "$AR" && AR=ar test -z "$AR_FLAGS" && AR_FLAGS=cru _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1]) AC_CHECK_TOOL(STRIP, strip, :) test -z "$STRIP" && STRIP=: _LT_DECL([], [STRIP], [1], [A symbol stripping program]) AC_CHECK_TOOL(RANLIB, ranlib, :) test -z "$RANLIB" && RANLIB=: _LT_DECL([], [RANLIB], [1], [Commands used to install an old-style archive]) # Determine commands to create old-style static archives. old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' old_postinstall_cmds='chmod 644 $oldlib' old_postuninstall_cmds= if test -n "$RANLIB"; then case $host_os in openbsd*) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib" ;; *) old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib" ;; esac old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib" fi _LT_DECL([], [old_postinstall_cmds], [2]) _LT_DECL([], [old_postuninstall_cmds], [2]) _LT_TAGDECL([], [old_archive_cmds], [2], [Commands used to build an old-style archive]) ])# _LT_CMD_OLD_ARCHIVE # _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------------------- # Check whether the given compiler option works AC_DEFUN([_LT_COMPILER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4]) echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="$3" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. # The option is referenced via a variable to avoid confusing sed. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi fi $RM conftest* ]) if test x"[$]$2" = xyes; then m4_if([$5], , :, [$5]) else m4_if([$6], , :, [$6]) fi ])# _LT_COMPILER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], []) # _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS, # [ACTION-SUCCESS], [ACTION-FAILURE]) # ---------------------------------------------------- # Check whether the given linker option works AC_DEFUN([_LT_LINKER_OPTION], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_SED])dnl AC_CACHE_CHECK([$1], [$2], [$2=no save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS $3" echo "$lt_simple_link_test_code" > conftest.$ac_ext if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then # The linker can only warn and ignore the option if not recognized # So say no if there are warnings if test -s conftest.err; then # Append any errors to the config.log. cat conftest.err 1>&AS_MESSAGE_LOG_FD $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 if diff conftest.exp conftest.er2 >/dev/null; then $2=yes fi else $2=yes fi fi $RM -r conftest* LDFLAGS="$save_LDFLAGS" ]) if test x"[$]$2" = xyes; then m4_if([$4], , :, [$4]) else m4_if([$5], , :, [$5]) fi ])# _LT_LINKER_OPTION # Old name: AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], []) # LT_CMD_MAX_LEN #--------------- AC_DEFUN([LT_CMD_MAX_LEN], [AC_REQUIRE([AC_CANONICAL_HOST])dnl # find the maximum length of command line arguments AC_MSG_CHECKING([the maximum length of command line arguments]) AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl i=0 teststring="ABCD" case $build_os in msdosdjgpp*) # On DJGPP, this test can blow up pretty badly due to problems in libc # (any single argument exceeding 2000 bytes causes a buffer overrun # during glob expansion). Even if it were fixed, the result of this # check would be larger than it should be. lt_cv_sys_max_cmd_len=12288; # 12K is about right ;; gnu*) # Under GNU Hurd, this test is not required because there is # no limit to the length of command line arguments. # Libtool will interpret -1 as no limit whatsoever lt_cv_sys_max_cmd_len=-1; ;; cygwin* | mingw* | cegcc*) # On Win9x/ME, this test blows up -- it succeeds, but takes # about 5 minutes as the teststring grows exponentially. # Worse, since 9x/ME are not pre-emptively multitasking, # you end up with a "frozen" computer, even though with patience # the test eventually succeeds (with a max line length of 256k). # Instead, let's just punt: use the minimum linelength reported by # all of the supported platforms: 8192 (on NT/2K/XP). lt_cv_sys_max_cmd_len=8192; ;; amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. lt_cv_sys_max_cmd_len=8192; ;; netbsd* | freebsd* | openbsd* | darwin* | dragonfly*) # This has been around since 386BSD, at least. Likely further. if test -x /sbin/sysctl; then lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` elif test -x /usr/sbin/sysctl; then lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` else lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs fi # And add a safety zone lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` ;; interix*) # We know the value 262144 and hardcode it with a safety zone (like BSD) lt_cv_sys_max_cmd_len=196608 ;; osf*) # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not # nice to cause kernel panics so lets avoid the loop below. # First set a reasonable default. lt_cv_sys_max_cmd_len=16384 # if test -x /sbin/sysconfig; then case `/sbin/sysconfig -q proc exec_disable_arg_limit` in *1*) lt_cv_sys_max_cmd_len=-1 ;; esac fi ;; sco3.2v5*) lt_cv_sys_max_cmd_len=102400 ;; sysv5* | sco5v6* | sysv4.2uw2*) kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` if test -n "$kargmax"; then lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'` else lt_cv_sys_max_cmd_len=32768 fi ;; *) lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` if test -n "$lt_cv_sys_max_cmd_len"; then lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` else # Make teststring a little bigger before we do anything with it. # a 1K string should be a reasonable start. for i in 1 2 3 4 5 6 7 8 ; do teststring=$teststring$teststring done SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} # If test is not a shell built-in, we'll probably end up computing a # maximum length that is only half of the actual maximum length, but # we can't tell. while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \ = "XX$teststring$teststring"; } >/dev/null 2>&1 && test $i != 17 # 1/2 MB should be enough do i=`expr $i + 1` teststring=$teststring$teststring done # Only check the string length outside the loop. lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` teststring= # Add a significant safety factor because C++ compilers can tack on # massive amounts of additional arguments before passing them to the # linker. It appears as though 1/2 is a usable value. lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` fi ;; esac ]) if test -n $lt_cv_sys_max_cmd_len ; then AC_MSG_RESULT($lt_cv_sys_max_cmd_len) else AC_MSG_RESULT(none) fi max_cmd_len=$lt_cv_sys_max_cmd_len _LT_DECL([], [max_cmd_len], [0], [What is the maximum length of a command?]) ])# LT_CMD_MAX_LEN # Old name: AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], []) # _LT_HEADER_DLFCN # ---------------- m4_defun([_LT_HEADER_DLFCN], [AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl ])# _LT_HEADER_DLFCN # _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE, # ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING) # ---------------------------------------------------------------- m4_defun([_LT_TRY_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "$cross_compiling" = yes; then : [$4] else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF [#line __oline__ "configure" #include "confdefs.h" #if HAVE_DLFCN_H #include #endif #include #ifdef RTLD_GLOBAL # define LT_DLGLOBAL RTLD_GLOBAL #else # ifdef DL_GLOBAL # define LT_DLGLOBAL DL_GLOBAL # else # define LT_DLGLOBAL 0 # endif #endif /* We may have to define LT_DLLAZY_OR_NOW in the command line if we find out it does not work in some platform. */ #ifndef LT_DLLAZY_OR_NOW # ifdef RTLD_LAZY # define LT_DLLAZY_OR_NOW RTLD_LAZY # else # ifdef DL_LAZY # define LT_DLLAZY_OR_NOW DL_LAZY # else # ifdef RTLD_NOW # define LT_DLLAZY_OR_NOW RTLD_NOW # else # ifdef DL_NOW # define LT_DLLAZY_OR_NOW DL_NOW # else # define LT_DLLAZY_OR_NOW 0 # endif # endif # endif # endif #endif void fnord() { int i=42;} int main () { void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); int status = $lt_dlunknown; if (self) { if (dlsym (self,"fnord")) status = $lt_dlno_uscore; else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; /* dlclose (self); */ } else puts (dlerror ()); return status; }] _LT_EOF if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null lt_status=$? case x$lt_status in x$lt_dlno_uscore) $1 ;; x$lt_dlneed_uscore) $2 ;; x$lt_dlunknown|x*) $3 ;; esac else : # compilation failed $3 fi fi rm -fr conftest* ])# _LT_TRY_DLOPEN_SELF # LT_SYS_DLOPEN_SELF # ------------------ AC_DEFUN([LT_SYS_DLOPEN_SELF], [m4_require([_LT_HEADER_DLFCN])dnl if test "x$enable_dlopen" != xyes; then enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown else lt_cv_dlopen=no lt_cv_dlopen_libs= case $host_os in beos*) lt_cv_dlopen="load_add_on" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ;; mingw* | pw32* | cegcc*) lt_cv_dlopen="LoadLibrary" lt_cv_dlopen_libs= ;; cygwin*) lt_cv_dlopen="dlopen" lt_cv_dlopen_libs= ;; darwin*) # if libdl is installed we need to link against it AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[ lt_cv_dlopen="dyld" lt_cv_dlopen_libs= lt_cv_dlopen_self=yes ]) ;; *) AC_CHECK_FUNC([shl_load], [lt_cv_dlopen="shl_load"], [AC_CHECK_LIB([dld], [shl_load], [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"], [AC_CHECK_FUNC([dlopen], [lt_cv_dlopen="dlopen"], [AC_CHECK_LIB([dl], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"], [AC_CHECK_LIB([svld], [dlopen], [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"], [AC_CHECK_LIB([dld], [dld_link], [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"]) ]) ]) ]) ]) ]) ;; esac if test "x$lt_cv_dlopen" != xno; then enable_dlopen=yes else enable_dlopen=no fi case $lt_cv_dlopen in dlopen) save_CPPFLAGS="$CPPFLAGS" test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" save_LDFLAGS="$LDFLAGS" wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" save_LIBS="$LIBS" LIBS="$lt_cv_dlopen_libs $LIBS" AC_CACHE_CHECK([whether a program can dlopen itself], lt_cv_dlopen_self, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes, lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross) ]) if test "x$lt_cv_dlopen_self" = xyes; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" AC_CACHE_CHECK([whether a statically linked program can dlopen itself], lt_cv_dlopen_self_static, [dnl _LT_TRY_DLOPEN_SELF( lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross) ]) fi CPPFLAGS="$save_CPPFLAGS" LDFLAGS="$save_LDFLAGS" LIBS="$save_LIBS" ;; esac case $lt_cv_dlopen_self in yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; *) enable_dlopen_self=unknown ;; esac case $lt_cv_dlopen_self_static in yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; *) enable_dlopen_self_static=unknown ;; esac fi _LT_DECL([dlopen_support], [enable_dlopen], [0], [Whether dlopen is supported]) _LT_DECL([dlopen_self], [enable_dlopen_self], [0], [Whether dlopen of programs is supported]) _LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0], [Whether dlopen of statically linked programs is supported]) ])# LT_SYS_DLOPEN_SELF # Old name: AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], []) # _LT_COMPILER_C_O([TAGNAME]) # --------------------------- # Check to see if options -c and -o are simultaneously supported by compiler. # This macro does not hard code the compiler like AC_PROG_CC_C_O. m4_defun([_LT_COMPILER_C_O], [m4_require([_LT_DECL_SED])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)], [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no $RM -r conftest 2>/dev/null mkdir conftest cd conftest mkdir out echo "$lt_simple_compile_test_code" > conftest.$ac_ext lt_compiler_flag="-o out/conftest2.$ac_objext" # Insert the option either (1) after the last *FLAGS variable, or # (2) before a word containing "conftest.", or (3) at the end. # Note that $ac_compile itself does not contain backslashes and begins # with a dollar sign (not a hyphen), so the echo should work correctly. lt_compile=`echo "$ac_compile" | $SED \ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&AS_MESSAGE_LOG_FD echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes fi fi chmod u+w . 2>&AS_MESSAGE_LOG_FD $RM conftest* # SGI C++ compiler will create directory out/ii_files/ for # template instantiation test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files $RM out/* && rmdir out cd .. $RM -r conftest $RM conftest* ]) _LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1], [Does compiler simultaneously support -c and -o options?]) ])# _LT_COMPILER_C_O # _LT_COMPILER_FILE_LOCKS([TAGNAME]) # ---------------------------------- # Check to see if we can do hard links to lock some files if needed m4_defun([_LT_COMPILER_FILE_LOCKS], [m4_require([_LT_ENABLE_LOCK])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl _LT_COMPILER_C_O([$1]) hard_links="nottested" if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then # do not overwrite the value of need_locks provided by the user AC_MSG_CHECKING([if we can lock with hard links]) hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no AC_MSG_RESULT([$hard_links]) if test "$hard_links" = no; then AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe]) need_locks=warn fi else need_locks=no fi _LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?]) ])# _LT_COMPILER_FILE_LOCKS # _LT_CHECK_OBJDIR # ---------------- m4_defun([_LT_CHECK_OBJDIR], [AC_CACHE_CHECK([for objdir], [lt_cv_objdir], [rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then lt_cv_objdir=.libs else # MS-DOS does not allow filenames that begin with a dot. lt_cv_objdir=_libs fi rmdir .libs 2>/dev/null]) objdir=$lt_cv_objdir _LT_DECL([], [objdir], [0], [The name of the directory that contains temporary libtool files])dnl m4_pattern_allow([LT_OBJDIR])dnl AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/", [Define to the sub-directory in which libtool stores uninstalled libraries.]) ])# _LT_CHECK_OBJDIR # _LT_LINKER_HARDCODE_LIBPATH([TAGNAME]) # -------------------------------------- # Check hardcoding attributes. m4_defun([_LT_LINKER_HARDCODE_LIBPATH], [AC_MSG_CHECKING([how to hardcode library paths into programs]) _LT_TAGVAR(hardcode_action, $1)= if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" || test -n "$_LT_TAGVAR(runpath_var, $1)" || test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then # We can hardcode non-existent directories. if test "$_LT_TAGVAR(hardcode_direct, $1)" != no && # If the only mechanism to avoid hardcoding is shlibpath_var, we # have to relink, otherwise we might link with an installed library # when we should be linking with a yet-to-be-installed one ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no && test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then # Linking always hardcodes the temporary library directory. _LT_TAGVAR(hardcode_action, $1)=relink else # We can link without hardcoding, and we can hardcode nonexisting dirs. _LT_TAGVAR(hardcode_action, $1)=immediate fi else # We cannot hardcode anything, or else we can only hardcode existing # directories. _LT_TAGVAR(hardcode_action, $1)=unsupported fi AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)]) if test "$_LT_TAGVAR(hardcode_action, $1)" = relink || test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then # Fast installation is not supported enable_fast_install=no elif test "$shlibpath_overrides_runpath" = yes || test "$enable_shared" = no; then # Fast installation is not necessary enable_fast_install=needless fi _LT_TAGDECL([], [hardcode_action], [0], [How to hardcode a shared library path into an executable]) ])# _LT_LINKER_HARDCODE_LIBPATH # _LT_CMD_STRIPLIB # ---------------- m4_defun([_LT_CMD_STRIPLIB], [m4_require([_LT_DECL_EGREP]) striplib= old_striplib= AC_MSG_CHECKING([whether stripping libraries is possible]) if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" AC_MSG_RESULT([yes]) else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in darwin*) if test -n "$STRIP" ; then striplib="$STRIP -x" old_striplib="$STRIP -S" AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi ;; *) AC_MSG_RESULT([no]) ;; esac fi _LT_DECL([], [old_striplib], [1], [Commands to strip libraries]) _LT_DECL([], [striplib], [1]) ])# _LT_CMD_STRIPLIB # _LT_SYS_DYNAMIC_LINKER([TAG]) # ----------------------------- # PORTME Fill in your ld.so characteristics m4_defun([_LT_SYS_DYNAMIC_LINKER], [AC_REQUIRE([AC_CANONICAL_HOST])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_OBJDUMP])dnl m4_require([_LT_DECL_SED])dnl AC_MSG_CHECKING([dynamic linker characteristics]) m4_if([$1], [], [ if test "$GCC" = yes; then case $host_os in darwin*) lt_awk_arg="/^libraries:/,/LR/" ;; *) lt_awk_arg="/^libraries:/" ;; esac lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"` if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then # if the path contains ";" then we assume it to be the separator # otherwise default to the standard path separator (i.e. ":") - it is # assumed that no part of a normal pathname contains ";" but that should # okay in the real world where ";" in dirpaths is itself problematic. lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'` else lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi # Ok, now we have the path, separated by spaces, we can step through it # and add multilib dir if necessary. lt_tmp_lt_search_path_spec= lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` for lt_sys_path in $lt_search_path_spec; do if test -d "$lt_sys_path/$lt_multi_os_dir"; then lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir" else test -d "$lt_sys_path" && \ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" fi done lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk ' BEGIN {RS=" "; FS="/|\n";} { lt_foo=""; lt_count=0; for (lt_i = NF; lt_i > 0; lt_i--) { if ($lt_i != "" && $lt_i != ".") { if ($lt_i == "..") { lt_count++; } else { if (lt_count == 0) { lt_foo="/" $lt_i lt_foo; } else { lt_count--; } } } } if (lt_foo != "") { lt_freq[[lt_foo]]++; } if (lt_freq[[lt_foo]] == 1) { print lt_foo; } }'` sys_lib_search_path_spec=`$ECHO $lt_search_path_spec` else sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" fi]) library_names_spec= libname_spec='lib$name' soname_spec= shrext_cmds=".so" postinstall_cmds= postuninstall_cmds= finish_cmds= finish_eval= shlibpath_var= shlibpath_overrides_runpath=unknown version_type=none dynamic_linker="$host_os ld.so" sys_lib_dlsearch_path_spec="/lib /usr/lib" need_lib_prefix=unknown hardcode_into_libs=no # when you set need_version to no, make sure it does not cause -set_version # flags to be left without arguments need_version=unknown case $host_os in aix3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a' shlibpath_var=LIBPATH # AIX 3 has no versioning support, so we append a major version to the name. soname_spec='${libname}${release}${shared_ext}$major' ;; aix[[4-9]]*) version_type=linux need_lib_prefix=no need_version=no hardcode_into_libs=yes if test "$host_cpu" = ia64; then # AIX 5 supports IA64 library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH else # With GCC up to 2.95.x, collect2 would create an import file # for dependence libraries. The import file would start with # the line `#! .'. This would cause the generated library to # depend on `.', always an invalid library. This was fixed in # development snapshots of GCC prior to 3.0. case $host_os in aix4 | aix4.[[01]] | aix4.[[01]].*) if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' echo ' yes ' echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then : else can_build_shared=no fi ;; esac # AIX (on Power*) has no versioning support, so currently we can not hardcode correct # soname into executable. Probably we can add versioning support to # collect2, so additional links can be useful in future. if test "$aix_use_runtimelinking" = yes; then # If using run time linking (on AIX 4.2 or later) use lib.so # instead of lib.a to let people know that these are not # typical AIX shared libraries. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' else # We preserve .a as extension for shared libraries through AIX4.2 # and later when we are not doing run time linking. library_names_spec='${libname}${release}.a $libname.a' soname_spec='${libname}${release}${shared_ext}$major' fi shlibpath_var=LIBPATH fi ;; amigaos*) case $host_cpu in powerpc) # Since July 2007 AmigaOS4 officially supports .so libraries. # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' ;; m68k) library_names_spec='$libname.ixlibrary $libname.a' # Create ${libname}_ixlibrary.a entries in /sys/libs. finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' ;; esac ;; beos*) library_names_spec='${libname}${shared_ext}' dynamic_linker="$host_os ld.so" shlibpath_var=LIBRARY_PATH ;; bsdi[[45]]*) version_type=linux need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" # the default ld.so.conf also contains /usr/contrib/lib and # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow # libtool to hard-code these into programs ;; cygwin* | mingw* | pw32* | cegcc*) version_type=windows shrext_cmds=".dll" need_version=no need_lib_prefix=no case $GCC,$host_os in yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*) library_names_spec='$libname.dll.a' # DLL is installed to $(libdir)/../bin by postinstall_cmds postinstall_cmds='base_file=`basename \${file}`~ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~ dldir=$destdir/`dirname \$dlpath`~ test -d \$dldir || mkdir -p \$dldir~ $install_prog $dir/$dlname \$dldir/$dlname~ chmod a+x \$dldir/$dlname~ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; fi' postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ dlpath=$dir/\$dldll~ $RM \$dlpath' shlibpath_overrides_runpath=yes case $host_os in cygwin*) # Cygwin DLLs use 'cyg' prefix rather than 'lib' soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib" ;; mingw* | cegcc*) # MinGW DLLs use traditional 'lib' prefix soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"` if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then # It is most probably a Windows format PATH printed by # mingw gcc, but we are running on Cygwin. Gcc prints its search # path with ; separators, and with drive letters. We can handle the # drive letters (cygwin fileutils understands them), so leave them, # especially as we might pass files found there to a mingw objdump, # which wouldn't understand a cygwinified path. Ahh. sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` else sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` fi ;; pw32*) # pw32 DLLs use 'pw' prefix rather than 'lib' library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}' ;; esac ;; *) library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib' ;; esac dynamic_linker='Win32 ld.exe' # FIXME: first we should search . and the directory the executable is in shlibpath_var=PATH ;; darwin* | rhapsody*) dynamic_linker="$host_os dyld" version_type=darwin need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext' soname_spec='${libname}${release}${major}$shared_ext' shlibpath_overrides_runpath=yes shlibpath_var=DYLD_LIBRARY_PATH shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' m4_if([$1], [],[ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"]) sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' ;; dgux*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; freebsd1*) dynamic_linker=no ;; freebsd* | dragonfly*) # DragonFly does not have aout. When/if they implement a new # versioning mechanism, adjust this. if test -x /usr/bin/objformat; then objformat=`/usr/bin/objformat` else case $host_os in freebsd[[123]]*) objformat=aout ;; *) objformat=elf ;; esac fi version_type=freebsd-$objformat case $version_type in freebsd-elf*) library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' need_version=no need_lib_prefix=no ;; freebsd-*) library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix' need_version=yes ;; esac shlibpath_var=LD_LIBRARY_PATH case $host_os in freebsd2*) shlibpath_overrides_runpath=yes ;; freebsd3.[[01]]* | freebsdelf3.[[01]]*) shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1) shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; *) # from 4.6 on, and DragonFly shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; esac ;; gnu*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH hardcode_into_libs=yes ;; hpux9* | hpux10* | hpux11*) # Give a soname corresponding to the major version so that dld.sl refuses to # link against other versions. version_type=sunos need_lib_prefix=no need_version=no case $host_cpu in ia64*) shrext_cmds='.so' hardcode_into_libs=yes dynamic_linker="$host_os dld.so" shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' if test "X$HPUX_IA64_MODE" = X32; then sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" else sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" fi sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; hppa*64*) shrext_cmds='.sl' hardcode_into_libs=yes dynamic_linker="$host_os dld.sl" shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec ;; *) shrext_cmds='.sl' dynamic_linker="$host_os dld.sl" shlibpath_var=SHLIB_PATH shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' ;; esac # HP-UX runs *really* slowly unless shared libraries are mode 555. postinstall_cmds='chmod 555 $lib' ;; interix[[3-9]]*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; irix5* | irix6* | nonstopux*) case $host_os in nonstopux*) version_type=nonstopux ;; *) if test "$lt_cv_prog_gnu_ld" = yes; then version_type=linux else version_type=irix fi ;; esac need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}' case $host_os in irix5* | nonstopux*) libsuff= shlibsuff= ;; *) case $LD in # libtool.m4 will add one of these switches to LD *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= libmagic=32-bit;; *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 libmagic=N32;; *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 libmagic=64-bit;; *) libsuff= shlibsuff= libmagic=never-match;; esac ;; esac shlibpath_var=LD_LIBRARY${shlibsuff}_PATH shlibpath_overrides_runpath=no sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}" sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}" hardcode_into_libs=yes ;; # No shared lib support for Linux oldld, aout, or coff. linux*oldld* | linux*aout* | linux*coff*) dynamic_linker=no ;; # This must be Linux ELF. linux* | k*bsd*-gnu) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH save_LDFLAGS=$LDFLAGS save_libdir=$libdir eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\"" AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])], [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null], [shlibpath_overrides_runpath=yes])]) LDFLAGS=$save_LDFLAGS libdir=$save_libdir # This implies no fast_install, which is unacceptable. # Some rework will be needed to allow for fast_install # before this can be enabled. hardcode_into_libs=yes # Append ld.so.conf contents to the search path if test -f /etc/ld.so.conf; then lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '` sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" fi # We used to test for /lib/ld.so.1 and disable shared libraries on # powerpc, because MkLinux only supported shared libraries with the # GNU dynamic linker. Since this was broken with cross compilers, # most powerpc-linux boxes support dynamic linking these days and # people can always --disable-shared, the test was removed, and we # assume the GNU/Linux dynamic linker is in use. dynamic_linker='GNU/Linux ld.so' ;; netbsd*) version_type=sunos need_lib_prefix=no need_version=no if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' dynamic_linker='NetBSD (a.out) ld.so' else library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' dynamic_linker='NetBSD ld.elf_so' fi shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes ;; newsos6) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes ;; *nto* | *qnx*) version_type=qnx need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes dynamic_linker='ldqnx.so' ;; openbsd*) version_type=sunos sys_lib_dlsearch_path_spec="/usr/lib" need_lib_prefix=no # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs. case $host_os in openbsd3.3 | openbsd3.3.*) need_version=yes ;; *) need_version=no ;; esac library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' shlibpath_var=LD_LIBRARY_PATH if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then case $host_os in openbsd2.[[89]] | openbsd2.[[89]].*) shlibpath_overrides_runpath=no ;; *) shlibpath_overrides_runpath=yes ;; esac else shlibpath_overrides_runpath=yes fi ;; os2*) libname_spec='$name' shrext_cmds=".dll" need_lib_prefix=no library_names_spec='$libname${shared_ext} $libname.a' dynamic_linker='OS/2 ld.exe' shlibpath_var=LIBPATH ;; osf3* | osf4* | osf5*) version_type=osf need_lib_prefix=no need_version=no soname_spec='${libname}${release}${shared_ext}$major' library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec" ;; rdos*) dynamic_linker=no ;; solaris*) version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes # ldd complains unless libraries are executable postinstall_cmds='chmod +x $lib' ;; sunos4*) version_type=sunos library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix' finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes if test "$with_gnu_ld" = yes; then need_lib_prefix=no fi need_version=yes ;; sysv4 | sysv4.3*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH case $host_vendor in sni) shlibpath_overrides_runpath=no need_lib_prefix=no runpath_var=LD_RUN_PATH ;; siemens) need_lib_prefix=no ;; motorola) need_lib_prefix=no need_version=no shlibpath_overrides_runpath=no sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' ;; esac ;; sysv4*MP*) if test -d /usr/nec ;then version_type=linux library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}' soname_spec='$libname${shared_ext}.$major' shlibpath_var=LD_LIBRARY_PATH fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) version_type=freebsd-elf need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=yes hardcode_into_libs=yes if test "$with_gnu_ld" = yes; then sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' else sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' case $host_os in sco3.2v5*) sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" ;; esac fi sys_lib_dlsearch_path_spec='/usr/lib' ;; tpf*) # TPF is a cross-target only. Preferred cross-host = GNU/Linux. version_type=linux need_lib_prefix=no need_version=no library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' shlibpath_var=LD_LIBRARY_PATH shlibpath_overrides_runpath=no hardcode_into_libs=yes ;; uts4*) version_type=linux library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}' soname_spec='${libname}${release}${shared_ext}$major' shlibpath_var=LD_LIBRARY_PATH ;; *) dynamic_linker=no ;; esac AC_MSG_RESULT([$dynamic_linker]) test "$dynamic_linker" = no && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" if test "$GCC" = yes; then variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" fi if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec" fi if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec" fi _LT_DECL([], [variables_saved_for_relink], [1], [Variables whose values should be saved in libtool wrapper scripts and restored at link time]) _LT_DECL([], [need_lib_prefix], [0], [Do we need the "lib" prefix for modules?]) _LT_DECL([], [need_version], [0], [Do we need a version for libraries?]) _LT_DECL([], [version_type], [0], [Library versioning type]) _LT_DECL([], [runpath_var], [0], [Shared library runtime path variable]) _LT_DECL([], [shlibpath_var], [0],[Shared library path variable]) _LT_DECL([], [shlibpath_overrides_runpath], [0], [Is shlibpath searched before the hard-coded library search path?]) _LT_DECL([], [libname_spec], [1], [Format of library name prefix]) _LT_DECL([], [library_names_spec], [1], [[List of archive names. First name is the real one, the rest are links. The last name is the one that the linker finds with -lNAME]]) _LT_DECL([], [soname_spec], [1], [[The coded name of the library, if different from the real name]]) _LT_DECL([], [postinstall_cmds], [2], [Command to use after installation of a shared archive]) _LT_DECL([], [postuninstall_cmds], [2], [Command to use after uninstallation of a shared archive]) _LT_DECL([], [finish_cmds], [2], [Commands used to finish a libtool library installation in a directory]) _LT_DECL([], [finish_eval], [1], [[As "finish_cmds", except a single script fragment to be evaled but not shown]]) _LT_DECL([], [hardcode_into_libs], [0], [Whether we should hardcode library paths into libraries]) _LT_DECL([], [sys_lib_search_path_spec], [2], [Compile-time system search path for libraries]) _LT_DECL([], [sys_lib_dlsearch_path_spec], [2], [Run-time system search path for libraries]) ])# _LT_SYS_DYNAMIC_LINKER # _LT_PATH_TOOL_PREFIX(TOOL) # -------------------------- # find a file program which can recognize shared library AC_DEFUN([_LT_PATH_TOOL_PREFIX], [m4_require([_LT_DECL_EGREP])dnl AC_MSG_CHECKING([for $1]) AC_CACHE_VAL(lt_cv_path_MAGIC_CMD, [case $MAGIC_CMD in [[\\/*] | ?:[\\/]*]) lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path. ;; *) lt_save_MAGIC_CMD="$MAGIC_CMD" lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR dnl $ac_dummy forces splitting on constant user-supplied paths. dnl POSIX.2 word splitting is done only on the output of word expansions, dnl not every word. This closes a longstanding sh security hole. ac_dummy="m4_if([$2], , $PATH, [$2])" for ac_dir in $ac_dummy; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$1; then lt_cv_path_MAGIC_CMD="$ac_dir/$1" if test -n "$file_magic_test_file"; then case $deplibs_check_method in "file_magic "*) file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | $EGREP "$file_magic_regex" > /dev/null; then : else cat <<_LT_EOF 1>&2 *** Warning: the command libtool uses to detect shared libraries, *** $file_magic_cmd, produces output that libtool cannot recognize. *** The result is that libtool may fail to recognize shared libraries *** as such. This will affect the creation of libtool libraries that *** depend on shared libraries, but programs linked with such libtool *** libraries will work regardless of this problem. Nevertheless, you *** may want to report the problem to your system manager and/or to *** bug-libtool@gnu.org _LT_EOF fi ;; esac fi break fi done IFS="$lt_save_ifs" MAGIC_CMD="$lt_save_MAGIC_CMD" ;; esac]) MAGIC_CMD="$lt_cv_path_MAGIC_CMD" if test -n "$MAGIC_CMD"; then AC_MSG_RESULT($MAGIC_CMD) else AC_MSG_RESULT(no) fi _LT_DECL([], [MAGIC_CMD], [0], [Used to examine libraries when file_magic_cmd begins with "file"])dnl ])# _LT_PATH_TOOL_PREFIX # Old name: AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], []) # _LT_PATH_MAGIC # -------------- # find a file program which can recognize a shared library m4_defun([_LT_PATH_MAGIC], [_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH) if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH) else MAGIC_CMD=: fi fi ])# _LT_PATH_MAGIC # LT_PATH_LD # ---------- # find the pathname to the GNU or non-GNU linker AC_DEFUN([LT_PATH_LD], [AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_CANONICAL_BUILD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl AC_ARG_WITH([gnu-ld], [AS_HELP_STRING([--with-gnu-ld], [assume the C compiler uses GNU ld @<:@default=no@:>@])], [test "$withval" = no || with_gnu_ld=yes], [with_gnu_ld=no])dnl ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. AC_MSG_CHECKING([for ld used by $CC]) case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; *) ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; esac case $ac_prog in # Accept absolute paths. [[\\/]]* | ?:[[\\/]]*) re_direlt='/[[^/]][[^/]]*/\.\./' # Canonicalize the pathname of ld ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` done test -z "$LD" && LD="$ac_prog" ;; "") # If it fails, then pretend we aren't using GCC. ac_prog=ld ;; *) # If it is relative, then search for the first ld in PATH. with_gnu_ld=unknown ;; esac elif test "$with_gnu_ld" = yes; then AC_MSG_CHECKING([for GNU ld]) else AC_MSG_CHECKING([for non-GNU ld]) fi AC_CACHE_VAL(lt_cv_path_LD, [if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then lt_cv_path_LD="$ac_dir/$ac_prog" # Check to see if the program is GNU ld. I'd rather use --version, # but apparently some variants of GNU ld only accept -v. # Break only if it was the GNU/non-GNU ld that we prefer. case `"$lt_cv_path_LD" -v 2>&1 &1 /dev/null 2>&1; then lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' lt_cv_file_magic_cmd='func_win32_libid' else lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?' lt_cv_file_magic_cmd='$OBJDUMP -f' fi ;; cegcc) # use the weaker test based on 'objdump'. See mingw*. lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' lt_cv_file_magic_cmd='$OBJDUMP -f' ;; darwin* | rhapsody*) lt_cv_deplibs_check_method=pass_all ;; freebsd* | dragonfly*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then case $host_cpu in i*86 ) # Not sure whether the presence of OpenBSD here was a mistake. # Let's accept both of them until this is cleared up. lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` ;; esac else lt_cv_deplibs_check_method=pass_all fi ;; gnu*) lt_cv_deplibs_check_method=pass_all ;; hpux10.20* | hpux11*) lt_cv_file_magic_cmd=/usr/bin/file case $host_cpu in ia64*) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64' lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so ;; hppa*64*) [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'] lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl ;; *) lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library' lt_cv_file_magic_test_file=/usr/lib/libc.sl ;; esac ;; interix[[3-9]]*) # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$' ;; irix5* | irix6* | nonstopux*) case $LD in *-32|*"-32 ") libmagic=32-bit;; *-n32|*"-n32 ") libmagic=N32;; *-64|*"-64 ") libmagic=64-bit;; *) libmagic=never-match;; esac lt_cv_deplibs_check_method=pass_all ;; # This must be Linux ELF. linux* | k*bsd*-gnu) lt_cv_deplibs_check_method=pass_all ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$' fi ;; newos6*) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)' lt_cv_file_magic_cmd=/usr/bin/file lt_cv_file_magic_test_file=/usr/lib/libnls.so ;; *nto* | *qnx*) lt_cv_deplibs_check_method=pass_all ;; openbsd*) if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$' else lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$' fi ;; osf3* | osf4* | osf5*) lt_cv_deplibs_check_method=pass_all ;; rdos*) lt_cv_deplibs_check_method=pass_all ;; solaris*) lt_cv_deplibs_check_method=pass_all ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) lt_cv_deplibs_check_method=pass_all ;; sysv4 | sysv4.3*) case $host_vendor in motorola) lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]' lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` ;; ncr) lt_cv_deplibs_check_method=pass_all ;; sequent) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )' ;; sni) lt_cv_file_magic_cmd='/bin/file' lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib" lt_cv_file_magic_test_file=/lib/libc.so ;; siemens) lt_cv_deplibs_check_method=pass_all ;; pc) lt_cv_deplibs_check_method=pass_all ;; esac ;; tpf*) lt_cv_deplibs_check_method=pass_all ;; esac ]) file_magic_cmd=$lt_cv_file_magic_cmd deplibs_check_method=$lt_cv_deplibs_check_method test -z "$deplibs_check_method" && deplibs_check_method=unknown _LT_DECL([], [deplibs_check_method], [1], [Method to check whether dependent libraries are shared objects]) _LT_DECL([], [file_magic_cmd], [1], [Command to use when deplibs_check_method == "file_magic"]) ])# _LT_CHECK_MAGIC_METHOD # LT_PATH_NM # ---------- # find the pathname to a BSD- or MS-compatible name lister AC_DEFUN([LT_PATH_NM], [AC_REQUIRE([AC_PROG_CC])dnl AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM, [if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM="$NM" else lt_nm_to_check="${ac_tool_prefix}nm" if test -n "$ac_tool_prefix" && test "$build" = "$host"; then lt_nm_to_check="$lt_nm_to_check nm" fi for lt_tmp_nm in $lt_nm_to_check; do lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do IFS="$lt_save_ifs" test -z "$ac_dir" && ac_dir=. tmp_nm="$ac_dir/$lt_tmp_nm" if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then # Check to see if the nm accepts a BSD-compat flag. # Adding the `sed 1q' prevents false positives on HP-UX, which says: # nm: unknown option "B" ignored # Tru64's nm complains that /dev/null is an invalid object file case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in */dev/null* | *'Invalid file or object type'*) lt_cv_path_NM="$tmp_nm -B" break ;; *) case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in */dev/null*) lt_cv_path_NM="$tmp_nm -p" break ;; *) lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but continue # so that we can try to find one that supports BSD flags ;; esac ;; esac fi done IFS="$lt_save_ifs" done : ${lt_cv_path_NM=no} fi]) if test "$lt_cv_path_NM" != "no"; then NM="$lt_cv_path_NM" else # Didn't find any BSD compatible name lister, look for dumpbin. AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :) AC_SUBST([DUMPBIN]) if test "$DUMPBIN" != ":"; then NM="$DUMPBIN" fi fi test -z "$NM" && NM=nm AC_SUBST([NM]) _LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface], [lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&AS_MESSAGE_LOG_FD (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD) cat conftest.out >&AS_MESSAGE_LOG_FD if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" fi rm -f conftest*]) ])# LT_PATH_NM # Old names: AU_ALIAS([AM_PROG_NM], [LT_PATH_NM]) AU_ALIAS([AC_PROG_NM], [LT_PATH_NM]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_PROG_NM], []) dnl AC_DEFUN([AC_PROG_NM], []) # LT_LIB_M # -------- # check for math library AC_DEFUN([LT_LIB_M], [AC_REQUIRE([AC_CANONICAL_HOST])dnl LIBM= case $host in *-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*) # These system don't have libm, or don't need it ;; *-ncr-sysv4.3*) AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm") ;; *) AC_CHECK_LIB(m, cos, LIBM="-lm") ;; esac AC_SUBST([LIBM]) ])# LT_LIB_M # Old name: AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_CHECK_LIBM], []) # _LT_COMPILER_NO_RTTI([TAGNAME]) # ------------------------------- m4_defun([_LT_COMPILER_NO_RTTI], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= if test "$GCC" = yes; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions], lt_cv_prog_compiler_rtti_exceptions, [-fno-rtti -fno-exceptions], [], [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"]) fi _LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1], [Compiler flag to turn off builtin functions]) ])# _LT_COMPILER_NO_RTTI # _LT_CMD_GLOBAL_SYMBOLS # ---------------------- m4_defun([_LT_CMD_GLOBAL_SYMBOLS], [AC_REQUIRE([AC_CANONICAL_HOST])dnl AC_REQUIRE([AC_PROG_CC])dnl AC_REQUIRE([LT_PATH_NM])dnl AC_REQUIRE([LT_PATH_LD])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_TAG_COMPILER])dnl # Check for command to grab the raw symbol name followed by C symbol from nm. AC_MSG_CHECKING([command to parse $NM output from $compiler object]) AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe], [ # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] # Character class describing NM global symbol codes. symcode='[[BCDEGRST]]' # Regexp to match symbols that can be accessed directly from C. sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)' # Define system-specific variables. case $host_os in aix*) symcode='[[BCDT]]' ;; cygwin* | mingw* | pw32* | cegcc*) symcode='[[ABCDGISTW]]' ;; hpux*) if test "$host_cpu" = ia64; then symcode='[[ABCDEGRST]]' fi ;; irix* | nonstopux*) symcode='[[BCDEGRST]]' ;; osf*) symcode='[[BCDEGQRST]]' ;; solaris*) symcode='[[BDRT]]' ;; sco3.2v5*) symcode='[[DT]]' ;; sysv4.2uw2*) symcode='[[DT]]' ;; sysv5* | sco5v6* | unixware* | OpenUNIX*) symcode='[[ABDT]]' ;; sysv4) symcode='[[DFNSTU]]' ;; esac # If we're using GNU nm, then use its standard symbol codes. case `$NM -V 2>&1` in *GNU* | *'with BFD'*) symcode='[[ABCDGIRSTW]]' ;; esac # Transform an extracted symbol line into a proper C declaration. # Some systems (esp. on ia64) link data and code symbols differently, # so use this general approach. lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'" # Transform an extracted symbol line into symbol name and symbol address lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'" lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'" # Handle CRLF in mingw tool chain opt_cr= case $build_os in mingw*) opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp ;; esac # Try without a prefix underscore, then with it. for ac_symprfx in "" "_"; do # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. symxfrm="\\1 $ac_symprfx\\2 \\2" # Write the raw and C identifiers. if test "$lt_cv_nm_interface" = "MS dumpbin"; then # Fake it for dumpbin and say T for any non-static function # and D for any global variable. # Also find C++ and __fastcall symbols from MSVC++, # which start with @ or ?. lt_cv_sys_global_symbol_pipe="$AWK ['"\ " {last_section=section; section=\$ 3};"\ " /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ " \$ 0!~/External *\|/{next};"\ " / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ " {if(hide[section]) next};"\ " {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\ " {split(\$ 0, a, /\||\r/); split(a[2], s)};"\ " s[1]~/^[@?]/{print s[1], s[1]; next};"\ " s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\ " ' prfx=^$ac_symprfx]" else lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" fi # Check to see that the pipe works correctly. pipe_works=no rm -f conftest* cat > conftest.$ac_ext <<_LT_EOF #ifdef __cplusplus extern "C" { #endif char nm_test_var; void nm_test_func(void); void nm_test_func(void){} #ifdef __cplusplus } #endif int main(){nm_test_var='a';nm_test_func();return(0);} _LT_EOF if AC_TRY_EVAL(ac_compile); then # Now try to grab the symbols. nlist=conftest.nm if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then # Try sorting and uniquifying the output. if sort "$nlist" | uniq > "$nlist"T; then mv -f "$nlist"T "$nlist" else rm -f "$nlist"T fi # Make sure that we snagged all the symbols we need. if $GREP ' nm_test_var$' "$nlist" >/dev/null; then if $GREP ' nm_test_func$' "$nlist" >/dev/null; then cat <<_LT_EOF > conftest.$ac_ext #ifdef __cplusplus extern "C" { #endif _LT_EOF # Now generate the symbol file. eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' cat <<_LT_EOF >> conftest.$ac_ext /* The mapping between symbol names and symbols. */ const struct { const char *name; void *address; } lt__PROGRAM__LTX_preloaded_symbols[[]] = { { "@PROGRAM@", (void *) 0 }, _LT_EOF $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext cat <<\_LT_EOF >> conftest.$ac_ext {0, (void *) 0} }; /* This works around a problem in FreeBSD linker */ #ifdef FREEBSD_WORKAROUND static const void *lt_preloaded_setup() { return lt__PROGRAM__LTX_preloaded_symbols; } #endif #ifdef __cplusplus } #endif _LT_EOF # Now try linking the two files. mv conftest.$ac_objext conftstm.$ac_objext lt_save_LIBS="$LIBS" lt_save_CFLAGS="$CFLAGS" LIBS="conftstm.$ac_objext" CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)" if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then pipe_works=yes fi LIBS="$lt_save_LIBS" CFLAGS="$lt_save_CFLAGS" else echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD fi else echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD fi else echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD cat conftest.$ac_ext >&5 fi rm -rf conftest* conftst* # Do not use the global_symbol_pipe unless it works. if test "$pipe_works" = yes; then break else lt_cv_sys_global_symbol_pipe= fi done ]) if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then AC_MSG_RESULT(failed) else AC_MSG_RESULT(ok) fi _LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1], [Take the output of nm and produce a listing of raw symbols and C names]) _LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1], [Transform the output of nm in a proper C declaration]) _LT_DECL([global_symbol_to_c_name_address], [lt_cv_sys_global_symbol_to_c_name_address], [1], [Transform the output of nm in a C name address pair]) _LT_DECL([global_symbol_to_c_name_address_lib_prefix], [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1], [Transform the output of nm in a C name address pair when lib prefix is needed]) ]) # _LT_CMD_GLOBAL_SYMBOLS # _LT_COMPILER_PIC([TAGNAME]) # --------------------------- m4_defun([_LT_COMPILER_PIC], [m4_require([_LT_TAG_COMPILER])dnl _LT_TAGVAR(lt_prog_compiler_wl, $1)= _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)= AC_MSG_CHECKING([for $compiler option to produce PIC]) m4_if([$1], [CXX], [ # C++ specific cases for pic, static, wl, etc. if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | os2* | pw32* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; *djgpp*) # DJGPP does not support shared libraries at all _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else case $host_os in aix[[4-9]]*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; chorus*) case $cc_basename in cxch68*) # Green Hills C++ Compiler # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" ;; esac ;; dgux*) case $cc_basename in ec++*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; ghcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; freebsd* | dragonfly*) # FreeBSD uses GNU C++ ;; hpux9* | hpux10* | hpux11*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' if test "$host_cpu" != ia64; then _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' fi ;; aCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac ;; *) ;; esac ;; interix*) # This is c89, which is MS Visual C++ (no shared libs) # Anyone wants to do a port? ;; irix5* | irix6* | nonstopux*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' # CC pic flag -KPIC is the default. ;; *) ;; esac ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # KAI C++ Compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; ecpc* ) # old Intel C++ for x86_64 which still supported -KPIC. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; icpc* ) # Intel C++, used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; pgCC* | pgcpp*) # Portland Group C++ compiler _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; cxx*) # Compaq C++ # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xlc* | xlC*) # IBM XL 8.0 on PPC _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; esac ;; esac ;; lynxos*) ;; m88k*) ;; mvs*) case $cc_basename in cxx*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall' ;; *) ;; esac ;; netbsd*) ;; *qnx* | *nto*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,' ;; RCC*) # Rational C++ 2.4.1 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; cxx*) # Digital/Compaq C++ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # Make sure the PIC flag is empty. It appears that all Alpha # Linux and Compaq Tru64 Unix objects are PIC. _LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; *) ;; esac ;; psos*) ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' ;; *) ;; esac ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; lcc*) # Lucid _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' ;; *) ;; esac ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) case $cc_basename in CC*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' ;; *) ;; esac ;; vxworks*) ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ], [ if test "$GCC" = yes; then _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' case $host_os in aix*) # All AIX code is PIC. if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; m68k) # FIXME: we need at least 68020 code to build shared libraries, but # adding the `-m68020' flag to GCC prevents building anything better, # like `-m68040'. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4' ;; esac ;; beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) # PIC is the default for these OSes. ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). # Although the cygwin gcc ignores -fPIC, still need this for old-style # (--disable-auto-import) libraries m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; darwin* | rhapsody*) # PIC is the default on this platform # Common symbols not allowed in MH_DYLIB files _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common' ;; hpux*) # PIC is the default for 64-bit PA HP-UX, but not for 32-bit # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag # sets the default TLS model and affects inlining. case $host_cpu in hppa*64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac ;; interix[[3-9]]*) # Interix 3.x gcc -fpic/-fPIC options generate broken code. # Instead, we relocate shared libraries at runtime. ;; msdosdjgpp*) # Just because we use GCC doesn't mean we suddenly get shared libraries # on systems that don't support them. _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no enable_shared=no ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic fi ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' ;; esac else # PORTME Check for flag to pass linker flags through the system compiler. case $host_os in aix*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' if test "$host_cpu" = ia64; then # AIX 5 now supports IA64 processor _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' else _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp' fi ;; mingw* | cygwin* | pw32* | os2* | cegcc*) # This hack is so that the source file can tell whether it is being # built for inclusion in a dll (and should export symbols for example). m4_if([$1], [GCJ], [], [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT']) ;; hpux9* | hpux10* | hpux11*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but # not for PA HP-UX. case $host_cpu in hppa*64*|ia64*) # +Z the default ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z' ;; esac # Is there a better lt_prog_compiler_static that works with the bundled CC? _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive' ;; irix5* | irix6* | nonstopux*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # PIC (with -KPIC) is the default. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; linux* | k*bsd*-gnu) case $cc_basename in # old Intel for x86_64 which still supported -KPIC. ecc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # icc used to be incompatible with GCC. # ICC 10 doesn't accept -KPIC any more. icc* | ifort*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-static' ;; # Lahey Fortran 8.1. lf95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared' _LT_TAGVAR(lt_prog_compiler_static, $1)='--static' ;; pgcc* | pgf77* | pgf90* | pgf95*) # Portland Group compilers (*not* the Pentium gcc compiler, # which looks to be a dead project) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; ccc*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All Alpha code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; xl*) # IBM XL C 8.0/Fortran 10.1 on PPC _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink' ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' ;; *Sun\ F*) # Sun Fortran 8.3 passes all unrecognized flags to the linker _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' _LT_TAGVAR(lt_prog_compiler_wl, $1)='' ;; esac ;; esac ;; newsos6) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *nto* | *qnx*) # QNX uses GNU C++, but need to define -shared option too, otherwise # it will coredump. _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared' ;; osf3* | osf4* | osf5*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' # All OSF/1 code is PIC. _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; rdos*) _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared' ;; solaris*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' case $cc_basename in f77* | f90* | f95*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';; *) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';; esac ;; sunos4*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4 | sysv4.2uw2* | sysv4.3*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; sysv4*MP*) if test -d /usr/nec ;then _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' fi ;; sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; unicos*) _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,' _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; uts4*) _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic' _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic' ;; *) _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no ;; esac fi ]) case $host_os in # For platforms which do not support PIC, -DPIC is meaningless: *djgpp*) _LT_TAGVAR(lt_prog_compiler_pic, $1)= ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])" ;; esac AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)]) _LT_TAGDECL([wl], [lt_prog_compiler_wl], [1], [How to pass a linker flag through the compiler]) # # Check to make sure the PIC flag actually works. # if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works], [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)], [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [], [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in "" | " "*) ;; *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;; esac], [_LT_TAGVAR(lt_prog_compiler_pic, $1)= _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no]) fi _LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1], [Additional compiler flags for building library objects]) # # Check to make sure the static flag actually works. # wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\" _LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works], _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1), $lt_tmp_static_flag, [], [_LT_TAGVAR(lt_prog_compiler_static, $1)=]) _LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1], [Compiler flag to prevent dynamic linking]) ])# _LT_COMPILER_PIC # _LT_LINKER_SHLIBS([TAGNAME]) # ---------------------------- # See if the linker supports building shared libraries. m4_defun([_LT_LINKER_SHLIBS], [AC_REQUIRE([LT_PATH_LD])dnl AC_REQUIRE([LT_PATH_NM])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl m4_require([_LT_DECL_SED])dnl m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl m4_require([_LT_TAG_COMPILER])dnl AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) m4_if([$1], [CXX], [ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' case $host_os in aix[[4-9]]*) # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi ;; pw32*) _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds" ;; cygwin* | mingw* | cegcc*) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols' ;; *) _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' ;; esac _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] ], [ runpath_var= _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_cmds, $1)= _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(old_archive_from_new_cmds, $1)= _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)= _LT_TAGVAR(thread_safe_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= # include_expsyms should be a list of space-separated symbols to be *always* # included in the symbol list _LT_TAGVAR(include_expsyms, $1)= # exclude_expsyms can be an extended regexp of symbols to exclude # it will be wrapped by ` (' and `)$', so one must not match beginning or # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc', # as well as any symbol that contains `d'. _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'] # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out # platforms (ab)use it in PIC code, but their linkers get confused if # the symbol is explicitly referenced. Since portable code cannot # rely on this symbol name, it's probably fine to never include it in # preloaded symbol tables. # Exclude shared library initialization/finalization symbols. dnl Note also adjust exclude_expsyms for C++ above. extract_expsyms_cmds= case $host_os in cygwin* | mingw* | pw32* | cegcc*) # FIXME: the MSVC++ port hasn't been tested in a loooong time # When not using gcc, we currently assume that we are using # Microsoft Visual C++. if test "$GCC" != yes; then with_gnu_ld=no fi ;; interix*) # we just hope/assume this is gcc and not c89 (= MSVC++) with_gnu_ld=yes ;; openbsd*) with_gnu_ld=no ;; esac _LT_TAGVAR(ld_shlibs, $1)=yes if test "$with_gnu_ld" = yes; then # If archive_cmds runs LD, not CC, wlarc should be empty wlarc='${wl}' # Set some defaults for GNU ld with shared library support. These # are reset later if shared libraries are not supported. Putting them # here allows them to be overridden if necessary. runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # ancient GNU ld didn't support --whole-archive et. al. if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi supports_anon_versioning=no case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11 *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... *\ 2.11.*) ;; # other 2.11 versions *) supports_anon_versioning=yes ;; esac # See if GNU ld supports shared libraries. case $host_os in aix[[3-9]]*) # On AIX/PPC, the GNU linker is very broken if test "$host_cpu" != ia64; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: the GNU linker, at least up to release 2.9.1, is reported *** to be unable to reliably create shared libraries on AIX. *** Therefore, libtool is disabling shared libraries support. If you *** really care for shared libraries, you may want to modify your PATH *** so that a non-GNU linker is found, and then restart. _LT_EOF fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols' if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; gnu* | linux* | tpf* | k*bsd*-gnu) tmp_diet=no if test "$host_os" = linux-dietlibc; then case $cc_basename in diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) esac fi if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ && test "$tmp_diet" = no then tmp_addflag= tmp_sharedflag='-shared' case $cc_basename,$host_cpu in pgcc*) # Portland Group C compiler _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag' ;; pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' tmp_addflag=' $pic_flag -Mnomain' ;; ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 tmp_addflag=' -i_dynamic' ;; efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 tmp_addflag=' -i_dynamic -nofor_main' ;; ifc* | ifort*) # Intel Fortran compiler tmp_addflag=' -nofor_main' ;; lf95*) # Lahey Fortran 8.1 _LT_TAGVAR(whole_archive_flag_spec, $1)= tmp_sharedflag='--shared' ;; xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below) tmp_sharedflag='-qmkshrobj' tmp_addflag= ;; esac case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C 5.9 _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes tmp_sharedflag='-G' ;; *Sun\ F*) # Sun Fortran 8.3 tmp_sharedflag='-G' ;; esac _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi case $cc_basename in xlf*) # IBM XL Fortran 10.1 on PPC cannot create shared libs itself _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir' _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' fi ;; esac else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' wlarc= else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' fi ;; solaris*) if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: The releases 2.8.* of the GNU linker cannot reliably *** create shared libraries on Solaris systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.9.1 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) case `$LD -v 2>&1` in *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*) _LT_TAGVAR(ld_shlibs, $1)=no cat <<_LT_EOF 1>&2 *** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not *** reliably create shared libraries on SCO systems. Therefore, libtool *** is disabling shared libraries support. We urge you to upgrade GNU *** binutils to release 2.16.91.0.3 or newer. Another option is to modify *** your PATH or compiler configuration so that the native linker is *** used, and then restart. _LT_EOF ;; *) # For security reasons, it is highly recommended that you always # use absolute paths for naming shared libraries, and exclude the # DT_RUNPATH tag from executables and libraries. But doing so # requires that you compile everything twice, which is a pain. if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; sunos4*) _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' wlarc= _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then runpath_var= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else # PORTME fill in a description of your system's linker (not GNU ld) case $host_os in aix3*) _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=yes _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' # Note: this linker hardcodes the directories in LIBPATH if there # are no directories specified by -L. _LT_TAGVAR(hardcode_minus_L, $1)=yes if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then # Neither direct hardcoding nor static linking is supported with a # broken collect2. _LT_TAGVAR(hardcode_direct, $1)=unsupported fi ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else # If we're using GNU nm, then we don't want the "-C" option. # -C means demangle to AIX nm, but means don't demangle with GNU nm if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' else _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols' fi aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then aix_use_runtimelinking=yes break fi done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GCC" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi ;; esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; amigaos*) case $host_cpu in powerpc) # see comment about AmigaOS4 .so support _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='' ;; m68k) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac ;; bsdi[[45]]*) _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic ;; cygwin* | mingw* | pw32* | cegcc*) # When not using gcc, we currently assume that we are using # Microsoft Visual C++. # hardcode_libdir_flag_spec is actually meaningless, as there is # no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' ' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Tell ltmain to make .lib files, not .a files. libext=lib # Tell ltmain to make .dll files, not .so files. shrext_cmds=".dll" # FIXME: Setting linknames here is a bad hack. _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames=' # The linker will automatically build a .lib file if we build a DLL. _LT_TAGVAR(old_archive_from_new_cmds, $1)='true' # FIXME: Should let the user specify the lib program. _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs' _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`' _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; freebsd1*) _LT_TAGVAR(ld_shlibs, $1)=no ;; # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor # support. Future versions do this automatically, but an explicit c++rt0.o # does not break anything, and helps significantly (at the cost of a little # extra space). freebsd2.2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # Unfortunately, older versions of FreeBSD 2 do not have this feature. freebsd2*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; # FreeBSD 3 and greater uses gcc -shared to do shared libraries. freebsd* | dragonfly*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; hpux9*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; hpux10*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes fi ;; hpux11*) if test "$GCC" = yes -a "$with_gnu_ld" = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac else case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags' ;; esac fi if test "$with_gnu_ld" = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # hardcode_minus_L: Not really in the search PATH, # but as the default location of the library. _LT_TAGVAR(hardcode_minus_L, $1)=yes ;; esac fi ;; irix5* | irix6* | nonstopux*) if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' # Try to use the -exported_symbol ld option, if it does not # work, assume that -exports_file does not work either and # implicitly export all symbols. save_LDFLAGS="$LDFLAGS" LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null" AC_LINK_IFELSE(int foo(void) {}, _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib' ) LDFLAGS="$save_LDFLAGS" else _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes _LT_TAGVAR(link_all_deplibs, $1)=yes ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out else _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; newsos6) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *nto* | *qnx*) ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' else case $host_os in openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*) _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' ;; esac fi else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; os2*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def' _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def' ;; osf3*) if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; osf4* | osf5*) # as osf3* with the addition of -msym flag if test "$GCC" = yes; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' else _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp' # Both c and cxx compiler support -rpath directly _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' fi _LT_TAGVAR(archive_cmds_need_lc, $1)='no' _LT_TAGVAR(hardcode_libdir_separator, $1)=: ;; solaris*) _LT_TAGVAR(no_undefined_flag, $1)=' -z defs' if test "$GCC" = yes; then wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' else case `$CC -V 2>&1` in *"Compilers 5.0"*) wlarc='' _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' ;; *) wlarc='${wl}' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' ;; esac fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. GCC discards it without `$wl', # but is careful enough not to reorder. # Supported since Solaris 2.6 (maybe 2.5.1?) if test "$GCC" = yes; then _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' else _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' fi ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes ;; sunos4*) if test "x$host_vendor" = xsequent; then # Use $CC to link under sequent, because it throws in some extra .o # files that make .init and .fini sections work. _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4) case $host_vendor in sni) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true??? ;; siemens) ## LD is ld it makes a PLAMLIB ## CC just makes a GrossModule. _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs' _LT_TAGVAR(hardcode_direct, $1)=no ;; motorola) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie ;; esac runpath_var='LD_RUN_PATH' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; sysv4.3*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport' ;; sysv4*MP*) if test -d /usr/nec; then _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var=LD_RUN_PATH hardcode_runpath_var=yes _LT_TAGVAR(ld_shlibs, $1)=yes fi ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' if test "$GCC" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' else _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' fi ;; uts4*) _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(ld_shlibs, $1)=no ;; esac if test x$host_vendor = xsni; then case $host in sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym' ;; esac fi fi ]) AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld _LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl _LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl _LT_DECL([], [extract_expsyms_cmds], [2], [The commands to extract the exported symbol list from a shared archive]) # # Do we need to explicitly link libc? # case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in x|xyes) # Assume -lc should be added _LT_TAGVAR(archive_cmds_need_lc, $1)=yes if test "$enable_shared" = yes && test "$GCC" = yes; then case $_LT_TAGVAR(archive_cmds, $1) in *'~'*) # FIXME: we may have to deal with multi-command sequences. ;; '$CC '*) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. AC_MSG_CHECKING([whether -lc should be explicitly linked in]) $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if AC_TRY_EVAL(ac_compile) 2>conftest.err; then soname=conftest lib=conftest libobjs=conftest.$ac_objext deplibs= wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1) compiler_flags=-v linker_flags=-v verstring= output_objdir=. libname=conftest lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1) _LT_TAGVAR(allow_undefined_flag, $1)= if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) then _LT_TAGVAR(archive_cmds_need_lc, $1)=no else _LT_TAGVAR(archive_cmds_need_lc, $1)=yes fi _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag else cat conftest.err 1>&5 fi $RM conftest* AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)]) ;; esac fi ;; esac _LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0], [Whether or not to add -lc for building shared libraries]) _LT_TAGDECL([allow_libtool_libs_with_static_runtimes], [enable_shared_with_static_runtimes], [0], [Whether or not to disallow shared libs when runtime libs are static]) _LT_TAGDECL([], [export_dynamic_flag_spec], [1], [Compiler flag to allow reflexive dlopens]) _LT_TAGDECL([], [whole_archive_flag_spec], [1], [Compiler flag to generate shared objects directly from archives]) _LT_TAGDECL([], [compiler_needs_object], [1], [Whether the compiler copes with passing no objects directly]) _LT_TAGDECL([], [old_archive_from_new_cmds], [2], [Create an old-style archive from a shared archive]) _LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2], [Create a temporary old-style archive to link instead of a shared archive]) _LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive]) _LT_TAGDECL([], [archive_expsym_cmds], [2]) _LT_TAGDECL([], [module_cmds], [2], [Commands used to build a loadable module if different from building a shared archive.]) _LT_TAGDECL([], [module_expsym_cmds], [2]) _LT_TAGDECL([], [with_gnu_ld], [1], [Whether we are building with GNU ld or not]) _LT_TAGDECL([], [allow_undefined_flag], [1], [Flag that allows shared libraries with undefined symbols to be built]) _LT_TAGDECL([], [no_undefined_flag], [1], [Flag that enforces no undefined symbols]) _LT_TAGDECL([], [hardcode_libdir_flag_spec], [1], [Flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]) _LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1], [[If ld is used when linking, flag to hardcode $libdir into a binary during linking. This must work even if $libdir does not exist]]) _LT_TAGDECL([], [hardcode_libdir_separator], [1], [Whether we need a single "-rpath" flag with a separated argument]) _LT_TAGDECL([], [hardcode_direct], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_direct_absolute], [0], [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes DIR into the resulting binary and the resulting library dependency is "absolute", i.e impossible to change by setting ${shlibpath_var} if the library is relocated]) _LT_TAGDECL([], [hardcode_minus_L], [0], [Set to "yes" if using the -LDIR flag during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_shlibpath_var], [0], [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR into the resulting binary]) _LT_TAGDECL([], [hardcode_automatic], [0], [Set to "yes" if building a shared library automatically hardcodes DIR into the library and all subsequent libraries and executables linked against it]) _LT_TAGDECL([], [inherit_rpath], [0], [Set to yes if linker adds runtime paths of dependent libraries to runtime path list]) _LT_TAGDECL([], [link_all_deplibs], [0], [Whether libtool must link a program against all its dependency libraries]) _LT_TAGDECL([], [fix_srcfile_path], [1], [Fix the shell variable $srcfile for the compiler]) _LT_TAGDECL([], [always_export_symbols], [0], [Set to "yes" if exported symbols are required]) _LT_TAGDECL([], [export_symbols_cmds], [2], [The commands to list exported symbols]) _LT_TAGDECL([], [exclude_expsyms], [1], [Symbols that should not be listed in the preloaded symbols]) _LT_TAGDECL([], [include_expsyms], [1], [Symbols that must always be exported]) _LT_TAGDECL([], [prelink_cmds], [2], [Commands necessary for linking programs (against libraries) with templates]) _LT_TAGDECL([], [file_list_spec], [1], [Specify filename containing input files]) dnl FIXME: Not yet implemented dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1], dnl [Compiler flag to generate thread safe objects]) ])# _LT_LINKER_SHLIBS # _LT_LANG_C_CONFIG([TAG]) # ------------------------ # Ensure that the configuration variables for a C compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_C_CONFIG], [m4_require([_LT_DECL_EGREP])dnl lt_save_CC="$CC" AC_LANG_PUSH(C) # Source file extension for C test sources. ac_ext=c # Object file extension for compiled C test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(){return(0);}' _LT_TAG_COMPILER # Save the default compiler, since it gets overwritten when the other # tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. compiler_DEFAULT=$CC # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) LT_SYS_DLOPEN_SELF _LT_CMD_STRIPLIB # Report which library types will actually be built AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_CONFIG($1) fi AC_LANG_POP CC="$lt_save_CC" ])# _LT_LANG_C_CONFIG # _LT_PROG_CXX # ------------ # Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++ # compiler, we have our own version here. m4_defun([_LT_PROG_CXX], [ pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes]) AC_PROG_CXX if test -n "$CXX" && ( test "X$CXX" != "Xno" && ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) || (test "X$CXX" != "Xg++"))) ; then AC_PROG_CXXCPP else _lt_caught_CXX_error=yes fi popdef([AC_MSG_ERROR]) ])# _LT_PROG_CXX dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([_LT_PROG_CXX], []) # _LT_LANG_CXX_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a C++ compiler are suitably # defined. These variables are subsequently used by _LT_CONFIG to write # the compiler configuration to `libtool'. m4_defun([_LT_LANG_CXX_CONFIG], [AC_REQUIRE([_LT_PROG_CXX])dnl m4_require([_LT_FILEUTILS_DEFAULTS])dnl m4_require([_LT_DECL_EGREP])dnl AC_LANG_PUSH(C++) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(compiler_needs_object, $1)=no _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for C++ test sources. ac_ext=cpp # Object file extension for compiled C++ test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the CXX compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_caught_CXX_error" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="int some_variable = 0;" # Code to be used in simple link tests lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC=$CC lt_save_LD=$LD lt_save_GCC=$GCC GCC=$GXX lt_save_with_gnu_ld=$with_gnu_ld lt_save_path_LD=$lt_cv_path_LD if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx else $as_unset lt_cv_prog_gnu_ld fi if test -n "${lt_cv_path_LDCXX+set}"; then lt_cv_path_LD=$lt_cv_path_LDCXX else $as_unset lt_cv_path_LD fi test -z "${LDCXX+set}" || LD=$LDCXX CC=${CXX-"c++"} compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then # We don't want -fno-exception when compiling C++ code, so set the # no_builtin_flag separately if test "$GXX" = yes; then _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin' else _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)= fi if test "$GXX" = yes; then # Set up default GNU C++ configuration LT_PATH_LD # Check if GNU C++ uses GNU ld as the underlying linker, since the # archiving commands below assume that GNU ld is being used. if test "$with_gnu_ld" = yes; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # If archive_cmds runs LD, not CC, wlarc should be empty # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to # investigate it a little bit more. (MM) wlarc='${wl}' # ancient GNU ld didn't support --whole-archive et. al. if eval "`$CC -print-prog-name=ld` --help 2>&1" | $GREP 'no-whole-archive' > /dev/null; then _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' else _LT_TAGVAR(whole_archive_flag_spec, $1)= fi else with_gnu_ld=no wlarc= # A generic and very simple default shared library creation # command for GNU C++ for the case where it uses the native # linker, instead of GNU ld. If possible, this setting should # overridden to take advantage of the native linker features on # the platform it is being used on. _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' fi # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' else GXX=no with_gnu_ld=no wlarc= fi # PORTME: fill in a description of your system's C++ link characteristics AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries]) _LT_TAGVAR(ld_shlibs, $1)=yes case $host_os in aix3*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aix[[4-9]]*) if test "$host_cpu" = ia64; then # On IA64, the linker does run time linking by default, so we don't # have to do anything special. aix_use_runtimelinking=no exp_sym_flag='-Bexport' no_entry_flag="" else aix_use_runtimelinking=no # Test if we are trying to use run time linking or normal # AIX style linking. If -brtl is somewhere in LDFLAGS, we # need to do runtime linking. case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*) for ld_flag in $LDFLAGS; do case $ld_flag in *-brtl*) aix_use_runtimelinking=yes break ;; esac done ;; esac exp_sym_flag='-bexport' no_entry_flag='-bnoentry' fi # When large executables or shared objects are built, AIX ld can # have problems creating the table of contents. If linking a library # or program results in "error TOC overflow" add -mminimal-toc to # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. _LT_TAGVAR(archive_cmds, $1)='' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(file_list_spec, $1)='${wl}-f,' if test "$GXX" = yes; then case $host_os in aix4.[[012]]|aix4.[[012]].*) # We only want to do this on AIX 4.2 and lower, the check # below for broken collect2 doesn't work under 4.3+ collect2name=`${CC} -print-prog-name=collect2` if test -f "$collect2name" && strings "$collect2name" | $GREP resolve_lib_name >/dev/null then # We have reworked collect2 : else # We have old collect2 _LT_TAGVAR(hardcode_direct, $1)=unsupported # It fails to find uninstalled libraries when the uninstalled # path is not listed in the libpath. Setting hardcode_minus_L # to unsupported forces relinking _LT_TAGVAR(hardcode_minus_L, $1)=yes _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)= fi esac shared_flag='-shared' if test "$aix_use_runtimelinking" = yes; then shared_flag="$shared_flag "'${wl}-G' fi else # not using gcc if test "$host_cpu" = ia64; then # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release # chokes on -Wl,-G. The following line is correct: shared_flag='-G' else if test "$aix_use_runtimelinking" = yes; then shared_flag='${wl}-G' else shared_flag='${wl}-bM:SRE' fi fi fi _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall' # It seems that -bexpall does not export symbols beginning with # underscore (_), so it is better to generate a list of symbols to # export. _LT_TAGVAR(always_export_symbols, $1)=yes if test "$aix_use_runtimelinking" = yes; then # Warning - without using the other runtime loading flags (-brtl), # -berok will link without error, but may produce a broken library. _LT_TAGVAR(allow_undefined_flag, $1)='-berok' # Determine the default libpath from the value encoded in an empty # executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag" else if test "$host_cpu" = ia64; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib' _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs" _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols" else # Determine the default libpath from the value encoded in an # empty executable. _LT_SYS_MODULE_PATH_AIX _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath" # Warning - without using the other run time loading flags, # -berok will link without error, but may produce a broken library. _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok' _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok' # Exported symbols can be pulled into shared objects from archives _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience' _LT_TAGVAR(archive_cmds_need_lc, $1)=yes # This is similar to how AIX traditionally builds its shared # libraries. _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname' fi fi ;; beos*) if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then _LT_TAGVAR(allow_undefined_flag, $1)=unsupported # Joseph Beckenbach says some releases of gcc # support --undefined. This deserves some investigation. FIXME _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; chorus*) case $cc_basename in *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; cygwin* | mingw* | pw32* | cegcc*) # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless, # as there is no search path for DLLs. _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir' _LT_TAGVAR(allow_undefined_flag, $1)=unsupported _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' # If the export-symbols file already is a .def file (1st line # is EXPORTS), use it as is; otherwise, prepend... _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then cp $export_symbols $output_objdir/$soname.def; else echo EXPORTS > $output_objdir/$soname.def; cat $export_symbols >> $output_objdir/$soname.def; fi~ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; darwin* | rhapsody*) _LT_DARWIN_LINKER_FEATURES($1) ;; dgux*) case $cc_basename in ec++*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; ghcx*) # Green Hills C++ Compiler # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; freebsd[[12]]*) # C++ shared libraries reported to be fairly broken before # switch to ELF _LT_TAGVAR(ld_shlibs, $1)=no ;; freebsd-elf*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; freebsd* | dragonfly*) # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF # conventions _LT_TAGVAR(ld_shlibs, $1)=yes ;; gnu*) ;; hpux9*) _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' ;; *) if test "$GXX" = yes; then _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; hpux10*|hpux11*) if test $with_gnu_ld = no; then _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: case $host_cpu in hppa*64*|ia64*) ;; *) _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' ;; esac fi case $host_cpu in hppa*64*|ia64*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no ;; *) _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH, # but as the default # location of the library. ;; esac case $cc_basename in CC*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; aCC*) case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' ;; *) if test "$GXX" = yes; then if test $with_gnu_ld = no; then case $host_cpu in hppa*64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; ia64*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' ;; esac fi else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; interix[[3-9]]*) _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. # Instead, shared libraries are loaded at an image base (0x10000000 by # default) and relocated if they conflict, which is a slow very memory # consuming and fragmenting process. To avoid this, we pick a random, # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link # time. Moving up from 0x10000000 also allows more sbrk(2) space. _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' ;; irix5* | irix6*) case $cc_basename in CC*) # SGI C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' # Archives containing C++ object files must be created using # "CC -ar", where "CC" is the IRIX C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs' ;; *) if test "$GXX" = yes; then if test "$with_gnu_ld" = no; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' else _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib' fi fi _LT_TAGVAR(link_all_deplibs, $1)=yes ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: _LT_TAGVAR(inherit_rpath, $1)=yes ;; linux* | k*bsd*-gnu) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' # Archives containing C++ object files must be created using # "CC -Bstatic", where "CC" is the KAI C++ compiler. _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; icpc* | ecpc* ) # Intel C++ with_gnu_ld=yes # version 8.0 and above of icpc choke on multiply defined symbols # if we add $predep_objects and $postdep_objects, however 7.1 and # earlier do not add the objects themselves. case `$CC -V 2>&1` in *"Version 7."*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; *) # Version 8.0 or newer tmp_idyn= case $host_cpu in ia64*) tmp_idyn=' -i_dynamic';; esac _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib' ;; esac _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive' ;; pgCC* | pgcpp*) # Portland Group C++ compiler case `$CC -V` in *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*) _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"' _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~ $RANLIB $oldlib' _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~ rm -rf $tpldir~ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; *) # Version 6 will use weak symbols _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' ;; cxx*) # Compaq C++ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols' runpath_var=LD_RUN_PATH _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' ;; xl*) # IBM XL 8.0 on PPC, with GNU ld _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic' _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib' if test "x$supports_anon_versioning" = xyes; then _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ echo "local: *; };" >> $output_objdir/$libname.ver~ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib' fi ;; *) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive' _LT_TAGVAR(compiler_needs_object, $1)=yes # Not sure whether something based on # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 # would be better. output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; esac ;; esac ;; lynxos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; m88k*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; mvs*) case $cc_basename in cxx*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; netbsd*) if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' wlarc= _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no fi # Workaround some broken pre-1.5 toolchains output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' ;; *nto* | *qnx*) _LT_TAGVAR(ld_shlibs, $1)=yes ;; openbsd2*) # C++ shared libraries are fairly broken _LT_TAGVAR(ld_shlibs, $1)=no ;; openbsd*) if test -f /usr/libexec/ld.so; then _LT_TAGVAR(hardcode_direct, $1)=yes _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=yes _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib' _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E' _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive' fi output_verbose_link_cmd=echo else _LT_TAGVAR(ld_shlibs, $1)=no fi ;; osf3* | osf4* | osf5*) case $cc_basename in KCC*) # Kuck and Associates, Inc. (KAI) C++ Compiler # KCC will only create a shared library if the output file # ends with ".so" (or ".sl" for HP-UX), so rename the library # to its proper name (with version) after linking. _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Archives containing C++ object files must be created using # the KAI C++ compiler. case $host in osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;; *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;; esac ;; RCC*) # Rational C++ 2.4.1 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; cxx*) case $host in osf3*) _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' ;; *) _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*' _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ echo "-hidden">> $lib.exp~ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~ $RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir' ;; esac _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. # # There doesn't appear to be a way to prevent this compiler from # explicitly linking system object files so we need to strip them # from the output so that they don't get included in the library # dependencies. output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed' ;; *) if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*' case $host in osf3*) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib' ;; esac _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=: # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' else # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no fi ;; esac ;; psos*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; sunos4*) case $cc_basename in CC*) # Sun C++ 4.x # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; lcc*) # Lucid # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; solaris*) case $cc_basename in CC*) # Sun C++ 4.2, 5.x and Centerline C++ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs' _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir' _LT_TAGVAR(hardcode_shlibpath_var, $1)=no case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) # The compiler driver will combine and reorder linker options, # but understands `-z linker_flag'. # Supported since Solaris 2.6 (maybe 2.5.1?) _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract' ;; esac _LT_TAGVAR(link_all_deplibs, $1)=yes output_verbose_link_cmd='echo' # Archives containing C++ object files must be created using # "CC -xar", where "CC" is the Sun C++ compiler. This is # necessary to make sure instantiated templates are included # in the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs' ;; gcx*) # Green Hills C++ Compiler _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' # The C++ compiler must be used to create the archive. _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs' ;; *) # GNU C++ compiler with Solaris linker if test "$GXX" = yes && test "$with_gnu_ld" = no; then _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs' if $CC --version | $GREP -v '^2\.7' > /dev/null; then _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' else # g++ 2.7 appears to require `-G' NOT `-shared' on this # platform. _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib' _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' # Commands to make compiler produce verbose output that lists # what "hidden" libraries, object files and flags are used when # linking a shared library. output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"' fi _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir' case $host_os in solaris2.[[0-5]] | solaris2.[[0-5]].*) ;; *) _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract' ;; esac fi ;; esac ;; sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*) _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; sysv5* | sco3.2v5* | sco5v6*) # Note: We can NOT use -z defs as we might desire, because we do not # link with -lc, and that would cause any symbols used from libc to # always be unresolved, which means just about no library would # ever link correctly. If we're not using GNU ld we use -z text # though, which does catch some bad symbols but isn't as heavy-handed # as -z defs. _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text' _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs' _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(hardcode_shlibpath_var, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir' _LT_TAGVAR(hardcode_libdir_separator, $1)=':' _LT_TAGVAR(link_all_deplibs, $1)=yes _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport' runpath_var='LD_RUN_PATH' case $cc_basename in CC*) _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; *) _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags' ;; esac ;; tandem*) case $cc_basename in NCC*) # NonStop-UX NCC 3.20 # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac ;; vxworks*) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; *) # FIXME: insert proper C++ library support _LT_TAGVAR(ld_shlibs, $1)=no ;; esac AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)]) test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no _LT_TAGVAR(GCC, $1)="$GXX" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" CC=$lt_save_CC LDCXX=$LD LD=$lt_save_LD GCC=$lt_save_GCC with_gnu_ld=$lt_save_with_gnu_ld lt_cv_path_LDCXX=$lt_cv_path_LD lt_cv_path_LD=$lt_save_path_LD lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld fi # test "$_lt_caught_CXX_error" != yes AC_LANG_POP ])# _LT_LANG_CXX_CONFIG # _LT_SYS_HIDDEN_LIBDEPS([TAGNAME]) # --------------------------------- # Figure out "hidden" library dependencies from verbose # compiler output when linking a shared library. # Parse the compiler output and extract the necessary # objects, libraries and library flags. m4_defun([_LT_SYS_HIDDEN_LIBDEPS], [m4_require([_LT_FILEUTILS_DEFAULTS])dnl # Dependencies to place before and after the object being linked: _LT_TAGVAR(predep_objects, $1)= _LT_TAGVAR(postdep_objects, $1)= _LT_TAGVAR(predeps, $1)= _LT_TAGVAR(postdeps, $1)= _LT_TAGVAR(compiler_lib_search_path, $1)= dnl we can't use the lt_simple_compile_test_code here, dnl because it contains code intended for an executable, dnl not a library. It's possible we should let each dnl tag define a new lt_????_link_test_code variable, dnl but it's only used here... m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF int a; void foo (void) { a = 0; } _LT_EOF ], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF class Foo { public: Foo (void) { a = 0; } private: int a; }; _LT_EOF ], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer*4 a a=0 return end _LT_EOF ], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF subroutine foo implicit none integer a a=0 return end _LT_EOF ], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF public class foo { private int a; public void bar (void) { a = 0; } }; _LT_EOF ]) dnl Parse the compiler output and extract the necessary dnl objects, libraries and library flags. if AC_TRY_EVAL(ac_compile); then # Parse the compiler output and extract the necessary # objects, libraries and library flags. # Sentinel used to keep track of whether or not we are before # the conftest object file. pre_test_object_deps_done=no for p in `eval "$output_verbose_link_cmd"`; do case $p in -L* | -R* | -l*) # Some compilers place space between "-{L,R}" and the path. # Remove the space. if test $p = "-L" || test $p = "-R"; then prev=$p continue else prev= fi if test "$pre_test_object_deps_done" = no; then case $p in -L* | -R*) # Internal compiler library paths should come after those # provided the user. The postdeps already come after the # user supplied libs so there is no need to process them. if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}" else _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}" fi ;; # The "-l" case would never come before the object being # linked, so don't bother handling this case. esac else if test -z "$_LT_TAGVAR(postdeps, $1)"; then _LT_TAGVAR(postdeps, $1)="${prev}${p}" else _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}" fi fi ;; *.$objext) # This assumes that the test object file only shows up # once in the compiler output. if test "$p" = "conftest.$objext"; then pre_test_object_deps_done=yes continue fi if test "$pre_test_object_deps_done" = no; then if test -z "$_LT_TAGVAR(predep_objects, $1)"; then _LT_TAGVAR(predep_objects, $1)="$p" else _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p" fi else if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then _LT_TAGVAR(postdep_objects, $1)="$p" else _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p" fi fi ;; *) ;; # Ignore the rest. esac done # Clean up. rm -f a.out a.exe else echo "libtool.m4: error: problem compiling $1 test program" fi $RM -f confest.$objext # PORTME: override above test on systems where it is broken m4_if([$1], [CXX], [case $host_os in interix[[3-9]]*) # Interix 3.5 installs completely hosed .la files for C++, so rather than # hack all around it, let's just trust "g++" to DTRT. _LT_TAGVAR(predep_objects,$1)= _LT_TAGVAR(postdep_objects,$1)= _LT_TAGVAR(postdeps,$1)= ;; linux*) case `$CC -V 2>&1 | sed 5q` in *Sun\ C*) # Sun C++ 5.9 # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; solaris*) case $cc_basename in CC*) # The more standards-conforming stlport4 library is # incompatible with the Cstd library. Avoid specifying # it if it's in CXXFLAGS. Ignore libCrun as # -library=stlport4 depends on it. case " $CXX $CXXFLAGS " in *" -library=stlport4 "*) solaris_use_stlport4=yes ;; esac # Adding this requires a known-good setup of shared libraries for # Sun compiler versions before 5.6, else PIC objects from an old # archive will be linked into the output, leading to subtle bugs. if test "$solaris_use_stlport4" != yes; then _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun' fi ;; esac ;; esac ]) case " $_LT_TAGVAR(postdeps, $1) " in *" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;; esac _LT_TAGVAR(compiler_lib_search_dirs, $1)= if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'` fi _LT_TAGDECL([], [compiler_lib_search_dirs], [1], [The directories searched by this compiler when creating a shared library]) _LT_TAGDECL([], [predep_objects], [1], [Dependencies to place before and after the objects being linked to create a shared library]) _LT_TAGDECL([], [postdep_objects], [1]) _LT_TAGDECL([], [predeps], [1]) _LT_TAGDECL([], [postdeps], [1]) _LT_TAGDECL([], [compiler_lib_search_path], [1], [The library search path used internally by the compiler when linking a shared library]) ])# _LT_SYS_HIDDEN_LIBDEPS # _LT_PROG_F77 # ------------ # Since AC_PROG_F77 is broken, in that it returns the empty string # if there is no fortran compiler, we have our own version here. m4_defun([_LT_PROG_F77], [ pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes]) AC_PROG_F77 if test -z "$F77" || test "X$F77" = "Xno"; then _lt_disable_F77=yes fi popdef([AC_MSG_ERROR]) ])# _LT_PROG_F77 dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([_LT_PROG_F77], []) # _LT_LANG_F77_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for a Fortran 77 compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_F77_CONFIG], [AC_REQUIRE([_LT_PROG_F77])dnl AC_LANG_PUSH(Fortran 77) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for f77 test sources. ac_ext=f # Object file extension for compiled f77 test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the F77 compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_F77" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC CC=${F77-"f77"} compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) GCC=$G77 if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$G77" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC="$lt_save_CC" fi # test "$_lt_disable_F77" != yes AC_LANG_POP ])# _LT_LANG_F77_CONFIG # _LT_PROG_FC # ----------- # Since AC_PROG_FC is broken, in that it returns the empty string # if there is no fortran compiler, we have our own version here. m4_defun([_LT_PROG_FC], [ pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes]) AC_PROG_FC if test -z "$FC" || test "X$FC" = "Xno"; then _lt_disable_FC=yes fi popdef([AC_MSG_ERROR]) ])# _LT_PROG_FC dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([_LT_PROG_FC], []) # _LT_LANG_FC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for a Fortran compiler are # suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_FC_CONFIG], [AC_REQUIRE([_LT_PROG_FC])dnl AC_LANG_PUSH(Fortran) _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(allow_undefined_flag, $1)= _LT_TAGVAR(always_export_symbols, $1)=no _LT_TAGVAR(archive_expsym_cmds, $1)= _LT_TAGVAR(export_dynamic_flag_spec, $1)= _LT_TAGVAR(hardcode_direct, $1)=no _LT_TAGVAR(hardcode_direct_absolute, $1)=no _LT_TAGVAR(hardcode_libdir_flag_spec, $1)= _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)= _LT_TAGVAR(hardcode_libdir_separator, $1)= _LT_TAGVAR(hardcode_minus_L, $1)=no _LT_TAGVAR(hardcode_automatic, $1)=no _LT_TAGVAR(inherit_rpath, $1)=no _LT_TAGVAR(module_cmds, $1)= _LT_TAGVAR(module_expsym_cmds, $1)= _LT_TAGVAR(link_all_deplibs, $1)=unknown _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds _LT_TAGVAR(no_undefined_flag, $1)= _LT_TAGVAR(whole_archive_flag_spec, $1)= _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no # Source file extension for fc test sources. ac_ext=${ac_fc_srcext-f} # Object file extension for compiled fc test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # No sense in running all these tests if we already determined that # the FC compiler isn't working. Some variables (like enable_shared) # are currently assumed to apply to all compilers on this platform, # and will be corrupted by setting them based on a non-working compiler. if test "$_lt_disable_FC" != yes; then # Code to be used in simple compile tests lt_simple_compile_test_code="\ subroutine t return end " # Code to be used in simple link tests lt_simple_link_test_code="\ program t end " # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC CC=${FC-"f95"} compiler=$CC GCC=$ac_cv_fc_compiler_gnu _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) if test -n "$compiler"; then AC_MSG_CHECKING([if libtool supports shared libraries]) AC_MSG_RESULT([$can_build_shared]) AC_MSG_CHECKING([whether to build shared libraries]) test "$can_build_shared" = "no" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and # are all built from PIC. case $host_os in aix3*) test "$enable_shared" = yes && enable_static=no if test -n "$RANLIB"; then archive_cmds="$archive_cmds~\$RANLIB \$lib" postinstall_cmds='$RANLIB $lib' fi ;; aix[[4-9]]*) if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then test "$enable_shared" = yes && enable_static=no fi ;; esac AC_MSG_RESULT([$enable_shared]) AC_MSG_CHECKING([whether to build static libraries]) # Make sure either enable_shared or enable_static is yes. test "$enable_shared" = yes || enable_static=yes AC_MSG_RESULT([$enable_static]) _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu" _LT_TAGVAR(LD, $1)="$LD" ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... _LT_SYS_HIDDEN_LIBDEPS($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_SYS_DYNAMIC_LINKER($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi # test -n "$compiler" GCC=$lt_save_GCC CC="$lt_save_CC" fi # test "$_lt_disable_FC" != yes AC_LANG_POP ])# _LT_LANG_FC_CONFIG # _LT_LANG_GCJ_CONFIG([TAG]) # -------------------------- # Ensure that the configuration variables for the GNU Java Compiler compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_GCJ_CONFIG], [AC_REQUIRE([LT_PROG_GCJ])dnl AC_LANG_SAVE # Source file extension for Java test sources. ac_ext=java # Object file extension for compiled Java test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code="class foo {}" # Code to be used in simple link tests lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }' # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC GCC=yes CC=${GCJ-"gcj"} compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_TAGVAR(LD, $1)="$LD" _LT_CC_BASENAME([$compiler]) # GCJ did not exist at the time GCC didn't implicitly link libc in. _LT_TAGVAR(archive_cmds_need_lc, $1)=no _LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds ## CAVEAT EMPTOR: ## There is no encapsulation within the following macros, do not change ## the running order or otherwise move them around unless you know exactly ## what you are doing... if test -n "$compiler"; then _LT_COMPILER_NO_RTTI($1) _LT_COMPILER_PIC($1) _LT_COMPILER_C_O($1) _LT_COMPILER_FILE_LOCKS($1) _LT_LINKER_SHLIBS($1) _LT_LINKER_HARDCODE_LIBPATH($1) _LT_CONFIG($1) fi AC_LANG_RESTORE GCC=$lt_save_GCC CC="$lt_save_CC" ])# _LT_LANG_GCJ_CONFIG # _LT_LANG_RC_CONFIG([TAG]) # ------------------------- # Ensure that the configuration variables for the Windows resource compiler # are suitably defined. These variables are subsequently used by _LT_CONFIG # to write the compiler configuration to `libtool'. m4_defun([_LT_LANG_RC_CONFIG], [AC_REQUIRE([LT_PROG_RC])dnl AC_LANG_SAVE # Source file extension for RC test sources. ac_ext=rc # Object file extension for compiled RC test sources. objext=o _LT_TAGVAR(objext, $1)=$objext # Code to be used in simple compile tests lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }' # Code to be used in simple link tests lt_simple_link_test_code="$lt_simple_compile_test_code" # ltmain only uses $CC for tagged configurations so make sure $CC is set. _LT_TAG_COMPILER # save warnings/boilerplate of simple test code _LT_COMPILER_BOILERPLATE _LT_LINKER_BOILERPLATE # Allow CC to be a program name with arguments. lt_save_CC="$CC" lt_save_GCC=$GCC GCC= CC=${RC-"windres"} compiler=$CC _LT_TAGVAR(compiler, $1)=$CC _LT_CC_BASENAME([$compiler]) _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes if test -n "$compiler"; then : _LT_CONFIG($1) fi GCC=$lt_save_GCC AC_LANG_RESTORE CC="$lt_save_CC" ])# _LT_LANG_RC_CONFIG # LT_PROG_GCJ # ----------- AC_DEFUN([LT_PROG_GCJ], [m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ], [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ], [AC_CHECK_TOOL(GCJ, gcj,) test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2" AC_SUBST(GCJFLAGS)])])[]dnl ]) # Old name: AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_GCJ], []) # LT_PROG_RC # ---------- AC_DEFUN([LT_PROG_RC], [AC_CHECK_TOOL(RC, windres,) ]) # Old name: AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_RC], []) # _LT_DECL_EGREP # -------------- # If we don't have a new enough Autoconf to choose the best grep # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_EGREP], [AC_REQUIRE([AC_PROG_EGREP])dnl AC_REQUIRE([AC_PROG_FGREP])dnl test -z "$GREP" && GREP=grep _LT_DECL([], [GREP], [1], [A grep program that handles long lines]) _LT_DECL([], [EGREP], [1], [An ERE matcher]) _LT_DECL([], [FGREP], [1], [A literal string matcher]) dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too AC_SUBST([GREP]) ]) # _LT_DECL_OBJDUMP # -------------- # If we don't have a new enough Autoconf to choose the best objdump # available, choose the one first in the user's PATH. m4_defun([_LT_DECL_OBJDUMP], [AC_CHECK_TOOL(OBJDUMP, objdump, false) test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [1], [An object symbol dumper]) AC_SUBST([OBJDUMP]) ]) # _LT_DECL_SED # ------------ # Check for a fully-functional sed program, that truncates # as few characters as possible. Prefer GNU sed if found. m4_defun([_LT_DECL_SED], [AC_PROG_SED test -z "$SED" && SED=sed Xsed="$SED -e 1s/^X//" _LT_DECL([], [SED], [1], [A sed program that does not truncate output]) _LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"], [Sed that helps us avoid accidentally triggering echo(1) options like -n]) ])# _LT_DECL_SED m4_ifndef([AC_PROG_SED], [ ############################################################ # NOTE: This macro has been submitted for inclusion into # # GNU Autoconf as AC_PROG_SED. When it is available in # # a released version of Autoconf we should remove this # # macro and use it instead. # ############################################################ m4_defun([AC_PROG_SED], [AC_MSG_CHECKING([for a sed that does not truncate output]) AC_CACHE_VAL(lt_cv_path_SED, [# Loop through the user's path and test for sed and gsed. # Then use that list of sed's as ones to test for truncation. as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for lt_ac_prog in sed gsed; do for ac_exec_ext in '' $ac_executable_extensions; do if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext" fi done done done IFS=$as_save_IFS lt_ac_max=0 lt_ac_count=0 # Add /usr/xpg4/bin/sed as it is typically found on Solaris # along with /bin/sed that truncates output. for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do test ! -f $lt_ac_sed && continue cat /dev/null > conftest.in lt_ac_count=0 echo $ECHO_N "0123456789$ECHO_C" >conftest.in # Check for GNU sed and select it if it is found. if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then lt_cv_path_SED=$lt_ac_sed break fi while true; do cat conftest.in conftest.in >conftest.tmp mv conftest.tmp conftest.in cp conftest.in conftest.nl echo >>conftest.nl $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break cmp -s conftest.out conftest.nl || break # 10000 chars as input seems more than enough test $lt_ac_count -gt 10 && break lt_ac_count=`expr $lt_ac_count + 1` if test $lt_ac_count -gt $lt_ac_max; then lt_ac_max=$lt_ac_count lt_cv_path_SED=$lt_ac_sed fi done done ]) SED=$lt_cv_path_SED AC_SUBST([SED]) AC_MSG_RESULT([$SED]) ])#AC_PROG_SED ])#m4_ifndef # Old name: AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([LT_AC_PROG_SED], []) # _LT_CHECK_SHELL_FEATURES # ------------------------ # Find out whether the shell is Bourne or XSI compatible, # or has some other useful features. m4_defun([_LT_CHECK_SHELL_FEATURES], [AC_MSG_CHECKING([whether the shell understands some XSI constructs]) # Try some XSI features xsi_shell=no ( _lt_dummy="a/b/c" test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \ = c,a/b,, \ && eval 'test $(( 1 + 1 )) -eq 2 \ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \ && xsi_shell=yes AC_MSG_RESULT([$xsi_shell]) _LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell']) AC_MSG_CHECKING([whether the shell understands "+="]) lt_shell_append=no ( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \ >/dev/null 2>&1 \ && lt_shell_append=yes AC_MSG_RESULT([$lt_shell_append]) _LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append']) if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then lt_unset=unset else lt_unset=false fi _LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl # test EBCDIC or ASCII case `echo X|tr X '\101'` in A) # ASCII based system # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr lt_SP2NL='tr \040 \012' lt_NL2SP='tr \015\012 \040\040' ;; *) # EBCDIC based system lt_SP2NL='tr \100 \n' lt_NL2SP='tr \r\n \100\100' ;; esac _LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl _LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl ])# _LT_CHECK_SHELL_FEATURES # _LT_PROG_XSI_SHELLFNS # --------------------- # Bourne and XSI compatible variants of some useful shell functions. m4_defun([_LT_PROG_XSI_SHELLFNS], [case $xsi_shell in yes) cat << \_LT_EOF >> "$cfgfile" # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac } # func_basename file func_basename () { func_basename_result="${1##*/}" } # func_dirname_and_basename file append nondir_replacement # perform func_basename and func_dirname in a single function # call: # dirname: Compute the dirname of FILE. If nonempty, # add APPEND to the result, otherwise set result # to NONDIR_REPLACEMENT. # value returned in "$func_dirname_result" # basename: Compute filename of FILE. # value retuned in "$func_basename_result" # Implementation must be kept synchronized with func_dirname # and func_basename. For efficiency, we do not delegate to # those functions but instead duplicate the functionality here. func_dirname_and_basename () { case ${1} in */*) func_dirname_result="${1%/*}${2}" ;; * ) func_dirname_result="${3}" ;; esac func_basename_result="${1##*/}" } # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). func_stripname () { # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are # positional parameters, so assign one to ordinary parameter first. func_stripname_result=${3} func_stripname_result=${func_stripname_result#"${1}"} func_stripname_result=${func_stripname_result%"${2}"} } # func_opt_split func_opt_split () { func_opt_split_opt=${1%%=*} func_opt_split_arg=${1#*=} } # func_lo2o object func_lo2o () { case ${1} in *.lo) func_lo2o_result=${1%.lo}.${objext} ;; *) func_lo2o_result=${1} ;; esac } # func_xform libobj-or-source func_xform () { func_xform_result=${1%.*}.lo } # func_arith arithmetic-term... func_arith () { func_arith_result=$(( $[*] )) } # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=${#1} } _LT_EOF ;; *) # Bourne compatible functions. cat << \_LT_EOF >> "$cfgfile" # func_dirname file append nondir_replacement # Compute the dirname of FILE. If nonempty, add APPEND to the result, # otherwise set result to NONDIR_REPLACEMENT. func_dirname () { # Extract subdirectory from the argument. func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"` if test "X$func_dirname_result" = "X${1}"; then func_dirname_result="${3}" else func_dirname_result="$func_dirname_result${2}" fi } # func_basename file func_basename () { func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"` } dnl func_dirname_and_basename dnl A portable version of this function is already defined in general.m4sh dnl so there is no need for it here. # func_stripname prefix suffix name # strip PREFIX and SUFFIX off of NAME. # PREFIX and SUFFIX must not contain globbing or regex special # characters, hashes, percent signs, but SUFFIX may contain a leading # dot (in which case that matches only a dot). # func_strip_suffix prefix name func_stripname () { case ${2} in .*) func_stripname_result=`$ECHO "X${3}" \ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;; *) func_stripname_result=`$ECHO "X${3}" \ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;; esac } # sed scripts: my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q' my_sed_long_arg='1s/^-[[^=]]*=//' # func_opt_split func_opt_split () { func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"` func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"` } # func_lo2o object func_lo2o () { func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"` } # func_xform libobj-or-source func_xform () { func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'` } # func_arith arithmetic-term... func_arith () { func_arith_result=`expr "$[@]"` } # func_len string # STRING may not start with a hyphen. func_len () { func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len` } _LT_EOF esac case $lt_shell_append in yes) cat << \_LT_EOF >> "$cfgfile" # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "$[1]+=\$[2]" } _LT_EOF ;; *) cat << \_LT_EOF >> "$cfgfile" # func_append var value # Append VALUE to the end of shell variable VAR. func_append () { eval "$[1]=\$$[1]\$[2]" } _LT_EOF ;; esac ]) pam/m4/ltoptions.m40000644000000000000000000002724213261244762011354 0ustar # Helper functions for option handling. -*- Autoconf -*- # # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltoptions.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])]) # _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME) # ------------------------------------------ m4_define([_LT_MANGLE_OPTION], [[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])]) # _LT_SET_OPTION(MACRO-NAME, OPTION-NAME) # --------------------------------------- # Set option OPTION-NAME for macro MACRO-NAME, and if there is a # matching handler defined, dispatch to it. Other OPTION-NAMEs are # saved as a flag. m4_define([_LT_SET_OPTION], [m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]), _LT_MANGLE_DEFUN([$1], [$2]), [m4_warning([Unknown $1 option `$2'])])[]dnl ]) # _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET]) # ------------------------------------------------------------ # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. m4_define([_LT_IF_OPTION], [m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])]) # _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET) # ------------------------------------------------------- # Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME # are set. m4_define([_LT_UNLESS_OPTIONS], [m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option), [m4_define([$0_found])])])[]dnl m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3 ])[]dnl ]) # _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST) # ---------------------------------------- # OPTION-LIST is a space-separated list of Libtool options associated # with MACRO-NAME. If any OPTION has a matching handler declared with # LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about # the unknown option and exit. m4_defun([_LT_SET_OPTIONS], [# Set options m4_foreach([_LT_Option], m4_split(m4_normalize([$2])), [_LT_SET_OPTION([$1], _LT_Option)]) m4_if([$1],[LT_INIT],[ dnl dnl Simply set some default values (i.e off) if boolean options were not dnl specified: _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no ]) _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no ]) dnl dnl If no reference was made to various pairs of opposing options, then dnl we run the default mode handler for the pair. For example, if neither dnl `shared' nor `disable-shared' was passed, we enable building of shared dnl archives by default: _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED]) _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC]) _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC]) _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install], [_LT_ENABLE_FAST_INSTALL]) ]) ])# _LT_SET_OPTIONS ## --------------------------------- ## ## Macros to handle LT_INIT options. ## ## --------------------------------- ## # _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME) # ----------------------------------------- m4_define([_LT_MANGLE_DEFUN], [[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])]) # LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE) # ----------------------------------------------- m4_define([LT_OPTION_DEFINE], [m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl ])# LT_OPTION_DEFINE # dlopen # ------ LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes ]) AU_DEFUN([AC_LIBTOOL_DLOPEN], [_LT_SET_OPTION([LT_INIT], [dlopen]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `dlopen' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], []) # win32-dll # --------- # Declare package support for building win32 dll's. LT_OPTION_DEFINE([LT_INIT], [win32-dll], [enable_win32_dll=yes case $host in *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*) AC_CHECK_TOOL(AS, as, false) AC_CHECK_TOOL(DLLTOOL, dlltool, false) AC_CHECK_TOOL(OBJDUMP, objdump, false) ;; esac test -z "$AS" && AS=as _LT_DECL([], [AS], [0], [Assembler program])dnl test -z "$DLLTOOL" && DLLTOOL=dlltool _LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl test -z "$OBJDUMP" && OBJDUMP=objdump _LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl ])# win32-dll AU_DEFUN([AC_LIBTOOL_WIN32_DLL], [AC_REQUIRE([AC_CANONICAL_HOST])dnl _LT_SET_OPTION([LT_INIT], [win32-dll]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `win32-dll' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], []) # _LT_ENABLE_SHARED([DEFAULT]) # ---------------------------- # implement the --enable-shared flag, and supports the `shared' and # `disable-shared' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_SHARED], [m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([shared], [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@], [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; no) enable_shared=no ;; *) enable_shared=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_shared=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_shared=]_LT_ENABLE_SHARED_DEFAULT) _LT_DECL([build_libtool_libs], [enable_shared], [0], [Whether or not to build shared libraries]) ])# _LT_ENABLE_SHARED LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])]) # Old names: AC_DEFUN([AC_ENABLE_SHARED], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared]) ]) AC_DEFUN([AC_DISABLE_SHARED], [_LT_SET_OPTION([LT_INIT], [disable-shared]) ]) AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)]) AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_SHARED], []) dnl AC_DEFUN([AM_DISABLE_SHARED], []) # _LT_ENABLE_STATIC([DEFAULT]) # ---------------------------- # implement the --enable-static flag, and support the `static' and # `disable-static' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_STATIC], [m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([static], [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@], [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; no) enable_static=no ;; *) enable_static=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_static=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_static=]_LT_ENABLE_STATIC_DEFAULT) _LT_DECL([build_old_libs], [enable_static], [0], [Whether or not to build static libraries]) ])# _LT_ENABLE_STATIC LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])]) # Old names: AC_DEFUN([AC_ENABLE_STATIC], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static]) ]) AC_DEFUN([AC_DISABLE_STATIC], [_LT_SET_OPTION([LT_INIT], [disable-static]) ]) AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)]) AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AM_ENABLE_STATIC], []) dnl AC_DEFUN([AM_DISABLE_STATIC], []) # _LT_ENABLE_FAST_INSTALL([DEFAULT]) # ---------------------------------- # implement the --enable-fast-install flag, and support the `fast-install' # and `disable-fast-install' LT_INIT options. # DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'. m4_define([_LT_ENABLE_FAST_INSTALL], [m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl AC_ARG_ENABLE([fast-install], [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@], [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])], [p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; no) enable_fast_install=no ;; *) enable_fast_install=no # Look at the argument we got. We use all the common list separators. lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR," for pkg in $enableval; do IFS="$lt_save_ifs" if test "X$pkg" = "X$p"; then enable_fast_install=yes fi done IFS="$lt_save_ifs" ;; esac], [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT) _LT_DECL([fast_install], [enable_fast_install], [0], [Whether or not to optimize for fast installation])dnl ])# _LT_ENABLE_FAST_INSTALL LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])]) LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])]) # Old names: AU_DEFUN([AC_ENABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `fast-install' option into LT_INIT's first parameter.]) ]) AU_DEFUN([AC_DISABLE_FAST_INSTALL], [_LT_SET_OPTION([LT_INIT], [disable-fast-install]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `disable-fast-install' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], []) dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], []) # _LT_WITH_PIC([MODE]) # -------------------- # implement the --with-pic flag, and support the `pic-only' and `no-pic' # LT_INIT options. # MODE is either `yes' or `no'. If omitted, it defaults to `both'. m4_define([_LT_WITH_PIC], [AC_ARG_WITH([pic], [AS_HELP_STRING([--with-pic], [try to use only PIC/non-PIC objects @<:@default=use both@:>@])], [pic_mode="$withval"], [pic_mode=default]) test -z "$pic_mode" && pic_mode=m4_default([$1], [default]) _LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl ])# _LT_WITH_PIC LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])]) LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])]) # Old name: AU_DEFUN([AC_LIBTOOL_PICMODE], [_LT_SET_OPTION([LT_INIT], [pic-only]) AC_DIAGNOSE([obsolete], [$0: Remove this warning and the call to _LT_SET_OPTION when you put the `pic-only' option into LT_INIT's first parameter.]) ]) dnl aclocal-1.4 backwards compatibility: dnl AC_DEFUN([AC_LIBTOOL_PICMODE], []) ## ----------------- ## ## LTDL_INIT Options ## ## ----------------- ## m4_define([_LTDL_MODE], []) LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive], [m4_define([_LTDL_MODE], [nonrecursive])]) LT_OPTION_DEFINE([LTDL_INIT], [recursive], [m4_define([_LTDL_MODE], [recursive])]) LT_OPTION_DEFINE([LTDL_INIT], [subproject], [m4_define([_LTDL_MODE], [subproject])]) m4_define([_LTDL_TYPE], []) LT_OPTION_DEFINE([LTDL_INIT], [installable], [m4_define([_LTDL_TYPE], [installable])]) LT_OPTION_DEFINE([LTDL_INIT], [convenience], [m4_define([_LTDL_TYPE], [convenience])]) pam/m4/ltsugar.m40000644000000000000000000001042413261244762010774 0ustar # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc. # Written by Gary V. Vaughan, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 6 ltsugar.m4 # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])]) # lt_join(SEP, ARG1, [ARG2...]) # ----------------------------- # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their # associated separator. # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier # versions in m4sugar had bugs. m4_define([lt_join], [m4_if([$#], [1], [], [$#], [2], [[$2]], [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])]) m4_define([_lt_join], [m4_if([$#$2], [2], [], [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])]) # lt_car(LIST) # lt_cdr(LIST) # ------------ # Manipulate m4 lists. # These macros are necessary as long as will still need to support # Autoconf-2.59 which quotes differently. m4_define([lt_car], [[$1]]) m4_define([lt_cdr], [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])], [$#], 1, [], [m4_dquote(m4_shift($@))])]) m4_define([lt_unquote], $1) # lt_append(MACRO-NAME, STRING, [SEPARATOR]) # ------------------------------------------ # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'. # Note that neither SEPARATOR nor STRING are expanded; they are appended # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked). # No SEPARATOR is output if MACRO-NAME was previously undefined (different # than defined and empty). # # This macro is needed until we can rely on Autoconf 2.62, since earlier # versions of m4sugar mistakenly expanded SEPARATOR but not STRING. m4_define([lt_append], [m4_define([$1], m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])]) # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...]) # ---------------------------------------------------------- # Produce a SEP delimited list of all paired combinations of elements of # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list # has the form PREFIXmINFIXSUFFIXn. # Needed until we can rely on m4_combine added in Autoconf 2.62. m4_define([lt_combine], [m4_if(m4_eval([$# > 3]), [1], [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl [[m4_foreach([_Lt_prefix], [$2], [m4_foreach([_Lt_suffix], ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[, [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])]) # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ]) # ----------------------------------------------------------------------- # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ. m4_define([lt_if_append_uniq], [m4_ifdef([$1], [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1], [lt_append([$1], [$2], [$3])$4], [$5])], [lt_append([$1], [$2], [$3])$4])]) # lt_dict_add(DICT, KEY, VALUE) # ----------------------------- m4_define([lt_dict_add], [m4_define([$1($2)], [$3])]) # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE) # -------------------------------------------- m4_define([lt_dict_add_subkey], [m4_define([$1($2:$3)], [$4])]) # lt_dict_fetch(DICT, KEY, [SUBKEY]) # ---------------------------------- m4_define([lt_dict_fetch], [m4_ifval([$3], m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]), m4_ifdef([$1($2)], [m4_defn([$1($2)])]))]) # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE]) # ----------------------------------------------------------------- m4_define([lt_if_dict_fetch], [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4], [$5], [$6])]) # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...]) # -------------------------------------------------------------- m4_define([lt_dict_filter], [m4_if([$5], [], [], [lt_join(m4_quote(m4_default([$4], [[, ]])), lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]), [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl ]) pam/m4/ltversion.m40000644000000000000000000000127513261244762011344 0ustar # ltversion.m4 -- version numbers -*- Autoconf -*- # # Copyright (C) 2004 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004 # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # Generated from ltversion.in. # serial 3012 ltversion.m4 # This file is part of GNU Libtool m4_define([LT_PACKAGE_VERSION], [2.2.6]) m4_define([LT_PACKAGE_REVISION], [1.3012]) AC_DEFUN([LTVERSION_VERSION], [macro_version='2.2.6' macro_revision='1.3012' _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) _LT_DECL(, macro_revision, 0) ]) pam/m4/lt~obsolete.m40000644000000000000000000001311313261244762011663 0ustar # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*- # # Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc. # Written by Scott James Remnant, 2004. # # This file is free software; the Free Software Foundation gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. # serial 4 lt~obsolete.m4 # These exist entirely to fool aclocal when bootstrapping libtool. # # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN) # which have later been changed to m4_define as they aren't part of the # exported API, or moved to Autoconf or Automake where they belong. # # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us # using a macro with the same name in our local m4/libtool.m4 it'll # pull the old libtool.m4 in (it doesn't see our shiny new m4_define # and doesn't know about Autoconf macros at all.) # # So we provide this file, which has a silly filename so it's always # included after everything else. This provides aclocal with the # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything # because those macros already exist, or will be overwritten later. # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6. # # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here. # Yes, that means every name once taken will need to remain here until # we give up compatibility with versions before 1.7, at which point # we need to keep only those names which we still refer to. # This is to help aclocal find these macros, as it can't see m4_define. AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])]) m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])]) m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])]) m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])]) m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])]) m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])]) m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])]) m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])]) m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])]) m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])]) m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])]) m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])]) m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])]) m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])]) m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])]) m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])]) m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])]) m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])]) m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])]) m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])]) m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])]) m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])]) m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])]) m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])]) m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])]) m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])]) m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])]) m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])]) m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])]) m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])]) m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])]) m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])]) m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])]) m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])]) m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])]) m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])]) m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])]) m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])]) m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])]) m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])]) m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])]) m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])]) m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])]) m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])]) m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])]) m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])]) m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])]) m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])]) m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])]) m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])]) m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])]) m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])]) pam/m4/nls.m40000644000000000000000000000226613261244762010114 0ustar # nls.m4 serial 3 (gettext-0.15) dnl Copyright (C) 1995-2003, 2005-2006 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ(2.50) AC_DEFUN([AM_NLS], [ AC_MSG_CHECKING([whether NLS is requested]) dnl Default is enabled NLS AC_ARG_ENABLE(nls, [ --disable-nls do not use Native Language Support], USE_NLS=$enableval, USE_NLS=yes) AC_MSG_RESULT($USE_NLS) AC_SUBST(USE_NLS) ]) pam/m4/po.m40000644000000000000000000004336713261244762007745 0ustar # po.m4 serial 13 (gettext-0.15) dnl Copyright (C) 1995-2006 Free Software Foundation, Inc. dnl This file is free software; the Free Software Foundation dnl gives unlimited permission to copy and/or distribute it, dnl with or without modifications, as long as this notice is preserved. dnl dnl This file can can be used in projects which are not available under dnl the GNU General Public License or the GNU Library General Public dnl License but which still want to provide support for the GNU gettext dnl functionality. dnl Please note that the actual code of the GNU gettext library is covered dnl by the GNU Library General Public License, and the rest of the GNU dnl gettext package package is covered by the GNU General Public License. dnl They are *not* in the public domain. dnl Authors: dnl Ulrich Drepper , 1995-2000. dnl Bruno Haible , 2000-2003. AC_PREREQ(2.50) dnl Checks for all prerequisites of the po subdirectory. AC_DEFUN([AM_PO_SUBDIRS], [ AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake AC_REQUIRE([AM_NLS])dnl dnl Perform the following tests also if --disable-nls has been given, dnl because they are needed for "make dist" to work. dnl Search for GNU msgfmt in the PATH. dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions. dnl The second test excludes FreeBSD msgfmt. AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) dnl Test whether it is GNU msgfmt >= 0.15. changequote(,)dnl case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; *) MSGFMT_015=$MSGFMT ;; esac changequote([,])dnl AC_SUBST([MSGFMT_015]) changequote(,)dnl case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; *) GMSGFMT_015=$GMSGFMT ;; esac changequote([,])dnl AC_SUBST([GMSGFMT_015]) dnl Search for GNU xgettext 0.12 or newer in the PATH. dnl The first test excludes Solaris xgettext and early GNU xgettext versions. dnl The second test excludes FreeBSD xgettext. AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 && (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)], :) dnl Remove leftover from FreeBSD xgettext call. rm -f messages.po dnl Test whether it is GNU xgettext >= 0.15. changequote(,)dnl case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; *) XGETTEXT_015=$XGETTEXT ;; esac changequote([,])dnl AC_SUBST([XGETTEXT_015]) dnl Search for GNU msgmerge 0.11 or newer in the PATH. AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge, [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :) dnl Installation directories. dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we dnl have to define it here, so that it can be used in po/Makefile. test -n "$localedir" || localedir='${datadir}/locale' AC_SUBST([localedir]) AC_CONFIG_COMMANDS([po-directories], [[ for ac_file in $CONFIG_FILES; do # Support "outfile[:infile[:infile...]]" case "$ac_file" in *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; esac # PO directories have a Makefile.in generated from Makefile.in.in. case "$ac_file" in */Makefile.in) # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Treat a directory as a PO directory if and only if it has a # POTFILES.in file. This allows packages to have multiple PO # directories under different names or in different locations. if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then rm -f "$ac_dir/POTFILES" test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" POMAKEFILEDEPS="POTFILES.in" # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend # on $ac_dir but don't depend on user-specified configuration # parameters. if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then # The LINGUAS file contains the set of available languages. if test -n "$OBSOLETE_ALL_LINGUAS"; then test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" fi ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` # Hide the ALL_LINGUAS assigment from automake < 1.5. eval 'ALL_LINGUAS''=$ALL_LINGUAS_' POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" else # The set of available languages was given in configure.in. # Hide the ALL_LINGUAS assigment from automake < 1.5. eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' fi # Compute POFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) # Compute UPDATEPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) # Compute DUMMYPOFILES # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) # Compute GMOFILES # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) case "$ac_given_srcdir" in .) srcdirpre= ;; *) srcdirpre='$(srcdir)/' ;; esac POFILES= UPDATEPOFILES= DUMMYPOFILES= GMOFILES= for lang in $ALL_LINGUAS; do POFILES="$POFILES $srcdirpre$lang.po" UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" DUMMYPOFILES="$DUMMYPOFILES $lang.nop" GMOFILES="$GMOFILES $srcdirpre$lang.gmo" done # CATALOGS depends on both $ac_dir and the user's LINGUAS # environment variable. INST_LINGUAS= if test -n "$ALL_LINGUAS"; then for presentlang in $ALL_LINGUAS; do useit=no if test "%UNSET%" != "$LINGUAS"; then desiredlanguages="$LINGUAS" else desiredlanguages="$ALL_LINGUAS" fi for desiredlang in $desiredlanguages; do # Use the presentlang catalog if desiredlang is # a. equal to presentlang, or # b. a variant of presentlang (because in this case, # presentlang can be used as a fallback for messages # which are not translated in the desiredlang catalog). case "$desiredlang" in "$presentlang"*) useit=yes;; esac done if test $useit = yes; then INST_LINGUAS="$INST_LINGUAS $presentlang" fi done fi CATALOGS= if test -n "$INST_LINGUAS"; then for lang in $INST_LINGUAS; do CATALOGS="$CATALOGS $lang.gmo" done fi test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do if test -f "$f"; then case "$f" in *.orig | *.bak | *~) ;; *) cat "$f" >> "$ac_dir/Makefile" ;; esac fi done fi ;; esac done]], [# Capture the value of obsolete ALL_LINGUAS because we need it to compute # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it # from automake < 1.5. eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' # Capture the value of LINGUAS because we need it to compute CATALOGS. LINGUAS="${LINGUAS-%UNSET%}" ]) ]) dnl Postprocesses a Makefile in a directory containing PO files. AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE], [ # When this code is run, in config.status, two variables have already been # set: # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in, # - LINGUAS is the value of the environment variable LINGUAS at configure # time. changequote(,)dnl # Adjust a relative srcdir. ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`" ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` # In autoconf-2.13 it is called $ac_given_srcdir. # In autoconf-2.50 it is called $srcdir. test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" case "$ac_given_srcdir" in .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; /*) top_srcdir="$ac_given_srcdir" ;; *) top_srcdir="$ac_dots$ac_given_srcdir" ;; esac # Find a way to echo strings without interpreting backslash. if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then gt_echo='echo' else if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then gt_echo='printf %s\n' else echo_func () { cat < "$ac_file.tmp" if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'` cat >> "$ac_file.tmp" < /dev/null; then # Add dependencies that cannot be formulated as a simple suffix rule. for lang in $ALL_LINGUAS; do frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'` cat >> "$ac_file.tmp" <> "$ac_file.tmp" <, 1996. AC_PREREQ(2.50) # Search path for a program which passes the given test. dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) AC_DEFUN([AM_PATH_PROG_WITH_TEST], [ # Prepare PATH_SEPARATOR. # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then echo "#! /bin/sh" >conf$$.sh echo "exit 0" >>conf$$.sh chmod +x conf$$.sh if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then PATH_SEPARATOR=';' else PATH_SEPARATOR=: fi rm -f conf$$.sh fi # Find out how to test for executable files. Don't use a zero-byte file, # as systems may use methods other than mode bits to determine executability. cat >conf$$.file <<_ASEOF #! /bin/sh exit 0 _ASEOF chmod +x conf$$.file if test -x conf$$.file >/dev/null 2>&1; then ac_executable_p="test -x" else ac_executable_p="test -f" fi rm -f conf$$.file # Extract the first word of "$2", so it can be a program name with args. set dummy $2; ac_word=[$]2 AC_MSG_CHECKING([for $ac_word]) AC_CACHE_VAL(ac_cv_path_$1, [case "[$]$1" in [[\\/]]* | ?:[[\\/]]*) ac_cv_path_$1="[$]$1" # Let the user override the test with a path. ;; *) ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in ifelse([$5], , $PATH, [$5]); do IFS="$ac_save_IFS" test -z "$ac_dir" && ac_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD if [$3]; then ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext" break 2 fi fi done done IFS="$ac_save_IFS" dnl If no 4th arg is given, leave the cache variable unset, dnl so AC_PATH_PROGS will keep looking. ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" ])dnl ;; esac])dnl $1="$ac_cv_path_$1" if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then AC_MSG_RESULT([$]$1) else AC_MSG_RESULT(no) fi AC_SUBST($1)dnl ]) pam/modules/0000755000000000000000000000000013261244762010200 5ustar pam/modules/Makefile.am0000644000000000000000000000120713261244762012234 0ustar # # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk # SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ pam_env pam_exec pam_faildelay pam_filter pam_ftp \ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ pam_listfile pam_localuser pam_loginuid pam_mail \ pam_mkhomedir pam_motd pam_namespace pam_nologin \ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ pam_selinux pam_sepermit pam_shells pam_stress \ pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ pam_tty_audit pam_umask \ pam_unix pam_userdb pam_warn pam_wheel pam_xauth CLEANFILES = *~ EXTRA_DIST = modules.map pam/modules/Makefile.in0000644000000000000000000004571713261244762012263 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2008 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = modules DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = pam_access pam_cracklib pam_debug pam_deny pam_echo \ pam_env pam_exec pam_faildelay pam_filter pam_ftp \ pam_group pam_issue pam_keyinit pam_lastlog pam_limits \ pam_listfile pam_localuser pam_loginuid pam_mail \ pam_mkhomedir pam_motd pam_namespace pam_nologin \ pam_permit pam_pwhistory pam_rhosts pam_rootok pam_securetty \ pam_selinux pam_sepermit pam_shells pam_stress \ pam_succeed_if pam_tally pam_tally2 pam_time pam_timestamp \ pam_tty_audit pam_umask \ pam_unix pam_userdb pam_warn pam_wheel pam_xauth CLEANFILES = *~ EXTRA_DIST = modules.map all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile installdirs: installdirs-recursive installdirs-am: install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-recursive clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic clean-libtool \ ctags ctags-recursive distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/modules.map0000644000000000000000000000024713261244762012352 0ustar { global: pam_sm_acct_mgmt; pam_sm_authenticate; pam_sm_chauthtok; pam_sm_close_session; pam_sm_open_session; pam_sm_setcred; local: *; }; pam/modules/pam_access/0000755000000000000000000000000013261244762012276 5ustar pam/modules/pam_access/Makefile.am0000644000000000000000000000163213261244762014334 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access man_MANS = access.conf.5 pam_access.8 XMLS = README.xml access.conf.5.xml pam_access.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_access.la pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS) secureconf_DATA = access.conf if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_access.8.xml access.conf.5.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_access pam/modules/pam_access/Makefile.in0000644000000000000000000006566113261244762014361 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_access DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) am__DEPENDENCIES_1 = pam_access_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la \ $(am__DEPENDENCIES_1) pam_access_la_SOURCES = pam_access.c pam_access_la_OBJECTS = pam_access.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_access.c DIST_SOURCES = pam_access.c man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README access.conf $(MANS) $(XMLS) tst-pam_access man_MANS = access.conf.5 pam_access.8 XMLS = README.xml access.conf.5.xml pam_access.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_access.la pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS) secureconf_DATA = access.conf @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_access all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_access/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_access/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_access.la: $(pam_access_la_OBJECTS) $(pam_access_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_access_la_OBJECTS) $(pam_access_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_access.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-secureconfDATA \ install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man5 install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-secureconfDATA install-securelibLTLIBRARIES \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_access.8.xml access.conf.5.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_access/README0000644000000000000000000001025713261244762013163 0ustar pam_access — PAM module for logdaemon style login access control â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_access PAM module is mainly for access management. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non-networked logins. By default rules for access management are taken from config file /etc/security /access.conf if you don't specify another file. If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty). OPTIONS accessfile=/path/to/access.conf Indicate an alternative access.conf style configuration file to override the default. This can be useful when different services need different access lists. debug A lot of debug information is printed with syslog(3). noaudit Do not report logins from disallowed hosts and ttys to the audit subsystem. fieldsep=separators This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example: fieldsep =| will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the PAM_TTY item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this. listsep=separators This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example: listsep =, will cause the default ` ' (space) and `\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built-in groups "Domain Users", "Domain Admins" contain a space. nodefgroup User tokens which are not enclosed in parentheses will not be matched against the group database. The backwards compatible default is to try the group database match even for tokens not enclosed in parentheses. EXAMPLES These are some example lines which might be specified in /etc/security/ access.conf. User root should be allowed to get access via cron, X11 terminal :0, tty1, ..., tty5, tty6. + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6 User root should be allowed to get access from hosts which own the IPv4 addresses. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too. + : root : 192.168.200.1 192.168.200.4 192.168.200.9 + : root : 127.0.0.1 User root should get access from network 192.168.201. where the term will be evaluated by string matching. But it might be better to use network/netmask instead. The same meaning of 192.168.201. is 192.168.201.0/24 or 192.168.201.0/ 255.255.255.0. + : root : 192.168.201. User root should be able to have access from hosts foo1.bar.org and foo2.bar.org (uses string matching also). + : root : foo1.bar.org foo2.bar.org User root should be able to have access from domain foo.bar.org (uses string matching also). + : root : .foo.bar.org User root should be denied to get access from all other sources. - : root : ALL User foo and members of netgroup admins should be allowed to get access from all sources. This will only work if netgroup service is available. + : @admins foo : ALL User john and foo should get access from IPv6 host address. + : john foo : 2001:db8:0:101::1 User john should get access from IPv6 net/mask. + : john : 2001:db8:0:101::/64 Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group. -:ALL EXCEPT (wheel) shutdown sync:LOCAL All other users should be denied to get access from all sources. - : ALL : ALL pam/modules/pam_access/README.xml0000644000000000000000000000202613261244762013755 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_access.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_access-name"]/*)'/>
pam/modules/pam_access/access.conf0000644000000000000000000001101413261244762014403 0ustar # Login access control table. # # Comment line must start with "#", no space at front. # Order of lines is important. # # When someone logs in, the table is scanned for the first entry that # matches the (user, host) combination, or, in case of non-networked # logins, the first entry that matches the (user, tty) combination. The # permissions field of that table entry determines whether the login will # be accepted or refused. # # Format of the login access control table is three fields separated by a # ":" character: # # [Note, if you supply a 'fieldsep=|' argument to the pam_access.so # module, you can change the field separation character to be # '|'. This is useful for configurations where you are trying to use # pam_access with X applications that provide PAM_TTY values that are # the display variable like "host:0".] # # permission : users : origins # # The first field should be a "+" (access granted) or "-" (access denied) # character. # # The second field should be a list of one or more login names, group # names, or ALL (always matches). A pattern of the form user@host is # matched when the login name matches the "user" part, and when the # "host" part matches the local machine name. # # The third field should be a list of one or more tty names (for # non-networked logins), host names, domain names (begin with "."), host # addresses, internet network numbers (end with "."), ALL (always # matches), NONE (matches no tty on non-networked logins) or # LOCAL (matches any string that does not contain a "." character). # # You can use @netgroupname in host or user patterns; this even works # for @usergroup@@hostgroup patterns. # # The EXCEPT operator makes it possible to write very compact rules. # # The group file is searched only when a name does not match that of the # logged-in user. Both the user's primary group is matched, as well as # groups in which users are explicitly listed. # To avoid problems with accounts, which have the same name as a group, # you can use brackets around group names '(group)' to differentiate. # In this case, you should also set the "nodefgroup" option. # # TTY NAMES: Must be in the form returned by ttyname(3) less the initial # "/dev" (e.g. tty1 or vc/1) # ############################################################################## # # Disallow non-root logins on tty1 # #-:ALL EXCEPT root:tty1 # # Disallow console logins to all but a few accounts. # #-:ALL EXCEPT wheel shutdown sync:LOCAL # # Same, but make sure that really the group wheel and not the user # wheel is used (use nodefgroup argument, too): # #-:ALL EXCEPT (wheel) shutdown sync:LOCAL # # Disallow non-local logins to privileged accounts (group wheel). # #-:wheel:ALL EXCEPT LOCAL .win.tue.nl # # Some accounts are not allowed to login from anywhere: # #-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL # # All other accounts are allowed to login from anywhere. # ############################################################################## # All lines from here up to the end are building a more complex example. ############################################################################## # # User "root" should be allowed to get access via cron .. tty5 tty6. #+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6 # # User "root" should be allowed to get access from hosts with ip addresses. #+ : root : 192.168.200.1 192.168.200.4 192.168.200.9 #+ : root : 127.0.0.1 # # User "root" should get access from network 192.168.201. # This term will be evaluated by string matching. # comment: It might be better to use network/netmask instead. # The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0 #+ : root : 192.168.201. # # User "root" should be able to have access from domain. # Uses string matching also. #+ : root : .foo.bar.org # # User "root" should be denied to get access from all other sources. #- : root : ALL # # User "foo" and members of netgroup "nis_group" should be # allowed to get access from all sources. # This will only work if netgroup service is available. #+ : @nis_group foo : ALL # # User "john" should get access from ipv4 net/mask #+ : john : 127.0.0.0/24 # # User "john" should get access from ipv4 as ipv6 net/mask #+ : john : ::ffff:127.0.0.0/127 # # User "john" should get access from ipv6 host address #+ : john : 2001:4ca0:0:101::1 # # User "john" should get access from ipv6 host address (same as above) #+ : john : 2001:4ca0:0:101:0:0:0:1 # # User "john" should get access from ipv6 net/mask #+ : john : 2001:4ca0:0:101::/64 # # All other users should be denied to get access from all sources. #- : ALL : ALL pam/modules/pam_access/access.conf.50000644000000000000000000001432513261244762014556 0ustar '\" t .\" Title: access.conf .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "ACCESS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" access.conf \- the login access control table file .SH "DESCRIPTION" .PP The /etc/security/access\&.conf file specifies (\fIuser/group\fR, \fIhost\fR), (\fIuser/group\fR, \fInetwork/netmask\fR) or (\fIuser/group\fR, \fItty\fR) combinations for which a login will be either accepted or refused\&. .PP When someone logs in, the file access\&.conf is scanned for the first entry that matches the (\fIuser/group\fR, \fIhost\fR) or (\fIuser/group\fR, \fInetwork/netmask\fR) combination, or, in case of non\-networked logins, the first entry that matches the (\fIuser/group\fR, \fItty\fR) combination\&. The permissions field of that table entry determines whether the login will be accepted or refused\&. .PP Each line of the login access control table has three fields separated by a ":" character (colon): .PP \fIpermission\fR:\fIusers/groups\fR:\fIorigins\fR .PP The first field, the \fIpermission\fR field, can be either a "\fI+\fR" character (plus) for access granted or a "\fI\-\fR" character (minus) for access denied\&. .PP The second field, the \fIusers\fR/\fIgroup\fR field, should be a list of one or more login names, group names, or \fIALL\fR (which always matches)\&. To differentiate user entries from group entries, group entries should be written with brackets, e\&.g\&. \fI(group)\fR\&. .PP The third field, the \fIorigins\fR field, should be a list of one or more tty names (for non\-networked logins), host names, domain names (begin with "\&."), host addresses, internet network numbers (end with "\&."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also), \fIALL\fR (which always matches) or \fILOCAL\fR\&. \fILOCAL\fR keyword matches if and only if the \fIPAM_RHOST\fR is not set and field is thus set from \fIPAM_TTY\fR or \fIPAM_SERVICE\fR"\&. If supported by the system you can use \fI@netgroupname\fR in host or user patterns\&. The \fI@@netgroupname\fR syntax is supported in the user pattern only and it makes the local system hostname to be passed to the netgroup match call in addition to the user name\&. This might not work correctly on some libc implementations causing the match to always fail\&. .PP The \fIEXCEPT\fR operator makes it possible to write very compact rules\&. .PP If the \fBnodefgroup\fR is not set, the group file is searched when a name does not match that of the logged\-in user\&. Only groups are matched in which users are explicitly listed\&. However the PAM module does not look at the primary group id of a user\&. .PP The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&. .SH "EXAMPLES" .PP These are some example lines which might be specified in /etc/security/access\&.conf\&. .PP User \fIroot\fR should be allowed to get access via \fIcron\fR, X11 terminal \fI:0\fR, \fItty1\fR, \&.\&.\&., \fItty5\fR, \fItty6\fR\&. .PP + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6 .PP User \fIroot\fR should be allowed to get access from hosts which own the IPv4 addresses\&. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too\&. .PP + : root : 192\&.168\&.200\&.1 192\&.168\&.200\&.4 192\&.168\&.200\&.9 .PP + : root : 127\&.0\&.0\&.1 .PP User \fIroot\fR should get access from network 192\&.168\&.201\&. where the term will be evaluated by string matching\&. But it might be better to use network/netmask instead\&. The same meaning of 192\&.168\&.201\&. is \fI192\&.168\&.201\&.0/24\fR or \fI192\&.168\&.201\&.0/255\&.255\&.255\&.0\fR\&. .PP + : root : 192\&.168\&.201\&. .PP User \fIroot\fR should be able to have access from hosts \fIfoo1\&.bar\&.org\fR and \fIfoo2\&.bar\&.org\fR (uses string matching also)\&. .PP + : root : foo1\&.bar\&.org foo2\&.bar\&.org .PP User \fIroot\fR should be able to have access from domain \fIfoo\&.bar\&.org\fR (uses string matching also)\&. .PP + : root : \&.foo\&.bar\&.org .PP User \fIroot\fR should be denied to get access from all other sources\&. .PP \- : root : ALL .PP User \fIfoo\fR and members of netgroup \fIadmins\fR should be allowed to get access from all sources\&. This will only work if netgroup service is available\&. .PP + : @admins foo : ALL .PP User \fIjohn\fR and \fIfoo\fR should get access from IPv6 host address\&. .PP + : john foo : 2001:db8:0:101::1 .PP User \fIjohn\fR should get access from IPv6 net/mask\&. .PP + : john : 2001:db8:0:101::/64 .PP Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group\&. .PP \-:ALL EXCEPT (wheel) shutdown sync:LOCAL .PP All other users should be denied to get access from all sources\&. .PP \- : ALL : ALL .SH "SEE ALSO" .PP \fBpam_access\fR(8), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHORS" .PP Original \fBlogin.access\fR(5) manual was provided by Guido van Rooij which was renamed to \fBaccess.conf\fR(5) to reflect relation to default config file\&. .PP Network address / netmask description and example text was introduced by Mike Becher \&. pam/modules/pam_access/access.conf.5.xml0000644000000000000000000002015613261244762015354 0ustar access.conf 5 Linux-PAM Manual access.conf the login access control table file DESCRIPTION The /etc/security/access.conf file specifies (user/group, host), (user/group, network/netmask) or (user/group, tty) combinations for which a login will be either accepted or refused. When someone logs in, the file access.conf is scanned for the first entry that matches the (user/group, host) or (user/group, network/netmask) combination, or, in case of non-networked logins, the first entry that matches the (user/group, tty) combination. The permissions field of that table entry determines whether the login will be accepted or refused. Each line of the login access control table has three fields separated by a ":" character (colon): permission:users/groups:origins The first field, the permission field, can be either a "+" character (plus) for access granted or a "-" character (minus) for access denied. The second field, the users/group field, should be a list of one or more login names, group names, or ALL (which always matches). To differentiate user entries from group entries, group entries should be written with brackets, e.g. (group). The third field, the origins field, should be a list of one or more tty names (for non-networked logins), host names, domain names (begin with "."), host addresses, internet network numbers (end with "."), internet network addresses with network mask (where network mask can be a decimal number or an internet address also), ALL (which always matches) or LOCAL. LOCAL keyword matches if and only if the PAM_RHOST is not set and <origin> field is thus set from PAM_TTY or PAM_SERVICE". If supported by the system you can use @netgroupname in host or user patterns. The @@netgroupname syntax is supported in the user pattern only and it makes the local system hostname to be passed to the netgroup match call in addition to the user name. This might not work correctly on some libc implementations causing the match to always fail. The EXCEPT operator makes it possible to write very compact rules. If the is not set, the group file is searched when a name does not match that of the logged-in user. Only groups are matched in which users are explicitly listed. However the PAM module does not look at the primary group id of a user. The "#" character at start of line (no space at front) can be used to mark this line as a comment line. EXAMPLES These are some example lines which might be specified in /etc/security/access.conf. User root should be allowed to get access via cron, X11 terminal :0, tty1, ..., tty5, tty6. + : root : crond :0 tty1 tty2 tty3 tty4 tty5 tty6 User root should be allowed to get access from hosts which own the IPv4 addresses. This does not mean that the connection have to be a IPv4 one, a IPv6 connection from a host with one of this IPv4 addresses does work, too. + : root : 192.168.200.1 192.168.200.4 192.168.200.9 + : root : 127.0.0.1 User root should get access from network 192.168.201. where the term will be evaluated by string matching. But it might be better to use network/netmask instead. The same meaning of 192.168.201. is 192.168.201.0/24 or 192.168.201.0/255.255.255.0. + : root : 192.168.201. User root should be able to have access from hosts foo1.bar.org and foo2.bar.org (uses string matching also). + : root : foo1.bar.org foo2.bar.org User root should be able to have access from domain foo.bar.org (uses string matching also). + : root : .foo.bar.org User root should be denied to get access from all other sources. - : root : ALL User foo and members of netgroup admins should be allowed to get access from all sources. This will only work if netgroup service is available. + : @admins foo : ALL User john and foo should get access from IPv6 host address. + : john foo : 2001:db8:0:101::1 User john should get access from IPv6 net/mask. + : john : 2001:db8:0:101::/64 Disallow console logins to all but the shutdown, sync and all other accounts, which are a member of the wheel group. -:ALL EXCEPT (wheel) shutdown sync:LOCAL All other users should be denied to get access from all sources. - : ALL : ALL SEE ALSO pam_access8, pam.d5, pam8 AUTHORS Original login.access5 manual was provided by Guido van Rooij which was renamed to access.conf5 to reflect relation to default config file. Network address / netmask description and example text was introduced by Mike Becher <mike.becher@lrz-muenchen.de>. pam/modules/pam_access/pam_access.80000644000000000000000000001132313261244762014465 0ustar '\" t .\" Title: pam_access .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ACCESS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_access \- PAM module for logdaemon style login access control .SH "SYNOPSIS" .HP \w'\fBpam_access\&.so\fR\ 'u \fBpam_access\&.so\fR [debug] [nodefgroup] [noaudit] [accessfile=\fIfile\fR] [fieldsep=\fIsep\fR] [listsep=\fIsep\fR] .SH "DESCRIPTION" .PP The pam_access PAM module is mainly for access management\&. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non\-networked logins\&. .PP By default rules for access management are taken from config file /etc/security/access\&.conf if you don\*(Aqt specify another file\&. .PP If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty)\&. .SH "OPTIONS" .PP \fBaccessfile=\fR\fB\fI/path/to/access\&.conf\fR\fR .RS 4 Indicate an alternative access\&.conf style configuration file to override the default\&. This can be useful when different services need different access lists\&. .RE .PP \fBdebug\fR .RS 4 A lot of debug information is printed with \fBsyslog\fR(3)\&. .RE .PP \fBnoaudit\fR .RS 4 Do not report logins from disallowed hosts and ttys to the audit subsystem\&. .RE .PP \fBfieldsep=\fR\fB\fIseparators\fR\fR .RS 4 This option modifies the field separator character that pam_access will recognize when parsing the access configuration file\&. For example: \fBfieldsep=|\fR will cause the default `:\*(Aq character to be treated as part of a field value and `|\*(Aq becomes the field separator\&. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the \fBPAM_TTY\fR item is likely to be of the form "hostname:0" which includes a `:\*(Aq character in its value\&. But you should not need this\&. .RE .PP \fBlistsep=\fR\fB\fIseparators\fR\fR .RS 4 This option modifies the list separator character that pam_access will recognize when parsing the access configuration file\&. For example: \fBlistsep=,\fR will cause the default ` \*(Aq (space) and `\et\*(Aq (tab) characters to be treated as part of a list element value and `,\*(Aq becomes the only list element separator\&. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built\-in groups "Domain Users", "Domain Admins" contain a space\&. .RE .PP \fBnodefgroup\fR .RS 4 User tokens which are not enclosed in parentheses will not be matched against the group database\&. The backwards compatible default is to try the group database match even for tokens not enclosed in parentheses\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Access was granted\&. .RE .PP PAM_PERM_DENIED .RS 4 Access was not granted\&. .RE .PP PAM_IGNORE .RS 4 \fBpam_setcred\fR was called which does nothing\&. .RE .PP PAM_ABORT .RS 4 Not all relevant data or options could be gotten\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The user is not known to the system\&. .RE .SH "FILES" .PP /etc/security/access\&.conf .RS 4 Default configuration file .RE .SH "SEE ALSO" .PP \fBaccess.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\&. .SH "AUTHORS" .PP The logdaemon style login access control scheme was designed and implemented by Wietse Venema\&. The pam_access PAM module was developed by Alexei Nogin \&. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher \&. pam/modules/pam_access/pam_access.8.xml0000644000000000000000000001737413261244762015300 0ustar pam_access 8 Linux-PAM Manual pam_access PAM module for logdaemon style login access control pam_access.so debug nodefgroup noaudit accessfile=file fieldsep=sep listsep=sep DESCRIPTION The pam_access PAM module is mainly for access management. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non-networked logins. By default rules for access management are taken from config file /etc/security/access.conf if you don't specify another file. If Linux PAM is compiled with audit support the module will report when it denies access based on origin (host or tty). OPTIONS Indicate an alternative access.conf style configuration file to override the default. This can be useful when different services need different access lists. A lot of debug information is printed with syslog3. Do not report logins from disallowed hosts and ttys to the audit subsystem. This option modifies the field separator character that pam_access will recognize when parsing the access configuration file. For example: fieldsep=| will cause the default `:' character to be treated as part of a field value and `|' becomes the field separator. Doing this may be useful in conjunction with a system that wants to use pam_access with X based applications, since the PAM_TTY item is likely to be of the form "hostname:0" which includes a `:' character in its value. But you should not need this. This option modifies the list separator character that pam_access will recognize when parsing the access configuration file. For example: listsep=, will cause the default ` ' (space) and `\t' (tab) characters to be treated as part of a list element value and `,' becomes the only list element separator. Doing this may be useful on a system with group information obtained from a Windows domain, where the default built-in groups "Domain Users", "Domain Admins" contain a space. User tokens which are not enclosed in parentheses will not be matched against the group database. The backwards compatible default is to try the group database match even for tokens not enclosed in parentheses. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_SUCCESS Access was granted. PAM_PERM_DENIED Access was not granted. PAM_IGNORE pam_setcred was called which does nothing. PAM_ABORT Not all relevant data or options could be gotten. PAM_USER_UNKNOWN The user is not known to the system. FILES /etc/security/access.conf Default configuration file SEE ALSO access.conf5 , pam.d5 , pam8 . AUTHORS The logdaemon style login access control scheme was designed and implemented by Wietse Venema. The pam_access PAM module was developed by Alexei Nogin <alexei@nogin.dnttm.ru>. The IPv6 support and the network(address) / netmask feature was developed and provided by Mike Becher <mike.becher@lrz-muenchen.de>. pam/modules/pam_access/pam_access.c0000644000000000000000000006356213261244762014554 0ustar /* pam_access module */ /* * Written by Alexei Nogin 1997/06/15 * (I took login_access from logdaemon-5.6 and converted it to PAM * using parts of pam_time code.) * ************************************************************************ * Copyright message from logdaemon-5.6 (original file name DISCLAIMER) ************************************************************************ * Copyright 1995 by Wietse Venema. All rights reserved. Individual files * may be covered by other copyrights (as noted in the file itself.) * * This material was originally written and compiled by Wietse Venema at * Eindhoven University of Technology, The Netherlands, in 1990, 1991, * 1992, 1993, 1994 and 1995. * * Redistribution and use in source and binary forms are permitted * provided that this entire copyright notice is duplicated in all such * copies. * * This software is provided "as is" and without any expressed or implied * warranties, including, without limitation, the implied warranties of * merchantibility and fitness for any particular purpose. ************************************************************************* */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_RPCSVC_YPCLNT_H #include #endif #ifdef HAVE_LIBAUDIT #include #endif /* * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #include #include /* login_access.c from logdaemon-5.6 with several changes by A.Nogin: */ /* * This module implements a simple but effective form of login access * control based on login names and on host (or domain) names, internet * addresses (or network numbers), or on terminal line names in case of * non-networked logins. Diagnostics are reported through syslog(3). * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) #undef MAXHOSTNAMELEN #define MAXHOSTNAMELEN 256 #endif /* Delimiters for fields and for lists of users, ttys or hosts. */ #define ALL 2 #define YES 1 #define NO 0 /* * A structure to bundle up all login-related information to keep the * functional interfaces as generic as possible. */ struct login_info { const struct passwd *user; const char *from; const char *config_file; const char *hostname; int debug; /* Print debugging messages. */ int only_new_group_syntax; /* Only allow group entries of the form "(xyz)" */ int noaudit; /* Do not audit denials */ const char *fs; /* field separator */ const char *sep; /* list-element separator */ int from_remote_host; /* If PAM_RHOST was used for from */ struct addrinfo *res; /* Cached DNS resolution of from */ int gai_rv; /* Cached retval of getaddrinfo */ }; /* Parse module config arguments */ static int parse_args(pam_handle_t *pamh, struct login_info *loginfo, int argc, const char **argv) { int i; loginfo->noaudit = NO; loginfo->debug = NO; loginfo->only_new_group_syntax = NO; loginfo->fs = ":"; loginfo->sep = ", \t"; for (i=0; iconfig_file = 11 + argv[i]; fclose(fp); } else { pam_syslog(pamh, LOG_ERR, "failed to open accessfile=[%s]: %m", 11 + argv[i]); return 0; } } else if (strcmp (argv[i], "debug") == 0) { loginfo->debug = YES; } else if (strcmp (argv[i], "nodefgroup") == 0) { loginfo->only_new_group_syntax = YES; } else if (strcmp (argv[i], "noaudit") == 0) { loginfo->noaudit = YES; } else { pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", argv[i]); } } return 1; /* OK */ } /* --- static functions for checking whether the user should be let in --- */ typedef int match_func (pam_handle_t *, char *, struct login_info *); static int list_match (pam_handle_t *, char *, char *, struct login_info *, match_func *); static int user_match (pam_handle_t *, char *, struct login_info *); static int group_match (pam_handle_t *, const char *, const char *, int); static int from_match (pam_handle_t *, char *, struct login_info *); static int string_match (pam_handle_t *, const char *, const char *, int); static int network_netmask_match (pam_handle_t *, const char *, const char *, struct login_info *); /* isipaddr - find out if string provided is an IP address or not */ static int isipaddr (const char *string, int *addr_type, struct sockaddr_storage *addr) { struct sockaddr_storage local_addr; int is_ip; /* We use struct sockaddr_storage addr because * struct in_addr/in6_addr is an integral part * of struct sockaddr and we doesn't want to * use its value. */ if (addr == NULL) addr = &local_addr; memset(addr, 0, sizeof(struct sockaddr_storage)); /* first ipv4 */ if (inet_pton(AF_INET, string, addr) > 0) { if (addr_type != NULL) *addr_type = AF_INET; is_ip = YES; } else if (inet_pton(AF_INET6, string, addr) > 0) { /* then ipv6 */ if (addr_type != NULL) { *addr_type = AF_INET6; } is_ip = YES; } else is_ip = NO; return is_ip; } /* are_addresses_equal - translate IP address strings to real IP * addresses and compare them to find out if they are equal. * If netmask was provided it will be used to focus comparation to * relevant bits. */ static int are_addresses_equal (const char *ipaddr0, const char *ipaddr1, const char *netmask) { struct sockaddr_storage addr0; struct sockaddr_storage addr1; int addr_type0 = 0; int addr_type1 = 0; if (isipaddr (ipaddr0, &addr_type0, &addr0) == NO) return NO; if (isipaddr (ipaddr1, &addr_type1, &addr1) == NO) return NO; if (addr_type0 != addr_type1) /* different address types */ return NO; if (netmask != NULL) { /* Got a netmask, so normalize addresses? */ struct sockaddr_storage nmask; unsigned char *byte_a, *byte_nm; memset(&nmask, 0, sizeof(struct sockaddr_storage)); if (inet_pton(addr_type0, netmask, (void *)&nmask) > 0) { unsigned int i; byte_a = (unsigned char *)(&addr0); byte_nm = (unsigned char *)(&nmask); for (i=0; i= 8) { byte_nm[i] = 0xff; netmask -= 8; } else if (netmask > 0) { byte_nm[i] = 0xff << (8 - netmask); break; } else if (netmask <= 0) { break; } } /* now generate netmask address string */ ipaddr_dst = inet_ntop(addr_type, &nmask, ipaddr_buf, ipaddr_buf_len); if (ipaddr_dst == ipaddr_buf) { return (ipaddr_buf); } return (NULL); } /* login_access - match username/group and host/tty with access control file */ static int login_access (pam_handle_t *pamh, struct login_info *item) { FILE *fp; char line[BUFSIZ]; char *perm; /* becomes permission field */ char *users; /* becomes list of login names */ char *froms; /* becomes list of terminals or hosts */ int match = NO; int nonall_match = NO; int end; int lineno = 0; /* for diagnostics */ char *sptr; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "login_access: user=%s, from=%s, file=%s", item->user->pw_name, item->from, item->config_file); /* * Process the table one line at a time and stop at the first match. * Blank lines and lines that begin with a '#' character are ignored. * Non-comment lines are broken at the ':' character. All fields are * mandatory. The first field should be a "+" or "-" character. A * non-existing table means no access control. */ if ((fp = fopen(item->config_file, "r"))!=NULL) { while (!match && fgets(line, sizeof(line), fp)) { lineno++; if (line[end = strlen(line) - 1] != '\n') { pam_syslog(pamh, LOG_ERR, "%s: line %d: missing newline or line too long", item->config_file, lineno); continue; } if (line[0] == '#') continue; /* comment line */ while (end > 0 && isspace(line[end - 1])) end--; line[end] = 0; /* strip trailing whitespace */ if (line[0] == 0) /* skip blank lines */ continue; /* Allow field seperator in last field of froms */ if (!(perm = strtok_r(line, item->fs, &sptr)) || !(users = strtok_r(NULL, item->fs, &sptr)) || !(froms = strtok_r(NULL, "\n", &sptr))) { pam_syslog(pamh, LOG_ERR, "%s: line %d: bad field count", item->config_file, lineno); continue; } if (perm[0] != '+' && perm[0] != '-') { pam_syslog(pamh, LOG_ERR, "%s: line %d: bad first field", item->config_file, lineno); continue; } if (item->debug) pam_syslog (pamh, LOG_DEBUG, "line %d: %s : %s : %s", lineno, perm, users, froms); match = list_match(pamh, users, NULL, item, user_match); if (item->debug) pam_syslog (pamh, LOG_DEBUG, "user_match=%d, \"%s\"", match, item->user->pw_name); if (match) { match = list_match(pamh, froms, NULL, item, from_match); if (!match && perm[0] == '+') { nonall_match = YES; } if (item->debug) pam_syslog (pamh, LOG_DEBUG, "from_match=%d, \"%s\"", match, item->from); } } (void) fclose(fp); } else if (errno == ENOENT) { /* This is no error. */ pam_syslog(pamh, LOG_WARNING, "warning: cannot open %s: %m", item->config_file); } else { pam_syslog(pamh, LOG_ERR, "cannot open %s: %m", item->config_file); return NO; } #ifdef HAVE_LIBAUDIT if (!item->noaudit && line[0] == '-' && (match == YES || (match == ALL && nonall_match == YES))) { pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_LOCATION, "pam_access", 0); } #endif return (match == NO || (line[0] == '+')); } /* list_match - match an item against a list of tokens with exceptions */ static int list_match(pam_handle_t *pamh, char *list, char *sptr, struct login_info *item, match_func *match_fn) { char *tok; int match = NO; if (item->debug && list != NULL) pam_syslog (pamh, LOG_DEBUG, "list_match: list=%s, item=%s", list, item->user->pw_name); /* * Process tokens one at a time. We have exhausted all possible matches * when we reach an "EXCEPT" token or the end of the list. If we do find * a match, look for an "EXCEPT" list and recurse to determine whether * the match is affected by any exceptions. */ for (tok = strtok_r(list, item->sep, &sptr); tok != 0; tok = strtok_r(NULL, item->sep, &sptr)) { if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ break; if ((match = (*match_fn) (pamh, tok, item))) /* YES */ break; } /* Process exceptions to matches. */ if (match != NO) { while ((tok = strtok_r(NULL, item->sep, &sptr)) && strcasecmp(tok, "EXCEPT")) /* VOID */ ; if (tok == 0) return match; if (list_match(pamh, NULL, sptr, item, match_fn) == NO) return YES; /* drop special meaning of ALL */ } return (NO); } /* netgroup_match - match group against machine or user */ static int netgroup_match (pam_handle_t *pamh, const char *netgroup, const char *machine, const char *user, int debug) { int retval; char *mydomain = NULL; #if defined(HAVE_GETDOMAINNAME) char domainname_res[256]; if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) { if (domainname_res[0] != '\0' && strcmp (domainname_res, "(none)") != 0) { mydomain = domainname_res; } } #elif defined(HAVE_YP_GET_DEFAULT_DOMAIN) yp_get_default_domain(&mydomain); #endif #ifdef HAVE_INNETGR retval = innetgr (netgroup, machine, user, mydomain); #else retval = 0; pam_syslog (pamh, LOG_ERR, "pam_access does not have netgroup support"); #endif if (debug == YES) pam_syslog (pamh, LOG_DEBUG, "netgroup_match: %d (netgroup=%s, machine=%s, user=%s, domain=%s)", retval, netgroup ? netgroup : "NULL", machine ? machine : "NULL", user ? user : "NULL", mydomain ? mydomain : "NULL"); return retval; } /* user_match - match a username against one token */ static int user_match (pam_handle_t *pamh, char *tok, struct login_info *item) { char *string = item->user->pw_name; struct login_info fake_item; char *at; int rv; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "user_match: tok=%s, item=%s", tok, string); /* * If a token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the username, if the * token is a group that contains the username, or if the token is the * name of the user's primary group. */ /* Try to split on a pattern (@*[^@]+)(@+.*) */ for (at = tok; *at == '@'; ++at); if ((at = strchr(at, '@')) != NULL) { /* split user@host pattern */ if (item->hostname == NULL) return NO; memcpy (&fake_item, item, sizeof(fake_item)); fake_item.from = item->hostname; fake_item.gai_rv = 0; fake_item.res = NULL; fake_item.from_remote_host = 1; /* hostname should be resolvable */ *at = 0; if (!user_match (pamh, tok, item)) return NO; rv = from_match (pamh, at + 1, &fake_item); if (fake_item.gai_rv == 0 && fake_item.res) freeaddrinfo(fake_item.res); return rv; } else if (tok[0] == '@') { /* netgroup */ const char *hostname = NULL; if (tok[1] == '@') { /* add hostname to netgroup match */ if (item->hostname == NULL) return NO; ++tok; hostname = item->hostname; } return (netgroup_match (pamh, tok + 1, hostname, string, item->debug)); } else if (tok[0] == '(' && tok[strlen(tok) - 1] == ')') return (group_match (pamh, tok, string, item->debug)); else if ((rv=string_match (pamh, tok, string, item->debug)) != NO) /* ALL or exact match */ return rv; else if (item->only_new_group_syntax == NO && pam_modutil_user_in_group_nam_nam (pamh, item->user->pw_name, tok)) /* try group membership */ return YES; return NO; } /* group_match - match a username against token named group */ static int group_match (pam_handle_t *pamh, const char *tok, const char* usr, int debug) { char grptok[BUFSIZ]; if (debug) pam_syslog (pamh, LOG_DEBUG, "group_match: grp=%s, user=%s", grptok, usr); if (strlen(tok) < 3) return NO; /* token is recieved under the format '(...)' */ memset(grptok, 0, BUFSIZ); strncpy(grptok, tok + 1, strlen(tok) - 2); if (pam_modutil_user_in_group_nam_nam(pamh, usr, grptok)) return YES; return NO; } /* from_match - match a host or tty against a list of tokens */ static int from_match (pam_handle_t *pamh UNUSED, char *tok, struct login_info *item) { const char *string = item->from; int tok_len; int str_len; int rv; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "from_match: tok=%s, item=%s", tok, string); /* * If a token has the magic value "ALL" the match always succeeds. Return * YES if the token fully matches the string. If the token is a domain * name, return YES if it matches the last fields of the string. If the * token has the magic value "LOCAL", return YES if the from field was * not taken by PAM_RHOST. If the token is a network number, return YES * if it matches the head of the string. */ if (string == NULL) { return NO; } else if (tok[0] == '@') { /* netgroup */ return (netgroup_match (pamh, tok + 1, string, (char *) 0, item->debug)); } else if ((rv = string_match(pamh, tok, string, item->debug)) != NO) { /* ALL or exact match */ return rv; } else if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(string)) > (tok_len = strlen(tok)) && strcasecmp(tok, string + str_len - tok_len) == 0) return (YES); } else if (item->from_remote_host == 0) { /* local: no PAM_RHOSTS */ if (strcasecmp(tok, "LOCAL") == 0) return (YES); } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { struct addrinfo hint; memset (&hint, '\0', sizeof (hint)); hint.ai_flags = AI_CANONNAME; hint.ai_family = AF_INET; if (item->gai_rv != 0) return NO; else if (!item->res && (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) return NO; else { struct addrinfo *runp = item->res; while (runp != NULL) { char buf[INET_ADDRSTRLEN+2]; if (runp->ai_family == AF_INET) { inet_ntop (runp->ai_family, &((struct sockaddr_in *) runp->ai_addr)->sin_addr, buf, sizeof (buf)); strcat (buf, "."); if (strncmp(tok, buf, tok_len) == 0) { return YES; } } runp = runp->ai_next; } } } else { /* Assume network/netmask with a IP of a host. */ if (network_netmask_match(pamh, tok, string, item)) return YES; } return NO; } /* string_match - match a string against one token */ static int string_match (pam_handle_t *pamh, const char *tok, const char *string, int debug) { if (debug) pam_syslog (pamh, LOG_DEBUG, "string_match: tok=%s, item=%s", tok, string); /* * If the token has the magic value "ALL" the match always succeeds. * Otherwise, return YES if the token fully matches the string. * "NONE" token matches NULL string. */ if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ return (ALL); } else if (string != NULL) { if (strcasecmp(tok, string) == 0) { /* try exact match */ return (YES); } } else if (strcasecmp(tok, "NONE") == 0) { return (YES); } return (NO); } /* network_netmask_match - match a string against one token * where string is a hostname or ip (v4,v6) address and tok * represents either a single ip (v4,v6) address or a network/netmask */ static int network_netmask_match (pam_handle_t *pamh, const char *tok, const char *string, struct login_info *item) { char *netmask_ptr; char netmask_string[MAXHOSTNAMELEN + 1]; int addr_type; if (item->debug) pam_syslog (pamh, LOG_DEBUG, "network_netmask_match: tok=%s, item=%s", tok, string); /* OK, check if tok is of type addr/mask */ if ((netmask_ptr = strchr(tok, '/')) != NULL) { long netmask = 0; /* YES */ *netmask_ptr = 0; netmask_ptr++; if (isipaddr(tok, &addr_type, NULL) == NO) { /* no netaddr */ return NO; } /* check netmask */ if (isipaddr(netmask_ptr, NULL, NULL) == NO) { /* netmask as integre value */ char *endptr = NULL; netmask = strtol(netmask_ptr, &endptr, 0); if ((endptr == NULL) || (*endptr != '\0')) { /* invalid netmask value */ return NO; } if ((netmask < 0) || (netmask >= 128)) { /* netmask value out of range */ return NO; } netmask_ptr = number_to_netmask(netmask, addr_type, netmask_string, MAXHOSTNAMELEN); } } else /* NO, then check if it is only an addr */ if (isipaddr(tok, NULL, NULL) != YES) { return NO; } if (isipaddr(string, NULL, NULL) != YES) { /* Assume network/netmask with a name of a host. */ struct addrinfo hint; memset (&hint, '\0', sizeof (hint)); hint.ai_flags = AI_CANONNAME; hint.ai_family = AF_UNSPEC; if (item->gai_rv != 0) return NO; else if (!item->res && (item->gai_rv = getaddrinfo (string, NULL, &hint, &item->res)) != 0) return NO; else { struct addrinfo *runp = item->res; while (runp != NULL) { char buf[INET6_ADDRSTRLEN]; inet_ntop (runp->ai_family, runp->ai_family == AF_INET ? (void *) &((struct sockaddr_in *) runp->ai_addr)->sin_addr : (void *) &((struct sockaddr_in6 *) runp->ai_addr)->sin6_addr, buf, sizeof (buf)); if (are_addresses_equal(buf, tok, netmask_ptr)) { return YES; } runp = runp->ai_next; } } } else return (are_addresses_equal(string, tok, netmask_ptr)); return NO; } /* --- public PAM management functions --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { struct login_info loginfo; const char *user=NULL; const void *void_from=NULL; const char *from; struct passwd *user_pw; char hostname[MAXHOSTNAMELEN + 1]; int rv; /* set username */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL || *user == '\0') { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } if ((user_pw=pam_modutil_getpwnam(pamh, user))==NULL) return (PAM_USER_UNKNOWN); /* * Bundle up the arguments to avoid unnecessary clumsiness later on. */ memset(&loginfo, '\0', sizeof(loginfo)); loginfo.user = user_pw; loginfo.config_file = PAM_ACCESS_CONFIG; /* parse the argument list */ if (!parse_args(pamh, &loginfo, argc, argv)) { pam_syslog(pamh, LOG_ERR, "failed to parse the module arguments"); return PAM_ABORT; } /* remote host name */ if (pam_get_item(pamh, PAM_RHOST, &void_from) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "cannot find the remote host name"); return PAM_ABORT; } from = void_from; if ((from==NULL) || (*from=='\0')) { /* local login, set tty name */ loginfo.from_remote_host = 0; if (pam_get_item(pamh, PAM_TTY, &void_from) != PAM_SUCCESS || void_from == NULL) { D(("PAM_TTY not set, probing stdin")); from = ttyname(STDIN_FILENO); if (from != NULL) { if (pam_set_item(pamh, PAM_TTY, from) != PAM_SUCCESS) pam_syslog(pamh, LOG_WARNING, "couldn't set tty name"); } else { if (pam_get_item(pamh, PAM_SERVICE, &void_from) != PAM_SUCCESS || void_from == NULL) { pam_syslog (pamh, LOG_ERR, "cannot determine remote host, tty or service name"); return PAM_ABORT; } from = void_from; if (loginfo.debug) pam_syslog (pamh, LOG_DEBUG, "cannot determine tty or remote hostname, using service %s", from); } } else from = void_from; if (from[0] == '/') { /* full path, remove device path. */ const char *f; from++; if ((f = strchr(from, '/')) != NULL) { from = f + 1; } } } else loginfo.from_remote_host = 1; loginfo.from = from; hostname[sizeof(hostname)-1] = '\0'; if (gethostname(hostname, sizeof(hostname)-1) == 0) loginfo.hostname = hostname; else { pam_syslog (pamh, LOG_ERR, "gethostname failed: %m"); loginfo.hostname = NULL; } rv = login_access(pamh, &loginfo); if (loginfo.gai_rv == 0 && loginfo.res) freeaddrinfo(loginfo.res); if (rv) { return (PAM_SUCCESS); } else { pam_syslog(pamh, LOG_ERR, "access denied for user `%s' from `%s'",user,from); return (PAM_PERM_DENIED); } } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } PAM_EXTERN int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate (pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } /* end of module definition */ #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_access_modstruct = { "pam_access", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam/modules/pam_access/tst-pam_access0000755000000000000000000000006513261244762015133 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_access.so pam/modules/pam_cracklib/0000755000000000000000000000000013261244762012607 5ustar pam/modules/pam_cracklib/Makefile.am0000644000000000000000000000152613261244762014647 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib if HAVE_LIBCRACK TESTS = tst-pam_cracklib man_MANS = pam_cracklib.8 endif XMLS = README.xml pam_cracklib.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \ @LIBCRACK@ @LIBCRYPT@ if HAVE_LIBCRACK securelib_LTLIBRARIES = pam_cracklib.la endif if ENABLE_REGENERATE_MAN noinst_DATA = README pam_cracklib.8 README: pam_cracklib.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_cracklib/Makefile.in0000644000000000000000000006046613261244762014670 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_cracklib DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_cracklib_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_cracklib_la_SOURCES = pam_cracklib.c pam_cracklib_la_OBJECTS = pam_cracklib.lo @HAVE_LIBCRACK_TRUE@am_pam_cracklib_la_rpath = -rpath $(securelibdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_cracklib.c DIST_SOURCES = pam_cracklib.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_cracklib.8 tst-pam_cracklib @HAVE_LIBCRACK_TRUE@TESTS = tst-pam_cracklib @HAVE_LIBCRACK_TRUE@man_MANS = pam_cracklib.8 XMLS = README.xml pam_cracklib.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) pam_cracklib_la_LIBADD = $(top_builddir)/libpam/libpam.la \ @LIBCRACK@ @LIBCRYPT@ @HAVE_LIBCRACK_TRUE@securelib_LTLIBRARIES = pam_cracklib.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_cracklib.8 all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_cracklib/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_cracklib.la: $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_DEPENDENCIES) $(LINK) $(am_pam_cracklib_la_rpath) $(pam_cracklib_la_OBJECTS) $(pam_cracklib_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cracklib.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_cracklib.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_cracklib/README0000644000000000000000000002303513261244762013472 0ustar pam_cracklib — PAM module to check the password against dictionary words â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords. The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices. The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion). All being well, the password is passed on to subsequent modules to be installed as the new authentication token. The strength checks works in the following manner: at first the Cracklib routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done. These checks are: Palindrome Is the new password a palindrome? Case Change Only Is the new password the the old one with only a change of case? Similar Is the new password too much like the old one? This is primarily controlled by one argument, difok which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password. This defaults to 5 changes. Simple Is the new password too small? This is controlled by 6 arguments minlen, maxclassrepeat, dcredit, ucredit, lcredit, and ocredit. See the section on the arguments for the details of how these work and there defaults. Rotated Is the new password a rotated version of the old password? Same consecutive characters Optional check for same consecutive characters. Too long monotonic character sequence Optional check for too long monotonic character sequence. Contains user name Optional check whether the password contains the user's name in some form. This module with no arguments will work well for standard unix password encryption. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non-trivial constraint. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change... In addition, the default action is to allow passwords as small as 5 characters in length. For a md5 systems it can be a good idea to increase the required minimum size of a password. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password. OPTIONS debug This option makes the module write information to syslog(3) indicating the behavior of the module (this option does not write password information to the log file). authtok_type=XXX The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty. retry=N Prompt user at most N times before returning with error. The default is 1. difok=N This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password. minlen=N The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to minlen. If you want to allow passwords as short as 5 characters you should not use this module. dcredit=N (N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current minlen value. The default for dcredit is 1 which is the recommended value for minlen less than 10. (N < 0) This is the minimum number of digits that must be met for a new password. ucredit=N (N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current minlen value. The default for ucredit is 1 which is the recommended value for minlen less than 10. (N < 0) This is the minimum number of upper case letters that must be met for a new password. lcredit=N (N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current minlen value. The default for lcredit is 1 which is the recommended value for minlen less than 10. (N < 0) This is the minimum number of lower case letters that must be met for a new password. ocredit=N (N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current minlen value. The default for ocredit is 1 which is the recommended value for minlen less than 10. (N < 0) This is the minimum number of other characters that must be met for a new password. minclass=N The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the credit check is that a specific class if of characters is not required. Instead N out of four of the classes are required. maxrepeat=N Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled. maxsequence=N Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password. maxclassrepeat=N Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled. reject_username Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected. gecoscheck Check whether the words from the GECOS field (usualy full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected. enforce_for_root The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway. Note that root is not asked for an old password so the checks that compare the old and new password are not performed. use_authtok This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module. dictpath=/path/to/dict Path to the cracklib dictionaries. EXAMPLES For an example of the use of this module, we show how it may be stacked with the password component of pam_unix(8) # # These lines stack two password type modules. In this example the # user is given 3 opportunities to enter a strong password. The # "use_authtok" argument ensures that the pam_unix module does not # prompt for a password, but instead uses the one provided by # pam_cracklib. # passwd password required pam_cracklib.so retry=3 passwd password required pam_unix.so use_authtok Another example (in the /etc/pam.d/passwd format) is for the case that you want to use md5 password encryption: #%PAM-1.0 # # These lines allow a md5 systems to support passwords of at least 14 # bytes with extra credit of 2 for digits and 2 for others the new # password must have at least three bytes that are not present in the # old password # password required pam_cracklib.so \ difok=3 minlen=15 dcredit= 2 ocredit=2 password required pam_unix.so use_authtok nullok md5 And here is another example in case you don't want to use credits: #%PAM-1.0 # # These lines require the user to select a password with a minimum # length of 8 and with at least 1 digit number, 1 upper case letter, # and 1 other character # password required pam_cracklib.so \ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 password required pam_unix.so use_authtok nullok md5 AUTHOR pam_cracklib was written by Cristian Gafton pam/modules/pam_cracklib/README.xml0000644000000000000000000000224313261244762014267 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_cracklib.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_cracklib-name"]/*)'/>
pam/modules/pam_cracklib/pam_cracklib.80000644000000000000000000003021013261244762015303 0ustar '\" t .\" Title: pam_cracklib .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 06/18/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_CRACKLIB" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_cracklib \- PAM module to check the password against dictionary words .SH "SYNOPSIS" .HP \w'\fBpam_cracklib\&.so\fR\ 'u \fBpam_cracklib\&.so\fR [\fI\&.\&.\&.\fR] .SH "DESCRIPTION" .PP This module can be plugged into the \fIpassword\fR stack of a given application to provide some plug\-in strength\-checking for passwords\&. .PP The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices\&. .PP The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion)\&. All being well, the password is passed on to subsequent modules to be installed as the new authentication token\&. .PP The strength checks works in the following manner: at first the \fBCracklib\fR routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done\&. These checks are: .PP Palindrome .RS 4 Is the new password a palindrome? .RE .PP Case Change Only .RS 4 Is the new password the the old one with only a change of case? .RE .PP Similar .RS 4 Is the new password too much like the old one? This is primarily controlled by one argument, \fBdifok\fR which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password\&. This defaults to 5 changes\&. .RE .PP Simple .RS 4 Is the new password too small? This is controlled by 6 arguments \fBminlen\fR, \fBmaxclassrepeat\fR, \fBdcredit\fR, \fBucredit\fR, \fBlcredit\fR, and \fBocredit\fR\&. See the section on the arguments for the details of how these work and there defaults\&. .RE .PP Rotated .RS 4 Is the new password a rotated version of the old password? .RE .PP Same consecutive characters .RS 4 Optional check for same consecutive characters\&. .RE .PP Too long monotonic character sequence .RS 4 Optional check for too long monotonic character sequence\&. .RE .PP Contains user name .RS 4 Optional check whether the password contains the user\*(Aqs name in some form\&. .RE .PP This module with no arguments will work well for standard unix password encryption\&. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password\&. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non\-trivial constraint\&. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change\&.\&.\&. In addition, the default action is to allow passwords as small as 5 characters in length\&. For a md5 systems it can be a good idea to increase the required minimum size of a password\&. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password\&. .SH "OPTIONS" .PP .PP \fBdebug\fR .RS 4 This option makes the module write information to \fBsyslog\fR(3) indicating the behavior of the module (this option does not write password information to the log file)\&. .RE .PP \fBauthtok_type=\fR\fB\fIXXX\fR\fR .RS 4 The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: "\&. The example word \fIUNIX\fR can be replaced with this option, by default it is empty\&. .RE .PP \fBretry=\fR\fB\fIN\fR\fR .RS 4 Prompt user at most \fIN\fR times before returning with error\&. The default is \fI1\fR\&. .RE .PP \fBdifok=\fR\fB\fIN\fR\fR .RS 4 This argument will change the default of \fI5\fR for the number of character changes in the new password that differentiate it from the old password\&. .RE .PP \fBminlen=\fR\fB\fIN\fR\fR .RS 4 The minimum acceptable size for the new password (plus one if credits are not disabled which is the default)\&. In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (\fIother\fR, \fIupper\fR, \fIlower\fR and \fIdigit\fR)\&. The default for this parameter is \fI9\fR which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system\&. Note that there is a pair of length limits in \fICracklib\fR itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to \fBminlen\fR\&. If you want to allow passwords as short as 5 characters you should not use this module\&. .RE .PP \fBdcredit=\fR\fB\fIN\fR\fR .RS 4 (N >= 0) This is the maximum credit for having digits in the new password\&. If you have less than or \fIN\fR digits, each digit will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBdcredit\fR is 1 which is the recommended value for \fBminlen\fR less than 10\&. .sp (N < 0) This is the minimum number of digits that must be met for a new password\&. .RE .PP \fBucredit=\fR\fB\fIN\fR\fR .RS 4 (N >= 0) This is the maximum credit for having upper case letters in the new password\&. If you have less than or \fIN\fR upper case letters each letter will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBucredit\fR is \fI1\fR which is the recommended value for \fBminlen\fR less than 10\&. .sp (N < 0) This is the minimum number of upper case letters that must be met for a new password\&. .RE .PP \fBlcredit=\fR\fB\fIN\fR\fR .RS 4 (N >= 0) This is the maximum credit for having lower case letters in the new password\&. If you have less than or \fIN\fR lower case letters, each letter will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBlcredit\fR is 1 which is the recommended value for \fBminlen\fR less than 10\&. .sp (N < 0) This is the minimum number of lower case letters that must be met for a new password\&. .RE .PP \fBocredit=\fR\fB\fIN\fR\fR .RS 4 (N >= 0) This is the maximum credit for having other characters in the new password\&. If you have less than or \fIN\fR other characters, each character will count +1 towards meeting the current \fBminlen\fR value\&. The default for \fBocredit\fR is 1 which is the recommended value for \fBminlen\fR less than 10\&. .sp (N < 0) This is the minimum number of other characters that must be met for a new password\&. .RE .PP \fBminclass=\fR\fB\fIN\fR\fR .RS 4 The minimum number of required classes of characters for the new password\&. The default number is zero\&. The four classes are digits, upper and lower letters and other characters\&. The difference to the \fBcredit\fR check is that a specific class if of characters is not required\&. Instead \fIN\fR out of four of the classes are required\&. .RE .PP \fBmaxrepeat=\fR\fB\fIN\fR\fR .RS 4 Reject passwords which contain more than N same consecutive characters\&. The default is 0 which means that this check is disabled\&. .RE .PP \fBmaxsequence=\fR\fB\fIN\fR\fR .RS 4 Reject passwords which contain monotonic character sequences longer than N\&. The default is 0 which means that this check is disabled\&. Examples of such sequence are \*(Aq12345\*(Aq or \*(Aqfedcb\*(Aq\&. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password\&. .RE .PP \fBmaxclassrepeat=\fR\fB\fIN\fR\fR .RS 4 Reject passwords which contain more than N consecutive characters of the same class\&. The default is 0 which means that this check is disabled\&. .RE .PP \fBreject_username\fR .RS 4 Check whether the name of the user in straight or reversed form is contained in the new password\&. If it is found the new password is rejected\&. .RE .PP \fBgecoscheck\fR .RS 4 Check whether the words from the GECOS field (usualy full name of the user) longer than 3 characters in straight or reversed form are contained in the new password\&. If any such word is found the new password is rejected\&. .RE .PP \fBenforce_for_root\fR .RS 4 The module will return error on failed check also if the user changing the password is root\&. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway\&. Note that root is not asked for an old password so the checks that compare the old and new password are not performed\&. .RE .PP \fBuse_authtok\fR .RS 4 This argument is used to \fIforce\fR the module to not prompt the user for a new password but use the one provided by the previously stacked \fIpassword\fR module\&. .RE .PP \fBdictpath=\fR\fB\fI/path/to/dict\fR\fR .RS 4 Path to the cracklib dictionaries\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBpassword\fR module type is provided\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 The new password passes all checks\&. .RE .PP PAM_AUTHTOK_ERR .RS 4 No new password was entered, the username could not be determined or the new password fails the strength checks\&. .RE .PP PAM_AUTHTOK_RECOVERY_ERR .RS 4 The old password was not supplied by a previous stacked module or got not requested from the user\&. The first error can happen if \fBuse_authtok\fR is specified\&. .RE .PP PAM_SERVICE_ERR .RS 4 A internal error occurred\&. .RE .SH "EXAMPLES" .PP For an example of the use of this module, we show how it may be stacked with the password component of \fBpam_unix\fR(8) .sp .if n \{\ .RS 4 .\} .nf # # These lines stack two password type modules\&. In this example the # user is given 3 opportunities to enter a strong password\&. The # "use_authtok" argument ensures that the pam_unix module does not # prompt for a password, but instead uses the one provided by # pam_cracklib\&. # passwd password required pam_cracklib\&.so retry=3 passwd password required pam_unix\&.so use_authtok .fi .if n \{\ .RE .\} .PP Another example (in the /etc/pam\&.d/passwd format) is for the case that you want to use md5 password encryption: .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 # # These lines allow a md5 systems to support passwords of at least 14 # bytes with extra credit of 2 for digits and 2 for others the new # password must have at least three bytes that are not present in the # old password # password required pam_cracklib\&.so \e difok=3 minlen=15 dcredit= 2 ocredit=2 password required pam_unix\&.so use_authtok nullok md5 .fi .if n \{\ .RE .\} .PP And here is another example in case you don\*(Aqt want to use credits: .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 # # These lines require the user to select a password with a minimum # length of 8 and with at least 1 digit number, 1 upper case letter, # and 1 other character # password required pam_cracklib\&.so \e dcredit=\-1 ucredit=\-1 ocredit=\-1 lcredit=0 minlen=8 password required pam_unix\&.so use_authtok nullok md5 .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_cracklib was written by Cristian Gafton pam/modules/pam_cracklib/pam_cracklib.8.xml0000644000000000000000000005016513261244762016115 0ustar pam_cracklib 8 Linux-PAM Manual pam_cracklib PAM module to check the password against dictionary words pam_cracklib.so ... DESCRIPTION This module can be plugged into the password stack of a given application to provide some plug-in strength-checking for passwords. The action of this module is to prompt the user for a password and check its strength against a system dictionary and a set of rules for identifying poor choices. The first action is to prompt for a single password, check its strength and then, if it is considered strong, prompt for the password a second time (to verify that it was typed correctly on the first occasion). All being well, the password is passed on to subsequent modules to be installed as the new authentication token. The strength checks works in the following manner: at first the Cracklib routine is called to check if the password is part of a dictionary; if this is not the case an additional set of strength checks is done. These checks are: Palindrome Is the new password a palindrome? Case Change Only Is the new password the the old one with only a change of case? Similar Is the new password too much like the old one? This is primarily controlled by one argument, which is a number of character changes (inserts, removals, or replacements) between the old and new password that are enough to accept the new password. This defaults to 5 changes. Simple Is the new password too small? This is controlled by 6 arguments , , , , , and . See the section on the arguments for the details of how these work and there defaults. Rotated Is the new password a rotated version of the old password? Same consecutive characters Optional check for same consecutive characters. Too long monotonic character sequence Optional check for too long monotonic character sequence. Contains user name Optional check whether the password contains the user's name in some form. This module with no arguments will work well for standard unix password encryption. With md5 encryption, passwords can be longer than 8 characters and the default settings for this module can make it hard for the user to choose a satisfactory new password. Notably, the requirement that the new password contain no more than 1/2 of the characters in the old password becomes a non-trivial constraint. For example, an old password of the form "the quick brown fox jumped over the lazy dogs" would be difficult to change... In addition, the default action is to allow passwords as small as 5 characters in length. For a md5 systems it can be a good idea to increase the required minimum size of a password. One can then allow more credit for different kinds of characters but accept that the new password may share most of these characters with the old password. OPTIONS This option makes the module write information to syslog3 indicating the behavior of the module (this option does not write password information to the log file). The default action is for the module to use the following prompts when requesting passwords: "New UNIX password: " and "Retype UNIX password: ". The example word UNIX can be replaced with this option, by default it is empty. Prompt user at most N times before returning with error. The default is 1. This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password. The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 which is good for a old style UNIX password all of the same type of character but may be too low to exploit the added security of a md5 system. Note that there is a pair of length limits in Cracklib itself, a "way too short" limit of 4 which is hard coded in and a defined limit (6) that will be checked without reference to . If you want to allow passwords as short as 5 characters you should not use this module. (N >= 0) This is the maximum credit for having digits in the new password. If you have less than or N digits, each digit will count +1 towards meeting the current value. The default for is 1 which is the recommended value for less than 10. (N < 0) This is the minimum number of digits that must be met for a new password. (N >= 0) This is the maximum credit for having upper case letters in the new password. If you have less than or N upper case letters each letter will count +1 towards meeting the current value. The default for is 1 which is the recommended value for less than 10. (N < 0) This is the minimum number of upper case letters that must be met for a new password. (N >= 0) This is the maximum credit for having lower case letters in the new password. If you have less than or N lower case letters, each letter will count +1 towards meeting the current value. The default for is 1 which is the recommended value for less than 10. (N < 0) This is the minimum number of lower case letters that must be met for a new password. (N >= 0) This is the maximum credit for having other characters in the new password. If you have less than or N other characters, each character will count +1 towards meeting the current value. The default for is 1 which is the recommended value for less than 10. (N < 0) This is the minimum number of other characters that must be met for a new password. The minimum number of required classes of characters for the new password. The default number is zero. The four classes are digits, upper and lower letters and other characters. The difference to the check is that a specific class if of characters is not required. Instead N out of four of the classes are required. Reject passwords which contain more than N same consecutive characters. The default is 0 which means that this check is disabled. Reject passwords which contain monotonic character sequences longer than N. The default is 0 which means that this check is disabled. Examples of such sequence are '12345' or 'fedcb'. Note that most such passwords will not pass the simplicity check unless the sequence is only a minor part of the password. Reject passwords which contain more than N consecutive characters of the same class. The default is 0 which means that this check is disabled. Check whether the name of the user in straight or reversed form is contained in the new password. If it is found the new password is rejected. Check whether the words from the GECOS field (usualy full name of the user) longer than 3 characters in straight or reversed form are contained in the new password. If any such word is found the new password is rejected. The module will return error on failed check also if the user changing the password is root. This option is off by default which means that just the message about the failed check is printed but root can change the password anyway. Note that root is not asked for an old password so the checks that compare the old and new password are not performed. This argument is used to force the module to not prompt the user for a new password but use the one provided by the previously stacked password module. Path to the cracklib dictionaries. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS The new password passes all checks. PAM_AUTHTOK_ERR No new password was entered, the username could not be determined or the new password fails the strength checks. PAM_AUTHTOK_RECOVERY_ERR The old password was not supplied by a previous stacked module or got not requested from the user. The first error can happen if is specified. PAM_SERVICE_ERR A internal error occurred. EXAMPLES For an example of the use of this module, we show how it may be stacked with the password component of pam_unix8 # # These lines stack two password type modules. In this example the # user is given 3 opportunities to enter a strong password. The # "use_authtok" argument ensures that the pam_unix module does not # prompt for a password, but instead uses the one provided by # pam_cracklib. # passwd password required pam_cracklib.so retry=3 passwd password required pam_unix.so use_authtok Another example (in the /etc/pam.d/passwd format) is for the case that you want to use md5 password encryption: #%PAM-1.0 # # These lines allow a md5 systems to support passwords of at least 14 # bytes with extra credit of 2 for digits and 2 for others the new # password must have at least three bytes that are not present in the # old password # password required pam_cracklib.so \ difok=3 minlen=15 dcredit= 2 ocredit=2 password required pam_unix.so use_authtok nullok md5 And here is another example in case you don't want to use credits: #%PAM-1.0 # # These lines require the user to select a password with a minimum # length of 8 and with at least 1 digit number, 1 upper case letter, # and 1 other character # password required pam_cracklib.so \ dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=8 password required pam_unix.so use_authtok nullok md5 SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_cracklib was written by Cristian Gafton <gafton@redhat.com> pam/modules/pam_cracklib/pam_cracklib.c0000644000000000000000000005773013261244762015376 0ustar /* * pam_cracklib module */ /* * 0.9. switch to using a distance algorithm in similar() * 0.86. added support for setting minimum numbers of digits, uppers, * lowers, and others * 0.85. added six new options to use this with long passwords. * 0.8. tidied output and improved D(()) usage for debugging. * 0.7. added support for more obscure checks for new passwd. * 0.6. root can reset user passwd to any values (it's only warned) * 0.5. supports retries - 'retry=N' argument * 0.4. added argument 'type=XXX' for 'New XXX password' prompt * 0.3. Added argument 'debug' * 0.2. new password is feeded to cracklib for verify after typed once * 0.1. First release */ /* * Written by Cristian Gafton 1996/09/10 * Long password support by Philip W. Dalrymple 1997/07/18 * See the end of the file for Copyright Information * * Modification for long password systems (>8 chars). The original * module had problems when used in a md5 password system in that it * allowed too short passwords but required that at least half of the * bytes in the new password did not appear in the old one. this * action is still the default and the changes should not break any * current user. This modification adds 6 new options, one to set the * number of bytes in the new password that are not in the old one, * the other five to control the length checking, these are all * documented (or will be before anyone else sees this code) in the PAM * S.A.G. in the section on the cracklib module. */ #include "config.h" #include #ifdef HAVE_LIBXCRYPT # include #elif defined(HAVE_CRYPT_H) # include #endif #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_CRACK_H #include #else extern char *FascistCheck(char *pw, const char *dictpath); #endif #ifndef CRACKLIB_DICTS #define CRACKLIB_DICTS NULL #endif /* For Translators: "%s%s" could be replaced with " " or "". */ #define PROMPT1 _("New %s%spassword: ") /* For Translators: "%s%s" could be replaced with " " or "". */ #define PROMPT2 _("Retype new %s%spassword: ") #define MISTYPED_PASS _("Sorry, passwords do not match.") #ifdef MIN #undef MIN #endif #define MIN(_a, _b) (((_a) < (_b)) ? (_a) : (_b)) /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_PASSWORD #include #include #include /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 struct cracklib_options { int retry_times; int diff_ok; int min_length; int dig_credit; int up_credit; int low_credit; int oth_credit; int min_class; int max_repeat; int max_sequence; int max_class_repeat; int reject_user; int gecos_check; int enforce_for_root; const char *cracklib_dictpath; }; #define CO_RETRY_TIMES 1 #define CO_DIFF_OK 5 #define CO_MIN_LENGTH 9 # define CO_MIN_LENGTH_BASE 5 #define CO_DIG_CREDIT 1 #define CO_UP_CREDIT 1 #define CO_LOW_CREDIT 1 #define CO_OTH_CREDIT 1 #define CO_MIN_WORD_LENGTH 4 static int _pam_parse (pam_handle_t *pamh, struct cracklib_options *opt, int argc, const char **argv) { int ctrl=0; /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { char *ep = NULL; /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"type=",5)) pam_set_item (pamh, PAM_AUTHTOK_TYPE, *argv+5); else if (!strncmp(*argv,"retry=",6)) { opt->retry_times = strtol(*argv+6,&ep,10); if (!ep || (opt->retry_times < 1)) opt->retry_times = CO_RETRY_TIMES; } else if (!strncmp(*argv,"difok=",6)) { opt->diff_ok = strtol(*argv+6,&ep,10); if (!ep || (opt->diff_ok < 0)) opt->diff_ok = CO_DIFF_OK; } else if (!strncmp(*argv,"difignore=",10)) { /* just ignore */ } else if (!strncmp(*argv,"minlen=",7)) { opt->min_length = strtol(*argv+7,&ep,10); if (!ep || (opt->min_length < CO_MIN_LENGTH_BASE)) opt->min_length = CO_MIN_LENGTH_BASE; } else if (!strncmp(*argv,"dcredit=",8)) { opt->dig_credit = strtol(*argv+8,&ep,10); if (!ep) opt->dig_credit = 0; } else if (!strncmp(*argv,"ucredit=",8)) { opt->up_credit = strtol(*argv+8,&ep,10); if (!ep) opt->up_credit = 0; } else if (!strncmp(*argv,"lcredit=",8)) { opt->low_credit = strtol(*argv+8,&ep,10); if (!ep) opt->low_credit = 0; } else if (!strncmp(*argv,"ocredit=",8)) { opt->oth_credit = strtol(*argv+8,&ep,10); if (!ep) opt->oth_credit = 0; } else if (!strncmp(*argv,"minclass=",9)) { opt->min_class = strtol(*argv+9,&ep,10); if (!ep) opt->min_class = 0; if (opt->min_class > 4) opt->min_class = 4; } else if (!strncmp(*argv,"maxrepeat=",10)) { opt->max_repeat = strtol(*argv+10,&ep,10); if (!ep) opt->max_repeat = 0; } else if (!strncmp(*argv,"maxsequence=",12)) { opt->max_sequence = strtol(*argv+12,&ep,10); if (!ep) opt->max_sequence = 0; } else if (!strncmp(*argv,"maxclassrepeat=",15)) { opt->max_class_repeat = strtol(*argv+15,&ep,10); if (!ep) opt->max_class_repeat = 0; } else if (!strncmp(*argv,"reject_username",15)) { opt->reject_user = 1; } else if (!strncmp(*argv,"gecoscheck",10)) { opt->gecos_check = 1; } else if (!strncmp(*argv,"enforce_for_root",16)) { opt->enforce_for_root = 1; } else if (!strncmp(*argv,"authtok_type",12)) { /* for pam_get_authtok, ignore */; } else if (!strncmp(*argv,"use_authtok",11)) { /* for pam_get_authtok, ignore */; } else if (!strncmp(*argv,"use_first_pass",14)) { /* for pam_get_authtok, ignore */; } else if (!strncmp(*argv,"try_first_pass",14)) { /* for pam_get_authtok, ignore */; } else if (!strncmp(*argv,"dictpath=",9)) { opt->cracklib_dictpath = *argv+9; if (!*(opt->cracklib_dictpath)) { opt->cracklib_dictpath = CRACKLIB_DICTS; } } else { pam_syslog(pamh,LOG_ERR,"pam_parse: unknown option; %s",*argv); } } return ctrl; } /* Helper functions */ /* * can't be a palindrome - like `R A D A R' or `M A D A M' */ static int palindrome(const char *new) { int i, j; i = strlen (new); for (j = 0;j < i;j++) if (new[i - j - 1] != new[j]) return 0; return 1; } /* * Calculate how different two strings are in terms of the number of * character removals, additions, and changes needed to go from one to * the other */ static int distdifferent(const char *old, const char *new, size_t i, size_t j) { char c, d; if ((i == 0) || (strlen(old) < i)) { c = 0; } else { c = old[i - 1]; } if ((j == 0) || (strlen(new) < j)) { d = 0; } else { d = new[j - 1]; } return (c != d); } static int distcalculate(int **distances, const char *old, const char *new, size_t i, size_t j) { int tmp = 0; if (distances[i][j] != -1) { return distances[i][j]; } tmp = distcalculate(distances, old, new, i - 1, j - 1); tmp = MIN(tmp, distcalculate(distances, old, new, i, j - 1)); tmp = MIN(tmp, distcalculate(distances, old, new, i - 1, j)); tmp += distdifferent(old, new, i, j); distances[i][j] = tmp; return tmp; } static int distance(const char *old, const char *new) { int **distances = NULL; size_t m, n, i, j, r; m = strlen(old); n = strlen(new); distances = malloc(sizeof(int*) * (m + 1)); for (i = 0; i <= m; i++) { distances[i] = malloc(sizeof(int) * (n + 1)); for(j = 0; j <= n; j++) { distances[i][j] = -1; } } for (i = 0; i <= m; i++) { distances[i][0] = i; } for (j = 0; j <= n; j++) { distances[0][j] = j; } distances[0][0] = 0; r = distcalculate(distances, old, new, m, n); for (i = 0; i <= m; i++) { memset(distances[i], 0, sizeof(int) * (n + 1)); free(distances[i]); } free(distances); return r; } static int similar(struct cracklib_options *opt, const char *old, const char *new) { if (distance(old, new) >= opt->diff_ok) { return 0; } if (strlen(new) >= (strlen(old) * 2)) { return 0; } /* passwords are too similar */ return 1; } /* * enough classes of charecters */ static int minclass (struct cracklib_options *opt, const char *new) { int digits = 0; int uppers = 0; int lowers = 0; int others = 0; int total_class; int i; int retval; D(( "called" )); for (i = 0; new[i]; i++) { if (isdigit (new[i])) digits = 1; else if (isupper (new[i])) uppers = 1; else if (islower (new[i])) lowers = 1; else others = 1; } total_class = digits + uppers + lowers + others; D (("total class: %d\tmin_class: %d", total_class, opt->min_class)); if (total_class >= opt->min_class) retval = 0; else retval = 1; return retval; } /* * a nice mix of characters. */ static int simple(struct cracklib_options *opt, const char *new) { int digits = 0; int uppers = 0; int lowers = 0; int others = 0; int size; int i; enum { NONE, DIGIT, UCASE, LCASE, OTHER } prevclass = NONE; int sameclass = 0; for (i = 0;new[i];i++) { if (isdigit (new[i])) { digits++; if (prevclass != DIGIT) { prevclass = DIGIT; sameclass = 1; } else sameclass++; } else if (isupper (new[i])) { uppers++; if (prevclass != UCASE) { prevclass = UCASE; sameclass = 1; } else sameclass++; } else if (islower (new[i])) { lowers++; if (prevclass != LCASE) { prevclass = LCASE; sameclass = 1; } else sameclass++; } else { others++; if (prevclass != OTHER) { prevclass = OTHER; sameclass = 1; } else sameclass++; } if (opt->max_class_repeat > 1 && sameclass > opt->max_class_repeat) { return 1; } } /* * The scam was this - a password of only one character type * must be 8 letters long. Two types, 7, and so on. * This is now changed, the base size and the credits or defaults * see the docs on the module for info on these parameters, the * defaults cause the effect to be the same as before the change */ if ((opt->dig_credit >= 0) && (digits > opt->dig_credit)) digits = opt->dig_credit; if ((opt->up_credit >= 0) && (uppers > opt->up_credit)) uppers = opt->up_credit; if ((opt->low_credit >= 0) && (lowers > opt->low_credit)) lowers = opt->low_credit; if ((opt->oth_credit >= 0) && (others > opt->oth_credit)) others = opt->oth_credit; size = opt->min_length; if (opt->dig_credit >= 0) size -= digits; else if (digits < opt->dig_credit * -1) return 1; if (opt->up_credit >= 0) size -= uppers; else if (uppers < opt->up_credit * -1) return 1; if (opt->low_credit >= 0) size -= lowers; else if (lowers < opt->low_credit * -1) return 1; if (opt->oth_credit >= 0) size -= others; else if (others < opt->oth_credit * -1) return 1; if (size <= i) return 0; return 1; } static int consecutive(struct cracklib_options *opt, const char *new) { char c; int i; int same; if (opt->max_repeat == 0) return 0; for (i = 0; new[i]; i++) { if (i > 0 && new[i] == c) { ++same; if (same > opt->max_repeat) return 1; } else { c = new[i]; same = 1; } } return 0; } static int sequence(struct cracklib_options *opt, const char *new) { char c; int i; int sequp = 1; int seqdown = 1; if (opt->max_sequence == 0) return 0; if (new[0] == '\0') return 0; for (i = 1; new[i]; i++) { c = new[i-1]; if (new[i] == c+1) { ++sequp; if (sequp > opt->max_sequence) return 1; seqdown = 1; } else if (new[i] == c-1) { ++seqdown; if (seqdown > opt->max_sequence) return 1; sequp = 1; } else { sequp = 1; seqdown = 1; } } return 0; } static int wordcheck(const char *new, char *word) { char *f, *b; if (strstr(new, word) != NULL) return 1; /* now reverse the word, we can do that in place as it is strdup-ed */ f = word; b = word+strlen(word)-1; while (f < b) { char c; c = *f; *f = *b; *b = c; --b; ++f; } if (strstr(new, word) != NULL) return 1; return 0; } static int usercheck(struct cracklib_options *opt, const char *new, char *user) { if (!opt->reject_user) return 0; return wordcheck(new, user); } static char * str_lower(char *string) { char *cp; if (!string) return NULL; for (cp = string; *cp; cp++) *cp = tolower(*cp); return string; } static int gecoscheck(pam_handle_t *pamh, struct cracklib_options *opt, const char *new, const char *user) { struct passwd *pwd; char *list; char *p; char *next; if (!opt->gecos_check) return 0; if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) { return 0; } list = strdup(pwd->pw_gecos); if (list == NULL || *list == '\0') { free(list); return 0; } for (p = list;;p = next + 1) { next = strchr(p, ' '); if (next) *next = '\0'; if (strlen(p) >= CO_MIN_WORD_LENGTH) { str_lower(p); if (wordcheck(new, p)) { free(list); return 1; } } if (!next) break; } free(list); return 0; } static const char *password_check(pam_handle_t *pamh, struct cracklib_options *opt, const char *old, const char *new, const char *user) { const char *msg = NULL; char *oldmono = NULL, *newmono, *wrapped = NULL; char *usermono = NULL; if (old && strcmp(new, old) == 0) { msg = _("is the same as the old one"); return msg; } newmono = str_lower(x_strdup(new)); if (!newmono) msg = _("memory allocation error"); usermono = str_lower(x_strdup(user)); if (!usermono) msg = _("memory allocation error"); if (!msg && old) { oldmono = str_lower(x_strdup(old)); if (oldmono) wrapped = malloc(strlen(oldmono) * 2 + 1); if (wrapped) { strcpy (wrapped, oldmono); strcat (wrapped, oldmono); } else { msg = _("memory allocation error"); } } if (!msg && palindrome(newmono)) msg = _("is a palindrome"); if (!msg && oldmono && strcmp(oldmono, newmono) == 0) msg = _("case changes only"); if (!msg && oldmono && similar(opt, oldmono, newmono)) msg = _("is too similar to the old one"); if (!msg && simple(opt, new)) msg = _("is too simple"); if (!msg && wrapped && strstr(wrapped, newmono)) msg = _("is rotated"); if (!msg && minclass (opt, new)) msg = _("not enough character classes"); if (!msg && consecutive(opt, new)) msg = _("contains too many same characters consecutively"); if (!msg && sequence(opt, new)) msg = _("contains too long of a monotonic character sequence"); if (!msg && (usercheck(opt, newmono, usermono) || gecoscheck(pamh, opt, newmono, user))) msg = _("contains the user name in some form"); free(usermono); if (newmono) { memset(newmono, 0, strlen(newmono)); free(newmono); } if (oldmono) { memset(oldmono, 0, strlen(oldmono)); free(oldmono); } if (wrapped) { memset(wrapped, 0, strlen(wrapped)); free(wrapped); } return msg; } static int _pam_unix_approve_pass(pam_handle_t *pamh, unsigned int ctrl, struct cracklib_options *opt, const char *pass_old, const char *pass_new) { const char *msg = NULL; const char *user; int retval; if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "bad authentication token"); pam_error(pamh, "%s", pass_new == NULL ? _("No password supplied"):_("Password unchanged")); return PAM_AUTHTOK_ERR; } retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS || user == NULL) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_ERR,"Can not get username"); return PAM_AUTHTOK_ERR; } /* * if one wanted to hardwire authentication token strength * checking this would be the place */ msg = password_check(pamh, opt, pass_old, pass_new, user); if (msg) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_NOTICE, "new passwd fails strength check: %s", msg); pam_error(pamh, _("BAD PASSWORD: %s"), msg); return PAM_AUTHTOK_ERR; }; return PAM_SUCCESS; } /* The Main Thing (by Cristian Gafton, CEO at this module :-) * (stolen from http://home.netscape.com) */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { unsigned int ctrl; struct cracklib_options options; D(("called.")); memset(&options, 0, sizeof(options)); options.retry_times = CO_RETRY_TIMES; options.diff_ok = CO_DIFF_OK; options.min_length = CO_MIN_LENGTH; options.dig_credit = CO_DIG_CREDIT; options.up_credit = CO_UP_CREDIT; options.low_credit = CO_LOW_CREDIT; options.oth_credit = CO_OTH_CREDIT; options.cracklib_dictpath = CRACKLIB_DICTS; ctrl = _pam_parse(pamh, &options, argc, argv); if (flags & PAM_PRELIM_CHECK) { /* Check for passwd dictionary */ /* We cannot do that, since the original path is compiled into the cracklib library and we don't know it. */ return PAM_SUCCESS; } else if (flags & PAM_UPDATE_AUTHTOK) { int retval; const void *oldtoken; int tries; D(("do update")); retval = pam_get_item (pamh, PAM_OLDAUTHTOK, &oldtoken); if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_ERR,"Can not get old passwd"); oldtoken = NULL; } tries = 0; while (tries < options.retry_times) { const char *crack_msg; const char *newtoken = NULL; tries++; /* Planned modus operandi: * Get a passwd. * Verify it against cracklib. * If okay get it a second time. * Check to be the same with the first one. * set PAM_AUTHTOK and return */ retval = pam_get_authtok_noverify (pamh, &newtoken, NULL); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s", pam_strerror (pamh, retval)); continue; } else if (newtoken == NULL) { /* user aborted password change, quit */ return PAM_AUTHTOK_ERR; } D(("testing password")); /* now test this passwd against cracklib */ D(("against cracklib")); if ((crack_msg = FascistCheck (newtoken, options.cracklib_dictpath))) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh,LOG_DEBUG,"bad password: %s",crack_msg); pam_error (pamh, _("BAD PASSWORD: %s"), crack_msg); if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { pam_set_item (pamh, PAM_AUTHTOK, NULL); retval = PAM_AUTHTOK_ERR; continue; } } /* check it for strength too... */ D(("for strength")); retval = _pam_unix_approve_pass (pamh, ctrl, &options, oldtoken, newtoken); if (retval != PAM_SUCCESS) { if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { pam_set_item(pamh, PAM_AUTHTOK, NULL); retval = PAM_AUTHTOK_ERR; continue; } } retval = pam_get_authtok_verify (pamh, &newtoken, NULL); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s", pam_strerror (pamh, retval)); pam_set_item(pamh, PAM_AUTHTOK, NULL); continue; } else if (newtoken == NULL) { /* user aborted password change, quit */ return PAM_AUTHTOK_ERR; } return PAM_SUCCESS; } D(("returning because maxtries reached")); pam_set_item (pamh, PAM_AUTHTOK, NULL); /* if we have only one try, we can use the real reason, else say that there were too many tries. */ if (options.retry_times > 1) return PAM_MAXTRIES; else return retval; } else { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_NOTICE, "UNKNOWN flags setting %02X",flags); return PAM_SERVICE_ERR; } /* Not reached */ return PAM_SERVICE_ERR; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_cracklib_modstruct = { "pam_cracklib", NULL, NULL, NULL, NULL, NULL, pam_sm_chauthtok }; #endif /* * Copyright (c) Cristian Gafton , 1996. * All rights reserved * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * * The following copyright was appended for the long password support * added with the libpam 0.58 release: * * Modificaton Copyright (c) Philip W. Dalrymple III * 1997. All rights reserved * * THE MODIFICATION THAT PROVIDES SUPPORT FOR LONG PASSWORD TYPE CHECKING TO * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ pam/modules/pam_cracklib/tst-pam_cracklib0000755000000000000000000000006713261244762015757 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_cracklib.so pam/modules/pam_debug/0000755000000000000000000000000013261244762012123 5ustar pam/modules/pam_debug/Makefile.am0000644000000000000000000000134313261244762014160 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug man_MANS = pam_debug.8 XMLS = README.xml pam_debug.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_debug.la pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la TESTS = tst-pam_debug if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_debug.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_debug/Makefile.in0000644000000000000000000006007513261244762014200 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_debug DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_debug_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_debug_la_SOURCES = pam_debug.c pam_debug_la_OBJECTS = pam_debug.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_debug.c DIST_SOURCES = pam_debug.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_debug man_MANS = pam_debug.8 XMLS = README.xml pam_debug.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_debug.la pam_debug_la_LIBADD = $(top_builddir)/libpam/libpam.la TESTS = tst-pam_debug @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_debug/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_debug/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_debug.la: $(pam_debug_la_OBJECTS) $(pam_debug_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_debug_la_OBJECTS) $(pam_debug_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_debug.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_debug.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_debug/README0000644000000000000000000000371313261244762013007 0ustar pam_debug — PAM module to debug the PAM stack â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating. This module returns what its module arguments tell it to return. OPTIONS auth=value The pam_sm_authenticate(3) function will return value. cred=value The pam_sm_setcred(3) function will return value. acct=value The pam_sm_acct_mgmt(3) function will return value. prechauthtok=value The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK flag is set. chauthtok=value The pam_sm_chauthtok(3) function will return value if the PAM_PRELIM_CHECK flag is not set. open_session=value The pam_sm_open_session(3) function will return value. close_session=value The pam_sm_close_session(3) function will return value. Where value can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete. EXAMPLES auth requisite pam_permit.so auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success auth [default=reset] pam_debug.so auth=success cred=perm_denied auth [success=done default=die] pam_debug.so auth optional pam_debug.so auth=perm_denied cred=perm_denied auth sufficient pam_debug.so auth=success cred=success AUTHOR pam_debug was written by Andrew G. Morgan . pam/modules/pam_debug/README.xml0000644000000000000000000000220213261244762013576 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_debug.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_debug-name"]/*)'/>
pam/modules/pam_debug/pam_debug.80000644000000000000000000000760013261244762014142 0ustar '\" t .\" Title: pam_debug .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_DEBUG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_debug \- PAM module to debug the PAM stack .SH "SYNOPSIS" .HP \w'\fBpam_debug\&.so\fR\ 'u \fBpam_debug\&.so\fR [auth=\fIvalue\fR] [cred=\fIvalue\fR] [acct=\fIvalue\fR] [prechauthtok=\fIvalue\fR] [chauthtok=\fIvalue\fR] [auth=\fIvalue\fR] [open_session=\fIvalue\fR] [close_session=\fIvalue\fR] .SH "DESCRIPTION" .PP The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating\&. This module returns what its module arguments tell it to return\&. .SH "OPTIONS" .PP \fBauth=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_authenticate\fR(3) function will return \fIvalue\fR\&. .RE .PP \fBcred=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_setcred\fR(3) function will return \fIvalue\fR\&. .RE .PP \fBacct=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_acct_mgmt\fR(3) function will return \fIvalue\fR\&. .RE .PP \fBprechauthtok=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_chauthtok\fR(3) function will return \fIvalue\fR if the \fIPAM_PRELIM_CHECK\fR flag is set\&. .RE .PP \fBchauthtok=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_chauthtok\fR(3) function will return \fIvalue\fR if the \fIPAM_PRELIM_CHECK\fR flag is \fBnot\fR set\&. .RE .PP \fBopen_session=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_open_session\fR(3) function will return \fIvalue\fR\&. .RE .PP \fBclose_session=\fR\fB\fIvalue\fR\fR .RS 4 The \fBpam_sm_close_session\fR(3) function will return \fIvalue\fR\&. .RE .PP Where \fIvalue\fR can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete\&. .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Default return code if no other value was specified, else specified return value\&. .RE .SH "EXAMPLES" .sp .if n \{\ .RS 4 .\} .nf auth requisite pam_permit\&.so auth [success=2 default=ok] pam_debug\&.so auth=perm_denied cred=success auth [default=reset] pam_debug\&.so auth=success cred=perm_denied auth [success=done default=die] pam_debug\&.so auth optional pam_debug\&.so auth=perm_denied cred=perm_denied auth sufficient pam_debug\&.so auth=success cred=success .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_debug was written by Andrew G\&. Morgan \&. pam/modules/pam_debug/pam_debug.8.xml0000644000000000000000000001611213261244762014737 0ustar pam_debug 8 Linux-PAM Manual pam_debug PAM module to debug the PAM stack pam_debug.so auth=value cred=value acct=value prechauthtok=value chauthtok=value auth=value open_session=value close_session=value DESCRIPTION The pam_debug PAM module is intended as a debugging aide for determining how the PAM stack is operating. This module returns what its module arguments tell it to return. OPTIONS The pam_sm_authenticate3 function will return value. The pam_sm_setcred3 function will return value. The pam_sm_acct_mgmt3 function will return value. The pam_sm_chauthtok3 function will return value if the PAM_PRELIM_CHECK flag is set. The pam_sm_chauthtok3 function will return value if the PAM_PRELIM_CHECK flag is not set. The pam_sm_open_session3 function will return value. The pam_sm_close_session3 function will return value. Where value can be one of: success, open_err, symbol_err, service_err, system_err, buf_err, perm_denied, auth_err, cred_insufficient, authinfo_unavail, user_unknown, maxtries, new_authtok_reqd, acct_expired, session_err, cred_unavail, cred_expired, cred_err, no_module_data, conv_err, authtok_err, authtok_recover_err, authtok_lock_busy, authtok_disable_aging, try_again, ignore, abort, authtok_expired, module_unknown, bad_item, conv_again, incomplete. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_SUCCESS Default return code if no other value was specified, else specified return value. EXAMPLES auth requisite pam_permit.so auth [success=2 default=ok] pam_debug.so auth=perm_denied cred=success auth [default=reset] pam_debug.so auth=success cred=perm_denied auth [success=done default=die] pam_debug.so auth optional pam_debug.so auth=perm_denied cred=perm_denied auth sufficient pam_debug.so auth=success cred=success SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_debug was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_debug/pam_debug.c0000644000000000000000000000723613261244762014222 0ustar /* pam_permit module */ /* * $Id$ * * Written by Andrew Morgan 2001/02/04 * */ #define DEFAULT_USER "nobody" #include "config.h" #include /* * This module is intended as a debugging aide for determining how * the PAM stack is operating. * * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #include #define _PAM_ACTION_UNDEF (-10) #include "../../libpam/pam_tokens.h" /* --- authentication management functions --- */ static int state(pam_handle_t *pamh, const char *text) { int retval; retval = pam_info (pamh, "%s", text); if (retval != PAM_SUCCESS) { D(("pam_info failed")); } return retval; } static int parse_args(int retval, const char *event, pam_handle_t *pamh, int argc, const char **argv) { int i; for (i=0; i # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny man_MANS = pam_deny.8 XMLS = README.xml pam_deny.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_deny.la pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_deny.8.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_deny pam/modules/pam_deny/Makefile.in0000644000000000000000000006003713261244762014047 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_deny DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_deny_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_deny_la_SOURCES = pam_deny.c pam_deny_la_OBJECTS = pam_deny.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_deny.c DIST_SOURCES = pam_deny.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_deny man_MANS = pam_deny.8 XMLS = README.xml pam_deny.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_deny.la pam_deny_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_deny all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_deny/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_deny/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_deny.la: $(pam_deny_la_OBJECTS) $(pam_deny_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_deny_la_OBJECTS) $(pam_deny_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_deny.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_deny.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_deny/README0000644000000000000000000000201313261244762012650 0ustar pam_deny — The locking-out PAM module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION This module can be used to deny access. It always indicates a failure to the application through the PAM framework. It might be suitable for using for default (the OTHER) entries. EXAMPLES #%PAM-1.0 # # If we don't have config entries for a service, the # OTHER entries are used. To be secure, warn and deny # access to everything. other auth required pam_warn.so other auth required pam_deny.so other account required pam_warn.so other account required pam_deny.so other password required pam_warn.so other password required pam_deny.so other session required pam_warn.so other session required pam_deny.so AUTHOR pam_deny was written by Andrew G. Morgan pam/modules/pam_deny/README.xml0000644000000000000000000000171013261244762013452 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_deny.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_deny-name"]/*)'/>
pam/modules/pam_deny/pam_deny.80000644000000000000000000000535213261244762013666 0ustar '\" t .\" Title: pam_deny .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_DENY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_deny \- The locking\-out PAM module .SH "SYNOPSIS" .HP \w'\fBpam_deny\&.so\fR\ 'u \fBpam_deny\&.so\fR .SH "DESCRIPTION" .PP This module can be used to deny access\&. It always indicates a failure to the application through the PAM framework\&. It might be suitable for using for default (the \fIOTHER\fR) entries\&. .SH "OPTIONS" .PP This module does not recognise any options\&. .SH "MODULE TYPES PROVIDED" .PP All module types (\fBaccount\fR, \fBauth\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP PAM_AUTH_ERR .RS 4 This is returned by the account and auth services\&. .RE .PP PAM_CRED_ERR .RS 4 This is returned by the setcred function\&. .RE .PP PAM_AUTHTOK_ERR .RS 4 This is returned by the password service\&. .RE .PP PAM_SESSION_ERR .RS 4 This is returned by the session service\&. .RE .SH "EXAMPLES" .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 # # If we don\*(Aqt have config entries for a service, the # OTHER entries are used\&. To be secure, warn and deny # access to everything\&. other auth required pam_warn\&.so other auth required pam_deny\&.so other account required pam_warn\&.so other account required pam_deny\&.so other password required pam_warn\&.so other password required pam_deny\&.so other session required pam_warn\&.so other session required pam_deny\&.so .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_deny was written by Andrew G\&. Morgan pam/modules/pam_deny/pam_deny.8.xml0000644000000000000000000000705413261244762014466 0ustar pam_deny 8 Linux-PAM Manual pam_deny The locking-out PAM module pam_deny.so DESCRIPTION This module can be used to deny access. It always indicates a failure to the application through the PAM framework. It might be suitable for using for default (the OTHER) entries. OPTIONS This module does not recognise any options. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_AUTH_ERR This is returned by the account and auth services. PAM_CRED_ERR This is returned by the setcred function. PAM_AUTHTOK_ERR This is returned by the password service. PAM_SESSION_ERR This is returned by the session service. EXAMPLES #%PAM-1.0 # # If we don't have config entries for a service, the # OTHER entries are used. To be secure, warn and deny # access to everything. other auth required pam_warn.so other auth required pam_deny.so other account required pam_warn.so other account required pam_deny.so other password required pam_warn.so other password required pam_deny.so other session required pam_warn.so other session required pam_deny.so SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_deny was written by Andrew G. Morgan <morgan@kernel.org> pam/modules/pam_deny/pam_deny.c0000644000000000000000000000357713261244762013750 0ustar /* pam_deny module */ /* * $Id$ * * Written by Andrew Morgan 1996/3/11 * */ /* * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #include "config.h" #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include /* --- authentication management functions --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_AUTH_ERR; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_CRED_ERR; } /* --- account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_AUTH_ERR; } /* --- password management --- */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_AUTHTOK_ERR; } /* --- session management --- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SESSION_ERR; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SESSION_ERR; } /* end of module definition */ /* static module data */ #ifdef PAM_STATIC struct pam_module _pam_deny_modstruct = { "pam_deny", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam/modules/pam_deny/tst-pam_deny0000755000000000000000000000006313261244762014325 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_deny.so pam/modules/pam_echo/0000755000000000000000000000000013261244762011753 5ustar pam/modules/pam_echo/Makefile.am0000644000000000000000000000133413261244762014010 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo man_MANS = pam_echo.8 XMLS = README.xml pam_echo.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_echo.la pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_echo.8.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_echo pam/modules/pam_echo/Makefile.in0000644000000000000000000006004613261244762014026 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_echo DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_echo_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_echo_la_SOURCES = pam_echo.c pam_echo_la_OBJECTS = pam_echo.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_echo.c DIST_SOURCES = pam_echo.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_echo man_MANS = pam_echo.8 XMLS = README.xml pam_echo.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_echo.la pam_echo_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_echo all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_echo/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_echo/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_echo.la: $(pam_echo_la_OBJECTS) $(pam_echo_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_echo_la_OBJECTS) $(pam_echo_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_echo.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_echo.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_echo/README0000644000000000000000000000211413261244762012631 0ustar pam_echo — PAM module for printing text messages â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_echo PAM module is for printing text messages to inform user about special things. Sequences starting with the % character are interpreted in the following way: %H The name of the remote host (PAM_RHOST). %h The name of the local host. %s The service name (PAM_SERVICE). %t The name of the controlling terminal (PAM_TTY). %U The remote user name (PAM_RUSER). %u The local user name (PAM_USER). All other sequences beginning with % expands to the characters following the % character. EXAMPLES For an example of the use of this module, we show how it may be used to print information about good passwords: password optional pam_echo.so file=/usr/share/doc/good-password.txt password required pam_unix.so AUTHOR Thorsten Kukuk pam/modules/pam_echo/README.xml0000644000000000000000000000171013261244762013431 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_echo.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_echo-name"]/*)'/>
pam/modules/pam_echo/pam_echo.80000644000000000000000000000567613261244762013635 0ustar '\" t .\" Title: pam_echo .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ECHO" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_echo \- PAM module for printing text messages .SH "SYNOPSIS" .HP \w'\fBpam_echo\&.so\fR\ 'u \fBpam_echo\&.so\fR [file=\fI/path/message\fR] .SH "DESCRIPTION" .PP The \fIpam_echo\fR PAM module is for printing text messages to inform user about special things\&. Sequences starting with the \fI%\fR character are interpreted in the following way: .PP \fI%H\fR .RS 4 The name of the remote host (PAM_RHOST)\&. .RE .PP \fI%h\fR .RS 4 The name of the local host\&. .RE .PP \fI%s\fR .RS 4 The service name (PAM_SERVICE)\&. .RE .PP \fI%t\fR .RS 4 The name of the controlling terminal (PAM_TTY)\&. .RE .PP \fI%U\fR .RS 4 The remote user name (PAM_RUSER)\&. .RE .PP \fI%u\fR .RS 4 The local user name (PAM_USER)\&. .RE .PP All other sequences beginning with \fI%\fR expands to the characters following the \fI%\fR character\&. .SH "OPTIONS" .PP \fBfile=\fR\fB\fI/path/message\fR\fR .RS 4 The content of the file /path/message will be printed with the PAM conversion function as PAM_TEXT_INFO\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SUCCESS .RS 4 Message was successful printed\&. .RE .PP PAM_IGNORE .RS 4 PAM_SILENT flag was given or message file does not exist, no message printed\&. .RE .SH "EXAMPLES" .PP For an example of the use of this module, we show how it may be used to print information about good passwords: .sp .if n \{\ .RS 4 .\} .nf password optional pam_echo\&.so file=/usr/share/doc/good\-password\&.txt password required pam_unix\&.so .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(8), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP Thorsten Kukuk pam/modules/pam_echo/pam_echo.8.xml0000644000000000000000000001144413261244762014422 0ustar pam_echo 8 Linux-PAM Manual pam_echo PAM module for printing text messages pam_echo.so file=/path/message DESCRIPTION The pam_echo PAM module is for printing text messages to inform user about special things. Sequences starting with the % character are interpreted in the following way: %H The name of the remote host (PAM_RHOST). %h The name of the local host. %s The service name (PAM_SERVICE). %t The name of the controlling terminal (PAM_TTY). %U The remote user name (PAM_RUSER). %u The local user name (PAM_USER). All other sequences beginning with % expands to the characters following the % character. OPTIONS The content of the file /path/message will be printed with the PAM conversion function as PAM_TEXT_INFO. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_SUCCESS Message was successful printed. PAM_IGNORE PAM_SILENT flag was given or message file does not exist, no message printed. EXAMPLES For an example of the use of this module, we show how it may be used to print information about good passwords: password optional pam_echo.so file=/usr/share/doc/good-password.txt password required pam_unix.so SEE ALSO pam.conf8 , pam.d5 , pam8 AUTHOR Thorsten Kukuk <kukuk@thkukuk.de> pam/modules/pam_echo/pam_echo.c0000644000000000000000000001450313261244762013675 0ustar /* * Copyright (c) 2005, 2006 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #if defined(HAVE_CONFIG_H) #include "config.h" #endif #include #include #include #include #include #include #include #include #include #include #ifndef HOST_NAME_MAX #define HOST_NAME_MAX 255 #endif #define PAM_SM_ACCOUNT #define PAM_SM_AUTH #define PAM_SM_PASSWORD #define PAM_SM_SESSION #include #include #include #include static int replace_and_print (pam_handle_t *pamh, const char *mesg) { char *output; size_t length = strlen (mesg) + PAM_MAX_MSG_SIZE; char myhostname[HOST_NAME_MAX+1]; const void *str = NULL; const char *p, *q; int item; size_t len; output = malloc (length); if (output == NULL) { pam_syslog (pamh, LOG_ERR, "running out of memory"); return PAM_BUF_ERR; } for (p = mesg, len = 0; *p != '\0' && len < length - 1; ++p) { if (*p != '%' || p[1] == '\0') { output[len++] = *p; continue; } switch (*++p) { case 'H': item = PAM_RHOST; break; case 'h': item = -2; /* aka PAM_LOCALHOST */ break; case 's': item = PAM_SERVICE; break; case 't': item = PAM_TTY; break; case 'U': item = PAM_RUSER; break; case 'u': item = PAM_USER; break; default: output[len++] = *p; continue; } if (item == -2) { if (gethostname (myhostname, sizeof (myhostname)) == -1) str = NULL; else str = &myhostname; } else { if (pam_get_item (pamh, item, &str) != PAM_SUCCESS) str = NULL; } if (str == NULL) str = "(null)"; for (q = str; *q != '\0' && len < length - 1; ++q) output[len++] = *q; } output[len] = '\0'; pam_info (pamh, "%s", output); free (output); return PAM_SUCCESS; } static int pam_echo (pam_handle_t *pamh, int flags, int argc, const char **argv) { int fd; int orig_argc = argc; const char **orig_argv = argv; const char *file = NULL; int retval; if (flags & PAM_SILENT) return PAM_IGNORE; for (; argc-- > 0; ++argv) { if (!strncmp (*argv, "file=", 5)) file = (5 + *argv); } /* No file= option, use argument for output. */ if (file == NULL || file[0] == '\0') { char msg[PAM_MAX_MSG_SIZE]; const char *p; int i; size_t len; for (i = 0, len = 0; i < orig_argc && len < sizeof (msg) - 1; ++i) { if (i > 0) msg[len++] = ' '; for (p = orig_argv[i]; *p != '\0' && len < sizeof(msg) - 1; ++p) msg[len++] = *p; } msg[len] = '\0'; retval = replace_and_print (pamh, msg); } else if ((fd = open (file, O_RDONLY, 0)) >= 0) { char *mtmp = NULL; struct stat st; /* load file into message buffer. */ if ((fstat (fd, &st) < 0) || !st.st_size) return PAM_IGNORE; mtmp = malloc (st.st_size + 1); if (!mtmp) return PAM_BUF_ERR; if (pam_modutil_read (fd, mtmp, st.st_size) == -1) { pam_syslog (pamh, LOG_ERR, "Error while reading %s: %m", file); free (mtmp); return PAM_IGNORE; } if (mtmp[st.st_size - 1] == '\n') mtmp[st.st_size - 1] = '\0'; else mtmp[st.st_size] = '\0'; close (fd); retval = replace_and_print (pamh, mtmp); free (mtmp); } else { pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", file); retval = PAM_IGNORE; } return retval; } int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_echo (pamh, flags, argc, argv); } int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_echo (pamh, flags, argc, argv); } int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_echo (pamh, flags, argc, argv); } int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { if (flags & PAM_PRELIM_CHECK) return pam_echo (pamh, flags, argc, argv); else return PAM_IGNORE; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_echo_modstruct = { "pam_echo", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok, }; #endif pam/modules/pam_echo/tst-pam_echo0000755000000000000000000000006313261244762014263 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_echo.so pam/modules/pam_env/0000755000000000000000000000000013261244762011625 5ustar pam/modules/pam_env/Makefile.am0000644000000000000000000000161313261244762013662 0ustar # # Copyright (c) 2005, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment man_MANS = pam_env.conf.5 pam_env.8 XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_env.la pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = pam_env.conf sysconf_DATA = environment if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_env.8.xml pam_env.conf.5.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_env pam/modules/pam_env/Makefile.in0000644000000000000000000006737513261244762013714 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_env DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" \ "$(DESTDIR)$(sysconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_env_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_env_la_SOURCES = pam_env.c pam_env_la_OBJECTS = pam_env.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_env.c DIST_SOURCES = pam_env.c man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) $(sysconf_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README pam_env.conf $(MANS) $(XMLS) tst-pam_env environment man_MANS = pam_env.conf.5 pam_env.8 XMLS = README.xml pam_env.conf.5.xml pam_env.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DDEFAULT_CONF_FILE=\"$(SCONFIGDIR)/pam_env.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_env.la pam_env_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = pam_env.conf sysconf_DATA = environment @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_env all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_env/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_env/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_env.la: $(pam_env_la_OBJECTS) $(pam_env_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_env_la_OBJECTS) $(pam_env_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_env.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files install-sysconfDATA: $(sysconf_DATA) @$(NORMAL_INSTALL) test -z "$(sysconfdir)" || $(MKDIR_P) "$(DESTDIR)$(sysconfdir)" @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \ done uninstall-sysconfDATA: @$(NORMAL_UNINSTALL) @list='$(sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(sysconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sysconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(sysconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-secureconfDATA \ install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-sysconfDATA install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES uninstall-sysconfDATA uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man5 install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-secureconfDATA install-securelibLTLIBRARIES \ install-strip install-sysconfDATA installcheck installcheck-am \ installdirs maintainer-clean maintainer-clean-generic \ mostlyclean mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \ uninstall-am uninstall-man uninstall-man5 uninstall-man8 \ uninstall-secureconfDATA uninstall-securelibLTLIBRARIES \ uninstall-sysconfDATA @ENABLE_REGENERATE_MAN_TRUE@README: pam_env.8.xml pam_env.conf.5.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_env/README0000644000000000000000000000555013261244762012512 0ustar pam_env — PAM module to set/unset environment variables â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_env PAM module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as well as PAM_ITEMs such as PAM_RHOST. By default rules for (un)setting of variables is taken from the config file / etc/security/pam_env.conf if no other file is specified. This module can also parse a file with simple KEY=VAL pairs on separate lines (/etc/environment by default). You can change the default file to parse, with the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively. Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. OPTIONS conffile=/path/to/pam_env.conf Indicate an alternative pam_env.conf style configuration file to override the default. This can be useful when different services need different environments. debug A lot of debug information is printed with syslog(3). envfile=/path/to/environment Indicate an alternative environment file to override the default. This can be useful when different services need different environments. readenv=0|1 Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on. user_envfile=filename Indicate an alternative .pam_environment file to override the default. This can be useful when different services need different environments. The filename is relative to the user home directory. user_readenv=0|1 Turns on or off the reading of the user specific environment file. 0 is off, 1 is on. By default this option is on. EXAMPLES These are some example lines which might be specified in /etc/security/ pam_env.conf. Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} Set the DISPLAY variable if it seems reasonable DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} Now some simple variables PAGER DEFAULT=less MANPAGER DEFAULT=less LESS DEFAULT="M q e h15 z23 b80" NNTPSERVER DEFAULT=localhost PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 Silly examples of escaped variables, just to show how they work. DOLLAR DEFAULT=\$ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} ATSIGN DEFAULT="" OVERRIDE=\@ pam/modules/pam_env/README.xml0000644000000000000000000000200413261244762013300 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_env.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_env-name"]/*)'/>
pam/modules/pam_env/environment0000644000000000000000000000014113261244762014110 0ustar # # This file is parsed by pam_env module # # Syntax: simple "KEY=VAL" pairs on separate lines # pam/modules/pam_env/pam_env.80000644000000000000000000001003113261244762013336 0ustar '\" t .\" Title: pam_env .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ENV" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_env \- PAM module to set/unset environment variables .SH "SYNOPSIS" .HP \w'\fBpam_env\&.so\fR\ 'u \fBpam_env\&.so\fR [debug] [conffile=\fIconf\-file\fR] [envfile=\fIenv\-file\fR] [readenv=\fI0|1\fR] [user_envfile=\fIenv\-file\fR] [user_readenv=\fI0|1\fR] .SH "DESCRIPTION" .PP The pam_env PAM module allows the (un)setting of environment variables\&. Supported is the use of previously set environment variables as well as \fIPAM_ITEM\fRs such as \fIPAM_RHOST\fR\&. .PP By default rules for (un)setting of variables is taken from the config file /etc/security/pam_env\&.conf if no other file is specified\&. .PP This module can also parse a file with simple \fIKEY=VAL\fR pairs on separate lines (/etc/environment by default)\&. You can change the default file to parse, with the \fIenvfile\fR flag and turn it on or off by setting the \fIreadenv\fR flag to 1 or 0 respectively\&. .PP Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack\&. .SH "OPTIONS" .PP \fBconffile=\fR\fB\fI/path/to/pam_env\&.conf\fR\fR .RS 4 Indicate an alternative pam_env\&.conf style configuration file to override the default\&. This can be useful when different services need different environments\&. .RE .PP \fBdebug\fR .RS 4 A lot of debug information is printed with \fBsyslog\fR(3)\&. .RE .PP \fBenvfile=\fR\fB\fI/path/to/environment\fR\fR .RS 4 Indicate an alternative environment file to override the default\&. This can be useful when different services need different environments\&. .RE .PP \fBreadenv=\fR\fB\fI0|1\fR\fR .RS 4 Turns on or off the reading of the file specified by envfile (0 is off, 1 is on)\&. By default this option is on\&. .RE .PP \fBuser_envfile=\fR\fB\fIfilename\fR\fR .RS 4 Indicate an alternative \&.pam_environment file to override the default\&. This can be useful when different services need different environments\&. The filename is relative to the user home directory\&. .RE .PP \fBuser_readenv=\fR\fB\fI0|1\fR\fR .RS 4 Turns on or off the reading of the user specific environment file\&. 0 is off, 1 is on\&. By default this option is on\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR and \fBsession\fR module types are provided\&. .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 Not all relevant data or options could be gotten\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_IGNORE .RS 4 No pam_env\&.conf and environment file was found\&. .RE .PP PAM_SUCCESS .RS 4 Environment variables were set\&. .RE .SH "FILES" .PP /etc/security/pam_env\&.conf .RS 4 Default configuration file .RE .PP /etc/environment .RS 4 Default environment file .RE .PP $HOME/\&.pam_environment .RS 4 User specific environment file .RE .SH "SEE ALSO" .PP \fBpam_env.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\&. .SH "AUTHOR" .PP pam_env was written by Dave Kinchlea \&. pam/modules/pam_env/pam_env.8.xml0000644000000000000000000001622213261244762014145 0ustar pam_env 8 Linux-PAM Manual pam_env PAM module to set/unset environment variables pam_env.so debug conffile=conf-file envfile=env-file readenv=0|1 user_envfile=env-file user_readenv=0|1 DESCRIPTION The pam_env PAM module allows the (un)setting of environment variables. Supported is the use of previously set environment variables as well as PAM_ITEMs such as PAM_RHOST. By default rules for (un)setting of variables is taken from the config file /etc/security/pam_env.conf if no other file is specified. This module can also parse a file with simple KEY=VAL pairs on separate lines (/etc/environment by default). You can change the default file to parse, with the envfile flag and turn it on or off by setting the readenv flag to 1 or 0 respectively. Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. OPTIONS Indicate an alternative pam_env.conf style configuration file to override the default. This can be useful when different services need different environments. A lot of debug information is printed with syslog3. Indicate an alternative environment file to override the default. This can be useful when different services need different environments. Turns on or off the reading of the file specified by envfile (0 is off, 1 is on). By default this option is on. Indicate an alternative .pam_environment file to override the default. This can be useful when different services need different environments. The filename is relative to the user home directory. Turns on or off the reading of the user specific environment file. 0 is off, 1 is on. By default this option is on. MODULE TYPES PROVIDED The and module types are provided. RETURN VALUES PAM_ABORT Not all relevant data or options could be gotten. PAM_BUF_ERR Memory buffer error. PAM_IGNORE No pam_env.conf and environment file was found. PAM_SUCCESS Environment variables were set. FILES /etc/security/pam_env.conf Default configuration file /etc/environment Default environment file $HOME/.pam_environment User specific environment file SEE ALSO pam_env.conf5 , pam.d5 , pam8 . AUTHOR pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. pam/modules/pam_env/pam_env.c0000644000000000000000000005704113261244762013425 0ustar /* pam_env module */ /* * Written by Dave Kinchlea 1997/01/31 * Inspired by Andrew Morgan , who also supplied the * template for this file (via pam_mail) */ #define DEFAULT_ETC_ENVFILE "/etc/environment" #define DEFAULT_READ_ENVFILE 1 #define DEFAULT_USER_ENVFILE ".pam_environment" #define DEFAULT_USER_READ_ENVFILE 1 #include "config.h" #include #include #include #include #include #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH /* This is primarily a AUTH_SETCRED module */ #define PAM_SM_SESSION /* But I like to be friendly */ #define PAM_SM_PASSWORD /* "" */ #define PAM_SM_ACCOUNT /* "" */ #include #include #include #include /* This little structure makes it easier to keep variables together */ typedef struct var { char *name; char *value; char *defval; char *override; } VAR; #define BUF_SIZE 1024 #define MAX_ENV 8192 #define GOOD_LINE 0 #define BAD_LINE 100 /* This must be > the largest PAM_* error code */ #define DEFINE_VAR 101 #define UNDEFINE_VAR 102 #define ILLEGAL_VAR 103 static int _assemble_line(FILE *, char *, int); static int _parse_line(const pam_handle_t *, char *, VAR *); static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ static void _clean_var(VAR *); static int _expand_arg(pam_handle_t *, char **); static const char * _pam_get_item_byname(pam_handle_t *, const char *); static int _define_var(pam_handle_t *, int, VAR *); static int _undefine_var(pam_handle_t *, int, VAR *); /* This is a flag used to designate an empty string */ static char quote='Z'; /* argument parsing */ #define PAM_DEBUG_ARG 0x01 static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, const char **conffile, const char **envfile, int *readenv, const char **user_envfile, int *user_readenv) { int ctrl=0; *user_envfile = DEFAULT_USER_ENVFILE; *envfile = DEFAULT_ETC_ENVFILE; *readenv = DEFAULT_READ_ENVFILE; *user_readenv = DEFAULT_USER_READ_ENVFILE; *conffile = DEFAULT_CONF_FILE; /* step through arguments */ for (; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"conffile=",9)) { if ((*argv)[9] == '\0') { pam_syslog(pamh, LOG_ERR, "conffile= specification missing argument - ignored"); } else { *conffile = 9+*argv; D(("new Configuration File: %s", *conffile)); } } else if (!strncmp(*argv,"envfile=",8)) { if ((*argv)[8] == '\0') { pam_syslog (pamh, LOG_ERR, "envfile= specification missing argument - ignored"); } else { *envfile = 8+*argv; D(("new Env File: %s", *envfile)); } } else if (!strncmp(*argv,"user_envfile=",13)) { if ((*argv)[13] == '\0') { pam_syslog (pamh, LOG_ERR, "user_envfile= specification missing argument - ignored"); } else { *user_envfile = 13+*argv; D(("new User Env File: %s", *user_envfile)); } } else if (!strncmp(*argv,"readenv=",8)) *readenv = atoi(8+*argv); else if (!strncmp(*argv,"user_readenv=",13)) *user_readenv = atoi(13+*argv); else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } return ctrl; } static int _parse_config_file(pam_handle_t *pamh, int ctrl, const char *file) { int retval; char buffer[BUF_SIZE]; FILE *conf; VAR Var, *var=&Var; D(("Called.")); var->name=NULL; var->defval=NULL; var->override=NULL; D(("Config file name is: %s", file)); /* * Lets try to open the config file, parse it and process * any variables found. */ if ((conf = fopen(file,"r")) == NULL) { pam_syslog(pamh, LOG_ERR, "Unable to open config file: %s: %m", file); return PAM_IGNORE; } /* _pam_assemble_line will provide a complete line from the config file, * with all comments removed and any escaped newlines fixed up */ while (( retval = _assemble_line(conf, buffer, BUF_SIZE)) > 0) { D(("Read line: %s", buffer)); if ((retval = _parse_line(pamh, buffer, var)) == GOOD_LINE) { retval = _check_var(pamh, var); if (DEFINE_VAR == retval) { retval = _define_var(pamh, ctrl, var); } else if (UNDEFINE_VAR == retval) { retval = _undefine_var(pamh, ctrl, var); } } if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; _clean_var(var); } /* while */ (void) fclose(conf); /* tidy up */ _clean_var(var); /* We could have got here prematurely, * this is safe though */ D(("Exit.")); return (retval != 0 ? PAM_ABORT : PAM_SUCCESS); } static int _parse_env_file(pam_handle_t *pamh, int ctrl, const char *file) { int retval=PAM_SUCCESS, i, t; char buffer[BUF_SIZE], *key, *mark; FILE *conf; D(("Env file name is: %s", file)); if ((conf = fopen(file,"r")) == NULL) { pam_syslog(pamh, LOG_ERR, "Unable to open env file: %s: %m", file); return PAM_IGNORE; } while (_assemble_line(conf, buffer, BUF_SIZE) > 0) { D(("Read line: %s", buffer)); key = buffer; /* skip leading white space */ key += strspn(key, " \n\t"); /* skip blanks lines and comments */ if (key[0] == '#') continue; /* skip over "export " if present so we can be compat with bash type declarations */ if (strncmp(key, "export ", (size_t) 7) == 0) key += 7; /* now find the end of value */ mark = key; while(mark[0] != '\n' && mark[0] != '#' && mark[0] != '\0') mark++; if (mark[0] != '\0') mark[0] = '\0'; /* * sanity check, the key must be alpha-numeric */ for ( i = 0 ; key[i] != '=' && key[i] != '\0' ; i++ ) if (!isalnum(key[i]) && key[i] != '_') { pam_syslog(pamh, LOG_ERR, "non-alphanumeric key '%s' in %s', ignoring", key, file); break; } /* non-alphanumeric key, ignore this line */ if (key[i] != '=' && key[i] != '\0') continue; /* now we try to be smart about quotes around the value, but not too smart, we can't get all fancy with escaped values like bash */ if (key[i] == '=' && (key[++i] == '\"' || key[i] == '\'')) { for ( t = i+1 ; key[t] != '\0' ; t++) if (key[t] != '\"' && key[t] != '\'') key[i++] = key[t]; else if (key[t+1] != '\0') key[i++] = key[t]; key[i] = '\0'; } /* if this is a request to delete a variable, check that it's actually set first, so we don't get a vague error back from pam_putenv() */ for (i = 0; key[i] != '=' && key[i] != '\0'; i++); if (key[i] == '\0' && !pam_getenv(pamh,key)) continue; /* set the env var, if it fails, we break out of the loop */ retval = pam_putenv(pamh, key); if (retval != PAM_SUCCESS) { D(("error setting env \"%s\"", key)); break; } else if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "pam_putenv(\"%s\")", key); } } (void) fclose(conf); /* tidy up */ D(("Exit.")); return retval; } /* * This is where we read a line of the PAM config file. The line may be * preceeded by lines of comments and also extended with "\\\n" */ static int _assemble_line(FILE *f, char *buffer, int buf_len) { char *p = buffer; char *s, *os; int used = 0; int whitespace; /* loop broken with a 'break' when a non-'\\n' ended line is read */ D(("called.")); for (;;) { if (used >= buf_len) { /* Overflow */ D(("_assemble_line: overflow")); return -1; } if (fgets(p, buf_len - used, f) == NULL) { if (used) { /* Incomplete read */ return -1; } else { /* EOF */ return 0; } } /* skip leading spaces --- line may be blank */ whitespace = strspn(p, " \n\t"); s = p + whitespace; if (*s && (*s != '#')) { used += whitespace; os = s; /* * we are only interested in characters before the first '#' * character */ while (*s && *s != '#') ++s; if (*s == '#') { *s = '\0'; used += strlen(os); break; /* the line has been read */ } s = os; /* * Check for backslash by scanning back from the end of * the entered line, the '\n' has been included since * normally a line is terminated with this * character. fgets() should only return one though! */ s += strlen(s); while (s > os && ((*--s == ' ') || (*s == '\t') || (*s == '\n'))); /* check if it ends with a backslash */ if (*s == '\\') { *s = '\0'; /* truncate the line here */ used += strlen(os); p = s; /* there is more ... */ } else { /* End of the line! */ used += strlen(os); break; /* this is the complete line */ } } else { /* Nothing in this line */ /* Don't move p */ } } return used; } static int _parse_line (const pam_handle_t *pamh, char *buffer, VAR *var) { /* * parse buffer into var, legal syntax is * VARIABLE [DEFAULT=[[string]] [OVERRIDE=[value]] * * Any other options defined make this a bad line, * error logged and no var set */ int length, quoteflg=0; char *ptr, **valptr, *tmpptr; D(("Called buffer = <%s>", buffer)); length = strcspn(buffer," \t\n"); if ((var->name = malloc(length + 1)) == NULL) { pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1); return PAM_BUF_ERR; } /* * The first thing on the line HAS to be the variable name, * it may be the only thing though. */ strncpy(var->name, buffer, length); var->name[length] = '\0'; D(("var->name = <%s>, length = %d", var->name, length)); /* * Now we check for arguments, we only support two kinds and ('cause I am lazy) * each one can actually be listed any number of times */ ptr = buffer+length; while ((length = strspn(ptr, " \t")) > 0) { ptr += length; /* remove leading whitespace */ D((ptr)); if (strncmp(ptr,"DEFAULT=",8) == 0) { ptr+=8; D(("Default arg found: <%s>", ptr)); valptr=&(var->defval); } else if (strncmp(ptr, "OVERRIDE=", 9) == 0) { ptr+=9; D(("Override arg found: <%s>", ptr)); valptr=&(var->override); } else { D(("Unrecognized options: <%s> - ignoring line", ptr)); pam_syslog(pamh, LOG_ERR, "Unrecognized Option: %s - ignoring line", ptr); return BAD_LINE; } if ('"' != *ptr) { /* Escaped quotes not supported */ length = strcspn(ptr, " \t\n"); tmpptr = ptr+length; } else { tmpptr = strchr(++ptr, '"'); if (!tmpptr) { D(("Unterminated quoted string: %s", ptr-1)); pam_syslog(pamh, LOG_ERR, "Unterminated quoted string: %s", ptr-1); return BAD_LINE; } length = tmpptr - ptr; if (*++tmpptr && ' ' != *tmpptr && '\t' != *tmpptr && '\n' != *tmpptr) { D(("Quotes must cover the entire string: <%s>", ptr)); pam_syslog(pamh, LOG_ERR, "Quotes must cover the entire string: <%s>", ptr); return BAD_LINE; } quoteflg++; } if (length) { if ((*valptr = malloc(length + 1)) == NULL) { D(("Couldn't malloc %d bytes", length+1)); pam_syslog(pamh, LOG_ERR, "Couldn't malloc %d bytes", length+1); return PAM_BUF_ERR; } (void)strncpy(*valptr,ptr,length); (*valptr)[length]='\0'; } else if (quoteflg--) { *valptr = "e; /* a quick hack to handle the empty string */ } ptr = tmpptr; /* Start the search where we stopped */ } /* while */ /* * The line is parsed, all is well. */ D(("Exit.")); ptr = NULL; tmpptr = NULL; valptr = NULL; return GOOD_LINE; } static int _check_var(pam_handle_t *pamh, VAR *var) { /* * Examine the variable and determine what action to take. * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take * or a PAM_* error code if passed back from other routines * * if no DEFAULT provided, the empty string is assumed * if no OVERRIDE provided, the empty string is assumed * if DEFAULT= and OVERRIDE evaluates to the empty string, * this variable should be undefined * if DEFAULT="" and OVERRIDE evaluates to the empty string, * this variable should be defined with no value * if OVERRIDE=value and value turns into the empty string, DEFAULT is used * * If DEFINE_VAR is to be returned, the correct value to define will * be pointed to by var->value */ int retval; D(("Called.")); /* * First thing to do is to expand any arguments, but only * if they are not the special quote values (cause expand_arg * changes memory). */ if (var->defval && ("e != var->defval) && ((retval = _expand_arg(pamh, &(var->defval))) != PAM_SUCCESS)) { return retval; } if (var->override && ("e != var->override) && ((retval = _expand_arg(pamh, &(var->override))) != PAM_SUCCESS)) { return retval; } /* Now its easy */ if (var->override && *(var->override) && "e != var->override) { /* if there is a non-empty string in var->override, we use it */ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); var->value = var->override; retval = DEFINE_VAR; } else { var->value = var->defval; if ("e == var->defval) { /* * This means that the empty string was given for defval value * which indicates that a variable should be defined with no value */ *var->defval = '\0'; D(("An empty variable: <%s>", var->name)); retval = DEFINE_VAR; } else if (var->defval) { D(("DEFAULT variable <%s> being used: <%s>", var->name, var->defval)); retval = DEFINE_VAR; } else { D(("UNDEFINE variable <%s>", var->name)); retval = UNDEFINE_VAR; } } D(("Exit.")); return retval; } static int _expand_arg(pam_handle_t *pamh, char **value) { const char *orig=*value, *tmpptr=NULL; char *ptr; /* * Sure would be nice to use tmpptr but it needs to be * a constant so that the compiler will shut up when I * call pam_getenv and _pam_get_item_byname -- sigh */ /* No unexpanded variable can be bigger than BUF_SIZE */ char type, tmpval[BUF_SIZE]; /* I know this shouldn't be hard-coded but it's so much easier this way */ char tmp[MAX_ENV]; D(("Remember to initialize tmp!")); memset(tmp, 0, MAX_ENV); /* * (possibly non-existent) environment variables can be used as values * by prepending a "$" and wrapping in {} (ie: ${HOST}), can escape with "\" * (possibly non-existent) PAM items can be used as values * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape * */ D(("Expanding <%s>",orig)); while (*orig) { /* while there is some input to deal with */ if ('\\' == *orig) { ++orig; if ('$' != *orig && '@' != *orig) { D(("Unrecognized escaped character: <%c> - ignoring", *orig)); pam_syslog(pamh, LOG_ERR, "Unrecognized escaped character: <%c> - ignoring", *orig); } else if ((strlen(tmp) + 1) < MAX_ENV) { tmp[strlen(tmp)] = *orig++; /* Note the increment */ } else { /* is it really a good idea to try to log this? */ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); return PAM_BUF_ERR; } continue; } if ('$' == *orig || '@' == *orig) { if ('{' != *(orig+1)) { D(("Expandable variables must be wrapped in {}" " <%s> - ignoring", orig)); pam_syslog(pamh, LOG_ERR, "Expandable variables must be wrapped in {}" " <%s> - ignoring", orig); if ((strlen(tmp) + 1) < MAX_ENV) { tmp[strlen(tmp)] = *orig++; /* Note the increment */ } continue; } else { D(("Expandable argument: <%s>", orig)); type = *orig; orig+=2; /* skip the ${ or @{ characters */ ptr = strchr(orig, '}'); if (ptr) { *ptr++ = '\0'; } else { D(("Unterminated expandable variable: <%s>", orig-2)); pam_syslog(pamh, LOG_ERR, "Unterminated expandable variable: <%s>", orig-2); return PAM_ABORT; } strncpy(tmpval, orig, sizeof(tmpval)); tmpval[sizeof(tmpval)-1] = '\0'; orig=ptr; /* * so, we know we need to expand tmpval, it is either * an environment variable or a PAM_ITEM. type will tell us which */ switch (type) { case '$': D(("Expanding env var: <%s>",tmpval)); tmpptr = pam_getenv(pamh, tmpval); D(("Expanded to <%s>", tmpptr)); break; case '@': D(("Expanding pam item: <%s>",tmpval)); tmpptr = _pam_get_item_byname(pamh, tmpval); D(("Expanded to <%s>", tmpptr)); break; default: D(("Impossible error, type == <%c>", type)); pam_syslog(pamh, LOG_CRIT, "Impossible error, type == <%c>", type); return PAM_ABORT; } /* switch */ if (tmpptr) { if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) { strcat(tmp, tmpptr); } else { /* is it really a good idea to try to log this? */ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog (pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); return PAM_BUF_ERR; } } } /* if ('{' != *orig++) */ } else { /* if ( '$' == *orig || '@' == *orig) */ if ((strlen(tmp) + 1) < MAX_ENV) { tmp[strlen(tmp)] = *orig++; /* Note the increment */ } else { /* is it really a good idea to try to log this? */ D(("Variable buffer overflow: <%s> + <%s>", tmp, tmpptr)); pam_syslog(pamh, LOG_ERR, "Variable buffer overflow: <%s> + <%s>", tmp, tmpptr); return PAM_BUF_ERR; } } } /* for (;*orig;) */ if (strlen(tmp) > strlen(*value)) { free(*value); if ((*value = malloc(strlen(tmp) +1)) == NULL) { D(("Couldn't malloc %d bytes for expanded var", strlen(tmp)+1)); pam_syslog (pamh, LOG_ERR, "Couldn't malloc %lu bytes for expanded var", (unsigned long)strlen(tmp)+1); return PAM_BUF_ERR; } } strcpy(*value, tmp); memset(tmp,'\0',sizeof(tmp)); D(("Exit.")); return PAM_SUCCESS; } static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) { /* * This function just allows me to use names as given in the config * file and translate them into the appropriate PAM_ITEM macro */ int item; const void *itemval; D(("Called.")); if (strcmp(name, "PAM_USER") == 0) { item = PAM_USER; } else if (strcmp(name, "PAM_USER_PROMPT") == 0) { item = PAM_USER_PROMPT; } else if (strcmp(name, "PAM_TTY") == 0) { item = PAM_TTY; } else if (strcmp(name, "PAM_RUSER") == 0) { item = PAM_RUSER; } else if (strcmp(name, "PAM_RHOST") == 0) { item = PAM_RHOST; } else { D(("Unknown PAM_ITEM: <%s>", name)); pam_syslog (pamh, LOG_ERR, "Unknown PAM_ITEM: <%s>", name); return NULL; } if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { D(("pam_get_item failed")); return NULL; /* let pam_get_item() log the error */ } D(("Exit.")); return itemval; } static int _define_var(pam_handle_t *pamh, int ctrl, VAR *var) { /* We have a variable to define, this is a simple function */ char *envvar; int retval = PAM_SUCCESS; D(("Called.")); if (asprintf(&envvar, "%s=%s", var->name, var->value) < 0) { pam_syslog(pamh, LOG_ERR, "out of memory"); return PAM_BUF_ERR; } retval = pam_putenv(pamh, envvar); if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "pam_putenv(\"%s\")", envvar); } _pam_drop(envvar); D(("Exit.")); return retval; } static int _undefine_var(pam_handle_t *pamh, int ctrl, VAR *var) { /* We have a variable to undefine, this is a simple function */ D(("Called and exit.")); if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "remove variable \"%s\"", var->name); } return pam_putenv(pamh, var->name); } static void _clean_var(VAR *var) { if (var->name) { free(var->name); } if (var->defval && ("e != var->defval)) { free(var->defval); } if (var->override && ("e != var->override)) { free(var->override); } var->name = NULL; var->value = NULL; /* never has memory specific to it */ var->defval = NULL; var->override = NULL; return; } /* --- authentication management functions (only) --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } static int handle_env (pam_handle_t *pamh, int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; int user_readenv = DEFAULT_USER_READ_ENVFILE; const char *conf_file = NULL, *env_file = NULL, *user_env_file = NULL; /* * this module sets environment variables read in from a file */ D(("Called.")); ctrl = _pam_parse(pamh, argc, argv, &conf_file, &env_file, &readenv, &user_env_file, &user_readenv); retval = _parse_config_file(pamh, ctrl, conf_file); if(readenv && retval == PAM_SUCCESS) { retval = _parse_env_file(pamh, ctrl, env_file); if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } if(user_readenv && retval == PAM_SUCCESS) { char *envpath = NULL; struct passwd *user_entry = NULL; const char *username; struct stat statbuf; username = _pam_get_item_byname(pamh, "PAM_USER"); if (username) user_entry = pam_modutil_getpwnam (pamh, username); if (!user_entry) { pam_syslog(pamh, LOG_ERR, "No such user!?"); } else { if (asprintf(&envpath, "%s/%s", user_entry->pw_dir, user_env_file) < 0) { pam_syslog(pamh, LOG_ERR, "Out of memory"); return PAM_BUF_ERR; } if (stat(envpath, &statbuf) == 0) { PAM_MODUTIL_DEF_PRIVS(privs); if (pam_modutil_drop_priv(pamh, &privs, user_entry)) { retval = PAM_SESSION_ERR; } else { retval = _parse_config_file(pamh, ctrl, envpath); if (pam_modutil_regain_priv(pamh, &privs)) retval = PAM_SESSION_ERR; } if (retval == PAM_IGNORE) retval = PAM_SUCCESS; } free(envpath); } } /* indicate success or failure */ D(("Exit.")); return retval; } PAM_EXTERN int pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { pam_syslog (pamh, LOG_NOTICE, "pam_sm_acct_mgmt called inappropriately"); return PAM_SERVICE_ERR; } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { D(("Called")); return handle_env (pamh, argc, argv); } PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { D(("Called")); return handle_env (pamh, argc, argv); } PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { D(("Called and Exit")); return PAM_SUCCESS; } PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { pam_syslog (pamh, LOG_NOTICE, "pam_sm_chauthtok called inappropriately"); return PAM_SERVICE_ERR; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_env_modstruct = { "pam_env", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok, }; #endif /* end of module definition */ pam/modules/pam_env/pam_env.conf0000644000000000000000000000563413261244762014131 0ustar # # This is the configuration file for pam_env, a PAM module to load in # a configurable list of environment variables for a # # The original idea for this came from Andrew G. Morgan ... # # Mmm. Perhaps you might like to write a pam_env module that reads a # default environment from a file? I can see that as REALLY # useful... Note it would be an "auth" module that returns PAM_IGNORE # for the auth part and sets the environment returning PAM_SUCCESS in # the setcred function... # # # What I wanted was the REMOTEHOST variable set, purely for selfish # reasons, and AGM didn't want it added to the SimpleApps login # program (which is where I added the patch). So, my first concern is # that variable, from there there are numerous others that might/would # be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER ..... # # Of course, these are a different kind of variable than REMOTEHOST in # that they are things that are likely to be configured by # administrators rather than set by logging in, how to treat them both # in the same config file? # # Here is my idea: # # Each line starts with the variable name, there are then two possible # options for each variable DEFAULT and OVERRIDE. # DEFAULT allows and administrator to set the value of the # variable to some default value, if none is supplied then the empty # string is assumed. The OVERRIDE option tells pam_env that it should # enter in its value (overriding the default value) if there is one # to use. OVERRIDE is not used, "" is assumed and no override will be # done. # # VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] # # (Possibly non-existent) environment variables may be used in values # using the ${string} syntax and (possibly non-existent) PAM_ITEMs may # be used in values using the @{string} syntax. Both the $ and @ # characters can be backslash escaped to be used as literal values # values can be delimited with "", escaped " not supported. # Note that many environment variables that you would like to use # may not be set by the time the module is called. # For example, HOME is used below several times, but # many PAM applications don't make it available by the time you need it. # # # First, some special variables # # Set the REMOTEHOST variable for any hosts that are remote, default # to "localhost" rather than not being set at all #REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} # # Set the DISPLAY variable if it seems reasonable #DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} # # # Now some simple variables # #PAGER DEFAULT=less #MANPAGER DEFAULT=less #LESS DEFAULT="M q e h15 z23 b80" #NNTPSERVER DEFAULT=localhost #PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ #:/usr/bin:/usr/local/bin/X11:/usr/bin/X11 # # silly examples of escaped variables, just to show how they work. # #DOLLAR DEFAULT=\$ #DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} #DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} #ATSIGN DEFAULT="" OVERRIDE=\@ pam/modules/pam_env/pam_env.conf.50000644000000000000000000001001213261244762014256 0ustar '\" t .\" Title: pam_env.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ENV\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_env.conf \- the environment variables config file .SH "DESCRIPTION" .PP The /etc/security/pam_env\&.conf file specifies the environment variables to be set, unset or modified by \fBpam_env\fR(8)\&. When someone logs in, this file is read and the environment variables are set according\&. .PP Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE\&. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed\&. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use\&. OVERRIDE is not used, "" is assumed and no override will be done\&. .PP \fIVARIABLE\fR [\fIDEFAULT=[value]\fR] [\fIOVERRIDE=[value]\fR] .PP (Possibly non\-existent) environment variables may be used in values using the ${string} syntax and (possibly non\-existent) PAM_ITEMs may be used in values using the @{string} syntax\&. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported\&. Note that many environment variables that you would like to use may not be set by the time the module is called\&. For example, HOME is used below several times, but many PAM applications don\*(Aqt make it available by the time you need it\&. .PP The "\fI#\fR" character at start of line (no space at front) can be used to mark this line as a comment line\&. .SH "EXAMPLES" .PP These are some example lines which might be specified in /etc/security/pam_env\&.conf\&. .PP Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all .sp .if n \{\ .RS 4 .\} .nf REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} .fi .if n \{\ .RE .\} .PP Set the DISPLAY variable if it seems reasonable .sp .if n \{\ .RS 4 .\} .nf DISPLAY DEFAULT=${REMOTEHOST}:0\&.0 OVERRIDE=${DISPLAY} .fi .if n \{\ .RE .\} .PP Now some simple variables .sp .if n \{\ .RS 4 .\} .nf PAGER DEFAULT=less MANPAGER DEFAULT=less LESS DEFAULT="M q e h15 z23 b80" NNTPSERVER DEFAULT=localhost PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\e :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 .fi .if n \{\ .RE .\} .PP Silly examples of escaped variables, just to show how they work\&. .sp .if n \{\ .RS 4 .\} .nf DOLLAR DEFAULT=\e$ DOLLARDOLLAR DEFAULT= OVERRIDE=\e$${DOLLAR} DOLLARPLUS DEFAULT=\e${REMOTEHOST}${REMOTEHOST} ATSIGN DEFAULT="" OVERRIDE=\e@ .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam_env\fR(8), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_env was written by Dave Kinchlea \&. pam/modules/pam_env/pam_env.conf.5.xml0000644000000000000000000001043513261244762015066 0ustar pam_env.conf 5 Linux-PAM Manual pam_env.conf the environment variables config file DESCRIPTION The /etc/security/pam_env.conf file specifies the environment variables to be set, unset or modified by pam_env8. When someone logs in, this file is read and the environment variables are set according. Each line starts with the variable name, there are then two possible options for each variable DEFAULT and OVERRIDE. DEFAULT allows and administrator to set the value of the variable to some default value, if none is supplied then the empty string is assumed. The OVERRIDE option tells pam_env that it should enter in its value (overriding the default value) if there is one to use. OVERRIDE is not used, "" is assumed and no override will be done. VARIABLE [DEFAULT=[value]] [OVERRIDE=[value]] (Possibly non-existent) environment variables may be used in values using the ${string} syntax and (possibly non-existent) PAM_ITEMs may be used in values using the @{string} syntax. Both the $ and @ characters can be backslash escaped to be used as literal values values can be delimited with "", escaped " not supported. Note that many environment variables that you would like to use may not be set by the time the module is called. For example, HOME is used below several times, but many PAM applications don't make it available by the time you need it. The "#" character at start of line (no space at front) can be used to mark this line as a comment line. EXAMPLES These are some example lines which might be specified in /etc/security/pam_env.conf. Set the REMOTEHOST variable for any hosts that are remote, default to "localhost" rather than not being set at all REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} Set the DISPLAY variable if it seems reasonable DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} Now some simple variables PAGER DEFAULT=less MANPAGER DEFAULT=less LESS DEFAULT="M q e h15 z23 b80" NNTPSERVER DEFAULT=localhost PATH DEFAULT=${HOME}/bin:/usr/local/bin:/bin\ :/usr/bin:/usr/local/bin/X11:/usr/bin/X11 Silly examples of escaped variables, just to show how they work. DOLLAR DEFAULT=\$ DOLLARDOLLAR DEFAULT= OVERRIDE=\$${DOLLAR} DOLLARPLUS DEFAULT=\${REMOTEHOST}${REMOTEHOST} ATSIGN DEFAULT="" OVERRIDE=\@ SEE ALSO pam_env8, pam.d5, pam8 AUTHOR pam_env was written by Dave Kinchlea <kinch@kinch.ark.com>. pam/modules/pam_env/tst-pam_env0000755000000000000000000000006213261244762014006 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_env.so pam/modules/pam_exec/0000755000000000000000000000000013261244762011761 5ustar pam/modules/pam_exec/Makefile.am0000644000000000000000000000132613261244762014017 0ustar # # Copyright (c) 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec man_MANS = pam_exec.8 XMLS = README.xml pam_exec.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_exec.la pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_exec.8.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_exec pam/modules/pam_exec/Makefile.in0000644000000000000000000006003713261244762014034 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_exec DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_exec_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_exec_la_SOURCES = pam_exec.c pam_exec_la_OBJECTS = pam_exec.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_exec.c DIST_SOURCES = pam_exec.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_exec man_MANS = pam_exec.8 XMLS = README.xml pam_exec.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_exec.la pam_exec_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_exec all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_exec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_exec/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_exec.la: $(pam_exec_la_OBJECTS) $(pam_exec_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_exec_la_OBJECTS) $(pam_exec_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_exec.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_exec.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_exec/README0000644000000000000000000000414413261244762012644 0ustar pam_exec — PAM module which calls an external command â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_exec is a PAM module that can be used to run an external command. The child's environment is set to the current PAM environment list, as returned by pam_getenvlist(3) In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: account, auth, password, open_session and close_session. Commands called by pam_exec need to be aware of that the user can have controll over the environment. OPTIONS debug Print debug information. expose_authtok During authentication the calling command can read the password from stdin (3). log=file The output of the command is appended to file type=type Only run the command if the module type matches the given type. stdout Per default the output of the executed command is written to /dev/null. With this option, the stdout output of the executed command is redirected to the calling application. It's in the responsibility of this application what happens with the output. The log option is ignored. quiet Per default pam_exec.so will echo the exit status of the external command if it fails. Specifying this option will suppress the message. seteuid Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. EXAMPLES Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change: password optional pam_exec.so seteuid /usr/bin/make -C /var/yp This will execute the command make -C /var/yp with effective user ID. AUTHOR pam_exec was written by Thorsten Kukuk and Josh Triplett . pam/modules/pam_exec/README.xml0000644000000000000000000000216713261244762013446 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_exec.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_exec-name"]/*)'/>
pam/modules/pam_exec/pam_exec.80000644000000000000000000001036713261244762013642 0ustar '\" t .\" Title: pam_exec .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_EXEC" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_exec \- PAM module which calls an external command .SH "SYNOPSIS" .HP \w'\fBpam_exec\&.so\fR\ 'u \fBpam_exec\&.so\fR [debug] [expose_authtok] [seteuid] [quiet] [stdout] [log=\fIfile\fR] [type=\fItype\fR] \fIcommand\fR [\fI\&.\&.\&.\fR] .SH "DESCRIPTION" .PP pam_exec is a PAM module that can be used to run an external command\&. .PP The child\*(Aqs environment is set to the current PAM environment list, as returned by \fBpam_getenvlist\fR(3) In addition, the following PAM items are exported as environment variables: \fIPAM_RHOST\fR, \fIPAM_RUSER\fR, \fIPAM_SERVICE\fR, \fIPAM_TTY\fR, \fIPAM_USER\fR and \fIPAM_TYPE\fR, which contains one of the module types: \fBaccount\fR, \fBauth\fR, \fBpassword\fR, \fBopen_session\fR and \fBclose_session\fR\&. .PP Commands called by pam_exec need to be aware of that the user can have controll over the environment\&. .SH "OPTIONS" .PP .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBexpose_authtok\fR .RS 4 During authentication the calling command can read the password from \fBstdin\fR(3)\&. .RE .PP \fBlog=\fR\fB\fIfile\fR\fR .RS 4 The output of the command is appended to file .RE .PP \fBtype=\fR\fB\fItype\fR\fR .RS 4 Only run the command if the module type matches the given type\&. .RE .PP \fBstdout\fR .RS 4 Per default the output of the executed command is written to /dev/null\&. With this option, the stdout output of the executed command is redirected to the calling application\&. It\*(Aqs in the responsibility of this application what happens with the output\&. The \fBlog\fR option is ignored\&. .RE .PP \fBquiet\fR .RS 4 Per default pam_exec\&.so will echo the exit status of the external command if it fails\&. Specifying this option will suppress the message\&. .RE .PP \fBseteuid\fR .RS 4 Per default pam_exec\&.so will execute the external command with the real user ID of the calling process\&. Specifying this option means the command is run with the effective user ID\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 The external command was run successfully\&. .RE .PP PAM_SERVICE_ERR .RS 4 No argument or a wrong number of arguments were given\&. .RE .PP PAM_SYSTEM_ERR .RS 4 A system error occurred or the command to execute failed\&. .RE .PP PAM_IGNORE .RS 4 \fBpam_setcred\fR was called, which does not execute the command\&. Or, the value given for the type= parameter did not match the module type\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/passwd to rebuild the NIS database after each local password change: .sp .if n \{\ .RS 4 .\} .nf password optional pam_exec\&.so seteuid /usr/bin/make \-C /var/yp .fi .if n \{\ .RE .\} .sp This will execute the command .sp .if n \{\ .RS 4 .\} .nf make \-C /var/yp .fi .if n \{\ .RE .\} .sp with effective user ID\&. .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_exec was written by Thorsten Kukuk and Josh Triplett \&. pam/modules/pam_exec/pam_exec.8.xml0000644000000000000000000001674213261244762014444 0ustar pam_exec 8 Linux-PAM Manual pam_exec PAM module which calls an external command pam_exec.so debug expose_authtok seteuid quiet stdout log=file type=type command ... DESCRIPTION pam_exec is a PAM module that can be used to run an external command. The child's environment is set to the current PAM environment list, as returned by pam_getenvlist3 In addition, the following PAM items are exported as environment variables: PAM_RHOST, PAM_RUSER, PAM_SERVICE, PAM_TTY, PAM_USER and PAM_TYPE, which contains one of the module types: , , , and . Commands called by pam_exec need to be aware of that the user can have controll over the environment. OPTIONS Print debug information. During authentication the calling command can read the password from stdin3 . The output of the command is appended to file Only run the command if the module type matches the given type. Per default the output of the executed command is written to /dev/null. With this option, the stdout output of the executed command is redirected to the calling application. It's in the responsibility of this application what happens with the output. The option is ignored. Per default pam_exec.so will echo the exit status of the external command if it fails. Specifying this option will suppress the message. Per default pam_exec.so will execute the external command with the real user ID of the calling process. Specifying this option means the command is run with the effective user ID. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_SUCCESS The external command was run successfully. PAM_SERVICE_ERR No argument or a wrong number of arguments were given. PAM_SYSTEM_ERR A system error occurred or the command to execute failed. PAM_IGNORE pam_setcred was called, which does not execute the command. Or, the value given for the type= parameter did not match the module type. EXAMPLES Add the following line to /etc/pam.d/passwd to rebuild the NIS database after each local password change: password optional pam_exec.so seteuid /usr/bin/make -C /var/yp This will execute the command make -C /var/yp with effective user ID. SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_exec was written by Thorsten Kukuk <kukuk@thkukuk.de> and Josh Triplett <josh@joshtriplett.org>. pam/modules/pam_exec/pam_exec.c0000644000000000000000000003240213261244762013707 0ustar /* * Copyright (c) 2006, 2008 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #if defined(HAVE_CONFIG_H) #include "config.h" #endif #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #include #include #define ENV_ITEM(n) { (n), #n } static struct { int item; const char *name; } env_items[] = { ENV_ITEM(PAM_SERVICE), ENV_ITEM(PAM_USER), ENV_ITEM(PAM_TTY), ENV_ITEM(PAM_RHOST), ENV_ITEM(PAM_RUSER), }; /* move_fd_to_non_stdio copies the given file descriptor to something other * than stdin, stdout, or stderr. Assumes that the caller will close all * unwanted fds after calling. */ static int move_fd_to_non_stdio (pam_handle_t *pamh, int fd) { while (fd < 3) { fd = dup(fd); if (fd == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "dup failed: %m"); _exit (err); } } return fd; } static int call_exec (const char *pam_type, pam_handle_t *pamh, int argc, const char **argv) { int debug = 0; int call_setuid = 0; int quiet = 0; int expose_authtok = 0; int use_stdout = 0; int optargc; const char *logfile = NULL; const char *authtok = NULL; pid_t pid; int fds[2]; int stdout_fds[2]; FILE *stdout_file = NULL; if (argc < 1) { pam_syslog (pamh, LOG_ERR, "This module needs at least one argument"); return PAM_SERVICE_ERR; } for (optargc = 0; optargc < argc; optargc++) { if (argv[optargc][0] == '/') /* paths starts with / */ break; if (strcasecmp (argv[optargc], "debug") == 0) debug = 1; else if (strcasecmp (argv[optargc], "stdout") == 0) use_stdout = 1; else if (strncasecmp (argv[optargc], "log=", 4) == 0) logfile = &argv[optargc][4]; else if (strncasecmp (argv[optargc], "type=", 5) == 0) { if (strcmp (pam_type, &argv[optargc][5]) != 0) return PAM_IGNORE; } else if (strcasecmp (argv[optargc], "seteuid") == 0) call_setuid = 1; else if (strcasecmp (argv[optargc], "quiet") == 0) quiet = 1; else if (strcasecmp (argv[optargc], "expose_authtok") == 0) expose_authtok = 1; else break; /* Unknown option, assume program to execute. */ } if (expose_authtok == 1) { if (strcmp (pam_type, "auth") != 0) { pam_syslog (pamh, LOG_ERR, "expose_authtok not supported for type %s", pam_type); expose_authtok = 0; } else { const void *void_pass; int retval; retval = pam_get_item (pamh, PAM_AUTHTOK, &void_pass); if (retval != PAM_SUCCESS) { if (debug) pam_syslog (pamh, LOG_DEBUG, "pam_get_item (PAM_AUTHTOK) failed, return %d", retval); return retval; } else if (void_pass == NULL) { char *resp = NULL; retval = pam_prompt (pamh, PAM_PROMPT_ECHO_OFF, &resp, _("Password: ")); if (retval != PAM_SUCCESS) { _pam_drop (resp); if (retval == PAM_CONV_AGAIN) retval = PAM_INCOMPLETE; return retval; } pam_set_item (pamh, PAM_AUTHTOK, resp); authtok = strdupa (resp); _pam_drop (resp); } else authtok = void_pass; if (pipe(fds) != 0) { pam_syslog (pamh, LOG_ERR, "Could not create pipe: %m"); return PAM_SYSTEM_ERR; } } } if (use_stdout) { if (pipe(stdout_fds) != 0) { pam_syslog (pamh, LOG_ERR, "Could not create pipe: %m"); return PAM_SYSTEM_ERR; } stdout_file = fdopen(stdout_fds[0], "r"); if (!stdout_file) { pam_syslog (pamh, LOG_ERR, "Could not fdopen pipe: %m"); return PAM_SYSTEM_ERR; } } if (optargc >= argc) { pam_syslog (pamh, LOG_ERR, "No path given as argument"); return PAM_SERVICE_ERR; } pid = fork(); if (pid == -1) return PAM_SYSTEM_ERR; if (pid > 0) /* parent */ { int status = 0; pid_t retval; if (expose_authtok) /* send the password to the child */ { if (authtok != NULL) { /* send the password to the child */ if (debug) pam_syslog (pamh, LOG_DEBUG, "send password to child"); if (write(fds[1], authtok, strlen(authtok)+1) == -1) pam_syslog (pamh, LOG_ERR, "sending password to child failed: %m"); authtok = NULL; } else { if (write(fds[1], "", 1) == -1) /* blank password */ pam_syslog (pamh, LOG_ERR, "sending password to child failed: %m"); } close(fds[0]); /* close here to avoid possible SIGPIPE above */ close(fds[1]); } if (use_stdout) { char buf[4096]; close(stdout_fds[1]); while (fgets(buf, sizeof(buf), stdout_file) != NULL) { size_t len; len = strlen(buf); if (buf[len-1] == '\n') buf[len-1] = '\0'; pam_info(pamh, "%s", buf); } fclose(stdout_file); } while ((retval = waitpid (pid, &status, 0)) == -1 && errno == EINTR); if (retval == (pid_t)-1) { pam_syslog (pamh, LOG_ERR, "waitpid returns with -1: %m"); return PAM_SYSTEM_ERR; } else if (status != 0) { if (WIFEXITED(status)) { pam_syslog (pamh, LOG_ERR, "%s failed: exit code %d", argv[optargc], WEXITSTATUS(status)); if (!quiet) pam_error (pamh, _("%s failed: exit code %d"), argv[optargc], WEXITSTATUS(status)); } else if (WIFSIGNALED(status)) { pam_syslog (pamh, LOG_ERR, "%s failed: caught signal %d%s", argv[optargc], WTERMSIG(status), WCOREDUMP(status) ? " (core dumped)" : ""); if (!quiet) pam_error (pamh, _("%s failed: caught signal %d%s"), argv[optargc], WTERMSIG(status), WCOREDUMP(status) ? " (core dumped)" : ""); } else { pam_syslog (pamh, LOG_ERR, "%s failed: unknown status 0x%x", argv[optargc], status); if (!quiet) pam_error (pamh, _("%s failed: unknown status 0x%x"), argv[optargc], status); } return PAM_SYSTEM_ERR; } return PAM_SUCCESS; } else /* child */ { char **arggv; int i; char **envlist, **tmp; int envlen, nitems; char *envstr; /* First, move all the pipes off of stdin, stdout, and stderr, to ensure * that calls to dup2 won't close them. */ if (expose_authtok) { fds[0] = move_fd_to_non_stdio(pamh, fds[0]); close(fds[1]); } if (use_stdout) { stdout_fds[1] = move_fd_to_non_stdio(pamh, stdout_fds[1]); close(stdout_fds[0]); } /* Set up stdin. */ if (expose_authtok) { /* reopen stdin as pipe */ if (dup2(fds[0], STDIN_FILENO) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 of STDIN failed: %m"); _exit (err); } } else { close (STDIN_FILENO); /* New stdin. */ if ((i = open ("/dev/null", O_RDWR)) < 0) { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); _exit (err); } } /* Set up stdout. */ if (use_stdout) { if (dup2(stdout_fds[1], STDOUT_FILENO) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 to stdout failed: %m"); _exit (err); } } else if (logfile) { time_t tm = time (NULL); char *buffer = NULL; close (STDOUT_FILENO); if ((i = open (logfile, O_CREAT|O_APPEND|O_WRONLY, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "open of %s failed: %m", logfile); _exit (err); } if (asprintf (&buffer, "*** %s", ctime (&tm)) > 0) { pam_modutil_write (i, buffer, strlen (buffer)); free (buffer); } } else { close (STDOUT_FILENO); if ((i = open ("/dev/null", O_RDWR)) < 0) { int err = errno; pam_syslog (pamh, LOG_ERR, "open of /dev/null failed: %m"); _exit (err); } } if (dup2 (STDOUT_FILENO, STDERR_FILENO) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "dup2 failed: %m"); _exit (err); } for (i = 3; i < sysconf (_SC_OPEN_MAX); i++) close (i); if (call_setuid) if (setuid (geteuid ()) == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "setuid(%lu) failed: %m", (unsigned long) geteuid ()); _exit (err); } if (setsid () == -1) { int err = errno; pam_syslog (pamh, LOG_ERR, "setsid failed: %m"); _exit (err); } arggv = calloc (argc + 4, sizeof (char *)); if (arggv == NULL) _exit (ENOMEM); for (i = 0; i < (argc - optargc); i++) arggv[i] = strdup(argv[i+optargc]); arggv[i] = NULL; /* * Set up the child's environment list. It consists of the PAM * environment, plus a few hand-picked PAM items. */ envlist = pam_getenvlist(pamh); for (envlen = 0; envlist[envlen] != NULL; ++envlen) /* nothing */ ; nitems = sizeof(env_items) / sizeof(*env_items); /* + 2 because of PAM_TYPE and NULL entry */ tmp = realloc(envlist, (envlen + nitems + 2) * sizeof(*envlist)); if (tmp == NULL) { free(envlist); pam_syslog (pamh, LOG_ERR, "realloc environment failed: %m"); _exit (ENOMEM); } envlist = tmp; for (i = 0; i < nitems; ++i) { const void *item; if (pam_get_item(pamh, env_items[i].item, &item) != PAM_SUCCESS || item == NULL) continue; if (asprintf(&envstr, "%s=%s", env_items[i].name, (const char *)item) < 0) { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; } if (asprintf(&envstr, "PAM_TYPE=%s", pam_type) < 0) { free(envlist); pam_syslog (pamh, LOG_ERR, "prepare environment failed: %m"); _exit (ENOMEM); } envlist[envlen++] = envstr; envlist[envlen] = NULL; if (debug) pam_syslog (pamh, LOG_DEBUG, "Calling %s ...", arggv[0]); execve (arggv[0], arggv, envlist); i = errno; pam_syslog (pamh, LOG_ERR, "execve(%s,...) failed: %m", arggv[0]); free(envlist); _exit (i); } return PAM_SYSTEM_ERR; /* will never be reached. */ } PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("auth", pamh, argc, argv); } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } /* password updating functions */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { if (flags & PAM_PRELIM_CHECK) return PAM_SUCCESS; return call_exec ("password", pamh, argc, argv); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("account", pamh, argc, argv); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("open_session", pamh, argc, argv); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { return call_exec ("close_session", pamh, argc, argv); } #ifdef PAM_STATIC struct pam_module _pam_exec_modstruct = { "pam_exec", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok, }; #endif pam/modules/pam_exec/tst-pam_exec0000755000000000000000000000006313261244762014277 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_exec.so pam/modules/pam_faildelay/0000755000000000000000000000000013261244762012767 5ustar pam/modules/pam_faildelay/Makefile.am0000644000000000000000000000136513261244762015030 0ustar # # Copyright (c) 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay man_MANS = pam_faildelay.8 XMLS = README.xml pam_faildelay.8.xml TESTS = tst-pam_faildelay securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_faildelay.la pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_faildelay.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_faildelay/Makefile.in0000644000000000000000000006022013261244762015034 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_faildelay DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_faildelay_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_faildelay_la_SOURCES = pam_faildelay.c pam_faildelay_la_OBJECTS = pam_faildelay.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_faildelay.c DIST_SOURCES = pam_faildelay.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_faildelay man_MANS = pam_faildelay.8 XMLS = README.xml pam_faildelay.8.xml TESTS = tst-pam_faildelay securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_faildelay.la pam_faildelay_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_faildelay/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_faildelay.la: $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_faildelay_la_OBJECTS) $(pam_faildelay_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_faildelay.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_faildelay.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_faildelay/README0000644000000000000000000000147313261244762013654 0ustar pam_faildelay — Change the delay on failure per-application â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_faildelay is a PAM module that can be used to set the delay on failure per-application. If no delay is given, pam_faildelay will use the value of FAIL_DELAY from /etc/ login.defs. OPTIONS debug Turns on debugging messages sent to syslog. delay=N Set the delay on failure to N microseconds. EXAMPLES The following example will set the delay on failure to 10 seconds: auth optional pam_faildelay.so delay=10000000 AUTHOR pam_faildelay was written by Darren Tucker . pam/modules/pam_faildelay/README.xml0000644000000000000000000000225613261244762014453 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_faildelay.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_faildelay-name"]/*)'/>
pam/modules/pam_faildelay/pam_faildelay.80000644000000000000000000000455613261244762015661 0ustar '\" t .\" Title: pam_faildelay .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_FAILDELAY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_faildelay \- Change the delay on failure per\-application .SH "SYNOPSIS" .HP \w'\fBpam_faildelay\&.so\fR\ 'u \fBpam_faildelay\&.so\fR [debug] [delay=\fImicroseconds\fR] .SH "DESCRIPTION" .PP pam_faildelay is a PAM module that can be used to set the delay on failure per\-application\&. .PP If no \fBdelay\fR is given, pam_faildelay will use the value of FAIL_DELAY from /etc/login\&.defs\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Turns on debugging messages sent to syslog\&. .RE .PP \fBdelay=\fR\fB\fIN\fR\fR .RS 4 Set the delay on failure to N microseconds\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE .RS 4 Delay was successful adjusted\&. .RE .PP PAM_SYSTEM_ERR .RS 4 The specified delay was not valid\&. .RE .SH "EXAMPLES" .PP The following example will set the delay on failure to 10 seconds: .sp .if n \{\ .RS 4 .\} .nf auth optional pam_faildelay\&.so delay=10000000 .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam_fail_delay\fR(3), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_faildelay was written by Darren Tucker \&. pam/modules/pam_faildelay/pam_faildelay.8.xml0000644000000000000000000000673413261244762016460 0ustar pam_faildelay 8 Linux-PAM Manual pam_faildelay Change the delay on failure per-application pam_faildelay.so debug delay=microseconds DESCRIPTION pam_faildelay is a PAM module that can be used to set the delay on failure per-application. If no is given, pam_faildelay will use the value of FAIL_DELAY from /etc/login.defs. OPTIONS Turns on debugging messages sent to syslog. Set the delay on failure to N microseconds. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_IGNORE Delay was successful adjusted. PAM_SYSTEM_ERR The specified delay was not valid. EXAMPLES The following example will set the delay on failure to 10 seconds: auth optional pam_faildelay.so delay=10000000 SEE ALSO pam_fail_delay3 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_faildelay was written by Darren Tucker <dtucker@zip.com.au>. pam/modules/pam_faildelay/pam_faildelay.c0000644000000000000000000001361513261244762015730 0ustar /* pam_faildelay module */ /* * Allows an admin to set the delay on failure per-application. * Provides "auth" interface only. * * Use by putting something like this in the relevant pam config: * auth required pam_faildelay.so delay=[microseconds] * * eg: * auth required pam_faildelay.so delay=10000000 * will set the delay on failure to 10 seconds. * * If no delay option was given, pam_faildelay.so will use the * FAIL_DELAY value of /etc/login.defs. * * Based on pam_rootok and parts of pam_unix both by Andrew Morgan * * * Copyright (c) 2006 Thorsten Kukuk * - Rewrite to use extended PAM functions * - Add /etc/login.defs support * * Portions Copyright (c) 2005 Darren Tucker . * * Redistribution and use in source and binary forms of, with * or without modification, are permitted provided that the following * conditions are met: * * 1. Redistributions of source code must retain any existing copyright * notice, and this entire permission notice in its entirety, * including the disclaimer of warranties. * * 2. Redistributions in binary form must reproduce all prior and current * copyright notices, this list of conditions, and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * 3. The name of any author may not be used to endorse or promote * products derived from this software without their specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of the * GNU General Public License, in which case the provisions of the GNU * GPL are required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential conflict between the GNU GPL and the * restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. */ #include "config.h" #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #include #include #define BUF_SIZE 8192 #define LOGIN_DEFS "/etc/login.defs" static char * search_key (const char *filename) { FILE *fp; char *buf = NULL; size_t buflen = 0; char *retval = NULL; fp = fopen (filename, "r"); if (NULL == fp) return NULL; while (!feof (fp)) { char *tmp, *cp; #if defined(HAVE_GETLINE) ssize_t n = getline (&buf, &buflen, fp); #elif defined (HAVE_GETDELIM) ssize_t n = getdelim (&buf, &buflen, '\n', fp); #else ssize_t n; if (buf == NULL) { buflen = BUF_SIZE; buf = malloc (buflen); } buf[0] = '\0'; if (fgets (buf, buflen - 1, fp) == NULL) break; else if (buf != NULL) n = strlen (buf); else n = 0; #endif /* HAVE_GETLINE / HAVE_GETDELIM */ cp = buf; if (n < 1) break; tmp = strchr (cp, '#'); /* remove comments */ if (tmp) *tmp = '\0'; while (isspace ((int)*cp)) /* remove spaces and tabs */ ++cp; if (*cp == '\0') /* ignore empty lines */ continue; if (cp[strlen (cp) - 1] == '\n') cp[strlen (cp) - 1] = '\0'; tmp = strsep (&cp, " \t="); if (cp != NULL) while (isspace ((int)*cp) || *cp == '=') ++cp; if (strcasecmp (tmp, "FAIL_DELAY") == 0) { retval = strdup (cp); break; } } fclose (fp); free (buf); return retval; } /* --- authentication management functions (only) --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, debug_flag = 0; long int delay = -1; /* step through arguments */ for (i = 0; i < argc; i++) { if (sscanf(argv[i], "delay=%ld", &delay) == 1) { /* sscanf did already everything necessary */ } else if (strcmp (argv[i], "debug") == 0) debug_flag = 1; else pam_syslog (pamh, LOG_ERR, "unknown option; %s", argv[i]); } if (delay == -1) { char *endptr; char *val = search_key (LOGIN_DEFS); const char *val_orig = val; if (val == NULL) return PAM_IGNORE; errno = 0; delay = strtol (val, &endptr, 10) & 0777; if (((delay == 0) && (val_orig == endptr)) || ((delay == LONG_MIN || delay == LONG_MAX) && (errno == ERANGE))) { pam_syslog (pamh, LOG_ERR, "FAIL_DELAY=%s in %s not valid", val, LOGIN_DEFS); free (val); return PAM_IGNORE; } free (val); /* delay is in seconds, convert to microseconds. */ delay *= 1000000; } if (debug_flag) pam_syslog (pamh, LOG_DEBUG, "setting fail delay to %ld", delay); i = pam_fail_delay(pamh, delay); if (i == PAM_SUCCESS) return PAM_IGNORE; else return i; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_faildelay_modstruct = { "pam_faildelay", pam_sm_authenticate, pam_sm_setcred, NULL, NULL, NULL, NULL, }; #endif /* end of module definition */ pam/modules/pam_faildelay/tst-pam_faildelay0000755000000000000000000000007013261244762016311 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_faildelay.so pam/modules/pam_filter/0000755000000000000000000000000013261244762012322 5ustar pam/modules/pam_filter/Makefile.am0000644000000000000000000000144213261244762014357 0ustar # # Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk # SUBDIRS = upperLOWER CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter man_MANS = pam_filter.8 XMLS = README.xml pam_filter.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif include_HEADERS=pam_filter.h pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la securelib_LTLIBRARIES = pam_filter.la TESTS = tst-pam_filter if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_filter.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_filter/Makefile.in0000644000000000000000000007475413261244762014410 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2007, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_filter DIST_COMMON = README $(include_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" \ "$(DESTDIR)$(includedir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_filter_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_filter_la_SOURCES = pam_filter.c pam_filter_la_OBJECTS = pam_filter.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_filter.c DIST_SOURCES = pam_filter.c RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ html-recursive info-recursive install-data-recursive \ install-dvi-recursive install-exec-recursive \ install-html-recursive install-info-recursive \ install-pdf-recursive install-ps-recursive install-recursive \ installcheck-recursive installdirs-recursive pdf-recursive \ ps-recursive uninstall-recursive man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) HEADERS = $(include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ distdir ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = upperLOWER CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_filter man_MANS = pam_filter.8 XMLS = README.xml pam_filter.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) include_HEADERS = pam_filter.h pam_filter_la_LIBADD = $(top_builddir)/libpam/libpam.la securelib_LTLIBRARIES = pam_filter.la TESTS = tst-pam_filter @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-recursive .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_filter/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_filter.la: $(pam_filter_la_OBJECTS) $(pam_filter_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_filter_la_OBJECTS) $(pam_filter_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_filter.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-includeHEADERS: $(include_HEADERS) @$(NORMAL_INSTALL) test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)" @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(includedir)'"; \ $(INSTALL_HEADER) $$files "$(DESTDIR)$(includedir)" || exit $$?; \ done uninstall-includeHEADERS: @$(NORMAL_UNINSTALL) @list='$(include_HEADERS)'; test -n "$(includedir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(includedir)" && rm -f $$files # This directory's subdirectories are mostly independent; you can cd # into them and run `make' without going through this Makefile. # To change the values of `make' variables: instead of editing Makefiles, # (1) if the variable is set in `config.status', edit `config.status' # (which will cause the Makefiles to be regenerated when you run `make'); # (2) otherwise, pass the desired values on the `make' command line. $(RECURSIVE_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ list='$(SUBDIRS)'; for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" $(RECURSIVE_CLEAN_TARGETS): @fail= failcom='exit 1'; \ for f in x $$MAKEFLAGS; do \ case $$f in \ *=* | --[!k]*);; \ *k*) failcom='fail=yes';; \ esac; \ done; \ dot_seen=no; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ rev=''; for subdir in $$list; do \ if test "$$subdir" = "."; then :; else \ rev="$$subdir $$rev"; \ fi; \ done; \ rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done && test -z "$$fail" tags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ done ctags-recursive: list='$(SUBDIRS)'; for subdir in $$list; do \ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ done ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-recursive all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(includedir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-includeHEADERS install-man \ install-securelibLTLIBRARIES install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-man8 install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-includeHEADERS uninstall-man \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) check-am \ ctags-recursive install-am install-strip tags-recursive .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-TESTS check-am clean clean-generic \ clean-libtool clean-securelibLTLIBRARIES ctags ctags-recursive \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am \ install-includeHEADERS install-info install-info-am \ install-man install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-securelibLTLIBRARIES install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ uninstall-includeHEADERS uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_filter.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_filter/README0000644000000000000000000000603313261244762013204 0ustar pam_filter — PAM filter module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application. It is only suitable for tty-based and (stdin/stdout) applications. To function this module requires filters to be installed on the system. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams. (This can be very annoying and is not kind to termcap based editors). Each component of the module has the potential to invoke the desired filter. The filter is always execv(2) with the privilege of the calling application and not that of the user. For this reason it cannot usually be killed by the user without closing their session. OPTIONS debug Print debug information. new_term The default action of the filter is to set the PAM_TTY item to indicate the terminal that the user is using to connect to the application. This argument indicates that the filter should set PAM_TTY to the filtered pseudo-terminal. non_term don't try to set the PAM_TTY item. runX In order that the module can invoke a filter it should know when to invoke it. This argument is required to tell the filter when to do this. Permitted values for X are 1 and 2. These indicate the precise time that the filter is to be run. To understand this concept it will be useful to have read the pam(3) manual page. Basically, for each management group there are up to two ways of calling the module's functions. In the case of the authentication and session components there are actually two separate functions. For the case of authentication, these functions are pam_authenticate(3) and pam_setcred(3), here run1 means run the filter from the pam_authenticate function and run2 means run the filter from pam_setcred. In the case of the session modules, run1 implies that the filter is invoked at the pam_open_session(3) stage, and run2 for pam_close_session(3). For the case of the account component. Either run1 or run2 may be used. For the case of the password component, run1 is used to indicate that the filter is run on the first occasion of pam_chauthtok(3) (the PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase). filter The full pathname of the filter to be run and any command line arguments that the filter might expect. EXAMPLES Add the following line to /etc/pam.d/login to see how to configure login to transpose upper and lower case letters once the user has logged in: session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER AUTHOR pam_filter was written by Andrew G. Morgan . pam/modules/pam_filter/README.xml0000644000000000000000000000221513261244762014001 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_filter.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_filter-name"]/*)'/>
pam/modules/pam_filter/pam_filter.80000644000000000000000000001146613261244762014545 0ustar '\" t .\" Title: pam_filter .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_FILTER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_filter \- PAM filter module .SH "SYNOPSIS" .HP \w'\fBpam_filter\&.so\fR\ 'u \fBpam_filter\&.so\fR [debug] [new_term] [non_term] run1|run2 \fIfilter\fR [\fI\&.\&.\&.\fR] .SH "DESCRIPTION" .PP This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application\&. It is only suitable for tty\-based and (stdin/stdout) applications\&. .PP To function this module requires \fIfilters\fR to be installed on the system\&. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams\&. (This can be very annoying and is not kind to termcap based editors)\&. .PP Each component of the module has the potential to invoke the desired filter\&. The filter is always \fBexecv\fR(2) with the privilege of the calling application and \fInot\fR that of the user\&. For this reason it cannot usually be killed by the user without closing their session\&. .SH "OPTIONS" .PP .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBnew_term\fR .RS 4 The default action of the filter is to set the \fIPAM_TTY\fR item to indicate the terminal that the user is using to connect to the application\&. This argument indicates that the filter should set \fIPAM_TTY\fR to the filtered pseudo\-terminal\&. .RE .PP \fBnon_term\fR .RS 4 don\*(Aqt try to set the \fIPAM_TTY\fR item\&. .RE .PP \fBrunX\fR .RS 4 In order that the module can invoke a filter it should know when to invoke it\&. This argument is required to tell the filter when to do this\&. .sp Permitted values for \fIX\fR are \fI1\fR and \fI2\fR\&. These indicate the precise time that the filter is to be run\&. To understand this concept it will be useful to have read the \fBpam\fR(3) manual page\&. Basically, for each management group there are up to two ways of calling the module\*(Aqs functions\&. In the case of the \fIauthentication\fR and \fIsession\fR components there are actually two separate functions\&. For the case of authentication, these functions are \fBpam_authenticate\fR(3) and \fBpam_setcred\fR(3), here \fBrun1\fR means run the filter from the \fBpam_authenticate\fR function and \fBrun2\fR means run the filter from \fBpam_setcred\fR\&. In the case of the session modules, \fIrun1\fR implies that the filter is invoked at the \fBpam_open_session\fR(3) stage, and \fIrun2\fR for \fBpam_close_session\fR(3)\&. .sp For the case of the account component\&. Either \fIrun1\fR or \fIrun2\fR may be used\&. .sp For the case of the password component, \fIrun1\fR is used to indicate that the filter is run on the first occasion of \fBpam_chauthtok\fR(3) (the \fIPAM_PRELIM_CHECK\fR phase) and \fIrun2\fR is used to indicate that the filter is run on the second occasion (the \fIPAM_UPDATE_AUTHTOK\fR phase)\&. .RE .PP \fBfilter\fR .RS 4 The full pathname of the filter to be run and any command line arguments that the filter might expect\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 The new filter was set successfully\&. .RE .PP PAM_ABORT .RS 4 Critical error, immediate abort\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/login to see how to configure login to transpose upper and lower case letters once the user has logged in: .sp .if n \{\ .RS 4 .\} .nf session required pam_filter\&.so run1 /lib/security/pam_filter/upperLOWER .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_filter was written by Andrew G\&. Morgan \&. pam/modules/pam_filter/pam_filter.8.xml0000644000000000000000000002054213261244762015337 0ustar pam_filter 8 Linux-PAM Manual pam_filter PAM filter module pam_filter.so debug new_term non_term run1|run2 filter ... DESCRIPTION This module is intended to be a platform for providing access to all of the input/output that passes between the user and the application. It is only suitable for tty-based and (stdin/stdout) applications. To function this module requires filters to be installed on the system. The single filter provided with the module simply transposes upper and lower case letters in the input and output streams. (This can be very annoying and is not kind to termcap based editors). Each component of the module has the potential to invoke the desired filter. The filter is always execv2 with the privilege of the calling application and not that of the user. For this reason it cannot usually be killed by the user without closing their session. OPTIONS Print debug information. The default action of the filter is to set the PAM_TTY item to indicate the terminal that the user is using to connect to the application. This argument indicates that the filter should set PAM_TTY to the filtered pseudo-terminal. don't try to set the PAM_TTY item. In order that the module can invoke a filter it should know when to invoke it. This argument is required to tell the filter when to do this. Permitted values for X are 1 and 2. These indicate the precise time that the filter is to be run. To understand this concept it will be useful to have read the pam3 manual page. Basically, for each management group there are up to two ways of calling the module's functions. In the case of the authentication and session components there are actually two separate functions. For the case of authentication, these functions are pam_authenticate3 and pam_setcred3 , here means run the filter from the pam_authenticate function and means run the filter from pam_setcred. In the case of the session modules, run1 implies that the filter is invoked at the pam_open_session3 stage, and run2 for pam_close_session3 . For the case of the account component. Either run1 or run2 may be used. For the case of the password component, run1 is used to indicate that the filter is run on the first occasion of pam_chauthtok3 (the PAM_PRELIM_CHECK phase) and run2 is used to indicate that the filter is run on the second occasion (the PAM_UPDATE_AUTHTOK phase). The full pathname of the filter to be run and any command line arguments that the filter might expect. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_SUCCESS The new filter was set successfully. PAM_ABORT Critical error, immediate abort. EXAMPLES Add the following line to /etc/pam.d/login to see how to configure login to transpose upper and lower case letters once the user has logged in: session required pam_filter.so run1 /lib/security/pam_filter/upperLOWER SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_filter was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_filter/pam_filter.c0000644000000000000000000004320513261244762014614 0ustar /* * $Id$ * * written by Andrew Morgan with much help from * Richard Stevens' UNIX Network Programming book. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include #include "pam_filter.h" /* ------ some tokens used for convenience throughout this file ------- */ #define FILTER_DEBUG 01 #define FILTER_RUN1 02 #define FILTER_RUN2 04 #define NEW_TERM 010 #define NON_TERM 020 /* -------------------------------------------------------------------- */ /* log errors */ #include #define DEV_PTMX "/dev/ptmx" static int master (void) { int fd; if ((fd = open(DEV_PTMX, O_RDWR)) >= 0) { return fd; } return -1; } static int process_args(pam_handle_t *pamh , int argc, const char **argv, const char *type , char ***evp, const char **filtername) { int ctrl=0; while (argc-- > 0) { if (strcmp("debug",*argv) == 0) { ctrl |= FILTER_DEBUG; } else if (strcmp("new_term",*argv) == 0) { ctrl |= NEW_TERM; } else if (strcmp("non_term",*argv) == 0) { ctrl |= NON_TERM; } else if (strcmp("run1",*argv) == 0) { ctrl |= FILTER_RUN1; if (argc <= 0) { pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); } else break; } else if (strcmp("run2",*argv) == 0) { ctrl |= FILTER_RUN2; if (argc <= 0) { pam_syslog(pamh, LOG_ALERT, "no run filter supplied"); } else break; } else { pam_syslog(pamh, LOG_ERR, "unrecognized option: %s", *argv); } ++argv; /* step along list */ } if (argc < 0) { /* there was no reference to a filter */ *filtername = NULL; *evp = NULL; } else { char **levp; const char *user = NULL; const void *tmp; int i,size, retval; *filtername = *++argv; if (ctrl & FILTER_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "will run filter %s", *filtername); } levp = (char **) malloc(5*sizeof(char *)); if (levp == NULL) { pam_syslog(pamh, LOG_CRIT, "no memory for environment of filter"); return -1; } for (size=i=0; i terminate */ /* the "SERVICE" variable */ #define SERVICE_OFFSET 8 /* strlen('SERVICE='); */ #define SERVICE_NAME "SERVICE=" retval = pam_get_item(pamh, PAM_SERVICE, &tmp); if (retval != PAM_SUCCESS || tmp == NULL) { pam_syslog(pamh, LOG_CRIT, "service name not found"); if (levp) { free(levp[0]); free(levp); } return -1; } size = SERVICE_OFFSET+strlen(tmp); levp[1] = (char *) malloc(size+1); if (levp[1] == NULL) { pam_syslog(pamh, LOG_CRIT, "no memory for service name"); if (levp) { free(levp[0]); free(levp); } return -1; } strncpy(levp[1],SERVICE_NAME,SERVICE_OFFSET); strcpy(levp[1]+SERVICE_OFFSET, tmp); levp[1][size] = '\0'; /* terminate */ /* the "USER" variable */ #define USER_OFFSET 5 /* strlen('USER='); */ #define USER_NAME "USER=" if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL) { user = ""; } size = USER_OFFSET+strlen(user); levp[2] = (char *) malloc(size+1); if (levp[2] == NULL) { pam_syslog(pamh, LOG_CRIT, "no memory for user's name"); if (levp) { free(levp[1]); free(levp[0]); free(levp); } return -1; } strncpy(levp[2],USER_NAME,USER_OFFSET); strcpy(levp[2]+USER_OFFSET, user); levp[2][size] = '\0'; /* terminate */ /* the "USER" variable */ #define TYPE_OFFSET 5 /* strlen('TYPE='); */ #define TYPE_NAME "TYPE=" size = TYPE_OFFSET+strlen(type); levp[3] = (char *) malloc(size+1); if (levp[3] == NULL) { pam_syslog(pamh, LOG_CRIT, "no memory for type"); if (levp) { free(levp[2]); free(levp[1]); free(levp[0]); free(levp); } return -1; } strncpy(levp[3],TYPE_NAME,TYPE_OFFSET); strcpy(levp[3]+TYPE_OFFSET, type); levp[3][size] = '\0'; /* terminate */ levp[4] = NULL; /* end list */ *evp = levp; } if ((ctrl & FILTER_DEBUG) && *filtername) { char **e; pam_syslog(pamh, LOG_DEBUG, "filter[%s]: %s", type, *filtername); pam_syslog(pamh, LOG_DEBUG, "environment:"); for (e=*evp; e && *e; ++e) { pam_syslog(pamh, LOG_DEBUG, " %s", *e); } } return ctrl; } static void free_evp(char *evp[]) { int i; if (evp) for (i=0; i<4; ++i) { if (evp[i]) free(evp[i]); } free(evp); } static int set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, const char **evp, const char *filtername) { int status=-1; char* terminal = NULL; struct termios stored_mode; /* initial terminal mode settings */ int fd[2], child=0, child2=0, aterminal; if (filtername == NULL || *filtername != '/') { pam_syslog(pamh, LOG_ALERT, "filtername not permitted; full pathname required"); return PAM_ABORT; } if (!isatty(STDIN_FILENO) || !isatty(STDOUT_FILENO)) { aterminal = 0; } else { aterminal = 1; } if (aterminal) { /* open the master pseudo terminal */ fd[0] = master(); if (fd[0] < 0) { pam_syslog(pamh, LOG_CRIT, "no master terminal"); return PAM_AUTH_ERR; } /* set terminal into raw mode.. remember old mode so that we can revert to it after the child has quit. */ /* this is termios terminal handling... */ if ( tcgetattr(STDIN_FILENO, &stored_mode) < 0 ) { pam_syslog(pamh, LOG_CRIT, "couldn't copy terminal mode: %m"); /* in trouble, so close down */ close(fd[0]); return PAM_ABORT; } else { struct termios t_mode = stored_mode; t_mode.c_iflag = 0; /* no input control */ t_mode.c_oflag &= ~OPOST; /* no ouput post processing */ /* no signals, canonical input, echoing, upper/lower output */ #ifdef XCASE t_mode.c_lflag &= ~(XCASE); #endif t_mode.c_lflag &= ~(ISIG|ICANON|ECHO); t_mode.c_cflag &= ~(CSIZE|PARENB); /* no parity */ t_mode.c_cflag |= CS8; /* 8 bit chars */ t_mode.c_cc[VMIN] = 1; /* number of chars to satisfy a read */ t_mode.c_cc[VTIME] = 0; /* 0/10th second for chars */ if ( tcsetattr(STDIN_FILENO, TCSAFLUSH, &t_mode) < 0 ) { pam_syslog(pamh, LOG_WARNING, "couldn't put terminal in RAW mode: %m"); close(fd[0]); return PAM_ABORT; } /* * NOTE: Unlike the stream socket case here the child * opens the slave terminal as fd[1] *after* the fork... */ } } else { /* * not a terminal line so just open a stream socket fd[0-1] * both set... */ if ( socketpair(AF_UNIX, SOCK_STREAM, 0, fd) < 0 ) { pam_syslog(pamh, LOG_CRIT, "couldn't open a stream pipe: %m"); return PAM_ABORT; } } /* start child process */ if ( (child = fork()) < 0 ) { pam_syslog(pamh, LOG_WARNING, "first fork failed: %m"); if (aterminal) { (void) tcsetattr(STDIN_FILENO, TCSAFLUSH, &stored_mode); } return PAM_AUTH_ERR; } if ( child == 0 ) { /* child process *is* application */ if (aterminal) { /* close the controlling tty */ #if defined(__hpux) && defined(O_NOCTTY) int t = open("/dev/tty", O_RDWR|O_NOCTTY); #else int t = open("/dev/tty",O_RDWR); if (t > 0) { (void) ioctl(t, TIOCNOTTY, NULL); close(t); } #endif /* defined(__hpux) && defined(O_NOCTTY) */ /* make this process it's own process leader */ if (setsid() == -1) { pam_syslog(pamh, LOG_WARNING, "child cannot become new session: %m"); return PAM_ABORT; } /* grant slave terminal */ if (grantpt (fd[0]) < 0) { pam_syslog(pamh, LOG_WARNING, "Cannot grant acccess to slave terminal"); return PAM_ABORT; } /* unlock slave terminal */ if (unlockpt (fd[0]) < 0) { pam_syslog(pamh, LOG_WARNING, "Cannot unlock slave terminal"); return PAM_ABORT; } /* find slave's name */ terminal = ptsname(fd[0]); /* returned value should not be freed */ if (terminal == NULL) { pam_syslog(pamh, LOG_WARNING, "Cannot get the name of the slave terminal: %m"); return PAM_ABORT; } fd[1] = open(terminal, O_RDWR); close(fd[0]); /* process is the child -- uses line fd[1] */ if (fd[1] < 0) { pam_syslog(pamh, LOG_WARNING, "cannot open slave terminal: %s: %m", terminal); return PAM_ABORT; } /* initialize the child's terminal to be the way the parent's was before we set it into RAW mode */ if ( tcsetattr(fd[1], TCSANOW, &stored_mode) < 0 ) { pam_syslog(pamh, LOG_WARNING, "cannot set slave terminal mode: %s: %m", terminal); close(fd[1]); return PAM_ABORT; } } else { /* nothing to do for a simple stream socket */ } /* re-assign the stdin/out to fd[1] <- (talks to filter). */ if ( dup2(fd[1],STDIN_FILENO) != STDIN_FILENO || dup2(fd[1],STDOUT_FILENO) != STDOUT_FILENO || dup2(fd[1],STDERR_FILENO) != STDERR_FILENO ) { pam_syslog(pamh, LOG_WARNING, "unable to re-assign STDIN/OUT/ERR: %m"); close(fd[1]); return PAM_ABORT; } /* make sure that file descriptors survive 'exec's */ if ( fcntl(STDIN_FILENO, F_SETFD, 0) || fcntl(STDOUT_FILENO,F_SETFD, 0) || fcntl(STDERR_FILENO,F_SETFD, 0) ) { pam_syslog(pamh, LOG_WARNING, "unable to re-assign STDIN/OUT/ERR: %m"); return PAM_ABORT; } /* now the user input is read from the parent/filter: forget fd */ close(fd[1]); /* the current process is now aparently working with filtered stdio/stdout/stderr --- success! */ return PAM_SUCCESS; } /* Clear out passwords... there is a security problem here in * that this process never executes pam_end. Consequently, any * other sensitive data in this process is *not* explicitly * overwritten, before the process terminates */ (void) pam_set_item(pamh, PAM_AUTHTOK, NULL); (void) pam_set_item(pamh, PAM_OLDAUTHTOK, NULL); /* fork a copy of process to run the actual filter executable */ if ( (child2 = fork()) < 0 ) { pam_syslog(pamh, LOG_WARNING, "filter fork failed: %m"); child2 = 0; } else if ( child2 == 0 ) { /* exec the child filter */ if ( dup2(fd[0],APPIN_FILENO) != APPIN_FILENO || dup2(fd[0],APPOUT_FILENO) != APPOUT_FILENO || dup2(fd[0],APPERR_FILENO) != APPERR_FILENO ) { pam_syslog(pamh, LOG_WARNING, "unable to re-assign APPIN/OUT/ERR: %m"); close(fd[0]); _exit(1); } /* make sure that file descriptors survive 'exec's */ if ( fcntl(APPIN_FILENO, F_SETFD, 0) == -1 || fcntl(APPOUT_FILENO,F_SETFD, 0) == -1 || fcntl(APPERR_FILENO,F_SETFD, 0) == -1 ) { pam_syslog(pamh, LOG_WARNING, "unable to retain APPIN/OUT/ERR: %m"); close(APPIN_FILENO); close(APPOUT_FILENO); close(APPERR_FILENO); _exit(1); } /* now the user input is read from the parent through filter */ execle(filtername, "", NULL, evp); /* getting to here is an error */ pam_syslog(pamh, LOG_ALERT, "filter: %s: %m", filtername); _exit(1); } else { /* wait for either of the two children to exit */ while (child && child2) { /* loop if there are two children */ int lstatus=0; int chid; chid = wait(&lstatus); if (chid == child) { if (WIFEXITED(lstatus)) { /* exited ? */ status = WEXITSTATUS(lstatus); } else if (WIFSIGNALED(lstatus)) { /* killed ? */ status = -1; } else continue; /* just stopped etc.. */ child = 0; /* the child has exited */ } else if (chid == child2) { /* * if the filter has exited. Let the child die * naturally below */ if (WIFEXITED(lstatus) || WIFSIGNALED(lstatus)) child2 = 0; } else { pam_syslog(pamh, LOG_ALERT, "programming error " "in file %s at line %d", chid, lstatus, __FILE__, __LINE__); child = child2 = 0; status = -1; } } } close(fd[0]); /* if there is something running, wait for it to exit */ while (child || child2) { int lstatus=0; int chid; chid = wait(&lstatus); if (child && chid == child) { if (WIFEXITED(lstatus)) { /* exited ? */ status = WEXITSTATUS(lstatus); } else if (WIFSIGNALED(lstatus)) { /* killed ? */ status = -1; } else continue; /* just stopped etc.. */ child = 0; /* the child has exited */ } else if (child2 && chid == child2) { if (WIFEXITED(lstatus) || WIFSIGNALED(lstatus)) child2 = 0; } else { pam_syslog(pamh, LOG_ALERT, "programming error " "in file %s at line %d", chid, lstatus, __FILE__, __LINE__); child = child2 = 0; status = -1; } } if (aterminal) { /* reset to initial terminal mode */ (void) tcsetattr(STDIN_FILENO, TCSANOW, &stored_mode); } if (ctrl & FILTER_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "parent process exited"); /* clock off */ } /* quit the parent process, returning the child's exit status */ exit(status); return status; /* never reached, to make gcc happy */ } static int set_the_terminal(pam_handle_t *pamh) { const void *tty; if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || tty == NULL) { tty = ttyname(STDIN_FILENO); if (tty == NULL) { pam_syslog(pamh, LOG_ERR, "couldn't get the tty name"); return PAM_ABORT; } if (pam_set_item(pamh, PAM_TTY, tty) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "couldn't set tty name"); return PAM_ABORT; } } return PAM_SUCCESS; } static int need_a_filter(pam_handle_t *pamh , int flags, int argc, const char **argv , const char *name, int which_run) { int ctrl; char **evp; const char *filterfile; int retval; ctrl = process_args(pamh, argc, argv, name, &evp, &filterfile); if (ctrl == -1) { return PAM_AUTHINFO_UNAVAIL; } /* set the tty to the old or the new one? */ if (!(ctrl & NON_TERM) && !(ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "tried and failed to set PAM_TTY"); } } else { retval = PAM_SUCCESS; /* nothing to do which is always a success */ } if (retval == PAM_SUCCESS && (ctrl & which_run)) { retval = set_filter(pamh, flags, ctrl , (const char **)evp, filterfile); } if (retval == PAM_SUCCESS && !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "tried and failed to set new terminal as PAM_TTY"); } } free_evp(evp); if (ctrl & FILTER_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "filter/%s, returning %d", name, retval); pam_syslog(pamh, LOG_DEBUG, "[%s]", pam_strerror(pamh, retval)); } return retval; } /* ----------------- public functions ---------------- */ /* * here are the advertised access points ... */ /* ------------------ authentication ----------------- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh , int flags, int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "authenticate", FILTER_RUN1); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags , int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2); } /* --------------- account management ---------------- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "setcred", FILTER_RUN1|FILTER_RUN2 ); } /* --------------- session management ---------------- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags , int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "open_session", FILTER_RUN1); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags , int argc, const char **argv) { return need_a_filter(pamh, flags, argc, argv , "close_session", FILTER_RUN2); } /* --------- updating authentication tokens --------- */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags , int argc, const char **argv) { int runN; if (flags & PAM_PRELIM_CHECK) runN = FILTER_RUN1; else if (flags & PAM_UPDATE_AUTHTOK) runN = FILTER_RUN2; else { pam_syslog(pamh, LOG_ERR, "unknown flags for chauthtok (0x%X)", flags); return PAM_TRY_AGAIN; } return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN); } #ifdef PAM_STATIC /* ------------ stuff for static modules ------------ */ struct pam_module _pam_filter_modstruct = { "pam_filter", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok, }; #endif pam/modules/pam_filter/pam_filter.h0000644000000000000000000000210113261244762014607 0ustar /* * $Id$ * * this file is associated with the Linux-PAM filter module. * it was written by Andrew G. Morgan * */ #ifndef PAM_FILTER_H #define PAM_FILTER_H #include /* * this will fail if there is some problem with these file descriptors * being allocated by the pam_filter Linux-PAM module. The numbers * here are thought safe, but the filter developer should use the * macros, as these numbers are subject to change. * * The APPXXX_FILENO file descriptors are the STDIN/OUT/ERR_FILENO of the * application. The filter uses the STDIN/OUT/ERR_FILENO's to converse * with the user, passes (modified) user input to the application via * APPIN_FILENO, and receives application output from APPOUT_FILENO/ERR. */ #define APPIN_FILENO 3 /* write here to give application input */ #define APPOUT_FILENO 4 /* read here to get application output */ #define APPERR_FILENO 5 /* read here to get application errors */ #define APPTOP_FILE 6 /* used by select */ #endif pam/modules/pam_filter/tst-pam_filter0000755000000000000000000000006513261244762015203 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_filter.so pam/modules/pam_filter/upperLOWER/0000755000000000000000000000000013261244762014266 5ustar pam/modules/pam_filter/upperLOWER/Makefile.am0000644000000000000000000000051613261244762016324 0ustar # # Copyright (c) 2005 Thorsten Kukuk # CLEANFILES = *~ securelibfilterdir = $(SECUREDIR)/pam_filter AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(srcdir)/.. @PIE_CFLAGS@ AM_LDFLAGS = @PIE_LDFLAGS@ LDADD = $(top_builddir)/libpam/libpam.la securelibfilter_PROGRAMS = upperLOWER pam/modules/pam_filter/upperLOWER/Makefile.in0000644000000000000000000004417013261244762016341 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ securelibfilter_PROGRAMS = upperLOWER$(EXEEXT) subdir = modules/pam_filter/upperLOWER DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(securelibfilterdir)" PROGRAMS = $(securelibfilter_PROGRAMS) upperLOWER_SOURCES = upperLOWER.c upperLOWER_OBJECTS = upperLOWER.$(OBJEXT) upperLOWER_LDADD = $(LDADD) upperLOWER_DEPENDENCIES = $(top_builddir)/libpam/libpam.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = upperLOWER.c DIST_SOURCES = upperLOWER.c ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ securelibfilterdir = $(SECUREDIR)/pam_filter AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(srcdir)/.. @PIE_CFLAGS@ AM_LDFLAGS = @PIE_LDFLAGS@ LDADD = $(top_builddir)/libpam/libpam.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_filter/upperLOWER/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibfilterPROGRAMS: $(securelibfilter_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(securelibfilterdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibfilterdir)" @list='$(securelibfilter_PROGRAMS)'; test -n "$(securelibfilterdir)" || list=; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(securelibfilterdir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(securelibfilterdir)$$dir" || exit $$?; \ } \ ; done uninstall-securelibfilterPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(securelibfilter_PROGRAMS)'; test -n "$(securelibfilterdir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(securelibfilterdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(securelibfilterdir)" && rm -f $$files clean-securelibfilterPROGRAMS: @list='$(securelibfilter_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list upperLOWER$(EXEEXT): $(upperLOWER_OBJECTS) $(upperLOWER_DEPENDENCIES) @rm -f upperLOWER$(EXEEXT) $(LINK) $(upperLOWER_OBJECTS) $(upperLOWER_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/upperLOWER.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(PROGRAMS) installdirs: for dir in "$(DESTDIR)$(securelibfilterdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-securelibfilterPROGRAMS \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-securelibfilterPROGRAMS install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-securelibfilterPROGRAMS .MAKE: install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ clean-libtool clean-securelibfilterPROGRAMS ctags distclean \ distclean-compile distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-securelibfilterPROGRAMS install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-securelibfilterPROGRAMS # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_filter/upperLOWER/upperLOWER.c0000644000000000000000000000712513261244762016403 0ustar /* * This is a sample filter program, for use with pam_filter (a module * provided with Linux-PAM). This filter simply transposes upper and * lower case letters, it is intended for demonstration purposes and * it serves no purpose other than to annoy the user... */ #include "config.h" #include #include #include #include #include #include #include #include "pam_filter.h" #include /* ---------------------------------------------------------------- */ static void do_transpose(char *buffer,int len) { int i; for (i=0; i %s\r\n",environ[i]); } fprintf(stderr,"]: end\r\n"); } #endif if (argc != 1) { #ifdef DEBUG fprintf(stderr,"filter invoked as conventional executable\n"); #else syslog(LOG_ERR, "filter invoked as conventional executable"); #endif exit(1); } before_user = before_app = do_transpose; /* assign filter functions */ /* enter a loop that deals with the input and output of the user.. passing it to and from the application */ FD_ZERO(&readers); /* initialize reading mask */ for (;;) { FD_SET(APPOUT_FILENO, &readers); /* wake for output */ FD_SET(APPERR_FILENO, &readers); /* wake for error */ FD_SET(STDIN_FILENO, &readers); /* wake for input */ if ( select(APPTOP_FILE,&readers,NULL,NULL,NULL) < 0 ) { #ifdef DEBUG fprintf(stderr,"select failed\n"); #else syslog(LOG_WARNING,"select failed"); #endif break; } /* application errors */ if ( FD_ISSET(APPERR_FILENO,&readers) ) { int got = read(APPERR_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); if (pam_modutil_write(STDERR_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't write %d bytes?!",got); break; } } } else if ( FD_ISSET(APPOUT_FILENO,&readers) ) { /* app output */ int got = read(APPOUT_FILENO, buffer, BUFSIZ); if (got <= 0) { break; } else { /* translate to give to real terminal */ if (before_user != NULL) before_user(buffer, got); if (pam_modutil_write(STDOUT_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't write %d bytes!?",got); break; } } } if ( FD_ISSET(STDIN_FILENO, &readers) ) { /* user input */ int got = read(STDIN_FILENO, buffer, BUFSIZ); if (got < 0) { syslog(LOG_WARNING,"user input junked"); break; } else if (got) { /* translate to give to application */ if (before_app != NULL) before_app(buffer, got); if (pam_modutil_write(APPIN_FILENO, buffer, got) != got ) { syslog(LOG_WARNING,"couldn't pass %d bytes!?",got); break; } } else { /* nothing received -- an error? */ syslog(LOG_WARNING,"user input null?"); break; } } } exit(0); } pam/modules/pam_ftp/0000755000000000000000000000000013261244762011626 5ustar pam/modules/pam_ftp/Makefile.am0000644000000000000000000000132113261244762013657 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp man_MANS = pam_ftp.8 XMLS = README.xml pam_ftp.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_ftp.la pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la TESTS = tst-pam_ftp if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_ftp.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_ftp/Makefile.in0000644000000000000000000006001413261244762013674 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_ftp DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_ftp_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_ftp_la_SOURCES = pam_ftp.c pam_ftp_la_OBJECTS = pam_ftp.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_ftp.c DIST_SOURCES = pam_ftp.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_ftp man_MANS = pam_ftp.8 XMLS = README.xml pam_ftp.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_ftp.la pam_ftp_la_LIBADD = $(top_builddir)/libpam/libpam.la TESTS = tst-pam_ftp @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_ftp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_ftp/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_ftp.la: $(pam_ftp_la_OBJECTS) $(pam_ftp_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_ftp_la_OBJECTS) $(pam_ftp_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_ftp.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_ftp.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_ftp/README0000644000000000000000000000324213261244762012507 0ustar pam_ftp — PAM module for anonymous access module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access. This module intercepts the user's name and password. If the name is ftp or anonymous, the user's password is broken up at the @ delimiter into a PAM_RUSER and a PAM_RHOST part; these pam-items being set accordingly. The username ( PAM_USER) is set to ftp. In this case the module succeeds. Alternatively, the module sets the PAM_AUTHTOK item with the entered password and fails. This module is not safe and easily spoofable. OPTIONS debug Print debug information. ignore Pay no attention to the email address of the user (if supplied). ftp=XXX,YYY,... Instead of ftp or anonymous, provide anonymous login to the comma separated list of users: XXX,YYY,.... Should the applicant enter one of these usernames the returned username is set to the first in the list: XXX. EXAMPLES Add the following line to /etc/pam.d/ftpd to handle ftp style anonymous login: # # ftpd; add ftp-specifics. These lines enable anonymous ftp over # standard UN*X access (the listfile entry blocks access to # users listed in /etc/ftpusers) # auth sufficient pam_ftp.so auth required pam_unix.so use_first_pass auth required pam_listfile.so \ onerr=succeed item=user sense=deny file=/etc/ftpusers AUTHOR pam_ftp was written by Andrew G. Morgan . pam/modules/pam_ftp/README.xml0000644000000000000000000000215413261244762013307 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_ftp.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_ftp-name"]/*)'/>
pam/modules/pam_ftp/pam_ftp.80000644000000000000000000000644213261244762013353 0ustar '\" t .\" Title: pam_ftp .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_FTP" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_ftp \- PAM module for anonymous access module .SH "SYNOPSIS" .HP \w'\fBpam_ftp\&.so\fR\ 'u \fBpam_ftp\&.so\fR [debug] [ignore] [users=\fIXXX,YYY,\fR...] .SH "DESCRIPTION" .PP pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access\&. .PP This module intercepts the user\*(Aqs name and password\&. If the name is \fIftp\fR or \fIanonymous\fR, the user\*(Aqs password is broken up at the \fI@\fR delimiter into a \fIPAM_RUSER\fR and a \fIPAM_RHOST\fR part; these pam\-items being set accordingly\&. The username (\fIPAM_USER\fR) is set to \fIftp\fR\&. In this case the module succeeds\&. Alternatively, the module sets the \fIPAM_AUTHTOK\fR item with the entered password and fails\&. .PP This module is not safe and easily spoofable\&. .SH "OPTIONS" .PP .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBignore\fR .RS 4 Pay no attention to the email address of the user (if supplied)\&. .RE .PP \fBftp=\fR\fB\fIXXX,YYY,\&.\&.\&.\fR\fR .RS 4 Instead of \fIftp\fR or \fIanonymous\fR, provide anonymous login to the comma separated list of users: \fB\fIXXX,YYY,\&.\&.\&.\fR\fR\&. Should the applicant enter one of these usernames the returned username is set to the first in the list: \fIXXX\fR\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 The authentication was successful\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/ftpd to handle ftp style anonymous login: .sp .if n \{\ .RS 4 .\} .nf # # ftpd; add ftp\-specifics\&. These lines enable anonymous ftp over # standard UN*X access (the listfile entry blocks access to # users listed in /etc/ftpusers) # auth sufficient pam_ftp\&.so auth required pam_unix\&.so use_first_pass auth required pam_listfile\&.so \e onerr=succeed item=user sense=deny file=/etc/ftpusers .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_ftp was written by Andrew G\&. Morgan \&. pam/modules/pam_ftp/pam_ftp.8.xml0000644000000000000000000001162613261244762014152 0ustar pam_ftp 8 Linux-PAM Manual pam_ftp PAM module for anonymous access module pam_ftp.so debug ignore users=XXX,YYY, DESCRIPTION pam_ftp is a PAM module which provides a pluggable anonymous ftp mode of access. This module intercepts the user's name and password. If the name is ftp or anonymous, the user's password is broken up at the @ delimiter into a PAM_RUSER and a PAM_RHOST part; these pam-items being set accordingly. The username (PAM_USER) is set to ftp. In this case the module succeeds. Alternatively, the module sets the PAM_AUTHTOK item with the entered password and fails. This module is not safe and easily spoofable. OPTIONS Print debug information. Pay no attention to the email address of the user (if supplied). Instead of ftp or anonymous, provide anonymous login to the comma separated list of users: . Should the applicant enter one of these usernames the returned username is set to the first in the list: XXX. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS The authentication was successful. PAM_USER_UNKNOWN User not known. EXAMPLES Add the following line to /etc/pam.d/ftpd to handle ftp style anonymous login: # # ftpd; add ftp-specifics. These lines enable anonymous ftp over # standard UN*X access (the listfile entry blocks access to # users listed in /etc/ftpusers) # auth sufficient pam_ftp.so auth required pam_unix.so use_first_pass auth required pam_listfile.so \ onerr=succeed item=user sense=deny file=/etc/ftpusers SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_ftp was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_ftp/pam_ftp.c0000644000000000000000000001174213261244762013425 0ustar /* pam_ftp module */ /* * $Id$ * * Written by Andrew Morgan 1996/3/11 * */ #define PLEASE_ENTER_PASSWORD "Password required for %s." #define GUEST_LOGIN_PROMPT "Guest login ok, " \ "send your complete e-mail address as password." /* the following is a password that "can't be correct" */ #define BLOCK_PASSWORD "\177BAD PASSWPRD\177" #include "config.h" #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH #include #include #include /* argument parsing */ #define PAM_DEBUG_ARG 01 #define PAM_IGNORE_EMAIL 02 #define PAM_NO_ANON 04 static int _pam_parse(pam_handle_t *pamh, int argc, const char **argv, const char **users) { int ctrl=0; /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"users=",6)) { *users = 6 + *argv; } else if (!strcmp(*argv,"ignore")) { ctrl |= PAM_IGNORE_EMAIL; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return ctrl; } /* * check if name is in list or default list. place users name in *_user * return 1 if listed 0 if not. */ static int lookup(const char *name, const char *list, const char **_user) { int anon = 0; *_user = name; /* this is the default */ if (list && *list) { const char *l; char *list_copy, *x; char *sptr = NULL; list_copy = x_strdup(list); x = list_copy; while (list_copy && (l = strtok_r(x, ",", &sptr))) { x = NULL; if (!strcmp(name, l)) { *_user = list; anon = 1; } } _pam_overwrite(list_copy); _pam_drop(list_copy); } else { #define MAX_L 2 static const char *l[MAX_L] = { "ftp", "anonymous" }; int i; for (i=0; i # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group man_MANS = group.conf.5 pam_group.8 XMLS = README.xml group.conf.5.xml pam_group.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_group.la pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = group.conf TESTS = tst-pam_group if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_group.8.xml group.conf.5.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_group/Makefile.in0000644000000000000000000006550413261244762014250 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_group DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_group_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_group_la_SOURCES = pam_group.c pam_group_la_OBJECTS = pam_group.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_group.c DIST_SOURCES = pam_group.c man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README group.conf $(MANS) $(XMLS) tst-pam_group man_MANS = group.conf.5 pam_group.8 XMLS = README.xml group.conf.5.xml pam_group.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DPAM_GROUP_CONF=\"$(SCONFIGDIR)/group.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_group.la pam_group_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = group.conf TESTS = tst-pam_group @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_group/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_group/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_group.la: $(pam_group_la_OBJECTS) $(pam_group_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_group_la_OBJECTS) $(pam_group_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_group.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-secureconfDATA \ install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man5 install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-secureconfDATA install-securelibLTLIBRARIES \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ uninstall-man5 uninstall-man8 uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_group.8.xml group.conf.5.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_group/README0000644000000000000000000000413413261244762013053 0ustar pam_group — PAM module for group access â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user. Such memberships are based on the service they are applying for. By default rules for group memberships are taken from config file /etc/security /group.conf. This module's usefulness relies on the file-systems accessible to the user. The point being that once granted the membership of a group, the user may attempt to create a setgid binary with a restricted group ownership. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary. The reason that the file-systems that the user has access to are so significant, is the fact that when a system is mounted nosuid the user is unable to create or execute such a binary file. For this module to provide any level of security, all file-systems that the user has write access to should be mounted nosuid. The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups based on the behavior of this module, they are granted in addition to those entries /etc/group (or equivalent). EXAMPLES These are some example lines which might be specified in /etc/security/ group.conf. Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access to the floppy (through membership of the floppy group) xsh;tty*&!ttyp*;us;Al0000-2400;floppy Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access to games (through membership of the floppy group) after work hours. xsh; tty* ;sword;!Wk0900-1800;games, sound xsh; tty* ;*;Al0900-1800;floppy Any member of the group 'admin' running 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' xsh; tty* ;%admin;Al0000-2400;plugdev pam/modules/pam_group/README.xml0000644000000000000000000000153113261244762013650 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_group.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_group-name"]/*)'/>
pam/modules/pam_group/group.conf0000644000000000000000000000706313261244762014202 0ustar # # This is the configuration file for the pam_group module. # # # *** Please note that giving group membership on a session basis is # *** NOT inherently secure. If a user can create an executable that # *** is setgid a group that they are infrequently given membership # *** of, they can basically obtain group membership any time they # *** like. Example: games are allowed between the hours of 6pm and 6am # *** user joe logs in at 7pm writes a small C-program toplay.c that # *** invokes their favorite shell, compiles it and does # *** "chgrp play toplay; chmod g+s toplay". They are basically able # *** to play games any time... You have been warned. AGM # # # The syntax of the lines is as follows: # # services;ttys;users;times;groups # # white space is ignored and lines maybe extended with '\\n' (escaped # newlines). From reading these comments, it is clear that # text following a '#' is ignored to the end of the line. # # the combination of individual users/terminals etc is a logic list # namely individual tokens that are optionally prefixed with '!' (logical # not) and separated with '&' (logical and) and '|' (logical or). # # services # is a logic list of PAM service names that the rule applies to. # # ttys # is a logic list of terminal names that this rule applies to. # # users # is a logic list of users or a netgroup of users to whom this # rule applies. # # NB. For these items the simple wildcard '*' may be used only once. # With netgroups no wildcards or logic operators are allowed. # # times # It is used to indicate "when" these groups are to be given to the # user. The format here is a logic list of day/time-range # entries the days are specified by a sequence of two character # entries, MoTuSa for example is Monday Tuesday and Saturday. Note # that repeated days are unset MoMo = no day, and MoWk = all weekdays # bar Monday. The two character combinations accepted are # # Mo Tu We Th Fr Sa Su Wk Wd Al # # the last two being week-end days and all 7 days of the week # respectively. As a final example, AlFr means all days except Friday. # # Each day/time-range can be prefixed with a '!' to indicate "anything # but" # # The time-range part is two 24-hour times HHMM separated by a hyphen # indicating the start and finish time (if the finish time is smaller # than the start time it is deemed to apply on the following day). # # groups # The (comma or space separated) list of groups that the user # inherits membership of. These groups are added if the previous # fields are satisfied by the user's request # # For a rule to be active, ALL of service+ttys+users must be satisfied # by the applying process. # # # Note, to get this to work as it is currently typed you need # # 1. to run an application as root # 2. add the following groups to the /etc/group file: # floppy, play, sound # # # Here is a simple example: running 'xsh' on tty* (any ttyXXX device), # the user 'us' is given access to the floppy (through membership of # the floppy group) # #xsh;tty*&!ttyp*;us;Al0000-2400;floppy # # another example: running 'xsh' on tty* (any ttyXXX device), # the user 'sword' is given access to games (through membership of # the sound and play group) after work hours. # #xsh; tty* ;sword;!Wk0900-1800;sound, play #xsh; tty* ;*;Al0900-1800;floppy # # yet another example: any member of the group 'admin' running # 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' # #xsh; tty* ;%admin;Al0000-2400;plugdev # # End of group.conf file # pam/modules/pam_group/group.conf.50000644000000000000000000001124213261244762014337 0ustar '\" t .\" Title: group.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "GROUP\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" group.conf \- configuration file for the pam_group module .SH "DESCRIPTION" .PP The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&. .PP For this module to function correctly there must be a correctly formatted /etc/security/group\&.conf file present\&. White spaces are ignored and lines maybe extended with \*(Aq\e\*(Aq (escaped newlines)\&. Text following a \*(Aq#\*(Aq is ignored to the end of the line\&. .PP The syntax of the lines is as follows: .PP \fIservices\fR;\fIttys\fR;\fIusers\fR;\fItimes\fR;\fIgroups\fR .PP The first field, the \fIservices\fR field, is a logic list of PAM service names that the rule applies to\&. .PP The second field, the \fItty\fR field, is a logic list of terminal names that this rule applies to\&. .PP The third field, the \fIusers\fR field, is a logic list of users, or a UNIX group, or a netgroup of users to whom this rule applies\&. Group names are preceded by a \*(Aq%\*(Aq symbol, while netgroup names are preceded by a \*(Aq@\*(Aq symbol\&. .PP For these items the simple wildcard \*(Aq*\*(Aq may be used only once\&. With UNIX groups or netgroups no wildcards or logic operators are allowed\&. .PP The \fItimes\fR field is used to indicate "when" these groups are to be given to the user\&. The format here is a logic list of day/time\-range entries\&. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday\&. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday\&. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week\-end days and all 7 days of the week respectively\&. As a final example, AlFr means all days except Friday\&. .PP Each day/time\-range can be prefixed with a \*(Aq!\*(Aq to indicate "anything but"\&. The time\-range part is two 24\-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day)\&. .PP The \fIgroups\fR field is a comma or space separated list of groups that the user inherits membership of\&. These groups are added if the previous fields are satisfied by the user\*(Aqs request\&. .PP For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process\&. .SH "EXAMPLES" .PP These are some example lines which might be specified in /etc/security/group\&.conf\&. .PP Running \*(Aqxsh\*(Aq on tty* (any ttyXXX device), the user \*(Aqus\*(Aq is given access to the floppy (through membership of the floppy group) .sp .if n \{\ .RS 4 .\} .nf xsh;tty*&!ttyp*;us;Al0000\-2400;floppy .fi .if n \{\ .RE .\} .PP Running \*(Aqxsh\*(Aq on tty* (any ttyXXX device), the user \*(Aqsword\*(Aq is given access to games (through membership of the floppy group) after work hours\&. .sp .if n \{\ .RS 4 .\} .nf xsh; tty* ;sword;!Wk0900\-1800;games, sound xsh; tty* ;*;Al0900\-1800;floppy .fi .if n \{\ .RE .\} .PP Any member of the group \*(Aqadmin\*(Aq running \*(Aqxsh\*(Aq on tty*, is granted access (at any time) to the group \*(Aqplugdev\*(Aq .sp .if n \{\ .RS 4 .\} .nf xsh; tty* ;%admin;Al0000\-2400;plugdev .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam_group\fR(8), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_group was written by Andrew G\&. Morgan \&. pam/modules/pam_group/group.conf.5.xml0000644000000000000000000001207113261244762015137 0ustar group.conf 5 Linux-PAM Manual group.conf configuration file for the pam_group module DESCRIPTION The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user. Such memberships are based on the service they are applying for. For this module to function correctly there must be a correctly formatted /etc/security/group.conf file present. White spaces are ignored and lines maybe extended with '\' (escaped newlines). Text following a '#' is ignored to the end of the line. The syntax of the lines is as follows: services;ttys;users;times;groups The first field, the services field, is a logic list of PAM service names that the rule applies to. The second field, the tty field, is a logic list of terminal names that this rule applies to. The third field, the users field, is a logic list of users, or a UNIX group, or a netgroup of users to whom this rule applies. Group names are preceded by a '%' symbol, while netgroup names are preceded by a '@' symbol. For these items the simple wildcard '*' may be used only once. With UNIX groups or netgroups no wildcards or logic operators are allowed. The times field is used to indicate "when" these groups are to be given to the user. The format here is a logic list of day/time-range entries. The days are specified by a sequence of two character entries, MoTuSa for example is Monday Tuesday and Saturday. Note that repeated days are unset MoMo = no day, and MoWk = all weekdays bar Monday. The two character combinations accepted are Mo Tu We Th Fr Sa Su Wk Wd Al, the last two being week-end days and all 7 days of the week respectively. As a final example, AlFr means all days except Friday. Each day/time-range can be prefixed with a '!' to indicate "anything but". The time-range part is two 24-hour times HHMM, separated by a hyphen, indicating the start and finish time (if the finish time is smaller than the start time it is deemed to apply on the following day). The groups field is a comma or space separated list of groups that the user inherits membership of. These groups are added if the previous fields are satisfied by the user's request. For a rule to be active, ALL of service+ttys+users must be satisfied by the applying process. EXAMPLES These are some example lines which might be specified in /etc/security/group.conf. Running 'xsh' on tty* (any ttyXXX device), the user 'us' is given access to the floppy (through membership of the floppy group) xsh;tty*&!ttyp*;us;Al0000-2400;floppy Running 'xsh' on tty* (any ttyXXX device), the user 'sword' is given access to games (through membership of the floppy group) after work hours. xsh; tty* ;sword;!Wk0900-1800;games, sound xsh; tty* ;*;Al0900-1800;floppy Any member of the group 'admin' running 'xsh' on tty*, is granted access (at any time) to the group 'plugdev' xsh; tty* ;%admin;Al0000-2400;plugdev SEE ALSO pam_group8, pam.d5, pam8 AUTHOR pam_group was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_group/pam_group.80000644000000000000000000000654513261244762014265 0ustar '\" t .\" Title: pam_group .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_GROUP" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_group \- PAM module for group access .SH "SYNOPSIS" .HP \w'\fBpam_group\&.so\fR\ 'u \fBpam_group\&.so\fR .SH "DESCRIPTION" .PP The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user\&. Such memberships are based on the service they are applying for\&. .PP By default rules for group memberships are taken from config file /etc/security/group\&.conf\&. .PP This module\*(Aqs usefulness relies on the file\-systems accessible to the user\&. The point being that once granted the membership of a group, the user may attempt to create a \fBsetgid\fR binary with a restricted group ownership\&. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary\&. The reason that the file\-systems that the user has access to are so significant, is the fact that when a system is mounted \fInosuid\fR the user is unable to create or execute such a binary file\&. For this module to provide any level of security, all file\-systems that the user has write access to should be mounted \fInosuid\fR\&. .PP The pam_group module functions in parallel with the /etc/group file\&. If the user is granted any groups based on the behavior of this module, they are granted \fIin addition\fR to those entries /etc/group (or equivalent)\&. .SH "OPTIONS" .PP This module does not recognise any options\&. .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 group membership was granted\&. .RE .PP PAM_ABORT .RS 4 Not all relevant data could be gotten\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CRED_ERR .RS 4 Group membership was not granted\&. .RE .PP PAM_IGNORE .RS 4 \fBpam_sm_authenticate\fR was called which does nothing\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The user is not known to the system\&. .RE .SH "FILES" .PP /etc/security/group\&.conf .RS 4 Default configuration file .RE .SH "SEE ALSO" .PP \fBgroup.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\&. .SH "AUTHORS" .PP pam_group was written by Andrew G\&. Morgan \&. pam/modules/pam_group/pam_group.8.xml0000644000000000000000000001155013261244762015054 0ustar pam_group 8 Linux-PAM Manual pam_group PAM module for group access pam_group.so DESCRIPTION The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user. Such memberships are based on the service they are applying for. By default rules for group memberships are taken from config file /etc/security/group.conf. This module's usefulness relies on the file-systems accessible to the user. The point being that once granted the membership of a group, the user may attempt to create a setgid binary with a restricted group ownership. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary. The reason that the file-systems that the user has access to are so significant, is the fact that when a system is mounted nosuid the user is unable to create or execute such a binary file. For this module to provide any level of security, all file-systems that the user has write access to should be mounted nosuid. The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups based on the behavior of this module, they are granted in addition to those entries /etc/group (or equivalent). OPTIONS This module does not recognise any options. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS group membership was granted. PAM_ABORT Not all relevant data could be gotten. PAM_BUF_ERR Memory buffer error. PAM_CRED_ERR Group membership was not granted. PAM_IGNORE pam_sm_authenticate was called which does nothing. PAM_USER_UNKNOWN The user is not known to the system. FILES /etc/security/group.conf Default configuration file SEE ALSO group.conf5 , pam.d5 , pam8 . AUTHORS pam_group was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_group/pam_group.c0000644000000000000000000004502613261244762014335 0ustar /* pam_group module */ /* * Written by Andrew Morgan 1996/7/6 * Field parsing rewritten by Tomas Mraz */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define PAM_GROUP_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ #ifndef TRUE # define TRUE 1 #endif #ifndef FALSE # define FALSE 0 #endif typedef enum { AND, OR } operator; /* * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #define PAM_SM_AUTH #include #include #include #include /* --- static functions for checking whether the user should be let in --- */ static char * shift_buf(char *mem, int from) { char *start = mem; while ((*mem = mem[from]) != '\0') ++mem; memset(mem, '\0', PAM_GROUP_BUFLEN - (mem - start)); return mem; } static void trim_spaces(char *buf, char *from) { while (from > buf) { --from; if (*from == ' ') *from = '\0'; else break; } } #define STATE_NL 0 /* new line starting */ #define STATE_COMMENT 1 /* inside comment */ #define STATE_FIELD 2 /* field following */ #define STATE_EOF 3 /* end of file or error */ static int read_field(const pam_handle_t *pamh, int fd, char **buf, int *from, int *state) { char *to; char *src; int i; char c; int onspace; /* is buf set ? */ if (! *buf) { *buf = (char *) calloc(1, PAM_GROUP_BUFLEN+1); if (! *buf) { pam_syslog(pamh, LOG_ERR, "out of memory"); D(("no memory")); *state = STATE_EOF; return -1; } *from = 0; *state = STATE_NL; fd = open(PAM_GROUP_CONF, O_RDONLY); if (fd < 0) { pam_syslog(pamh, LOG_ERR, "error opening %s: %m", PAM_GROUP_CONF); _pam_drop(*buf); *state = STATE_EOF; return -1; } } if (*from > 0) to = shift_buf(*buf, *from); else to = *buf; while (fd != -1 && to - *buf < PAM_GROUP_BUFLEN) { i = pam_modutil_read(fd, to, PAM_GROUP_BUFLEN - (to - *buf)); if (i < 0) { pam_syslog(pamh, LOG_ERR, "error reading %s: %m", PAM_GROUP_CONF); close(fd); memset(*buf, 0, PAM_GROUP_BUFLEN); _pam_drop(*buf); *state = STATE_EOF; return -1; } else if (!i) { close(fd); fd = -1; /* end of file reached */ } to += i; } if (to == *buf) { /* nothing previously in buf, nothing read */ _pam_drop(*buf); *state = STATE_EOF; return -1; } memset(to, '\0', PAM_GROUP_BUFLEN - (to - *buf)); to = *buf; onspace = 1; /* delete any leading spaces */ for (src = to; (c=*src) != '\0'; ++src) { if (*state == STATE_COMMENT && c != '\n') { continue; } switch (c) { case '\n': *state = STATE_NL; *to = '\0'; *from = (src - *buf) + 1; trim_spaces(*buf, to); return fd; case '\t': case ' ': if (!onspace) { onspace = 1; *to++ = ' '; } break; case '!': onspace = 1; /* ignore following spaces */ *to++ = '!'; break; case '#': *state = STATE_COMMENT; break; case FIELD_SEPARATOR: *state = STATE_FIELD; *to = '\0'; *from = (src - *buf) + 1; trim_spaces(*buf, to); return fd; case '\\': if (src[1] == '\n') { ++src; /* skip it */ break; } default: *to++ = c; onspace = 0; } if (src > to) *src = '\0'; /* clearing */ } if (*state != STATE_COMMENT) { *state = STATE_COMMENT; pam_syslog(pamh, LOG_ERR, "field too long - ignored"); **buf = '\0'; } else { *to = '\0'; trim_spaces(*buf, to); } *from = 0; return fd; } /* read a member from a field */ static int logic_member(const char *string, int *at) { int c,to; int done=0; int token=0; to=*at; do { c = string[to++]; switch (c) { case '\0': --to; done = 1; break; case '&': case '|': case '!': if (token) { --to; } done = 1; break; default: if (isalpha(c) || c == '*' || isdigit(c) || c == '_' || c == '-' || c == '.' || c == '/' || c == ':') { token = 1; } else if (token) { --to; done = 1; } else { ++*at; } } } while (!done); return to - *at; } typedef enum { VAL, OP } expect; static int logic_field (const pam_handle_t *pamh, const void *me, const char *x, int rule, int (*agrees)(const pam_handle_t *pamh, const void *, const char *, int, int)) { int left=FALSE, right, not=FALSE; operator oper=OR; int at=0, l; expect next=VAL; while ((l = logic_member(x,&at))) { int c = x[at]; if (next == VAL) { if (c == '!') not = !not; else if (isalpha(c) || c == '*' || isdigit(c) || c == '_' || c == '-' || c == '.' || c == '/' || c == ':') { right = not ^ agrees(pamh, me, x+at, l, rule); if (oper == AND) left &= right; else left |= right; next = OP; } else { pam_syslog(pamh, LOG_ERR, "garbled syntax; expected name (rule #%d)", rule); return FALSE; } } else { /* OP */ switch (c) { case '&': oper = AND; break; case '|': oper = OR; break; default: pam_syslog(pamh, LOG_ERR, "garbled syntax; expected & or | (rule #%d)", rule); D(("%c at %d",c,at)); return FALSE; } next = VAL; } at += l; } return left; } static int is_same (const pam_handle_t *pamh UNUSED, const void *A, const char *b, int len, int rule UNUSED) { int i; const char *a; a = A; for (i=0; len > 0; ++i, --len) { if (b[i] != a[i]) { if (b[i++] == '*') { return (!--len || !strncmp(b+i,a+strlen(a)-len,len)); } else return FALSE; } } /* Ok, we know that b is a substring from A and does not contain wildcards, but now the length of both strings must be the same, too. In this case it means, a[i] has to be the end of the string. */ if (a[i] != '\0') return FALSE; return ( !len ); } typedef struct { int day; /* array of 7 bits, one set for today */ int minute; /* integer, hour*100+minute for now */ } TIME; static struct day { const char *d; int bit; } const days[11] = { { "su", 01 }, { "mo", 02 }, { "tu", 04 }, { "we", 010 }, { "th", 020 }, { "fr", 040 }, { "sa", 0100 }, { "wk", 076 }, { "wd", 0101 }, { "al", 0177 }, { NULL, 0 } }; static TIME time_now(void) { struct tm *local; time_t the_time; TIME this; the_time = time((time_t *)0); /* get the current time */ local = localtime(&the_time); this.day = days[local->tm_wday].bit; this.minute = local->tm_hour*100 + local->tm_min; D(("day: 0%o, time: %.4d", this.day, this.minute)); return this; } /* take the current date and see if the range "date" passes it */ static int check_time (const pam_handle_t *pamh, const void *AT, const char *times, int len, int rule) { int not,pass; int marked_day, time_start, time_end; const TIME *at; int i,j=0; at = AT; D(("checking: 0%o/%.4d vs. %s", at->day, at->minute, times)); if (times == NULL) { /* this should not happen */ pam_syslog(pamh, LOG_CRIT, "internal error in file %s at line %d", __FILE__, __LINE__); return FALSE; } if (times[j] == '!') { ++j; not = TRUE; } else { not = FALSE; } for (marked_day = 0; len > 0 && isalpha(times[j]); --len) { int this_day=-1; D(("%c%c ?", times[j], times[j+1])); for (i=0; days[i].d != NULL; ++i) { if (tolower(times[j]) == days[i].d[0] && tolower(times[j+1]) == days[i].d[1] ) { this_day = days[i].bit; break; } } j += 2; if (this_day == -1) { pam_syslog(pamh, LOG_ERR, "bad day specified (rule #%d)", rule); return FALSE; } marked_day ^= this_day; } if (marked_day == 0) { pam_syslog(pamh, LOG_ERR, "no day specified"); return FALSE; } D(("day range = 0%o", marked_day)); time_start = 0; for (i=0; len > 0 && i < 4 && isdigit(times[i+j]); ++i, --len) { time_start *= 10; time_start += times[i+j]-'0'; /* is this portable? */ } j += i; if (times[j] == '-') { time_end = 0; for (i=1; len > 0 && i < 5 && isdigit(times[i+j]); ++i, --len) { time_end *= 10; time_end += times[i+j]-'0'; /* is this portable? */ } j += i; } else time_end = -1; D(("i=%d, time_end=%d, times[j]='%c'", i, time_end, times[j])); if (i != 5 || time_end == -1) { pam_syslog(pamh, LOG_ERR, "no/bad times specified (rule #%d)", rule); return TRUE; } D(("times(%d to %d)", time_start,time_end)); D(("marked_day = 0%o", marked_day)); /* compare with the actual time now */ pass = FALSE; if (time_start < time_end) { /* start < end ? --> same day */ if ((at->day & marked_day) && (at->minute >= time_start) && (at->minute < time_end)) { D(("time is listed")); pass = TRUE; } } else { /* spans two days */ if ((at->day & marked_day) && (at->minute >= time_start)) { D(("caught on first day")); pass = TRUE; } else { marked_day <<= 1; marked_day |= (marked_day & 0200) ? 1:0; D(("next day = 0%o", marked_day)); if ((at->day & marked_day) && (at->minute <= time_end)) { D(("caught on second day")); pass = TRUE; } } } return (not ^ pass); } static int find_member(const char *string, int *at) { int c,to; int done=0; int token=0; to=*at; do { c = string[to++]; switch (c) { case '\0': --to; done = 1; break; case '&': case '|': case '!': if (token) { --to; } done = 1; break; default: if (isalpha(c) || isdigit(c) || c == '_' || c == '*' || c == '-') { token = 1; } else if (token) { --to; done = 1; } else { ++*at; } } } while (!done); return to - *at; } #define GROUP_BLK 10 #define blk_size(len) (((len-1 + GROUP_BLK)/GROUP_BLK)*GROUP_BLK) static int mkgrplist(pam_handle_t *pamh, char *buf, gid_t **list, int len) { int l,at=0; int blks; blks = blk_size(len); D(("cf. blks=%d and len=%d", blks,len)); while ((l = find_member(buf,&at))) { int edge; if (len >= blks) { gid_t *tmp; D(("allocating new block")); tmp = (gid_t *) realloc((*list) , sizeof(gid_t) * (blks += GROUP_BLK)); if (tmp != NULL) { (*list) = tmp; } else { pam_syslog(pamh, LOG_ERR, "out of memory for group list"); free(*list); (*list) = NULL; return -1; } } /* '\0' terminate the entry */ edge = (buf[at+l]) ? 1:0; buf[at+l] = '\0'; D(("found group: %s",buf+at)); /* this is where we convert a group name to a gid_t */ { const struct group *grp; grp = pam_modutil_getgrnam(pamh, buf+at); if (grp == NULL) { pam_syslog(pamh, LOG_ERR, "bad group: %s", buf+at); } else { D(("group %s exists", buf+at)); (*list)[len++] = grp->gr_gid; } } /* next entry along */ at += l + edge; } D(("returning with [%p/len=%d]->%p",list,len,*list)); return len; } static int check_account(pam_handle_t *pamh, const char *service, const char *tty, const char *user) { int from=0, state=STATE_NL, fd=-1; char *buffer=NULL; int count=0; TIME here_and_now; int retval=PAM_SUCCESS; gid_t *grps; int no_grps; /* * first we get the current list of groups - the application * will have previously done an initgroups(), or equivalent. */ D(("counting supplementary groups")); no_grps = getgroups(0, NULL); /* find the current number of groups */ if (no_grps > 0) { grps = calloc( blk_size(no_grps) , sizeof(gid_t) ); D(("copying current list into grps [%d big]",blk_size(no_grps))); if (getgroups(no_grps, grps) < 0) { D(("getgroups call failed")); no_grps = 0; _pam_drop(grps); } #ifdef PAM_DEBUG { int z; for (z=0; z 0) { D(("rule #%d passed, added %d groups", count, good)); } else if (good < 0) { retval = PAM_BUF_ERR; } else { D(("rule #%d failed", count)); } } while (state != STATE_EOF); /* now set the groups for the user */ if (no_grps > 0) { #ifdef PAM_DEBUG int err; #endif D(("trying to set %d groups", no_grps)); #ifdef PAM_DEBUG for (err=0; err # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue man_MANS = pam_issue.8 XMLS = README.xml pam_issue.8.xml TESTS = tst-pam_issue securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_issue.la pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_issue.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_issue/Makefile.in0000644000000000000000000006007213261244762014237 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_issue DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_issue_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_issue_la_SOURCES = pam_issue.c pam_issue_la_OBJECTS = pam_issue.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_issue.c DIST_SOURCES = pam_issue.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_issue man_MANS = pam_issue.8 XMLS = README.xml pam_issue.8.xml TESTS = tst-pam_issue securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_issue.la pam_issue_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_issue/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_issue/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_issue.la: $(pam_issue_la_OBJECTS) $(pam_issue_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_issue_la_OBJECTS) $(pam_issue_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_issue.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_issue.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_issue/README0000644000000000000000000000251413261244762013047 0ustar pam_issue — PAM module to add issue file to user prompt â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_issue is a PAM module to prepend an issue file to the username prompt. It also by default parses escape codes in the issue file similar to some common getty's (using \x format). Recognized escapes: \d current day \l name of this tty \m machine architecture (uname -m) \n machine's network node hostname (uname -n) \o domain name of this system \r release number of operating system (uname -r) \t current time \s operating system name (uname -s) \u number of users currently logged in \U same as \u except it is suffixed with "user" or "users" (eg. "1 user" or "10 users") \v operating system version and build date (uname -v) OPTIONS noesc Turns off escape code parsing. issue=issue-file-name The file to output if not using the default. EXAMPLES Add the following line to /etc/pam.d/login to set the user specific issue at login: auth optional pam_issue.so issue=/etc/issue AUTHOR pam_issue was written by Ben Collins . pam/modules/pam_issue/README.xml0000644000000000000000000000220213261244762013640 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_issue.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_issue-name"]/*)'/>
pam/modules/pam_issue/pam_issue.80000644000000000000000000000620013261244762014241 0ustar '\" t .\" Title: pam_issue .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ISSUE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_issue \- PAM module to add issue file to user prompt .SH "SYNOPSIS" .HP \w'\fBpam_issue\&.so\fR\ 'u \fBpam_issue\&.so\fR [noesc] [issue=\fIissue\-file\-name\fR] .SH "DESCRIPTION" .PP pam_issue is a PAM module to prepend an issue file to the username prompt\&. It also by default parses escape codes in the issue file similar to some common getty\*(Aqs (using \ex format)\&. .PP Recognized escapes: .PP \fB\ed\fR .RS 4 current day .RE .PP \fB\el\fR .RS 4 name of this tty .RE .PP \fB\em\fR .RS 4 machine architecture (uname \-m) .RE .PP \fB\en\fR .RS 4 machine\*(Aqs network node hostname (uname \-n) .RE .PP \fB\eo\fR .RS 4 domain name of this system .RE .PP \fB\er\fR .RS 4 release number of operating system (uname \-r) .RE .PP \fB\et\fR .RS 4 current time .RE .PP \fB\es\fR .RS 4 operating system name (uname \-s) .RE .PP \fB\eu\fR .RS 4 number of users currently logged in .RE .PP \fB\eU\fR .RS 4 same as \eu except it is suffixed with "user" or "users" (eg\&. "1 user" or "10 users") .RE .PP \fB\ev\fR .RS 4 operating system version and build date (uname \-v) .RE .SH "OPTIONS" .PP .PP \fBnoesc\fR .RS 4 Turns off escape code parsing\&. .RE .PP \fBissue=\fR\fB\fIissue\-file\-name\fR\fR .RS 4 The file to output if not using the default\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_IGNORE .RS 4 The prompt was already changed\&. .RE .PP PAM_SERVICE_ERR .RS 4 A service module error occurred\&. .RE .PP PAM_SUCCESS .RS 4 The new prompt was set successfully\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/login to set the user specific issue at login: .sp .if n \{\ .RS 4 .\} .nf auth optional pam_issue\&.so issue=/etc/issue .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_issue was written by Ben Collins \&. pam/modules/pam_issue/pam_issue.8.xml0000644000000000000000000001414213261244762015044 0ustar pam_issue 8 Linux-PAM Manual pam_issue PAM module to add issue file to user prompt pam_issue.so noesc issue=issue-file-name DESCRIPTION pam_issue is a PAM module to prepend an issue file to the username prompt. It also by default parses escape codes in the issue file similar to some common getty's (using \x format). Recognized escapes: \d current day \l name of this tty \m machine architecture (uname -m) \n machine's network node hostname (uname -n) \o domain name of this system \r release number of operating system (uname -r) \t current time \s operating system name (uname -s) \u number of users currently logged in \U same as \u except it is suffixed with "user" or "users" (eg. "1 user" or "10 users") \v operating system version and build date (uname -v) OPTIONS Turns off escape code parsing. The file to output if not using the default. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_IGNORE The prompt was already changed. PAM_SERVICE_ERR A service module error occurred. PAM_SUCCESS The new prompt was set successfully. EXAMPLES Add the following line to /etc/pam.d/login to set the user specific issue at login: auth optional pam_issue.so issue=/etc/issue SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_issue was written by Ben Collins <bcollins@debian.org>. pam/modules/pam_issue/pam_issue.c0000644000000000000000000001563513261244762014330 0ustar /* pam_issue module - a simple /etc/issue parser to set PAM_USER_PROMPT * * Copyright 1999 by Ben Collins * * Needs to be called before any other auth modules so we can setup the * user prompt before it's first used. Allows one argument option, which * is the full path to a file to be used for issue (uses /etc/issue as a * default) such as "issue=/etc/issue.telnet". * * We can also parse escapes within the the issue file (enabled by * default, but can be disabled with the "noesc" option). It's the exact * same parsing as util-linux's agetty program performs. * * Released under the GNU LGPL version 2 or later */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #include #include #include static int _user_prompt_set = 0; static int read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt); static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); /* --- authentication management functions (only) --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int retval = PAM_SERVICE_ERR; FILE *fp; const char *issue_file = NULL; int parse_esc = 1; const void *item = NULL; const char *cur_prompt; char *issue_prompt = NULL; /* If we've already set the prompt, don't set it again */ if(_user_prompt_set) return PAM_IGNORE; /* We set this here so if we fail below, we wont get further than this next time around (only one real failure) */ _user_prompt_set = 1; for ( ; argc-- > 0 ; ++argv ) { if (!strncmp(*argv,"issue=",6)) { issue_file = 6 + *argv; D(("set issue_file to: %s", issue_file)); } else if (!strcmp(*argv,"noesc")) { parse_esc = 0; D(("turning off escape parsing by request")); } else D(("unknown option passed: %s", *argv)); } if (issue_file == NULL) issue_file = "/etc/issue"; if ((fp = fopen(issue_file, "r")) == NULL) { pam_syslog(pamh, LOG_ERR, "error opening %s: %m", issue_file); return PAM_SERVICE_ERR; } if ((retval = pam_get_item(pamh, PAM_USER_PROMPT, &item)) != PAM_SUCCESS) { fclose(fp); return retval; } cur_prompt = item; if (cur_prompt == NULL) cur_prompt = ""; if (parse_esc) retval = read_issue_quoted(pamh, fp, &issue_prompt); else retval = read_issue_raw(pamh, fp, &issue_prompt); fclose(fp); if (retval != PAM_SUCCESS) goto out; { size_t size = strlen(issue_prompt) + strlen(cur_prompt) + 1; char *new_prompt = realloc(issue_prompt, size); if (new_prompt == NULL) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto out; } issue_prompt = new_prompt; } strcat(issue_prompt, cur_prompt); retval = pam_set_item(pamh, PAM_USER_PROMPT, (const void *) issue_prompt); out: _pam_drop(issue_prompt); return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } static int read_issue_raw(pam_handle_t *pamh, FILE *fp, char **prompt) { char *issue; struct stat st; *prompt = NULL; if (fstat(fileno(fp), &st) < 0) { pam_syslog(pamh, LOG_ERR, "stat error: %m"); return PAM_SERVICE_ERR; } if ((issue = malloc(st.st_size + 1)) == NULL) { pam_syslog(pamh, LOG_ERR, "out of memory"); return PAM_BUF_ERR; } if ((off_t)fread(issue, 1, st.st_size, fp) != st.st_size) { pam_syslog(pamh, LOG_ERR, "read error: %m"); _pam_drop(issue); return PAM_SERVICE_ERR; } issue[st.st_size] = '\0'; *prompt = issue; return PAM_SUCCESS; } static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) { int c; size_t size = 1024; char *issue; struct utsname uts; *prompt = NULL; if ((issue = malloc(size)) == NULL) { pam_syslog(pamh, LOG_ERR, "out of memory"); return PAM_BUF_ERR; } issue[0] = '\0'; (void) uname(&uts); while ((c = getc(fp)) != EOF) { char buf[1024]; buf[0] = '\0'; if (c == '\\') { if ((c = getc(fp)) == EOF) break; switch (c) { case 's': strncat(buf, uts.sysname, sizeof(buf) - 1); break; case 'n': strncat(buf, uts.nodename, sizeof(buf) - 1); break; case 'r': strncat(buf, uts.release, sizeof(buf) - 1); break; case 'v': strncat(buf, uts.version, sizeof(buf) - 1); break; case 'm': strncat(buf, uts.machine, sizeof(buf) - 1); break; case 'o': { char domainname[256]; if (getdomainname(domainname, sizeof(domainname)) >= 0) { domainname[sizeof(domainname)-1] = '\0'; strncat(buf, domainname, sizeof(buf) - 1); } } break; case 'd': case 't': { const char *weekday[] = { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; const char *month[] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; time_t now; struct tm *tm; (void) time (&now); tm = localtime(&now); if (c == 'd') snprintf (buf, sizeof buf, "%s %s %d %d", weekday[tm->tm_wday], month[tm->tm_mon], tm->tm_mday, tm->tm_year + 1900); else snprintf (buf, sizeof buf, "%02d:%02d:%02d", tm->tm_hour, tm->tm_min, tm->tm_sec); } break; case 'l': { char *ttyn = ttyname(1); if (ttyn) { if (!strncmp(ttyn, "/dev/", 5)) ttyn += 5; strncat(buf, ttyn, sizeof(buf) - 1); } } break; case 'u': case 'U': { unsigned int users = 0; struct utmp *ut; setutent(); while ((ut = getutent())) { if (ut->ut_type == USER_PROCESS) ++users; } endutent(); if (c == 'U') snprintf (buf, sizeof buf, "%u %s", users, (users == 1) ? "user" : "users"); else snprintf (buf, sizeof buf, "%u", users); break; } default: buf[0] = c; buf[1] = '\0'; } } else { buf[0] = c; buf[1] = '\0'; } if ((strlen(issue) + strlen(buf)) + 1 > size) { char *new_issue; size += strlen(buf) + 1; new_issue = (char *) realloc (issue, size); if (new_issue == NULL) { _pam_drop(issue); return PAM_BUF_ERR; } issue = new_issue; strcat(issue, buf); } } if (ferror(fp)) { pam_syslog(pamh, LOG_ERR, "read error: %m"); _pam_drop(issue); return PAM_SERVICE_ERR; } *prompt = issue; return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_issue_modstruct = { "pam_issue", pam_sm_authenticate, pam_sm_setcred, NULL, NULL, NULL, NULL, }; #endif /* end of module definition */ pam/modules/pam_issue/tst-pam_issue0000755000000000000000000000006413261244762014710 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_issue.so pam/modules/pam_keyinit/0000755000000000000000000000000013261244762012511 5ustar pam/modules/pam_keyinit/Makefile.am0000644000000000000000000000146213261244762014550 0ustar # # Copyright (c) 2006, 2009 David Howells # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit XMLS = README.xml pam_keyinit.8.xml if HAVE_KEY_MANAGEMENT man_MANS = pam_keyinit.8 TESTS = tst-pam_keyinit endif if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_keyinit.8.xml -include $(top_srcdir)/Make.xml.rules endif securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif if HAVE_KEY_MANAGEMENT securelib_LTLIBRARIES = pam_keyinit.la endif pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la pam/modules/pam_keyinit/Makefile.in0000644000000000000000000006044713261244762014571 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006, 2009 David Howells # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_keyinit DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_keyinit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_keyinit_la_SOURCES = pam_keyinit.c pam_keyinit_la_OBJECTS = pam_keyinit.lo @HAVE_KEY_MANAGEMENT_TRUE@am_pam_keyinit_la_rpath = -rpath \ @HAVE_KEY_MANAGEMENT_TRUE@ $(securelibdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_keyinit.c DIST_SOURCES = pam_keyinit.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_keyinit.8 tst-pam_keyinit XMLS = README.xml pam_keyinit.8.xml @HAVE_KEY_MANAGEMENT_TRUE@man_MANS = pam_keyinit.8 @HAVE_KEY_MANAGEMENT_TRUE@TESTS = tst-pam_keyinit @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) @HAVE_KEY_MANAGEMENT_TRUE@securelib_LTLIBRARIES = pam_keyinit.la pam_keyinit_la_LIBADD = $(top_builddir)/libpam/libpam.la all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_keyinit/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_keyinit/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_keyinit.la: $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_DEPENDENCIES) $(LINK) $(am_pam_keyinit_la_rpath) $(pam_keyinit_la_OBJECTS) $(pam_keyinit_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_keyinit.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_keyinit.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_keyinit/README0000644000000000000000000000430513261244762013373 0ustar pam_keyinit — Kernel session keyring initialiser module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring. The session component of the module checks to see if the process's session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it. If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it. The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it. This module is intended primarily for use by login processes. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible. This module should not, generally, be invoked by programs like su, since it is usually desirable for the key set to percolate through to the alternate context. The keys have their own permissions system to manage this. This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring. The keyutils package is used to manipulate keys more directly. This can be obtained from: Keyutils OPTIONS debug Log debug information with syslog(3). force Causes the session keyring of the invoking process to be replaced unconditionally. revoke Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place. EXAMPLES Add this line to your login entries to start each login session with its own session keyring: session required pam_keyinit.so This will prevent keys from one session leaking into another session for the same user. AUTHOR pam_keyinit was written by David Howells, . pam/modules/pam_keyinit/README.xml0000644000000000000000000000223013261244762014165 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_keyinit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_keyinit-name"]/*)'/>
pam/modules/pam_keyinit/pam_keyinit.80000644000000000000000000001037213261244762015116 0ustar '\" t .\" Title: pam_keyinit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_KEYINIT" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_keyinit \- Kernel session keyring initialiser module .SH "SYNOPSIS" .HP \w'\fBpam_keyinit\&.so\fR\ 'u \fBpam_keyinit\&.so\fR [debug] [force] [revoke] .SH "DESCRIPTION" .PP The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring\&. .PP The session component of the module checks to see if the process\*(Aqs session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it\&. .PP If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it\&. .PP The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it\&. .PP This module is intended primarily for use by login processes\&. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible\&. .PP This module should not, generally, be invoked by programs like \fBsu\fR, since it is usually desirable for the key set to percolate through to the alternate context\&. The keys have their own permissions system to manage this\&. .PP This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring\&. .PP The keyutils package is used to manipulate keys more directly\&. This can be obtained from: .PP \m[blue]\fBKeyutils\fR\m[]\&\s-2\u[1]\d\s+2 .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Log debug information with \fBsyslog\fR(3)\&. .RE .PP \fBforce\fR .RS 4 Causes the session keyring of the invoking process to be replaced unconditionally\&. .RE .PP \fBrevoke\fR .RS 4 Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 This module will usually return this value .RE .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_IGNORE .RS 4 The return value should be ignored by PAM dispatch\&. .RE .PP PAM_SERVICE_ERR .RS 4 Cannot determine the user name\&. .RE .PP PAM_SESSION_ERR .RS 4 This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known\&. .RE .SH "EXAMPLES" .PP Add this line to your login entries to start each login session with its own session keyring: .sp .if n \{\ .RS 4 .\} .nf session required pam_keyinit\&.so .fi .if n \{\ .RE .\} .PP This will prevent keys from one session leaking into another session for the same user\&. .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\fBkeyctl\fR(1) .SH "AUTHOR" .PP pam_keyinit was written by David Howells, \&. .SH "NOTES" .IP " 1." 4 Keyutils .RS 4 \%http://people.redhat.com/~dhowells/keyutils/ .RE pam/modules/pam_keyinit/pam_keyinit.8.xml0000644000000000000000000001457713261244762015730 0ustar pam_keyinit 8 Linux-PAM Manual pam_keyinit Kernel session keyring initialiser module pam_keyinit.so debug force revoke DESCRIPTION The pam_keyinit PAM module ensures that the invoking process has a session keyring other than the user default session keyring. The session component of the module checks to see if the process's session keyring is the user default, and, if it is, creates a new anonymous session keyring with which to replace it. If a new session keyring is created, it will install a link to the user common keyring in the session keyring so that keys common to the user will be automatically accessible through it. The session keyring of the invoking process will thenceforth be inherited by all its children unless they override it. This module is intended primarily for use by login processes. Be aware that after the session keyring has been replaced, the old session keyring and the keys it contains will no longer be accessible. This module should not, generally, be invoked by programs like su, since it is usually desirable for the key set to percolate through to the alternate context. The keys have their own permissions system to manage this. This module should be included as early as possible in a PAM configuration, so that other PAM modules can attach tokens to the keyring. The keyutils package is used to manipulate keys more directly. This can be obtained from: Keyutils OPTIONS Log debug information with syslog3 . Causes the session keyring of the invoking process to be replaced unconditionally. Causes the session keyring of the invoking process to be revoked when the invoking process exits if the session keyring was created for this process in the first place. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS This module will usually return this value PAM_AUTH_ERR Authentication failure. PAM_BUF_ERR Memory buffer error. PAM_IGNORE The return value should be ignored by PAM dispatch. PAM_SERVICE_ERR Cannot determine the user name. PAM_SESSION_ERR This module will return this value if its arguments are invalid or if a system error such as ENOMEM occurs. PAM_USER_UNKNOWN User not known. EXAMPLES Add this line to your login entries to start each login session with its own session keyring: session required pam_keyinit.so This will prevent keys from one session leaking into another session for the same user. SEE ALSO pam.conf5 , pam.d5 , pam8 keyctl1 AUTHOR pam_keyinit was written by David Howells, <dhowells@redhat.com>. pam/modules/pam_keyinit/pam_keyinit.c0000644000000000000000000001562113261244762015173 0ustar /* pam_keyinit.c: Initialise the session keyring on login through a PAM module * * Copyright (C) 2006 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com) * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version * 2 of the License, or (at your option) any later version. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #define KEY_SPEC_SESSION_KEYRING -3 /* ID for session keyring */ #define KEY_SPEC_USER_KEYRING -4 /* ID for UID-specific keyring */ #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ #define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */ #define KEYCTL_JOIN_SESSION_KEYRING 1 /* start named session keyring */ #define KEYCTL_REVOKE 3 /* revoke a key */ #define KEYCTL_LINK 8 /* link a key into a keyring */ static int my_session_keyring; static int session_counter; static int do_revoke; static int revoke_as_uid; static int revoke_as_gid; static int xdebug = 0; static void debug(pam_handle_t *pamh, const char *fmt, ...) __attribute__((format(printf, 2, 3))); static void debug(pam_handle_t *pamh, const char *fmt, ...) { va_list va; if (xdebug) { va_start(va, fmt); pam_vsyslog(pamh, LOG_DEBUG, fmt, va); va_end(va); } } static int error(pam_handle_t *pamh, const char *fmt, ...) __attribute__((format(printf, 2, 3))); static int error(pam_handle_t *pamh, const char *fmt, ...) { va_list va; va_start(va, fmt); pam_vsyslog(pamh, LOG_ERR, fmt, va); va_end(va); return PAM_SESSION_ERR; } /* * initialise the session keyring for this process */ static int init_keyrings(pam_handle_t *pamh, int force) { int session, usession, ret; if (!force) { /* get the IDs of the session keyring and the user session * keyring */ session = syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID, KEY_SPEC_SESSION_KEYRING, 0); debug(pamh, "GET SESSION = %d", session); if (session < 0) { /* don't worry about keyrings if facility not * installed */ if (errno == ENOSYS) return PAM_SUCCESS; return PAM_SESSION_ERR; } usession = syscall(__NR_keyctl, KEYCTL_GET_KEYRING_ID, KEY_SPEC_USER_SESSION_KEYRING, 0); debug(pamh, "GET SESSION = %d", usession); if (usession < 0) return PAM_SESSION_ERR; /* if the user session keyring is our keyring, then we don't * need to do anything if we're not forcing */ if (session != usession) return PAM_SUCCESS; } /* create a session keyring, discarding the old one */ ret = syscall(__NR_keyctl, KEYCTL_JOIN_SESSION_KEYRING, NULL); debug(pamh, "JOIN = %d", ret); if (ret < 0) return PAM_SESSION_ERR; my_session_keyring = ret; /* make a link from the session keyring to the user keyring */ ret = syscall(__NR_keyctl, KEYCTL_LINK, KEY_SPEC_USER_KEYRING, KEY_SPEC_SESSION_KEYRING); return ret < 0 ? PAM_SESSION_ERR : PAM_SUCCESS; } /* * revoke the session keyring for this process */ static void kill_keyrings(pam_handle_t *pamh) { int old_uid, old_gid; /* revoke the session keyring we created earlier */ if (my_session_keyring > 0) { debug(pamh, "REVOKE %d", my_session_keyring); old_uid = geteuid(); old_gid = getegid(); debug(pamh, "UID:%d [%d] GID:%d [%d]", revoke_as_uid, old_uid, revoke_as_gid, old_gid); /* switch to the real UID and GID so that we have permission to * revoke the key */ if (revoke_as_gid != old_gid && setregid(-1, revoke_as_gid) < 0) error(pamh, "Unable to change GID to %d temporarily\n", revoke_as_gid); if (revoke_as_uid != old_uid && setresuid(-1, revoke_as_uid, old_uid) < 0) error(pamh, "Unable to change UID to %d temporarily\n", revoke_as_uid); syscall(__NR_keyctl, KEYCTL_REVOKE, my_session_keyring); /* return to the orignal UID and GID (probably root) */ if (revoke_as_uid != old_uid && setreuid(-1, old_uid) < 0) error(pamh, "Unable to change UID back to %d\n", old_uid); if (revoke_as_gid != old_gid && setregid(-1, old_gid) < 0) error(pamh, "Unable to change GID back to %d\n", old_gid); my_session_keyring = 0; } } /* * open a PAM session by making sure there's a session keyring */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { struct passwd *pw; const char *username; int ret, old_uid, uid, old_gid, gid, loop, force = 0; for (loop = 0; loop < argc; loop++) { if (strcmp(argv[loop], "force") == 0) force = 1; else if (strcmp(argv[loop], "debug") == 0) xdebug = 1; else if (strcmp(argv[loop], "revoke") == 0) do_revoke = 1; } /* don't do anything if already created a keyring (will be called * multiple times if mentioned more than once in a pam script) */ session_counter++; debug(pamh, "OPEN %d", session_counter); if (my_session_keyring > 0) return PAM_SUCCESS; /* look up the target UID */ ret = pam_get_user(pamh, &username, "key user"); if (ret != PAM_SUCCESS) return ret; pw = pam_modutil_getpwnam(pamh, username); if (!pw) { error(pamh, "Unable to look up user \"%s\"\n", username); return PAM_USER_UNKNOWN; } revoke_as_uid = uid = pw->pw_uid; old_uid = getuid(); revoke_as_gid = gid = pw->pw_gid; old_gid = getgid(); debug(pamh, "UID:%d [%d] GID:%d [%d]", uid, old_uid, gid, old_gid); /* switch to the real UID and GID so that the keyring ends up owned by * the right user */ if (gid != old_gid && setregid(gid, -1) < 0) { error(pamh, "Unable to change GID to %d temporarily\n", gid); return PAM_SESSION_ERR; } if (uid != old_uid && setreuid(uid, -1) < 0) { error(pamh, "Unable to change UID to %d temporarily\n", uid); setregid(old_gid, -1); return PAM_SESSION_ERR; } ret = init_keyrings(pamh, force); /* return to the orignal UID and GID (probably root) */ if (uid != old_uid && setreuid(old_uid, -1) < 0) ret = error(pamh, "Unable to change UID back to %d\n", old_uid); if (gid != old_gid && setregid(old_gid, -1) < 0) ret = error(pamh, "Unable to change GID back to %d\n", old_gid); return ret; } /* * close a PAM session by revoking the session keyring if requested */ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { debug(pamh, "CLOSE %d,%d,%d", session_counter, my_session_keyring, do_revoke); session_counter--; if (session_counter == 0 && my_session_keyring > 0 && do_revoke) kill_keyrings(pamh); return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_keyinit_modstruct = { "pam_keyinit", NULL, NULL, NULL, pam_sm_open_session, pam_sm_close_session, NULL }; #endif pam/modules/pam_keyinit/tst-pam_keyinit0000755000000000000000000000006613261244762015562 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_keyinit.so pam/modules/pam_lastlog/0000755000000000000000000000000013261244762012502 5ustar pam/modules/pam_lastlog/Makefile.am0000644000000000000000000000136413261244762014542 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog man_MANS = pam_lastlog.8 XMLS = README.xml pam_lastlog.8.xml TESTS = tst-pam_lastlog AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_lastlog.la pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_lastlog.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_lastlog/Makefile.in0000644000000000000000000006015713261244762014560 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_lastlog DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_lastlog_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_lastlog_la_SOURCES = pam_lastlog.c pam_lastlog_la_OBJECTS = pam_lastlog.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_lastlog.c DIST_SOURCES = pam_lastlog.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_lastlog man_MANS = pam_lastlog.8 XMLS = README.xml pam_lastlog.8.xml TESTS = tst-pam_lastlog AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_lastlog.la pam_lastlog_la_LIBADD = $(top_builddir)/libpam/libpam.la -lutil @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_lastlog/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_lastlog/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_lastlog.la: $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_lastlog_la_OBJECTS) $(pam_lastlog_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_lastlog.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_lastlog.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_lastlog/README0000644000000000000000000000432213261244762013363 0ustar pam_lastlog — PAM module to display date of last login and perform inactive account lock out â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_lastlog is a PAM module to display a line of information about the last login of the user. In addition, the module maintains the /var/log/lastlog file. Some applications may perform this function themselves. In such cases, this module is not necessary. If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in. The check is not performed for the root account so the root is never locked out. OPTIONS debug Print debug information. silent Don't inform the user about any previous login, just update the /var/log/ lastlog file. never If the /var/log/lastlog file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message. nodate Don't display the date of the last login. noterm Don't display the terminal name on which the last login was attempted. nohost Don't indicate from which host the last login was attempted. nowtmp Don't update the wtmp entry. noupdate Don't update any file. showfailed Display number of failed login attempts and the date of the last failed attempt from btmp. The date is not displayed when nodate is specified. inactive= This option is specific for the auth or account phase. It specifies the number of days after the last login of the user when the user will be locked out by the module. The default value is 90. EXAMPLES Add the following line to /etc/pam.d/login to display the last login time of an user: session required pam_lastlog.so nowtmp To reject the user if he did not login during the previous 50 days the following line can be used: auth required pam_lastlog.so inactive=50 AUTHOR pam_lastlog was written by Andrew G. Morgan . Inactive account lock out added by Tomáš Mráz . pam/modules/pam_lastlog/README.xml0000644000000000000000000000223013261244762014156 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_lastlog.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_lastlog-name"]/*)'/>
pam/modules/pam_lastlog/pam_lastlog.80000644000000000000000000001104113261244762015072 0ustar '\" t .\" Title: pam_lastlog .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_LASTLOG" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_lastlog \- PAM module to display date of last login and perform inactive account lock out .SH "SYNOPSIS" .HP \w'\fBpam_lastlog\&.so\fR\ 'u \fBpam_lastlog\&.so\fR [debug] [silent] [never] [nodate] [nohost] [noterm] [nowtmp] [noupdate] [showfailed] [inactive=] .SH "DESCRIPTION" .PP pam_lastlog is a PAM module to display a line of information about the last login of the user\&. In addition, the module maintains the /var/log/lastlog file\&. .PP Some applications may perform this function themselves\&. In such cases, this module is not necessary\&. .PP If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in\&. The check is not performed for the root account so the root is never locked out\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBsilent\fR .RS 4 Don\*(Aqt inform the user about any previous login, just update the /var/log/lastlog file\&. .RE .PP \fBnever\fR .RS 4 If the /var/log/lastlog file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message\&. .RE .PP \fBnodate\fR .RS 4 Don\*(Aqt display the date of the last login\&. .RE .PP \fBnoterm\fR .RS 4 Don\*(Aqt display the terminal name on which the last login was attempted\&. .RE .PP \fBnohost\fR .RS 4 Don\*(Aqt indicate from which host the last login was attempted\&. .RE .PP \fBnowtmp\fR .RS 4 Don\*(Aqt update the wtmp entry\&. .RE .PP \fBnoupdate\fR .RS 4 Don\*(Aqt update any file\&. .RE .PP \fBshowfailed\fR .RS 4 Display number of failed login attempts and the date of the last failed attempt from btmp\&. The date is not displayed when \fBnodate\fR is specified\&. .RE .PP \fBinactive=\fR .RS 4 This option is specific for the auth or account phase\&. It specifies the number of days after the last login of the user when the user will be locked out by the module\&. The default value is 90\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR and \fBaccount\fR module type allows to lock out users which did not login recently enough\&. The \fBsession\fR module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 Everything was successful\&. .RE .PP PAM_SERVICE_ERR .RS 4 Internal service module error\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known\&. .RE .PP PAM_AUTH_ERR .RS 4 User locked out in the auth or account phase due to inactivity\&. .RE .PP PAM_IGNORE .RS 4 There was an error during reading the lastlog file in the auth or account phase and thus inactivity of the user cannot be determined\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/login to display the last login time of an user: .sp .if n \{\ .RS 4 .\} .nf session required pam_lastlog\&.so nowtmp .fi .if n \{\ .RE .\} .PP To reject the user if he did not login during the previous 50 days the following line can be used: .sp .if n \{\ .RS 4 .\} .nf auth required pam_lastlog\&.so inactive=50 .fi .if n \{\ .RE .\} .SH "FILES" .PP /var/log/lastlog .RS 4 Lastlog logging file .RE .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_lastlog was written by Andrew G\&. Morgan \&. .PP Inactive account lock out added by Tomáš Mráz \&. pam/modules/pam_lastlog/pam_lastlog.8.xml0000644000000000000000000002025213261244762015675 0ustar pam_lastlog 8 Linux-PAM Manual pam_lastlog PAM module to display date of last login and perform inactive account lock out pam_lastlog.so debug silent never nodate nohost noterm nowtmp noupdate showfailed inactive=<days> DESCRIPTION pam_lastlog is a PAM module to display a line of information about the last login of the user. In addition, the module maintains the /var/log/lastlog file. Some applications may perform this function themselves. In such cases, this module is not necessary. If the module is called in the auth or account phase, the accounts that were not used recently enough will be disallowed to log in. The check is not performed for the root account so the root is never locked out. OPTIONS Print debug information. Don't inform the user about any previous login, just update the /var/log/lastlog file. If the /var/log/lastlog file does not contain any old entries for the user, indicate that the user has never previously logged in with a welcome message. Don't display the date of the last login. Don't display the terminal name on which the last login was attempted. Don't indicate from which host the last login was attempted. Don't update the wtmp entry. Don't update any file. Display number of failed login attempts and the date of the last failed attempt from btmp. The date is not displayed when is specified. This option is specific for the auth or account phase. It specifies the number of days after the last login of the user when the user will be locked out by the module. The default value is 90. MODULE TYPES PROVIDED The and module type allows to lock out users which did not login recently enough. The module type is provided for displaying the information about the last login and/or updating the lastlog and wtmp files. RETURN VALUES PAM_SUCCESS Everything was successful. PAM_SERVICE_ERR Internal service module error. PAM_USER_UNKNOWN User not known. PAM_AUTH_ERR User locked out in the auth or account phase due to inactivity. PAM_IGNORE There was an error during reading the lastlog file in the auth or account phase and thus inactivity of the user cannot be determined. EXAMPLES Add the following line to /etc/pam.d/login to display the last login time of an user: session required pam_lastlog.so nowtmp To reject the user if he did not login during the previous 50 days the following line can be used: auth required pam_lastlog.so inactive=50 FILES /var/log/lastlog Lastlog logging file SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_lastlog was written by Andrew G. Morgan <morgan@kernel.org>. Inactive account lock out added by Tomáš Mráz <tm@t8m.info>. pam/modules/pam_lastlog/pam_lastlog.c0000644000000000000000000004644313261244762015163 0ustar /* pam_lastlog module */ /* * Written by Andrew Morgan 1996/3/11 * * This module does the necessary work to display the last login * time+date for this user, it then updates this entry for the * present (login) service. */ #include "config.h" #include #include #include #ifdef HAVE_UTMP_H # include #else # include #endif #include #include #include #include #include #include #include #include #if defined(hpux) || defined(sunos) || defined(solaris) # ifndef _PATH_LASTLOG # define _PATH_LASTLOG "/usr/adm/lastlog" # endif /* _PATH_LASTLOG */ # ifndef UT_HOSTSIZE # define UT_HOSTSIZE 16 # endif /* UT_HOSTSIZE */ # ifndef UT_LINESIZE # define UT_LINESIZE 12 # endif /* UT_LINESIZE */ #endif #if defined(hpux) struct lastlog { time_t ll_time; char ll_line[UT_LINESIZE]; char ll_host[UT_HOSTSIZE]; /* same as in utmp */ }; #endif /* hpux */ #ifndef _PATH_BTMP # define _PATH_BTMP "/var/log/btmp" #endif /* XXX - time before ignoring lock. Is 1 sec enough? */ #define LASTLOG_IGNORE_LOCK_TIME 1 #define DEFAULT_HOST "" /* "[no.where]" */ #define DEFAULT_TERM "" /* "tt???" */ #define DEFAULT_INACTIVE_DAYS 90 #define MAX_INACTIVE_DAYS 100000 /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_SESSION #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #include #include #include #include /* argument parsing */ #define LASTLOG_DATE 01 /* display the date of the last login */ #define LASTLOG_HOST 02 /* display the last host used (if set) */ #define LASTLOG_LINE 04 /* display the last terminal used */ #define LASTLOG_NEVER 010 /* display a welcome message for first login */ #define LASTLOG_DEBUG 020 /* send info to syslog(3) */ #define LASTLOG_QUIET 040 /* keep quiet about things */ #define LASTLOG_WTMP 0100 /* log to wtmp as well as lastlog */ #define LASTLOG_BTMP 0200 /* display failed login info from btmp */ #define LASTLOG_UPDATE 0400 /* update the lastlog and wtmp files (default) */ static int _pam_auth_parse(pam_handle_t *pamh, int flags, int argc, const char **argv, time_t *inactive) { int ctrl = 0; *inactive = DEFAULT_INACTIVE_DAYS; /* does the appliction require quiet? */ if (flags & PAM_SILENT) { ctrl |= LASTLOG_QUIET; } /* step through arguments */ for (; argc-- > 0; ++argv) { char *ep = NULL; long l; if (!strcmp(*argv,"debug")) { ctrl |= LASTLOG_DEBUG; } else if (!strcmp(*argv,"silent")) { ctrl |= LASTLOG_QUIET; } else if (!strncmp(*argv,"inactive=", 9)) { l = strtol(*argv+9, &ep, 10); if (ep != *argv+9 && l > 0 && l < MAX_INACTIVE_DAYS) *inactive = l; else { pam_syslog(pamh, LOG_ERR, "bad option value: %s", *argv); } } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } D(("ctrl = %o", ctrl)); return ctrl; } static int _pam_session_parse(pam_handle_t *pamh, int flags, int argc, const char **argv) { int ctrl=(LASTLOG_DATE|LASTLOG_HOST|LASTLOG_LINE|LASTLOG_WTMP|LASTLOG_UPDATE); /* does the appliction require quiet? */ if (flags & PAM_SILENT) { ctrl |= LASTLOG_QUIET; } /* step through arguments */ for (; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) { ctrl |= LASTLOG_DEBUG; } else if (!strcmp(*argv,"nodate")) { ctrl &= ~LASTLOG_DATE; } else if (!strcmp(*argv,"noterm")) { ctrl &= ~LASTLOG_LINE; } else if (!strcmp(*argv,"nohost")) { ctrl &= ~LASTLOG_HOST; } else if (!strcmp(*argv,"silent")) { ctrl |= LASTLOG_QUIET; } else if (!strcmp(*argv,"never")) { ctrl |= LASTLOG_NEVER; } else if (!strcmp(*argv,"nowtmp")) { ctrl &= ~LASTLOG_WTMP; } else if (!strcmp(*argv,"noupdate")) { ctrl &= ~(LASTLOG_WTMP|LASTLOG_UPDATE); } else if (!strcmp(*argv,"showfailed")) { ctrl |= LASTLOG_BTMP; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } D(("ctrl = %o", ctrl)); return ctrl; } static const char * get_tty(pam_handle_t *pamh) { const void *void_terminal_line = NULL; const char *terminal_line; if (pam_get_item(pamh, PAM_TTY, &void_terminal_line) != PAM_SUCCESS || void_terminal_line == NULL) { terminal_line = DEFAULT_TERM; } else { terminal_line = void_terminal_line; } if (!strncmp("/dev/", terminal_line, 5)) { /* strip leading "/dev/" from tty. */ terminal_line += 5; } D(("terminal = %s", terminal_line)); return terminal_line; } static int last_login_open(pam_handle_t *pamh, int announce, uid_t uid) { int last_fd; /* obtain the last login date and all the relevant info */ last_fd = open(_PATH_LASTLOG, announce&LASTLOG_UPDATE ? O_RDWR : O_RDONLY); if (last_fd < 0) { if (errno == ENOENT && (announce & LASTLOG_UPDATE)) { last_fd = open(_PATH_LASTLOG, O_RDWR|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); if (last_fd < 0) { pam_syslog(pamh, LOG_ERR, "unable to create %s: %m", _PATH_LASTLOG); D(("unable to create %s file", _PATH_LASTLOG)); return -1; } pam_syslog(pamh, LOG_WARNING, "file %s created", _PATH_LASTLOG); D(("file %s created", _PATH_LASTLOG)); } else { pam_syslog(pamh, LOG_ERR, "unable to open %s: %m", _PATH_LASTLOG); D(("unable to open %s file", _PATH_LASTLOG)); return -1; } } if (lseek(last_fd, sizeof(struct lastlog) * (off_t) uid, SEEK_SET) < 0) { pam_syslog(pamh, LOG_ERR, "failed to lseek %s: %m", _PATH_LASTLOG); D(("unable to lseek %s file", _PATH_LASTLOG)); close(last_fd); return -1; } return last_fd; } static int last_login_read(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, time_t *lltime) { struct flock last_lock; struct lastlog last_login; int retval = PAM_SUCCESS; char the_time[256]; char *date = NULL; char *host = NULL; char *line = NULL; memset(&last_lock, 0, sizeof(last_lock)); last_lock.l_type = F_RDLCK; last_lock.l_whence = SEEK_SET; last_lock.l_start = sizeof(last_login) * (off_t) uid; last_lock.l_len = sizeof(last_login); if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); pam_syslog(pamh, LOG_WARNING, "file %s is locked/read", _PATH_LASTLOG); sleep(LASTLOG_IGNORE_LOCK_TIME); } if (pam_modutil_read(last_fd, (char *) &last_login, sizeof(last_login)) != sizeof(last_login)) { memset(&last_login, 0, sizeof(last_login)); } last_lock.l_type = F_UNLCK; (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ *lltime = last_login.ll_time; if (!last_login.ll_time) { if (announce & LASTLOG_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "first login for user with uid %lu", (unsigned long int)uid); } } if (!(announce & LASTLOG_QUIET)) { if (last_login.ll_time) { /* we want the date? */ if (announce & LASTLOG_DATE) { struct tm *tm, tm_buf; time_t ll_time; ll_time = last_login.ll_time; tm = localtime_r (&ll_time, &tm_buf); strftime (the_time, sizeof (the_time), /* TRANSLATORS: "strftime options for date of last login" */ _(" %a %b %e %H:%M:%S %Z %Y"), tm); date = the_time; } /* we want & have the host? */ if ((announce & LASTLOG_HOST) && (last_login.ll_host[0] != '\0')) { /* TRANSLATORS: " from " */ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, last_login.ll_host) < 0) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } } /* we want and have the terminal? */ if ((announce & LASTLOG_LINE) && (last_login.ll_line[0] != '\0')) { /* TRANSLATORS: " on " */ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, last_login.ll_line) < 0) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } } if (date != NULL || host != NULL || line != NULL) /* TRANSLATORS: "Last login: from on " */ retval = pam_info(pamh, _("Last login:%s%s%s"), date ? date : "", host ? host : "", line ? line : ""); } else if (announce & LASTLOG_NEVER) { D(("this is the first time this user has logged in")); retval = pam_info(pamh, "%s", _("Welcome to your new account!")); } } /* cleanup */ cleanup: memset(&last_login, 0, sizeof(last_login)); _pam_overwrite(date); _pam_overwrite(host); _pam_drop(host); _pam_overwrite(line); _pam_drop(line); return retval; } static int last_login_write(pam_handle_t *pamh, int announce, int last_fd, uid_t uid, const char *user) { struct flock last_lock; struct lastlog last_login; time_t ll_time; const void *void_remote_host = NULL; const char *remote_host; const char *terminal_line; int retval = PAM_SUCCESS; /* rewind */ if (lseek(last_fd, sizeof(last_login) * (off_t) uid, SEEK_SET) < 0) { pam_syslog(pamh, LOG_ERR, "failed to lseek %s: %m", _PATH_LASTLOG); return PAM_SERVICE_ERR; } /* set this login date */ D(("set the most recent login time")); (void) time(&ll_time); /* set the time */ last_login.ll_time = ll_time; /* set the remote host */ if (pam_get_item(pamh, PAM_RHOST, &void_remote_host) != PAM_SUCCESS || void_remote_host == NULL) { remote_host = DEFAULT_HOST; } else { remote_host = void_remote_host; } /* copy to last_login */ last_login.ll_host[0] = '\0'; strncat(last_login.ll_host, remote_host, sizeof(last_login.ll_host)-1); /* set the terminal line */ terminal_line = get_tty(pamh); /* copy to last_login */ last_login.ll_line[0] = '\0'; strncat(last_login.ll_line, terminal_line, sizeof(last_login.ll_line)-1); terminal_line = NULL; D(("locking lastlog file")); /* now we try to lock this file-record exclusively; non-blocking */ memset(&last_lock, 0, sizeof(last_lock)); last_lock.l_type = F_WRLCK; last_lock.l_whence = SEEK_SET; last_lock.l_start = sizeof(last_login) * (off_t) uid; last_lock.l_len = sizeof(last_login); if (fcntl(last_fd, F_SETLK, &last_lock) < 0) { D(("locking %s failed..(waiting a little)", _PATH_LASTLOG)); pam_syslog(pamh, LOG_WARNING, "file %s is locked/write", _PATH_LASTLOG); sleep(LASTLOG_IGNORE_LOCK_TIME); } D(("writing to the lastlog file")); if (pam_modutil_write (last_fd, (char *) &last_login, sizeof (last_login)) != sizeof(last_login)) { pam_syslog(pamh, LOG_ERR, "failed to write %s: %m", _PATH_LASTLOG); retval = PAM_SERVICE_ERR; } last_lock.l_type = F_UNLCK; (void) fcntl(last_fd, F_SETLK, &last_lock); /* unlock */ D(("unlocked")); if (announce & LASTLOG_WTMP) { /* write wtmp entry for user */ logwtmp(last_login.ll_line, user, remote_host); } /* cleanup */ memset(&last_login, 0, sizeof(last_login)); return retval; } static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid, const char *user, time_t *lltime) { int retval; int last_fd; /* obtain the last login date and all the relevant info */ last_fd = last_login_open(pamh, announce, uid); if (last_fd < 0) { return PAM_SERVICE_ERR; } retval = last_login_read(pamh, announce, last_fd, uid, lltime); if (retval != PAM_SUCCESS) { close(last_fd); D(("error while reading lastlog file")); return retval; } if (announce & LASTLOG_UPDATE) { retval = last_login_write(pamh, announce, last_fd, uid, user); } close(last_fd); D(("all done with last login")); return retval; } static int last_login_failed(pam_handle_t *pamh, int announce, const char *user, time_t lltime) { int retval; int fd; struct utmp ut; struct utmp utuser; int failed = 0; char the_time[256]; char *date = NULL; char *host = NULL; char *line = NULL; if (strlen(user) > UT_NAMESIZE) { pam_syslog(pamh, LOG_WARNING, "username too long, output might be inaccurate"); } /* obtain the failed login attempt records from btmp */ fd = open(_PATH_BTMP, O_RDONLY); if (fd < 0) { int save_errno = errno; pam_syslog(pamh, LOG_ERR, "unable to open %s: %m", _PATH_BTMP); D(("unable to open %s file", _PATH_BTMP)); if (save_errno == ENOENT) return PAM_SUCCESS; else return PAM_SERVICE_ERR; } while ((retval=pam_modutil_read(fd, (void *)&ut, sizeof(ut))) == sizeof(ut)) { if (ut.ut_tv.tv_sec >= lltime && strncmp(ut.ut_user, user, UT_NAMESIZE) == 0) { memcpy(&utuser, &ut, sizeof(utuser)); failed++; } } if (retval != 0) pam_syslog(pamh, LOG_WARNING, "corruption detected in %s", _PATH_BTMP); retval = PAM_SUCCESS; if (failed) { /* we want the date? */ if (announce & LASTLOG_DATE) { struct tm *tm, tm_buf; time_t lf_time; lf_time = utuser.ut_tv.tv_sec; tm = localtime_r (&lf_time, &tm_buf); strftime (the_time, sizeof (the_time), /* TRANSLATORS: "strftime options for date of last login" */ _(" %a %b %e %H:%M:%S %Z %Y"), tm); date = the_time; } /* we want & have the host? */ if ((announce & LASTLOG_HOST) && (utuser.ut_host[0] != '\0')) { /* TRANSLATORS: " from " */ if (asprintf(&host, _(" from %.*s"), UT_HOSTSIZE, utuser.ut_host) < 0) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } } /* we want and have the terminal? */ if ((announce & LASTLOG_LINE) && (utuser.ut_line[0] != '\0')) { /* TRANSLATORS: " on " */ if (asprintf(&line, _(" on %.*s"), UT_LINESIZE, utuser.ut_line) < 0) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto cleanup; } } if (line != NULL || date != NULL || host != NULL) { /* TRANSLATORS: "Last failed login: from on " */ pam_info(pamh, _("Last failed login:%s%s%s"), date ? date : "", host ? host : "", line ? line : ""); } _pam_drop(line); #if defined HAVE_DNGETTEXT && defined ENABLE_NLS retval = asprintf (&line, dngettext(PACKAGE, "There was %d failed login attempt since the last successful login.", "There were %d failed login attempts since the last successful login.", failed), failed); #else if (failed == 1) retval = asprintf(&line, _("There was %d failed login attempt since the last successful login."), failed); else retval = asprintf(&line, /* TRANSLATORS: only used if dngettext is not supported */ _("There were %d failed login attempts since the last successful login."), failed); #endif if (retval >= 0) retval = pam_info(pamh, "%s", line); else { retval = PAM_BUF_ERR; line = NULL; } } cleanup: free(host); free(line); close(fd); D(("all done with btmp")); return retval; } /* --- authentication (locking out inactive users) functions --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, ctrl; const char *user = NULL; const struct passwd *pwd; uid_t uid; time_t lltime = 0; time_t inactive_days = 0; int last_fd; /* * Lock out the user if he did not login recently enough. */ ctrl = _pam_auth_parse(pamh, flags, argc, argv, &inactive_days); /* which user? */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL || *user == '\0') { pam_syslog(pamh, LOG_ERR, "cannot determine the user's name"); return PAM_USER_UNKNOWN; } /* what uid? */ pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { pam_syslog(pamh, LOG_ERR, "user unknown"); return PAM_USER_UNKNOWN; } uid = pwd->pw_uid; pwd = NULL; /* tidy up */ if (uid == 0) return PAM_SUCCESS; /* obtain the last login date and all the relevant info */ last_fd = last_login_open(pamh, ctrl, uid); if (last_fd < 0) { return PAM_IGNORE; } retval = last_login_read(pamh, ctrl|LASTLOG_QUIET, last_fd, uid, &lltime); close(last_fd); if (retval != PAM_SUCCESS) { D(("error while reading lastlog file")); return PAM_IGNORE; } if (lltime == 0) { /* user never logged in before */ if (ctrl & LASTLOG_DEBUG) pam_syslog(pamh, LOG_DEBUG, "user never logged in - pass"); return PAM_SUCCESS; } lltime = (time(NULL) - lltime) / (24*60*60); if (lltime > inactive_days) { pam_syslog(pamh, LOG_INFO, "user %s inactive for %d days - denied", user, lltime); return PAM_AUTH_ERR; } return PAM_SUCCESS; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } /* --- session management functions --- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, ctrl; const void *user; const struct passwd *pwd; uid_t uid; time_t lltime = 0; /* * this module gets the uid of the PAM_USER. Uses it to display * last login info and then updates the lastlog for that user. */ ctrl = _pam_session_parse(pamh, flags, argc, argv); /* which user? */ retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { pam_syslog(pamh, LOG_NOTICE, "user unknown"); return PAM_USER_UNKNOWN; } /* what uid? */ pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { D(("couldn't identify user %s", user)); return PAM_USER_UNKNOWN; } uid = pwd->pw_uid; pwd = NULL; /* tidy up */ /* process the current login attempt (indicate last) */ retval = last_login_date(pamh, ctrl, uid, user, &lltime); if ((ctrl & LASTLOG_BTMP) && retval == PAM_SUCCESS) { retval = last_login_failed(pamh, ctrl, user, lltime); } /* indicate success or failure */ uid = -1; /* forget this */ return retval; } PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *terminal_line; if (!(_pam_session_parse(pamh, flags, argc, argv) & LASTLOG_WTMP)) return PAM_SUCCESS; terminal_line = get_tty(pamh); /* Wipe out utmp logout entry */ logwtmp(terminal_line, "", ""); return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_lastlog_modstruct = { "pam_lastlog", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, NULL, }; #endif /* end of module definition */ pam/modules/pam_lastlog/tst-pam_lastlog0000755000000000000000000000006613261244762015544 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_lastlog.so pam/modules/pam_limits/0000755000000000000000000000000013261244762012336 5ustar pam/modules/pam_limits/Makefile.am0000644000000000000000000000201213261244762014365 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits man_MANS = limits.conf.5 pam_limits.8 XMLS = README.xml limits.conf.5.xml pam_limits.8.xml TESTS = tst-pam_limits securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) limits_conf_dir = $(SCONFIGDIR)/limits.d AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \ -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_limits.la pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = limits.conf if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_limits.8.xml limits.conf.5.xml -include $(top_srcdir)/Make.xml.rules endif install-data-local: mkdir -p $(DESTDIR)$(limits_conf_dir) pam/modules/pam_limits/Makefile.in0000644000000000000000000006603713261244762014417 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_limits DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_limits_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_limits_la_SOURCES = pam_limits.c pam_limits_la_OBJECTS = pam_limits.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_limits.c DIST_SOURCES = pam_limits.c man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) limits.conf tst-pam_limits man_MANS = limits.conf.5 pam_limits.8 XMLS = README.xml limits.conf.5.xml pam_limits.8.xml TESTS = tst-pam_limits securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) limits_conf_dir = $(SCONFIGDIR)/limits.d AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DLIMITS_FILE_DIR=\"$(limits_conf_dir)/*.conf\" \ -DLIMITS_FILE=\"$(SCONFIGDIR)/limits.conf\" AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_limits.la pam_limits_la_LIBADD = $(top_builddir)/libpam/libpam.la secureconf_DATA = limits.conf @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_limits/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_limits/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_limits.la: $(pam_limits_la_OBJECTS) $(pam_limits_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_limits_la_OBJECTS) $(pam_limits_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_limits.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-man install-secureconfDATA \ install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-data-local install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man5 \ install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-secureconfDATA \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man5 \ uninstall-man8 uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_limits.8.xml limits.conf.5.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules install-data-local: mkdir -p $(DESTDIR)$(limits_conf_dir) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_limits/README0000644000000000000000000000455413261244762013226 0ustar pam_limits — PAM module to limit resources â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_limits PAM module sets limits on the system resources that can be obtained in a user-session. Users of uid=0 are affected by this limits, too. By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the files in the above directory are not parsed. The module must not be called by a multithreaded application. If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions. OPTIONS conf=/path/to/limits.conf Indicate an alternative limits.conf style configuration file to override the default. debug Print debug information. set_all Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1. utmp_early Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system-wide consistency with a single limits.conf file. noaudit Do not report exceeded maximum logins count to the audit subsystem. EXAMPLES These are some example lines which might be specified in /etc/security/ limits.conf. * soft core 0 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 @faculty hard nproc 50 ftp hard nproc 0 @student - maxlogins 4 :123 hard cpu 5000 @500: soft cpu 10000 600:700 hard locks 10 pam/modules/pam_limits/README.xml0000644000000000000000000000202613261244762014015 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_limits.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_limits-name"]/*)'/>
pam/modules/pam_limits/limits.conf0000644000000000000000000000344013261244762014507 0ustar # /etc/security/limits.conf # #Each line describes a limit for a user in the form: # # # #Where: # can be: # - a user name # - a group name, with @group syntax # - the wildcard *, for default entry # - the wildcard %, can be also used with %group syntax, # for maxlogin limit # # can have the two values: # - "soft" for enforcing the soft limits # - "hard" for enforcing hard limits # # can be one of the following: # - core - limits the core file size (KB) # - data - max data size (KB) # - fsize - maximum filesize (KB) # - memlock - max locked-in-memory address space (KB) # - nofile - max number of open files # - rss - max resident set size (KB) # - stack - max stack size (KB) # - cpu - max CPU time (MIN) # - nproc - max number of processes # - as - address space limit (KB) # - maxlogins - max number of logins for this user # - maxsyslogins - max number of logins on the system # - priority - the priority to run user process with # - locks - max number of file locks the user can hold # - sigpending - max number of pending signals # - msgqueue - max memory used by POSIX message queues (bytes) # - nice - max nice priority allowed to raise to values: [-20, 19] # - rtprio - max realtime priority # # # #* soft core 0 #* hard rss 10000 #@student hard nproc 20 #@faculty soft nproc 20 #@faculty hard nproc 50 #ftp hard nproc 0 #@student - maxlogins 4 # End of file pam/modules/pam_limits/limits.conf.50000644000000000000000000001734713261244762014665 0ustar '\" t .\" Title: limits.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "LIMITS\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" limits.conf \- configuration file for the pam_limits module .SH "DESCRIPTION" .PP The \fIpam_limits\&.so\fR module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions\&. This description of the configuration file syntax applies to the /etc/security/limits\&.conf file and *\&.conf files in the /etc/security/limits\&.d directory\&. .PP The syntax of the lines is as follows: .PP \fI\fR\fI\fR\fI\fR\fI\fR .PP The fields listed above should be filled as follows: .PP \fB\fR .RS 4 .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a username .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a groupname, with \fB@group\fR syntax\&. This should not be confused with netgroups\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the wildcard \fB*\fR, for default entry\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} the wildcard \fB%\fR, for maxlogins limit only, can also be used with \fB%group\fR syntax\&. If the \fB%\fR wildcard is used alone it is identical to using \fB*\fR with maxsyslogins limit\&. With a group specified after \fB%\fR it limits the total number of logins of all users that are member of the group\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} an uid range specified as \fI\fR\fB:\fR\fI\fR\&. If min_uid is omitted, the match is exact for the max_uid\&. If max_uid is omitted, all uids greater than or equal min_uid match\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a gid range specified as \fB@\fR\fI\fR\fB:\fR\fI\fR\&. If min_gid is omitted, the match is exact for the max_gid\&. If max_gid is omitted, all gids greater than or equal min_gid match\&. For the exact match all groups including the user\*(Aqs supplementary groups are examined\&. For the range matches only the user\*(Aqs primary group is examined\&. .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ .sp -1 .IP \(bu 2.3 .\} a gid specified as \fB%:\fR\fI\fR applicable to maxlogins limit only\&. It limits the total number of logins of all users that are member of the group with the specified gid\&. .RE .RE .PP \fB\fR .RS 4 .PP \fBhard\fR .RS 4 for enforcing \fBhard\fR resource limits\&. These limits are set by the superuser and enforced by the Kernel\&. The user cannot raise his requirement of system resources above such values\&. .RE .PP \fBsoft\fR .RS 4 for enforcing \fBsoft\fR resource limits\&. These limits are ones that the user can move up or down within the permitted range by any pre\-existing \fBhard\fR limits\&. The values specified with this token can be thought of as \fIdefault\fR values, for normal system usage\&. .RE .PP \fB\-\fR .RS 4 for enforcing both \fBsoft\fR and \fBhard\fR resource limits together\&. .sp Note, if you specify a type of \*(Aq\-\*(Aq but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc\&. \&. .RE .RE .PP \fB\fR .RS 4 .PP \fBcore\fR .RS 4 limits the core file size (KB) .RE .PP \fBdata\fR .RS 4 maximum data size (KB) .RE .PP \fBfsize\fR .RS 4 maximum filesize (KB) .RE .PP \fBmemlock\fR .RS 4 maximum locked\-in\-memory address space (KB) .RE .PP \fBnofile\fR .RS 4 maximum number of open files .RE .PP \fBrss\fR .RS 4 maximum resident set size (KB) (Ignored in Linux 2\&.4\&.30 and higher) .RE .PP \fBstack\fR .RS 4 maximum stack size (KB) .RE .PP \fBcpu\fR .RS 4 maximum CPU time (minutes) .RE .PP \fBnproc\fR .RS 4 maximum number of processes .RE .PP \fBas\fR .RS 4 address space limit (KB) .RE .PP \fBmaxlogins\fR .RS 4 maximum number of logins for this user except for this with \fIuid=0\fR .RE .PP \fBmaxsyslogins\fR .RS 4 maximum number of all logins on system .RE .PP \fBpriority\fR .RS 4 the priority to run user process with (negative values boost process priority) .RE .PP \fBlocks\fR .RS 4 maximum locked files (Linux 2\&.4 and higher) .RE .PP \fBsigpending\fR .RS 4 maximum number of pending signals (Linux 2\&.6 and higher) .RE .PP \fBmsgqueue\fR .RS 4 maximum memory used by POSIX message queues (bytes) (Linux 2\&.6 and higher) .RE .PP \fBnice\fR .RS 4 maximum nice priority allowed to raise to (Linux 2\&.6\&.12 and higher) values: [\-20,19] .RE .PP \fBrtprio\fR .RS 4 maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher) .RE .RE .PP All items support the values \fI\-1\fR, \fIunlimited\fR or \fIinfinity\fR indicating no limit, except for \fBpriority\fR and \fBnice\fR\&. .PP If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur\&. If the control value \fIrequired\fR is used, the module will reject the login if a limit could not be set\&. .PP In general, individual limits have priority over group limits, so if you impose no limits for \fIadmin\fR group, but one of the members in this group have a limits line, the user will have its limits set according to this line\&. .PP Also, please note that all limit settings are set \fIper login\fR\&. They are not global, nor are they permanent; existing only for the duration of the session\&. One exception is the \fImaxlogin\fR option, this one is system wide\&. But there is a race, concurrent logins at the same time will not always be detect as such but only counted as one\&. .PP In the \fIlimits\fR configuration file, the \*(Aq\fB#\fR\*(Aq character introduces a comment \- after which the rest of the line is ignored\&. .PP The pam_limits module does report configuration problems found in its configuration file and errors via \fBsyslog\fR(3)\&. .SH "EXAMPLES" .PP These are some example lines which might be specified in /etc/security/limits\&.conf\&. .sp .if n \{\ .RS 4 .\} .nf * soft core 0 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 @faculty hard nproc 50 ftp hard nproc 0 @student \- maxlogins 4 :123 hard cpu 5000 @500: soft cpu 10000 600:700 hard locks 10 .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam_limits\fR(8), \fBpam.d\fR(5), \fBpam\fR(8), \fBgetrlimit\fR(2)\fBgetrlimit\fR(3p) .SH "AUTHOR" .PP pam_limits was initially written by Cristian Gafton pam/modules/pam_limits/limits.conf.5.xml0000644000000000000000000003317713261244762015463 0ustar limits.conf 5 Linux-PAM Manual limits.conf configuration file for the pam_limits module DESCRIPTION The pam_limits.so module applies ulimit limits, nice priority and number of simultaneous login sessions limit to user login sessions. This description of the configuration file syntax applies to the /etc/security/limits.conf file and *.conf files in the /etc/security/limits.d directory. The syntax of the lines is as follows: <domain> <type> <item> <value> The fields listed above should be filled as follows: a username a groupname, with @group syntax. This should not be confused with netgroups. the wildcard *, for default entry. the wildcard %, for maxlogins limit only, can also be used with %group syntax. If the % wildcard is used alone it is identical to using * with maxsyslogins limit. With a group specified after % it limits the total number of logins of all users that are member of the group. an uid range specified as <min_uid>:<max_uid>. If min_uid is omitted, the match is exact for the max_uid. If max_uid is omitted, all uids greater than or equal min_uid match. a gid range specified as @<min_gid>:<max_gid>. If min_gid is omitted, the match is exact for the max_gid. If max_gid is omitted, all gids greater than or equal min_gid match. For the exact match all groups including the user's supplementary groups are examined. For the range matches only the user's primary group is examined. a gid specified as %:<gid> applicable to maxlogins limit only. It limits the total number of logins of all users that are member of the group with the specified gid. for enforcing hard resource limits. These limits are set by the superuser and enforced by the Kernel. The user cannot raise his requirement of system resources above such values. for enforcing soft resource limits. These limits are ones that the user can move up or down within the permitted range by any pre-existing hard limits. The values specified with this token can be thought of as default values, for normal system usage. for enforcing both soft and hard resource limits together. Note, if you specify a type of '-' but neglect to supply the item and value fields then the module will never enforce any limits on the specified user/group etc. . limits the core file size (KB) maximum data size (KB) maximum filesize (KB) maximum locked-in-memory address space (KB) maximum number of open files maximum resident set size (KB) (Ignored in Linux 2.4.30 and higher) maximum stack size (KB) maximum CPU time (minutes) maximum number of processes address space limit (KB) maximum number of logins for this user except for this with uid=0 maximum number of all logins on system the priority to run user process with (negative values boost process priority) maximum locked files (Linux 2.4 and higher) maximum number of pending signals (Linux 2.6 and higher) maximum memory used by POSIX message queues (bytes) (Linux 2.6 and higher) maximum nice priority allowed to raise to (Linux 2.6.12 and higher) values: [-20,19] maximum realtime priority allowed for non-privileged processes (Linux 2.6.12 and higher) All items support the values -1, unlimited or infinity indicating no limit, except for priority and nice. If a hard limit or soft limit of a resource is set to a valid value, but outside of the supported range of the local system, the system may reject the new limit or unexpected behavior may occur. If the control value required is used, the module will reject the login if a limit could not be set. In general, individual limits have priority over group limits, so if you impose no limits for admin group, but one of the members in this group have a limits line, the user will have its limits set according to this line. Also, please note that all limit settings are set per login. They are not global, nor are they permanent; existing only for the duration of the session. One exception is the maxlogin option, this one is system wide. But there is a race, concurrent logins at the same time will not always be detect as such but only counted as one. In the limits configuration file, the '#' character introduces a comment - after which the rest of the line is ignored. The pam_limits module does report configuration problems found in its configuration file and errors via syslog3. EXAMPLES These are some example lines which might be specified in /etc/security/limits.conf. * soft core 0 * hard nofile 512 @student hard nproc 20 @faculty soft nproc 20 @faculty hard nproc 50 ftp hard nproc 0 @student - maxlogins 4 :123 hard cpu 5000 @500: soft cpu 10000 600:700 hard locks 10 SEE ALSO pam_limits8, pam.d5, pam8, getrlimit2 getrlimit3p AUTHOR pam_limits was initially written by Cristian Gafton <gafton@redhat.com> pam/modules/pam_limits/pam_limits.80000644000000000000000000001040213261244762014562 0ustar '\" t .\" Title: pam_limits .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_LIMITS" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_limits \- PAM module to limit resources .SH "SYNOPSIS" .HP \w'\fBpam_limits\&.so\fR\ 'u \fBpam_limits\&.so\fR [conf=\fI/path/to/limits\&.conf\fR] [debug] [set_all] [utmp_early] [noaudit] .SH "DESCRIPTION" .PP The pam_limits PAM module sets limits on the system resources that can be obtained in a user\-session\&. Users of \fIuid=0\fR are affected by this limits, too\&. .PP By default limits are taken from the /etc/security/limits\&.conf config file\&. Then individual *\&.conf files from the /etc/security/limits\&.d/ directory are read\&. The files are parsed one after another in the order of "C" locale\&. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing\&. If a config file is explicitly specified with a module option then the files in the above directory are not parsed\&. .PP The module must not be called by a multithreaded application\&. .PP If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions\&. .SH "OPTIONS" .PP \fBconf=\fR\fB\fI/path/to/limits\&.conf\fR\fR .RS 4 Indicate an alternative limits\&.conf style configuration file to override the default\&. .RE .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBset_all\fR .RS 4 Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1\&. .RE .PP \fButmp_early\fR .RS 4 Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system\&. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system\-wide consistency with a single limits\&.conf file\&. .RE .PP \fBnoaudit\fR .RS 4 Do not report exceeded maximum logins count to the audit subsystem\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_ABORT .RS 4 Cannot get current limits\&. .RE .PP PAM_IGNORE .RS 4 No limits found for this user\&. .RE .PP PAM_PERM_DENIED .RS 4 New limits could not be set\&. .RE .PP PAM_SERVICE_ERR .RS 4 Cannot read config file\&. .RE .PP PAM_SESSION_ERR .RS 4 Error recovering account name\&. .RE .PP PAM_SUCCESS .RS 4 Limits were changed\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The user is not known to the system\&. .RE .SH "FILES" .PP /etc/security/limits\&.conf .RS 4 Default configuration file .RE .SH "EXAMPLES" .PP For the services you need resources limits (login for example) put a the following line in /etc/pam\&.d/login as the last line for that service (usually after the pam_unix session line): .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 # # Resource limits imposed on login sessions via pam_limits # session required pam_limits\&.so .fi .if n \{\ .RE .\} .PP Replace "login" for each service you are using this module\&. .SH "SEE ALSO" .PP \fBlimits.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\&. .SH "AUTHORS" .PP pam_limits was initially written by Cristian Gafton pam/modules/pam_limits/pam_limits.8.xml0000644000000000000000000001611013261244762015363 0ustar pam_limits 8 Linux-PAM Manual pam_limits PAM module to limit resources pam_limits.so conf=/path/to/limits.conf debug set_all utmp_early noaudit DESCRIPTION The pam_limits PAM module sets limits on the system resources that can be obtained in a user-session. Users of uid=0 are affected by this limits, too. By default limits are taken from the /etc/security/limits.conf config file. Then individual *.conf files from the /etc/security/limits.d/ directory are read. The files are parsed one after another in the order of "C" locale. The effect of the individual files is the same as if all the files were concatenated together in the order of parsing. If a config file is explicitly specified with a module option then the files in the above directory are not parsed. The module must not be called by a multithreaded application. If Linux PAM is compiled with audit support the module will report when it denies access based on limit of maximum number of concurrent login sessions. OPTIONS Indicate an alternative limits.conf style configuration file to override the default. Print debug information. Set the limits for which no value is specified in the configuration file to the one from the process with the PID 1. Some broken applications actually allocate a utmp entry for the user before the user is admitted to the system. If some of the services you are configuring PAM for do this, you can selectively use this module argument to compensate for this behavior and at the same time maintain system-wide consistency with a single limits.conf file. Do not report exceeded maximum logins count to the audit subsystem. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_ABORT Cannot get current limits. PAM_IGNORE No limits found for this user. PAM_PERM_DENIED New limits could not be set. PAM_SERVICE_ERR Cannot read config file. PAM_SESSION_ERR Error recovering account name. PAM_SUCCESS Limits were changed. PAM_USER_UNKNOWN The user is not known to the system. FILES /etc/security/limits.conf Default configuration file EXAMPLES For the services you need resources limits (login for example) put a the following line in /etc/pam.d/login as the last line for that service (usually after the pam_unix session line): #%PAM-1.0 # # Resource limits imposed on login sessions via pam_limits # session required pam_limits.so Replace "login" for each service you are using this module. SEE ALSO limits.conf5 , pam.d5 , pam8 . AUTHORS pam_limits was initially written by Cristian Gafton <gafton@redhat.com> pam/modules/pam_limits/pam_limits.c0000644000000000000000000007634013261244762014652 0ustar /* * pam_limits - impose resource limits when opening a user session * * 1.6 - modified for PLD (added process priority settings) * by Marcin Korzonek * 1.5 - Elliot Lee's "max system logins patch" * 1.4 - addressed bug in configuration file parser * 1.3 - modified the configuration file format * 1.2 - added 'debug' and 'conf=' arguments * 1.1 - added @group support * 1.0 - initial release - Linux ONLY * * See end for Copyright information */ #if !defined(linux) && !defined(__linux) #warning THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! #endif #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef UT_USER /* some systems have ut_name instead of ut_user */ #define UT_USER ut_user #endif #include #include #include #ifdef HAVE_LIBAUDIT #include #endif /* Module defines */ #define LINE_LENGTH 1024 #define LIMITS_DEF_USER 0 /* limit was set by an user entry */ #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */ #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */ #define LIMITS_DEF_ALL 3 /* limit was set by an all entry */ #define LIMITS_DEF_DEFAULT 4 /* limit was set by a default entry */ #define LIMITS_DEF_KERNEL 5 /* limit was set from /proc/1/limits */ #define LIMITS_DEF_NONE 6 /* this limit was not set yet */ #define LIMIT_RANGE_ERR -1 /* error in specified uid/gid range */ #define LIMIT_RANGE_NONE 0 /* no range specified */ #define LIMIT_RANGE_ONE 1 /* exact uid/gid specified (:max_uid)*/ #define LIMIT_RANGE_MIN 2 /* only minimum uid/gid specified (min_uid:) */ #define LIMIT_RANGE_MM 3 /* both min and max uid/gid specified (min_uid:max_uid) */ static const char *limits_def_names[] = { "USER", "GROUP", "ALLGROUP", "ALL", "DEFAULT", "KERNEL", "NONE", NULL }; struct user_limits_struct { int supported; int src_soft; int src_hard; struct rlimit limit; }; /* internal data */ struct pam_limit_s { int login_limit; /* the max logins limit */ int login_limit_def; /* which entry set the login limit */ int flag_numsyslogins; /* whether to limit logins only for a specific user or to count all logins */ int priority; /* the priority to run user process with */ struct user_limits_struct limits[RLIM_NLIMITS]; const char *conf_file; int utmp_after_pam_call; char login_group[LINE_LENGTH]; }; #define LIMIT_LOGIN RLIM_NLIMITS+1 #define LIMIT_NUMSYSLOGINS RLIM_NLIMITS+2 #define LIMIT_PRI RLIM_NLIMITS+3 #define LIMIT_SOFT 1 #define LIMIT_HARD 2 #define PAM_SM_SESSION #include #include #include #include /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 #define PAM_UTMP_EARLY 0x0004 #define PAM_NO_AUDIT 0x0008 #define PAM_SET_ALL 0x0010 /* Limits from globbed files. */ #define LIMITS_CONF_GLOB LIMITS_FILE_DIR #define CONF_FILE (pl->conf_file != NULL)?pl->conf_file:LIMITS_FILE static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv, struct pam_limit_s *pl) { int ctrl=0; /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) { ctrl |= PAM_DEBUG_ARG; } else if (!strncmp(*argv,"conf=",5)) { pl->conf_file = *argv+5; } else if (!strcmp(*argv,"utmp_early")) { ctrl |= PAM_UTMP_EARLY; } else if (!strcmp(*argv,"noaudit")) { ctrl |= PAM_NO_AUDIT; } else if (!strcmp(*argv,"set_all")) { ctrl |= PAM_SET_ALL; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return ctrl; } static const char * rlimit2str (int i) { switch (i) { case RLIMIT_CPU: return "cpu"; break; case RLIMIT_FSIZE: return "fsize"; break; case RLIMIT_DATA: return "data"; break; case RLIMIT_STACK: return "stack"; break; case RLIMIT_CORE: return "core"; break; case RLIMIT_RSS: return "rss"; break; case RLIMIT_NPROC: return "nproc"; break; case RLIMIT_NOFILE: return "nofile"; break; case RLIMIT_MEMLOCK: return "memlock"; break; #ifdef RLIMIT_AS case RLIMIT_AS: return "as"; break; #endif #ifdef RLIMIT_LOCKS case RLIMIT_LOCKS: return "locks"; break; #endif #ifdef RLIMIT_SIGPENDING case RLIMIT_SIGPENDING: return "sigpending"; break; #endif #ifdef RLIMIT_MSGQUEUE case RLIMIT_MSGQUEUE: return "msgqueue"; break; #endif #ifdef RLIMIT_NICE case RLIMIT_NICE: return "nice"; break; #endif #ifdef RLIMIT_RTPRIO case RLIMIT_RTPRIO: return "rtprio"; break; #endif default: return "UNKNOWN"; break; } } #define LIMITED_OK 0 /* limit setting appeared to work */ #define LIMIT_ERR 1 /* error setting a limit */ #define LOGIN_ERR 2 /* too many logins err */ /* Counts the number of user logins and check against the limit*/ static int check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl, struct pam_limit_s *pl) { struct utmp *ut; int count; if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking logins for '%s' (maximum of %d)", name, limit); } if (limit < 0) return 0; /* no limits imposed */ if (limit == 0) /* maximum 0 logins ? */ { pam_syslog(pamh, LOG_WARNING, "No logins allowed for '%s'", name); return LOGIN_ERR; } setutent(); /* Because there is no definition about when an application actually adds a utmp entry, some applications bizarrely do the utmp call before the have PAM authenticate them to the system: you're logged it, sort of...? Anyway, you can use the "utmp_early" module argument in your PAM config file to make allowances for this sort of problem. (There should be a PAM standard for this, since if a module wants to actually map a username then any early utmp entry will be for the unmapped name = broken.) */ if (ctrl & PAM_UTMP_EARLY) { count = 0; } else { count = 1; } while((ut = getutent())) { #ifdef USER_PROCESS if (ut->ut_type != USER_PROCESS) { continue; } #endif if (ut->UT_USER[0] == '\0') { continue; } if (!pl->flag_numsyslogins) { if (((pl->login_limit_def == LIMITS_DEF_USER) || (pl->login_limit_def == LIMITS_DEF_GROUP) || (pl->login_limit_def == LIMITS_DEF_DEFAULT)) && strncmp(name, ut->UT_USER, sizeof(ut->UT_USER)) != 0) { continue; } if ((pl->login_limit_def == LIMITS_DEF_ALLGROUP) && !pam_modutil_user_in_group_nam_nam(pamh, ut->UT_USER, pl->login_group)) { continue; } } if (++count > limit) { break; } } endutent(); if (count > limit) { if (name) { pam_syslog(pamh, LOG_WARNING, "Too many logins (max %d) for %s", limit, name); } else { pam_syslog(pamh, LOG_WARNING, "Too many system logins (max %d)", limit); } return LOGIN_ERR; } return 0; } static const char *lnames[RLIM_NLIMITS] = { [RLIMIT_CPU] = "Max cpu time", [RLIMIT_FSIZE] = "Max file size", [RLIMIT_DATA] = "Max data size", [RLIMIT_STACK] = "Max stack size", [RLIMIT_CORE] = "Max core file size", [RLIMIT_RSS] = "Max resident set", [RLIMIT_NPROC] = "Max processes", [RLIMIT_NOFILE] = "Max open files", [RLIMIT_MEMLOCK] = "Max locked memory", #ifdef RLIMIT_AS [RLIMIT_AS] = "Max address space", #endif #ifdef RLIMIT_LOCKS [RLIMIT_LOCKS] = "Max file locks", #endif #ifdef RLIMIT_SIGPENDING [RLIMIT_SIGPENDING] = "Max pending signals", #endif #ifdef RLIMIT_MSGQUEUE [RLIMIT_MSGQUEUE] = "Max msgqueue size", #endif #ifdef RLIMIT_NICE [RLIMIT_NICE] = "Max nice priority", #endif #ifdef RLIMIT_RTPRIO [RLIMIT_RTPRIO] = "Max realtime priority", #endif #ifdef RLIMIT_RTTIME [RLIMIT_RTTIME] = "Max realtime timeout", #endif }; static int str2rlimit(char *name) { int i; if (!name || *name == '\0') return -1; for(i = 0; i < RLIM_NLIMITS; i++) { if (strcmp(name, lnames[i]) == 0) return i; } return -1; } static rlim_t str2rlim_t(char *value) { unsigned long long rlimit = 0; if (!value) return (rlim_t)rlimit; if (strcmp(value, "unlimited") == 0) { return RLIM_INFINITY; } rlimit = strtoull(value, NULL, 10); return (rlim_t)rlimit; } #define LIMITS_SKIP_WHITESPACE { \ /* step backwards over spaces */ \ pos--; \ while (pos && line[pos] == ' ') pos--; \ if (!pos) continue; \ line[pos+1] = '\0'; \ } #define LIMITS_MARK_ITEM(item) { \ /* step backwards over non-spaces */ \ pos--; \ while (pos && line[pos] != ' ') pos--; \ if (!pos) continue; \ item = line + pos + 1; \ } static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) { int i, maxlen = 0; FILE *limitsfile; const char *proclimits = "/proc/1/limits"; char line[256]; char *units, *hard, *soft, *name; if (!(limitsfile = fopen(proclimits, "r"))) { pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM defaults", proclimits, strerror(errno)); return; } while (fgets(line, 256, limitsfile)) { int pos = strlen(line); if (pos < 2) continue; /* drop trailing newline */ if (line[pos-1] == '\n') { pos--; line[pos] = '\0'; } /* determine formatting boundry of limits report */ if (!maxlen && strncmp(line, "Limit", 5) == 0) { maxlen = pos; continue; } if (pos == maxlen) { /* step backwards over "Units" name */ LIMITS_SKIP_WHITESPACE; LIMITS_MARK_ITEM(units); } else { units = ""; } /* step backwards over "Hard Limit" value */ LIMITS_SKIP_WHITESPACE; LIMITS_MARK_ITEM(hard); /* step backwards over "Soft Limit" value */ LIMITS_SKIP_WHITESPACE; LIMITS_MARK_ITEM(soft); /* step backwards over name of limit */ LIMITS_SKIP_WHITESPACE; name = line; i = str2rlimit(name); if (i < 0 || i >= RLIM_NLIMITS) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); continue; } pl->limits[i].limit.rlim_cur = str2rlim_t(soft); pl->limits[i].limit.rlim_max = str2rlim_t(hard); pl->limits[i].src_soft = LIMITS_DEF_KERNEL; pl->limits[i].src_hard = LIMITS_DEF_KERNEL; } fclose(limitsfile); } static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl) { int i; int retval = PAM_SUCCESS; D(("called.")); for(i = 0; i < RLIM_NLIMITS; i++) { int r = getrlimit(i, &pl->limits[i].limit); if (r == -1) { pl->limits[i].supported = 0; if (errno != EINVAL) { retval = !PAM_SUCCESS; } } else { pl->limits[i].supported = 1; pl->limits[i].src_soft = LIMITS_DEF_NONE; pl->limits[i].src_hard = LIMITS_DEF_NONE; } } #ifdef __linux__ if (ctrl & PAM_SET_ALL) { parse_kernel_limits(pamh, pl, ctrl); for(i = 0; i < RLIM_NLIMITS; i++) { if (pl->limits[i].supported && (pl->limits[i].src_soft == LIMITS_DEF_NONE || pl->limits[i].src_hard == LIMITS_DEF_NONE)) { pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM default", rlimit2str(i)); } } } #endif errno = 0; pl->priority = getpriority (PRIO_PROCESS, 0); if (pl->priority == -1 && errno != 0) retval = !PAM_SUCCESS; pl->login_limit = -2; pl->login_limit_def = LIMITS_DEF_NONE; return retval; } static void process_limit (const pam_handle_t *pamh, int source, const char *lim_type, const char *lim_item, const char *lim_value, int ctrl, struct pam_limit_s *pl) { int limit_item; int limit_type = 0; int int_value = 0; rlim_t rlimit_value = 0; char *endptr; const char *value_orig = lim_value; if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "%s: processing %s %s %s for %s", __FUNCTION__, lim_type, lim_item, lim_value, limits_def_names[source]); if (strcmp(lim_item, "cpu") == 0) limit_item = RLIMIT_CPU; else if (strcmp(lim_item, "fsize") == 0) limit_item = RLIMIT_FSIZE; else if (strcmp(lim_item, "data") == 0) limit_item = RLIMIT_DATA; else if (strcmp(lim_item, "stack") == 0) limit_item = RLIMIT_STACK; else if (strcmp(lim_item, "core") == 0) limit_item = RLIMIT_CORE; else if (strcmp(lim_item, "rss") == 0) limit_item = RLIMIT_RSS; else if (strcmp(lim_item, "nproc") == 0) limit_item = RLIMIT_NPROC; else if (strcmp(lim_item, "nofile") == 0) limit_item = RLIMIT_NOFILE; else if (strcmp(lim_item, "memlock") == 0) limit_item = RLIMIT_MEMLOCK; #ifdef RLIMIT_AS else if (strcmp(lim_item, "as") == 0) limit_item = RLIMIT_AS; #endif /*RLIMIT_AS*/ #ifdef RLIMIT_LOCKS else if (strcmp(lim_item, "locks") == 0) limit_item = RLIMIT_LOCKS; #endif #ifdef RLIMIT_SIGPENDING else if (strcmp(lim_item, "sigpending") == 0) limit_item = RLIMIT_SIGPENDING; #endif #ifdef RLIMIT_MSGQUEUE else if (strcmp(lim_item, "msgqueue") == 0) limit_item = RLIMIT_MSGQUEUE; #endif #ifdef RLIMIT_NICE else if (strcmp(lim_item, "nice") == 0) limit_item = RLIMIT_NICE; #endif #ifdef RLIMIT_RTPRIO else if (strcmp(lim_item, "rtprio") == 0) limit_item = RLIMIT_RTPRIO; #endif else if (strcmp(lim_item, "maxlogins") == 0) { limit_item = LIMIT_LOGIN; pl->flag_numsyslogins = 0; } else if (strcmp(lim_item, "maxsyslogins") == 0) { limit_item = LIMIT_NUMSYSLOGINS; pl->flag_numsyslogins = 1; } else if (strcmp(lim_item, "priority") == 0) { limit_item = LIMIT_PRI; } else { pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item); return; } if (strcmp(lim_type,"soft")==0) limit_type=LIMIT_SOFT; else if (strcmp(lim_type, "hard")==0) limit_type=LIMIT_HARD; else if (strcmp(lim_type,"-")==0) limit_type=LIMIT_SOFT | LIMIT_HARD; else if (limit_item != LIMIT_LOGIN && limit_item != LIMIT_NUMSYSLOGINS) { pam_syslog(pamh, LOG_DEBUG, "unknown limit type '%s'", lim_type); return; } if (limit_item != LIMIT_PRI #ifdef RLIMIT_NICE && limit_item != RLIMIT_NICE #endif && (strcmp(lim_value, "-1") == 0 || strcmp(lim_value, "-") == 0 || strcmp(lim_value, "unlimited") == 0 || strcmp(lim_value, "infinity") == 0)) { int_value = -1; rlimit_value = RLIM_INFINITY; } else if (limit_item == LIMIT_PRI || limit_item == LIMIT_LOGIN || #ifdef RLIMIT_NICE limit_item == RLIMIT_NICE || #endif limit_item == LIMIT_NUMSYSLOGINS) { long temp; temp = strtol (lim_value, &endptr, 10); temp = temp < INT_MAX ? temp : INT_MAX; int_value = temp > INT_MIN ? temp : INT_MIN; if (int_value == 0 && value_orig == endptr) { pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); return; } } else { #ifdef __USE_FILE_OFFSET64 rlimit_value = strtoull (lim_value, &endptr, 10); #else rlimit_value = strtoul (lim_value, &endptr, 10); #endif if (rlimit_value == 0 && value_orig == endptr) { pam_syslog(pamh, LOG_DEBUG, "wrong limit value '%s' for limit type '%s'", lim_value, lim_type); return; } } /* one more special case when limiting logins */ if ((source == LIMITS_DEF_ALL || source == LIMITS_DEF_ALLGROUP) && (limit_item != LIMIT_LOGIN)) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "'%%' domain valid for maxlogins type only"); return; } switch(limit_item) { case RLIMIT_CPU: if (rlimit_value != RLIM_INFINITY) { if (rlimit_value >= RLIM_INFINITY/60) rlimit_value = RLIM_INFINITY; else rlimit_value *= 60; } break; case RLIMIT_FSIZE: case RLIMIT_DATA: case RLIMIT_STACK: case RLIMIT_CORE: case RLIMIT_RSS: case RLIMIT_MEMLOCK: #ifdef RLIMIT_AS case RLIMIT_AS: #endif if (rlimit_value != RLIM_INFINITY) { if (rlimit_value >= RLIM_INFINITY/1024) rlimit_value = RLIM_INFINITY; else rlimit_value *= 1024; } break; #ifdef RLIMIT_NICE case RLIMIT_NICE: if (int_value > 19) int_value = 19; if (int_value < -20) int_value = -20; rlimit_value = 20 - int_value; break; #endif } if ( (limit_item != LIMIT_LOGIN) && (limit_item != LIMIT_NUMSYSLOGINS) && (limit_item != LIMIT_PRI) ) { if (limit_type & LIMIT_SOFT) { if (pl->limits[limit_item].src_soft < source) { return; } else { pl->limits[limit_item].limit.rlim_cur = rlimit_value; pl->limits[limit_item].src_soft = source; } } if (limit_type & LIMIT_HARD) { if (pl->limits[limit_item].src_hard < source) { return; } else { pl->limits[limit_item].limit.rlim_max = rlimit_value; pl->limits[limit_item].src_hard = source; } } } else { /* recent kernels support negative priority limits (=raise priority) */ if (limit_item == LIMIT_PRI) { pl->priority = int_value; } else { if (pl->login_limit_def < source) { return; } else { pl->login_limit = int_value; pl->login_limit_def = source; } } } return; } static int parse_uid_range(pam_handle_t *pamh, const char *domain, uid_t *min_uid, uid_t *max_uid) { const char *range = domain; char *pmax; char *endptr; int rv = LIMIT_RANGE_MM; if ((pmax=strchr(range, ':')) == NULL) return LIMIT_RANGE_NONE; ++pmax; if (range[0] == '@' || range[0] == '%') ++range; if (range[0] == ':') rv = LIMIT_RANGE_ONE; else { errno = 0; *min_uid = strtoul (range, &endptr, 10); if (errno != 0 || (range == endptr) || *endptr != ':') { pam_syslog(pamh, LOG_DEBUG, "wrong min_uid/gid value in '%s'", domain); return LIMIT_RANGE_ERR; } } if (*pmax == '\0') { if (rv == LIMIT_RANGE_ONE) return LIMIT_RANGE_ERR; else return LIMIT_RANGE_MIN; } errno = 0; *max_uid = strtoul (pmax, &endptr, 10); if (errno != 0 || (pmax == endptr) || *endptr != '\0') { pam_syslog(pamh, LOG_DEBUG, "wrong max_uid/gid value in '%s'", domain); return LIMIT_RANGE_ERR; } if (rv == LIMIT_RANGE_ONE) *min_uid = *max_uid; return rv; } static int parse_config_file(pam_handle_t *pamh, const char *uname, uid_t uid, gid_t gid, int ctrl, struct pam_limit_s *pl) { FILE *fil; char buf[LINE_LENGTH]; /* check for the LIMITS_FILE */ if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_DEBUG, "reading settings from '%s'", CONF_FILE); fil = fopen(CONF_FILE, "r"); if (fil == NULL) { pam_syslog (pamh, LOG_WARNING, "cannot read settings from %s: %m", CONF_FILE); return PAM_SERVICE_ERR; } /* start the show */ while (fgets(buf, LINE_LENGTH, fil) != NULL) { char domain[LINE_LENGTH]; char ltype[LINE_LENGTH]; char item[LINE_LENGTH]; char value[LINE_LENGTH]; int i; int rngtype; size_t j; char *tptr,*line; uid_t min_uid = (uid_t)-1, max_uid = (uid_t)-1; line = buf; /* skip the leading white space */ while (*line && isspace(*line)) line++; /* Rip off the comments */ tptr = strchr(line,'#'); if (tptr) *tptr = '\0'; /* Rip off the newline char */ tptr = strchr(line,'\n'); if (tptr) *tptr = '\0'; /* Anything left ? */ if (!strlen(line)) continue; domain[0] = ltype[0] = item[0] = value[0] = '\0'; i = sscanf(line,"%s%s%s%s", domain, ltype, item, value); D(("scanned line[%d]: domain[%s], ltype[%s], item[%s], value[%s]", i, domain, ltype, item, value)); for(j=0; j < strlen(ltype); j++) ltype[j]=tolower(ltype[j]); if ((rngtype=parse_uid_range(pamh, domain, &min_uid, &max_uid)) < 0) { pam_syslog(pamh, LOG_WARNING, "invalid uid range '%s' - skipped", domain); continue; } if (i == 4) { /* a complete line */ for(j=0; j < strlen(item); j++) item[j]=tolower(item[j]); for(j=0; j < strlen(value); j++) value[j]=tolower(value[j]); if (strcmp(uname, domain) == 0) /* this user have a limit */ process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); else if (domain[0]=='@') { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", uname, domain + 1); } switch(rngtype) { case LIMIT_RANGE_NONE: if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); break; case LIMIT_RANGE_ONE: if (pam_modutil_user_in_group_nam_gid(pamh, uname, (gid_t)max_uid)) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); break; case LIMIT_RANGE_MM: if (gid > (gid_t)max_uid) break; /* fallthrough */ case LIMIT_RANGE_MIN: if (gid >= (gid_t)min_uid) process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl, pl); } } else if (domain[0]=='%') { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "checking if %s is in group %s", uname, domain + 1); } switch(rngtype) { case LIMIT_RANGE_NONE: if (strcmp(domain,"%") == 0) process_limit(pamh, LIMITS_DEF_ALL, ltype, item, value, ctrl, pl); else if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) { strcpy(pl->login_group, domain+1); process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); } break; case LIMIT_RANGE_ONE: if (pam_modutil_user_in_group_nam_gid(pamh, uname, (gid_t)max_uid)) { struct group *grp; grp = pam_modutil_getgrgid(pamh, (gid_t)max_uid); strncpy(pl->login_group, grp->gr_name, sizeof(pl->login_group)); pl->login_group[sizeof(pl->login_group)-1] = '\0'; process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl, pl); } break; case LIMIT_RANGE_MIN: case LIMIT_RANGE_MM: pam_syslog(pamh, LOG_WARNING, "range unsupported for %%group matching - ignored"); } } else { switch(rngtype) { case LIMIT_RANGE_NONE: if (strcmp(domain, "*") == 0) process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl, pl); break; case LIMIT_RANGE_ONE: if (uid != max_uid) break; /* fallthrough */ case LIMIT_RANGE_MM: if (uid > max_uid) break; /* fallthrough */ case LIMIT_RANGE_MIN: if (uid >= min_uid) process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl); } } } else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */ if (strcmp(uname, domain) == 0) { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "no limits for '%s'", uname); } } else if (domain[0] == '@') { switch(rngtype) { case LIMIT_RANGE_NONE: if (!pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1)) continue; /* next line */ break; case LIMIT_RANGE_ONE: if (!pam_modutil_user_in_group_nam_gid(pamh, uname, (gid_t)max_uid)) continue; /* next line */ break; case LIMIT_RANGE_MM: if (gid > (gid_t)max_uid) continue; /* next line */ /* fallthrough */ case LIMIT_RANGE_MIN: if (gid < (gid_t)min_uid) continue; /* next line */ } if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "no limits for '%s' in group '%s'", uname, domain+1); } } else { switch(rngtype) { case LIMIT_RANGE_NONE: continue; /* next line */ case LIMIT_RANGE_ONE: if (uid != max_uid) continue; /* next line */ break; case LIMIT_RANGE_MM: if (uid > max_uid) continue; /* next line */ /* fallthrough */ case LIMIT_RANGE_MIN: if (uid >= min_uid) break; continue; /* next line */ } if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "no limits for '%s'", uname); } } fclose(fil); return PAM_IGNORE; } else { pam_syslog(pamh, LOG_WARNING, "invalid line '%s' - skipped", line); } } fclose(fil); return PAM_SUCCESS; } static int setup_limits(pam_handle_t *pamh, const char *uname, uid_t uid, int ctrl, struct pam_limit_s *pl) { int i; int status; int retval = LIMITED_OK; for (i=0, status=LIMITED_OK; ilimits[i].supported) { /* skip it if its not known to the system */ continue; } if (pl->limits[i].src_soft == LIMITS_DEF_NONE && pl->limits[i].src_hard == LIMITS_DEF_NONE) { /* skip it if its not initialized */ continue; } if (pl->limits[i].limit.rlim_cur > pl->limits[i].limit.rlim_max) pl->limits[i].limit.rlim_cur = pl->limits[i].limit.rlim_max; res = setrlimit(i, &pl->limits[i].limit); if (res != 0) pam_syslog(pamh, LOG_ERR, "Could not set limit for '%s': %m", rlimit2str(i)); status |= res; } if (status) { retval = LIMIT_ERR; } status = setpriority(PRIO_PROCESS, 0, pl->priority); if (status != 0) { pam_syslog(pamh, LOG_ERR, "Could not set limit for PRIO_PROCESS: %m"); retval = LIMIT_ERR; } if (uid == 0) { D(("skip login limit check for uid=0")); } else if (pl->login_limit > 0) { if (check_logins(pamh, uname, pl->login_limit, ctrl, pl) == LOGIN_ERR) { #ifdef HAVE_LIBAUDIT if (!(ctrl & PAM_NO_AUDIT)) { pam_modutil_audit_write(pamh, AUDIT_ANOM_LOGIN_SESSIONS, "pam_limits", PAM_PERM_DENIED); /* ignore return value as we fail anyway */ } #endif retval |= LOGIN_ERR; } } else if (pl->login_limit == 0) { retval |= LOGIN_ERR; } return retval; } /* now the session stuff */ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int retval; int i; int glob_rc; char *user_name; struct passwd *pwd; int ctrl; struct pam_limit_s plstruct; struct pam_limit_s *pl = &plstruct; glob_t globbuf; const char *oldlocale; D(("called.")); memset(pl, 0, sizeof(*pl)); memset(&globbuf, 0, sizeof(globbuf)); ctrl = _pam_parse(pamh, argc, argv, pl); retval = pam_get_item( pamh, PAM_USER, (void*) &user_name ); if ( user_name == NULL || retval != PAM_SUCCESS ) { pam_syslog(pamh, LOG_CRIT, "open_session - error recovering username"); return PAM_SESSION_ERR; } pwd = pam_modutil_getpwnam(pamh, user_name); if (!pwd) { if (ctrl & PAM_DEBUG_ARG) pam_syslog(pamh, LOG_WARNING, "open_session username '%s' does not exist", user_name); return PAM_USER_UNKNOWN; } retval = init_limits(pamh, pl, ctrl); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "cannot initialize"); return PAM_ABORT; } retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable ' -' entry", CONF_FILE)); return PAM_SUCCESS; } if (retval != PAM_SUCCESS || pl->conf_file != NULL) /* skip reading limits.d if config file explicitely specified */ goto out; /* Read subsequent *.conf files, if they exist. */ /* set the LC_COLLATE so the sorting order doesn't depend on system locale */ oldlocale = setlocale(LC_COLLATE, "C"); glob_rc = glob(LIMITS_CONF_GLOB, GLOB_ERR, NULL, &globbuf); if (oldlocale != NULL) setlocale (LC_COLLATE, oldlocale); if (!glob_rc) { /* Parse the *.conf files. */ for (i = 0; globbuf.gl_pathv[i] != NULL; i++) { pl->conf_file = globbuf.gl_pathv[i]; retval = parse_config_file(pamh, pwd->pw_name, pwd->pw_uid, pwd->pw_gid, ctrl, pl); if (retval == PAM_IGNORE) { D(("the configuration file ('%s') has an applicable ' -' entry", pl->conf_file)); globfree(&globbuf); return PAM_SUCCESS; } if (retval != PAM_SUCCESS) goto out; } } out: globfree(&globbuf); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "error parsing the configuration file: '%s' ",CONF_FILE); return retval; } retval = setup_limits(pamh, pwd->pw_name, pwd->pw_uid, ctrl, pl); if (retval & LOGIN_ERR) pam_error(pamh, _("Too many logins for '%s'."), pwd->pw_name); if (retval != LIMITED_OK) { return PAM_PERM_DENIED; } return PAM_SUCCESS; } PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { /* nothing to do */ return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_limits_modstruct = { "pam_limits", NULL, NULL, NULL, pam_sm_open_session, pam_sm_close_session, NULL }; #endif /* * Copyright (c) Cristian Gafton, 1996-1997, * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ pam/modules/pam_limits/tst-pam_limits0000755000000000000000000000006513261244762015233 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_limits.so pam/modules/pam_listfile/0000755000000000000000000000000013261244762012650 5ustar pam/modules/pam_listfile/Makefile.am0000644000000000000000000000136413261244762014710 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile man_MANS = pam_listfile.8 XMLS = README.xml pam_listfile.8.xml TESTS = tst-pam_listfile securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_listfile.la pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_listfile.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_listfile/Makefile.in0000644000000000000000000006017713261244762014730 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_listfile DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_listfile_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_listfile_la_SOURCES = pam_listfile.c pam_listfile_la_OBJECTS = pam_listfile.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_listfile.c DIST_SOURCES = pam_listfile.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_listfile man_MANS = pam_listfile.8 XMLS = README.xml pam_listfile.8.xml TESTS = tst-pam_listfile securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_listfile.la pam_listfile_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_listfile/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_listfile/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_listfile.la: $(pam_listfile_la_OBJECTS) $(pam_listfile_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_listfile_la_OBJECTS) $(pam_listfile_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_listfile.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_listfile.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_listfile/README0000644000000000000000000000705013261244762013532 0ustar pam_listfile — deny or allow services based on an arbitrary file â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. The module gets the item of the type specified -- user specifies the username, PAM_USER; tty specifies the name of the terminal over which the request has been made, PAM_TTY; rhost specifies the name of the remote host (if any) from which the request was made, PAM_RHOST; and ruser specifies the name of the remote user (if available) who made the request, PAM_RUSER -- and looks for an instance of that item in the file=filename. filename contains one line per item listed. If the item is found, then if sense=allow, PAM_SUCCESS is returned, causing the authorization request to succeed; else if sense=deny, PAM_AUTH_ERR is returned, causing the authorization request to fail. If an error is encountered (for instance, if filename does not exist, or a poorly-constructed argument is encountered), then if onerr=succeed, PAM_SUCCESS is returned, otherwise if onerr=fail, PAM_AUTH_ERR or PAM_SERVICE_ERR (as appropriate) will be returned. An additional argument, apply=, can be used to restrict the application of the above to a specific user (apply=username) or a given group (apply=@groupname). This added restriction is only meaningful when used with the tty, rhost and shell items. Besides this last one, all arguments should be specified; do not count on any default behavior. No credentials are awarded by this module. OPTIONS item=[tty|user|rhost|ruser|group|shell] What is listed in the file and should be checked for. sense=[allow|deny] Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. file=/path/filename File containing one item per line. The file needs to be a plain file and not world writable. onerr=[succeed|fail] What to do if something weird happens like being unable to open the file. apply=[user|@group] Restrict the user class for which the restriction apply. Note that with item=[user|ruser|group] this does not make sense, but for item=[tty|rhost| shell] it have a meaning. quiet Do not treat service refusals or missing list files as errors that need to be logged. EXAMPLES Classic 'ftpusers' authentication can be implemented with this entry in /etc/ pam.d/ftpd: # # deny ftp-access to users listed in the /etc/ftpusers file # auth required pam_listfile.so \ onerr=succeed item=user sense=deny file=/etc/ftpusers Note, users listed in /etc/ftpusers file are (counterintuitively) not allowed access to the ftp service. To allow login access only for certain users, you can use a /etc/pam.d/login entry like this: # # permit login to users listed in /etc/loginusers # auth required pam_listfile.so \ onerr=fail item=user sense=allow file=/etc/loginusers For this example to work, all users who are allowed to use the login service should be listed in the file /etc/loginusers. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in /etc/loginusers, or by listing a user who is able to su to the root account. AUTHOR pam_listfile was written by Michael K. Johnson and Elliot Lee . pam/modules/pam_listfile/README.xml0000644000000000000000000000224313261244762014330 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_listfile.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_listfile-name"]/*)'/>
pam/modules/pam_listfile/pam_listfile.80000644000000000000000000001342213261244762015413 0ustar '\" t .\" Title: pam_listfile .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_LISTFILE" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_listfile \- deny or allow services based on an arbitrary file .SH "SYNOPSIS" .HP \w'\fBpam_listfile\&.so\fR\ 'u \fBpam_listfile\&.so\fR item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=\fI/path/filename\fR onerr=[succeed|fail] [apply=[\fIuser\fR|\fI@group\fR]] [quiet] .SH "DESCRIPTION" .PP pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file\&. .PP The module gets the \fBitem\fR of the type specified \-\- \fIuser\fR specifies the username, \fIPAM_USER\fR; tty specifies the name of the terminal over which the request has been made, \fIPAM_TTY\fR; rhost specifies the name of the remote host (if any) from which the request was made, \fIPAM_RHOST\fR; and ruser specifies the name of the remote user (if available) who made the request, \fIPAM_RUSER\fR \-\- and looks for an instance of that item in the \fBfile=\fR\fB\fIfilename\fR\fR\&. filename contains one line per item listed\&. If the item is found, then if \fBsense=\fR\fB\fIallow\fR\fR, \fIPAM_SUCCESS\fR is returned, causing the authorization request to succeed; else if \fBsense=\fR\fB\fIdeny\fR\fR, \fIPAM_AUTH_ERR\fR is returned, causing the authorization request to fail\&. .PP If an error is encountered (for instance, if filename does not exist, or a poorly\-constructed argument is encountered), then if \fIonerr=succeed\fR, \fIPAM_SUCCESS\fR is returned, otherwise if \fIonerr=fail\fR, \fIPAM_AUTH_ERR\fR or \fIPAM_SERVICE_ERR\fR (as appropriate) will be returned\&. .PP An additional argument, \fBapply=\fR, can be used to restrict the application of the above to a specific user (\fBapply=\fR\fB\fIusername\fR\fR) or a given group (\fBapply=\fR\fB\fI@groupname\fR\fR)\&. This added restriction is only meaningful when used with the \fItty\fR, \fIrhost\fR and \fIshell\fR items\&. .PP Besides this last one, all arguments should be specified; do not count on any default behavior\&. .PP No credentials are awarded by this module\&. .SH "OPTIONS" .PP .PP \fBitem=[tty|user|rhost|ruser|group|shell]\fR .RS 4 What is listed in the file and should be checked for\&. .RE .PP \fBsense=[allow|deny]\fR .RS 4 Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested\&. .RE .PP \fBfile=\fR\fB\fI/path/filename\fR\fR .RS 4 File containing one item per line\&. The file needs to be a plain file and not world writable\&. .RE .PP \fBonerr=[succeed|fail]\fR .RS 4 What to do if something weird happens like being unable to open the file\&. .RE .PP \fBapply=[\fR\fB\fIuser\fR\fR\fB|\fR\fB\fI@group\fR\fR\fB]\fR .RS 4 Restrict the user class for which the restriction apply\&. Note that with \fBitem=[user|ruser|group]\fR this does not make sense, but for \fBitem=[tty|rhost|shell]\fR it have a meaning\&. .RE .PP \fBquiet\fR .RS 4 Do not treat service refusals or missing list files as errors that need to be logged\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP PAM_AUTH_ERR .RS 4 Authentication failure\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_IGNORE .RS 4 The rule does not apply to the \fBapply\fR option\&. .RE .PP PAM_SERVICE_ERR .RS 4 Error in service module\&. .RE .PP PAM_SUCCESS .RS 4 Success\&. .RE .SH "EXAMPLES" .PP Classic \*(Aqftpusers\*(Aq authentication can be implemented with this entry in /etc/pam\&.d/ftpd: .sp .if n \{\ .RS 4 .\} .nf # # deny ftp\-access to users listed in the /etc/ftpusers file # auth required pam_listfile\&.so \e onerr=succeed item=user sense=deny file=/etc/ftpusers .fi .if n \{\ .RE .\} .sp Note, users listed in /etc/ftpusers file are (counterintuitively) \fInot\fR allowed access to the ftp service\&. .PP To allow login access only for certain users, you can use a /etc/pam\&.d/login entry like this: .sp .if n \{\ .RS 4 .\} .nf # # permit login to users listed in /etc/loginusers # auth required pam_listfile\&.so \e onerr=fail item=user sense=allow file=/etc/loginusers .fi .if n \{\ .RE .\} .sp For this example to work, all users who are allowed to use the login service should be listed in the file /etc/loginusers\&. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in /etc/loginusers, or by listing a user who is able to \fIsu\fR to the root account\&. .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_listfile was written by Michael K\&. Johnson and Elliot Lee \&. pam/modules/pam_listfile/pam_listfile.8.xml0000644000000000000000000002236513261244762016220 0ustar pam_listfile 8 Linux-PAM Manual pam_listfile deny or allow services based on an arbitrary file pam_listfile.so item=[tty|user|rhost|ruser|group|shell] sense=[allow|deny] file=/path/filename onerr=[succeed|fail] apply=[user|@group] quiet DESCRIPTION pam_listfile is a PAM module which provides a way to deny or allow services based on an arbitrary file. The module gets the of the type specified -- user specifies the username, PAM_USER; tty specifies the name of the terminal over which the request has been made, PAM_TTY; rhost specifies the name of the remote host (if any) from which the request was made, PAM_RHOST; and ruser specifies the name of the remote user (if available) who made the request, PAM_RUSER -- and looks for an instance of that item in the . filename contains one line per item listed. If the item is found, then if , PAM_SUCCESS is returned, causing the authorization request to succeed; else if , PAM_AUTH_ERR is returned, causing the authorization request to fail. If an error is encountered (for instance, if filename does not exist, or a poorly-constructed argument is encountered), then if onerr=succeed, PAM_SUCCESS is returned, otherwise if onerr=fail, PAM_AUTH_ERR or PAM_SERVICE_ERR (as appropriate) will be returned. An additional argument, , can be used to restrict the application of the above to a specific user () or a given group (). This added restriction is only meaningful when used with the tty, rhost and shell items. Besides this last one, all arguments should be specified; do not count on any default behavior. No credentials are awarded by this module. OPTIONS What is listed in the file and should be checked for. Action to take if found in file, if the item is NOT found in the file, then the opposite action is requested. File containing one item per line. The file needs to be a plain file and not world writable. What to do if something weird happens like being unable to open the file. Restrict the user class for which the restriction apply. Note that with this does not make sense, but for it have a meaning. Do not treat service refusals or missing list files as errors that need to be logged. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_AUTH_ERR Authentication failure. PAM_BUF_ERR Memory buffer error. PAM_IGNORE The rule does not apply to the option. PAM_SERVICE_ERR Error in service module. PAM_SUCCESS Success. EXAMPLES Classic 'ftpusers' authentication can be implemented with this entry in /etc/pam.d/ftpd: # # deny ftp-access to users listed in the /etc/ftpusers file # auth required pam_listfile.so \ onerr=succeed item=user sense=deny file=/etc/ftpusers Note, users listed in /etc/ftpusers file are (counterintuitively) not allowed access to the ftp service. To allow login access only for certain users, you can use a /etc/pam.d/login entry like this: # # permit login to users listed in /etc/loginusers # auth required pam_listfile.so \ onerr=fail item=user sense=allow file=/etc/loginusers For this example to work, all users who are allowed to use the login service should be listed in the file /etc/loginusers. Unless you are explicitly trying to lock out root, make sure that when you do this, you leave a way for root to log in, either by listing root in /etc/loginusers, or by listing a user who is able to su to the root account. SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_listfile was written by Michael K. Johnson <johnsonm@redhat.com> and Elliot Lee <sopwith@cuc.edu>. pam/modules/pam_listfile/pam_listfile.c0000644000000000000000000002467313261244762015500 0ustar /* * by Elliot Lee , Red Hat Software. July 25, 1996. * log refused access error christopher mccrory 1998/7/11 * * This code began life as the pam_rootok module. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #ifdef PAM_DEBUG #include #endif /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_PASSWORD #define PAM_SM_SESSION #include #include #include #include /* --- authentication management functions (only) --- */ /* Extended Items that are not directly available via pam_get_item() */ #define EI_GROUP (1 << 0) #define EI_SHELL (1 << 1) /* Constants for apply= parameter */ #define APPLY_TYPE_NULL 0 #define APPLY_TYPE_NONE 1 #define APPLY_TYPE_USER 2 #define APPLY_TYPE_GROUP 3 #define LESSER(a, b) ((a) < (b) ? (a) : (b)) PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2, quiet=0; const void *void_citemp; const char *citemp; char *ifname=NULL; char aline[256]; char mybuf[256],myval[256]; struct stat fileinfo; FILE *inf; char apply_val[256]; int apply_type; /* Stuff for "extended" items */ struct passwd *userinfo; apply_type=APPLY_TYPE_NULL; memset(apply_val,0,sizeof(apply_val)); for(i=0; i < argc; i++) { { const char *junk; /* option quiet has no value */ if(!strcmp(argv[i],"quiet")) { quiet = 1; continue; } memset(mybuf,'\0',sizeof(mybuf)); memset(myval,'\0',sizeof(myval)); junk = strchr(argv[i], '='); if((junk == NULL) || (junk - argv[i]) >= (int) sizeof(mybuf)) { pam_syslog(pamh,LOG_ERR, "Bad option: \"%s\"", argv[i]); continue; } strncpy(mybuf, argv[i], LESSER(junk - argv[i], (int)sizeof(mybuf) - 1)); strncpy(myval, junk + 1, sizeof(myval) - 1); } if(!strcmp(mybuf,"onerr")) if(!strcmp(myval,"succeed")) onerr = PAM_SUCCESS; else if(!strcmp(myval,"fail")) onerr = PAM_SERVICE_ERR; else { if (ifname) free (ifname); return PAM_SERVICE_ERR; } else if(!strcmp(mybuf,"sense")) if(!strcmp(myval,"allow")) sense=0; else if(!strcmp(myval,"deny")) sense=1; else { if (ifname) free (ifname); return onerr; } else if(!strcmp(mybuf,"file")) { if (ifname) free (ifname); ifname = (char *)malloc(strlen(myval)+1); if (!ifname) return PAM_BUF_ERR; strcpy(ifname,myval); } else if(!strcmp(mybuf,"item")) if(!strcmp(myval,"user")) citem = PAM_USER; else if(!strcmp(myval,"tty")) citem = PAM_TTY; else if(!strcmp(myval,"rhost")) citem = PAM_RHOST; else if(!strcmp(myval,"ruser")) citem = PAM_RUSER; else { /* These items are related to the user, but are not directly gettable with pam_get_item */ citem = PAM_USER; if(!strcmp(myval,"group")) extitem = EI_GROUP; else if(!strcmp(myval,"shell")) extitem = EI_SHELL; else citem = 0; } else if(!strcmp(mybuf,"apply")) { apply_type=APPLY_TYPE_NONE; memset(apply_val,'\0',sizeof(apply_val)); if (myval[0]=='@') { apply_type=APPLY_TYPE_GROUP; strncpy(apply_val,myval+1,sizeof(apply_val)-1); } else { apply_type=APPLY_TYPE_USER; strncpy(apply_val,myval,sizeof(apply_val)-1); } } else { free(ifname); pam_syslog(pamh,LOG_ERR, "Unknown option: %s",mybuf); return onerr; } } if(!citem) { pam_syslog(pamh,LOG_ERR, "Unknown item or item not specified"); free(ifname); return onerr; } else if(!ifname) { pam_syslog(pamh,LOG_ERR, "List filename not specified"); return onerr; } else if(sense == 2) { pam_syslog(pamh,LOG_ERR, "Unknown sense or sense not specified"); free(ifname); return onerr; } else if( (apply_type==APPLY_TYPE_NONE) || ((apply_type!=APPLY_TYPE_NULL) && (*apply_val=='\0')) ) { pam_syslog(pamh,LOG_ERR, "Invalid usage for apply= parameter"); free (ifname); return onerr; } /* Check if it makes sense to use the apply= parameter */ if (apply_type != APPLY_TYPE_NULL) { if((citem==PAM_USER) || (citem==PAM_RUSER)) { pam_syslog(pamh,LOG_WARNING, "Non-sense use for apply= parameter"); apply_type=APPLY_TYPE_NULL; } if(extitem && (extitem==EI_GROUP)) { pam_syslog(pamh,LOG_WARNING, "Non-sense use for apply= parameter"); apply_type=APPLY_TYPE_NULL; } } /* Short-circuit - test if this session apply for this user */ { const char *user_name; int rval; rval=pam_get_user(pamh,&user_name,NULL); if((rval==PAM_SUCCESS) && user_name && user_name[0]) { /* Got it ? Valid ? */ if(apply_type==APPLY_TYPE_USER) { if(strcmp(user_name, apply_val)) { /* Does not apply to this user */ #ifdef PAM_DEBUG pam_syslog(pamh,LOG_DEBUG, "don't apply: apply=%s, user=%s", apply_val,user_name); #endif /* PAM_DEBUG */ free(ifname); return PAM_IGNORE; } } else if(apply_type==APPLY_TYPE_GROUP) { if(!pam_modutil_user_in_group_nam_nam(pamh,user_name,apply_val)) { /* Not a member of apply= group */ #ifdef PAM_DEBUG pam_syslog(pamh,LOG_DEBUG, "don't apply: %s not a member of group %s", user_name,apply_val); #endif /* PAM_DEBUG */ free(ifname); return PAM_IGNORE; } } } } retval = pam_get_item(pamh,citem,&void_citemp); citemp = void_citemp; if(retval != PAM_SUCCESS) { free(ifname); return onerr; } if((citem == PAM_USER) && !citemp) { retval = pam_get_user(pamh,&citemp,NULL); if (retval != PAM_SUCCESS || !citemp) { free(ifname); return PAM_SERVICE_ERR; } } if((citem == PAM_TTY) && citemp) { /* Normalize the TTY name. */ if(strncmp(citemp, "/dev/", 5) == 0) { citemp += 5; } } if(!citemp || (strlen(citemp) == 0)) { free(ifname); /* The item was NULL - we are sure not to match */ return sense?PAM_SUCCESS:PAM_AUTH_ERR; } if(extitem) { switch(extitem) { case EI_GROUP: /* Just ignore, call pam_modutil_in_group... later */ break; case EI_SHELL: /* Assume that we have already gotten PAM_USER in pam_get_item() - a valid assumption since citem gets set to PAM_USER in the extitem switch */ userinfo = pam_modutil_getpwnam(pamh, citemp); if (userinfo == NULL) { pam_syslog(pamh,LOG_ERR, "getpwnam(%s) failed", citemp); free(ifname); return onerr; } citemp = userinfo->pw_shell; break; default: pam_syslog(pamh,LOG_ERR, "Internal weirdness, unknown extended item %d", extitem); free(ifname); return onerr; } } #ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Got file = %s, item = %d, value = %s, sense = %d", ifname, citem, citemp, sense); #endif if(lstat(ifname,&fileinfo)) { if(!quiet) pam_syslog(pamh,LOG_ERR, "Couldn't open %s",ifname); free(ifname); return onerr; } if((fileinfo.st_mode & S_IWOTH) || !S_ISREG(fileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ pam_syslog(pamh,LOG_ERR, "%s is either world writable or not a normal file", ifname); free(ifname); return PAM_AUTH_ERR; } inf = fopen(ifname,"r"); if(inf == NULL) { /* Check that we opened it successfully */ if (onerr == PAM_SERVICE_ERR) { /* Only report if it's an error... */ pam_syslog(pamh,LOG_ERR, "Error opening %s", ifname); } free(ifname); return onerr; } /* There should be no more errors from here on */ retval=PAM_AUTH_ERR; /* This loop assumes that PAM_SUCCESS == 0 and PAM_AUTH_ERR != 0 */ #ifdef PAM_DEBUG assert(PAM_SUCCESS == 0); assert(PAM_AUTH_ERR != 0); #endif while((fgets(aline,sizeof(aline),inf) != NULL) && retval) { char *a = aline; if(strlen(aline) == 0) continue; if(aline[strlen(aline) - 1] == '\n') aline[strlen(aline) - 1] = '\0'; if(strlen(aline) == 0) continue; if(aline[strlen(aline) - 1] == '\r') aline[strlen(aline) - 1] = '\0'; if(citem == PAM_TTY) { if(strncmp(a, "/dev/", 5) == 0) a += 5; } if (extitem == EI_GROUP) { retval = !pam_modutil_user_in_group_nam_nam(pamh, citemp, aline); } else { retval = strcmp(a, citemp); } } fclose(inf); free(ifname); if ((sense && retval) || (!sense && !retval)) { #ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Returning PAM_SUCCESS, retval = %d", retval); #endif return PAM_SUCCESS; } else { const void *service; const char *user_name; #ifdef PAM_DEBUG pam_syslog(pamh,LOG_INFO, "Returning PAM_AUTH_ERR, retval = %d", retval); #endif (void) pam_get_item(pamh, PAM_SERVICE, &service); (void) pam_get_user(pamh, &user_name, NULL); if (!quiet) pam_syslog (pamh, LOG_ALERT, "Refused user %s for service %s", user_name, (const char *)service); return PAM_AUTH_ERR; } } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_listfile_modstruct = { "pam_listfile", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok, }; #endif /* PAM_STATIC */ /* end of module definition */ pam/modules/pam_listfile/tst-pam_listfile0000755000000000000000000000006713261244762016061 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_listfile.so pam/modules/pam_localuser/0000755000000000000000000000000013261244762013026 5ustar pam/modules/pam_localuser/Makefile.am0000644000000000000000000000137313261244762015066 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_localuser TESTS = tst-pam_localuser man_MANS = pam_localuser.8 XMLS = README.xml pam_localuser.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_localuser.la pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_localuser.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_localuser/Makefile.in0000644000000000000000000006022613261244762015101 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_localuser DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_localuser_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_localuser_la_SOURCES = pam_localuser.c pam_localuser_la_OBJECTS = pam_localuser.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_localuser.c DIST_SOURCES = pam_localuser.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_localuser TESTS = tst-pam_localuser man_MANS = pam_localuser.8 XMLS = README.xml pam_localuser.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_localuser.la pam_localuser_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_localuser/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_localuser/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_localuser.la: $(pam_localuser_la_OBJECTS) $(pam_localuser_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_localuser_la_OBJECTS) $(pam_localuser_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_localuser.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_localuser.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_localuser/README0000644000000000000000000000221613261244762013707 0ustar pam_localuser — require users to be listed in /etc/passwd â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users. This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out. OPTIONS debug Print debug information. file=/path/passwd Use a file other than /etc/passwd. EXAMPLES Add the following line to /etc/pam.d/su to allow only local users in group wheel to use su. account sufficient pam_localuser.so account required pam_wheel.so AUTHOR pam_localuser was written by Nalin Dahyabhai . pam/modules/pam_localuser/README.xml0000644000000000000000000000225613261244762014512 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_localuser.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_localuser-name"]/*)'/>
pam/modules/pam_localuser/pam_localuser.80000644000000000000000000000554313261244762015754 0ustar '\" t .\" Title: pam_localuser .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_LOCALUSER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_localuser \- require users to be listed in /etc/passwd .SH "SYNOPSIS" .HP \w'\fBpam_localuser\&.so\fR\ 'u \fBpam_localuser\&.so\fR [debug] [file=\fI/path/passwd\fR] .SH "DESCRIPTION" .PP pam_localuser is a PAM module to help implementing site\-wide login policies, where they typically include a subset of the network\*(Aqs users and a few accounts that are local to a particular workstation\&. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network\*(Aqs users\&. .PP This could also be implemented using pam_listfile\&.so and a very short awk script invoked by cron, but it\*(Aqs common enough to have been separated out\&. .SH "OPTIONS" .PP .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBfile=\fR\fB\fI/path/passwd\fR\fR .RS 4 Use a file other than /etc/passwd\&. .RE .SH "MODULE TYPES PROVIDED" .PP All module types (\fBaccount\fR, \fBauth\fR, \fBpassword\fR and \fBsession\fR) are provided\&. .SH "RETURN VALUES" .PP .PP PAM_SUCCESS .RS 4 The new localuser was set successfully\&. .RE .PP PAM_SERVICE_ERR .RS 4 No username was given\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/su to allow only local users in group wheel to use su\&. .sp .if n \{\ .RS 4 .\} .nf account sufficient pam_localuser\&.so account required pam_wheel\&.so .fi .if n \{\ .RE .\} .sp .SH "FILES" .PP /etc/passwd .RS 4 Local user account information\&. .RE .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_localuser was written by Nalin Dahyabhai \&. pam/modules/pam_localuser/pam_localuser.8.xml0000644000000000000000000001063113261244762016545 0ustar pam_localuser 8 Linux-PAM Manual pam_localuser require users to be listed in /etc/passwd pam_localuser.so debug file=/path/passwd DESCRIPTION pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users. This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out. OPTIONS Print debug information. Use a file other than /etc/passwd. MODULE TYPES PROVIDED All module types (, , and ) are provided. RETURN VALUES PAM_SUCCESS The new localuser was set successfully. PAM_SERVICE_ERR No username was given. PAM_USER_UNKNOWN User not known. EXAMPLES Add the following line to /etc/pam.d/su to allow only local users in group wheel to use su. account sufficient pam_localuser.so account required pam_wheel.so FILES /etc/passwd Local user account information. SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. pam/modules/pam_localuser/pam_localuser.c0000644000000000000000000001133713261244762016025 0ustar /* * Copyright 2001, 2004 Red Hat, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #include #include #include #define MODULE_NAME "pam_localuser" PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, ret = PAM_SUCCESS; FILE *fp; int debug = 0; const char *filename = "/etc/passwd"; char line[LINE_MAX], name[LINE_MAX]; const char* user; /* process arguments */ for(i = 0; i < argc; i++) { if(strcmp("debug", argv[i]) == 0) { debug = 1; } } for(i = 0; i < argc; i++) { if(strncmp("file=", argv[i], 5) == 0) { filename = argv[i] + 5; if(debug) { pam_syslog (pamh, LOG_DEBUG, "set filename to \"%s\"", filename); } } } /* open the file */ fp = fopen(filename, "r"); if(fp == NULL) { pam_syslog (pamh, LOG_ERR, "error opening \"%s\": %m", filename); return PAM_SYSTEM_ERR; } if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { pam_syslog (pamh, LOG_ERR, "user name not specified yet"); fclose(fp); return PAM_SYSTEM_ERR; } if ((user == NULL) || (strlen(user) == 0)) { pam_syslog (pamh, LOG_ERR, "user name not valid"); fclose(fp); return PAM_SYSTEM_ERR; } /* scan the file, using fgets() instead of fgetpwent() because i * don't want to mess with applications which call fgetpwent() */ ret = PAM_PERM_DENIED; snprintf(name, sizeof(name), "%s:", user); i = strlen(name); while(fgets(line, sizeof(line), fp) != NULL) { if(debug) { pam_syslog (pamh, LOG_DEBUG, "checking \"%s\"", line); } if(strncmp(name, line, i) == 0) { ret = PAM_SUCCESS; break; } } /* okay, we're done */ fclose(fp); return ret; } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_localuser_modstruct = { "pam_localuser", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam/modules/pam_localuser/tst-pam_localuser0000755000000000000000000000007013261244762016407 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_localuser.so pam/modules/pam_loginuid/0000755000000000000000000000000013261244762012647 5ustar pam/modules/pam_loginuid/Makefile.am0000644000000000000000000000140013261244762014676 0ustar # # Copyright (c) 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_loginuid man_MANS = pam_loginuid.8 XMLS = README.xml pam_loginuid.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_loginuid.la pam_loginuid_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBAUDIT@ if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_loginuid.8.xml -include $(top_srcdir)/Make.xml.rules endif TESTS = tst-pam_loginuid pam/modules/pam_loginuid/Makefile.in0000644000000000000000000006021113261244762014714 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_loginuid DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_loginuid_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_loginuid_la_SOURCES = pam_loginuid.c pam_loginuid_la_OBJECTS = pam_loginuid.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_loginuid.c DIST_SOURCES = pam_loginuid.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_loginuid man_MANS = pam_loginuid.8 XMLS = README.xml pam_loginuid.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_loginuid.la pam_loginuid_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBAUDIT@ @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README TESTS = tst-pam_loginuid all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_loginuid/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_loginuid/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_loginuid.la: $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_loginuid_la_OBJECTS) $(pam_loginuid_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_loginuid.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_loginuid.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_loginuid/README0000644000000000000000000000213513261244762013530 0ustar pam_loginuid — Record user's login uid to the process attribute â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to. EXAMPLES #%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so AUTHOR pam_loginuid was written by Steve Grubb pam/modules/pam_loginuid/README.xml0000644000000000000000000000175413261244762014335 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_loginuid.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_loginuid-name"]/*)'/>
pam/modules/pam_loginuid/pam_loginuid.80000644000000000000000000000532413261244762015413 0ustar '\" t .\" Title: pam_loginuid .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_LOGINUID" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_loginuid \- Record user\*(Aqs login uid to the process attribute .SH "SYNOPSIS" .HP \w'\fBpam_loginuid\&.so\fR\ 'u \fBpam_loginuid\&.so\fR [require_auditd] .SH "DESCRIPTION" .PP The pam_loginuid module sets the loginuid process attribute for the process that was authenticated\&. This is necessary for applications to be correctly audited\&. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd\&. There are probably other entry point applications besides these\&. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to\&. .SH "OPTIONS" .PP \fBrequire_auditd\fR .RS 4 This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP .PP PAM_SESSION_ERR .RS 4 An error occurred during session management\&. .RE .SH "EXAMPLES" .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 auth required pam_unix\&.so auth required pam_nologin\&.so account required pam_unix\&.so password required pam_unix\&.so session required pam_unix\&.so session required pam_loginuid\&.so .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8), \fBauditctl\fR(8), \fBauditd\fR(8) .SH "AUTHOR" .PP pam_loginuid was written by Steve Grubb pam/modules/pam_loginuid/pam_loginuid.8.xml0000644000000000000000000000701313261244762016207 0ustar pam_loginuid 8 Linux-PAM Manual pam_loginuid Record user's login uid to the process attribute pam_loginuid.so require_auditd DESCRIPTION The pam_loginuid module sets the loginuid process attribute for the process that was authenticated. This is necessary for applications to be correctly audited. This PAM module should only be used for entry point applications like: login, sshd, gdm, vsftpd, crond and atd. There are probably other entry point applications besides these. You should not use it for applications like sudo or su as that defeats the purpose by changing the loginuid to the account they just switched to. OPTIONS This option, when given, will cause this module to query the audit daemon status and deny logins if it is not running. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SESSION_ERR An error occurred during session management. EXAMPLES #%PAM-1.0 auth required pam_unix.so auth required pam_nologin.so account required pam_unix.so password required pam_unix.so session required pam_unix.so session required pam_loginuid.so SEE ALSO pam.conf5 , pam.d5 , pam8 , auditctl8 , auditd8 AUTHOR pam_loginuid was written by Steve Grubb <sgrubb@redhat.com> pam/modules/pam_loginuid/pam_loginuid.c0000644000000000000000000001350013261244762015461 0ustar /* pam_loginuid.c -- * Copyright 2005 Red Hat Inc., Durham, North Carolina. * All Rights Reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Suite 500 * Boston, MA 02110-1335 USA * * Authors: * Steve Grubb * * PAM module that sets the login uid introduced in kernel 2.6.11 */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBAUDIT #include #include #include #endif /* * This function writes the loginuid to the /proc system. It returns * 0 on success and 1 on failure. */ static int set_loginuid(pam_handle_t *pamh, uid_t uid) { int fd, count, rc = 0; char loginuid[24]; count = snprintf(loginuid, sizeof(loginuid), "%lu", (unsigned long)uid); fd = open("/proc/self/loginuid", O_NOFOLLOW|O_WRONLY|O_TRUNC); if (fd < 0) { if (errno != ENOENT) { rc = 1; pam_syslog(pamh, LOG_ERR, "Cannot open /proc/self/loginuid: %m"); } return rc; } if (pam_modutil_write(fd, loginuid, count) != count) rc = 1; close(fd); return rc; } #ifdef HAVE_LIBAUDIT /* * This function is called only if "require_auditd" option is passed. It is * called after loginuid has been set. The purpose is to disallow logins * should the audit daemon not be running or crashed. It returns PAM_SUCCESS * if the audit daemon is running and PAM_SESSION_ERR otherwise. */ static int check_auditd(void) { int fd, retval; fd = audit_open(); if (fd < 0) { /* This is here to let people that build their own kernel and disable the audit system get in. You get these error codes only when the kernel doesn't have audit compiled in. */ if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return PAM_SUCCESS; return PAM_SESSION_ERR; } retval = audit_request_status(fd); if (retval > 0) { struct audit_reply rep; int i; int timeout = 30; /* tenths of seconds */ fd_set read_mask; FD_ZERO(&read_mask); FD_SET(fd, &read_mask); for (i = 0; i < timeout; i++) { struct timeval t; int rc; t.tv_sec = 0; t.tv_usec = 100000; do { rc = select(fd+1, &read_mask, NULL, NULL, &t); } while (rc < 0 && errno == EINTR); rc = audit_get_reply(fd, &rep, GET_REPLY_NONBLOCKING,0); if (rc > 0) { /* If we get done or error, break out */ if (rep.type == NLMSG_DONE || rep.type == NLMSG_ERROR) break; /* If its not status, keep looping */ if (rep.type != AUDIT_GET) continue; /* Found it... */ close(fd); if (rep.status->pid == 0) return PAM_SESSION_ERR; else return PAM_SUCCESS; } } } close(fd); if (retval == -ECONNREFUSED) { /* This is here to let people that build their own kernel and disable the audit system get in. ECONNREFUSED is issued by the kernel when there is "no on listening". */ return PAM_SUCCESS; } else if (retval == -EPERM && getuid() != 0) { /* If we get this, then the kernel supports auditing * but we don't have enough privilege to write to the * socket. Therefore, we have already been authenticated * and we are a common user. Just act as though auditing * is not enabled. Any other error we take seriously. */ return PAM_SUCCESS; } return PAM_SESSION_ERR; } #endif /* * Initialize audit session for user */ static int _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, #ifdef HAVE_LIBAUDIT int argc, const char **argv #else int argc UNUSED, const char **argv UNUSED #endif ) { const char *user = NULL; struct passwd *pwd; #ifdef HAVE_LIBAUDIT int require_auditd = 0; #endif /* get user name */ if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "error recovering login user-name"); return PAM_SESSION_ERR; } /* get user info */ if ((pwd = pam_modutil_getpwnam(pamh, user)) == NULL) { pam_syslog(pamh, LOG_ERR, "error: login user-name '%s' does not exist", user); return PAM_SESSION_ERR; } if (set_loginuid(pamh, pwd->pw_uid)) { pam_syslog(pamh, LOG_ERR, "set_loginuid failed\n"); return PAM_SESSION_ERR; } #ifdef HAVE_LIBAUDIT while (argc-- > 0) { if (strcmp(*argv, "require_auditd") == 0) require_auditd = 1; argv++; } if (require_auditd) return check_auditd(); else #endif return PAM_SUCCESS; } /* * PAM routines * * This is here for vsftpd which doesn't seem to run the session stack */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return _pam_loginuid(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return _pam_loginuid(pamh, flags, argc, argv); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* static module data */ #ifdef PAM_STATIC struct pam_module _pam_loginuid_modstruct = { "pam_loginuid", NULL, NULL, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, NULL }; #endif pam/modules/pam_loginuid/tst-pam_loginuid0000755000000000000000000000006713261244762016057 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_loginuid.so pam/modules/pam_mail/0000755000000000000000000000000013261244762011757 5ustar pam/modules/pam_mail/Makefile.am0000644000000000000000000000133013261244762014010 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mail man_MANS = pam_mail.8 XMLS = README.xml pam_mail.8.xml TESTS = tst-pam_mail securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_mail.la pam_mail_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_mail.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_mail/Makefile.in0000644000000000000000000006004313261244762014027 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_mail DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_mail_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_mail_la_SOURCES = pam_mail.c pam_mail_la_OBJECTS = pam_mail.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_mail.c DIST_SOURCES = pam_mail.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mail man_MANS = pam_mail.8 XMLS = README.xml pam_mail.8.xml TESTS = tst-pam_mail securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_mail.la pam_mail_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_mail/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_mail/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_mail.la: $(pam_mail_la_OBJECTS) $(pam_mail_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_mail_la_OBJECTS) $(pam_mail_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mail.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_mail.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_mail/README0000644000000000000000000000373013261244762012642 0ustar pam_mail — Inform about available mail â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_mail PAM module provides the "you have new mail" service to the user. It can be plugged into any application that has credential or session hooks. It gives a single message indicating the newness of any mail it finds in the user's mail folder. This module also sets the PAM environment variable, MAIL, to the user's mail directory. If the mail spool file (be it /var/mail/$USER or a pathname given with the dir= parameter) is a directory then pam_mail assumes it is in the Maildir format. OPTIONS close Indicate if the user has any mail also on logout. debug Print debug information. dir=maildir Look for the users' mail in an alternative location defined by maildir/ . The default location for mail is /var/mail/. Note, if the supplied maildir is prefixed by a '~', the directory is interpreted as indicating a file in the user's home directory. empty Also print message if user has no mail. hash=count Mail directory hash depth. For example, a hashcount of 2 would make the mail file be /var/spool/mail/u/s/user. noenv Do not set the MAIL environment variable. nopen Don't print any mail information on login. This flag is useful to get the MAIL environment variable set, but to not display any information about it. quiet Only report when there is new mail. standard Old style "You have..." format which doesn't show the mail spool being used. This also implies "empty". EXAMPLES Add the following line to /etc/pam.d/login to indicate that the user has new mail when they login to the system. session optional pam_mail.so standard AUTHOR pam_mail was written by Andrew G. Morgan . pam/modules/pam_mail/README.xml0000644000000000000000000000216713261244762013444 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mail.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mail-name"]/*)'/>
pam/modules/pam_mail/pam_mail.80000644000000000000000000000754013261244762013635 0ustar '\" t .\" Title: pam_mail .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MAIL" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_mail \- Inform about available mail .SH "SYNOPSIS" .HP \w'\fBpam_mail\&.so\fR\ 'u \fBpam_mail\&.so\fR [close] [debug] [dir=\fImaildir\fR] [empty] [hash=\fIcount\fR] [noenv] [nopen] [quiet] [standard] .SH "DESCRIPTION" .PP The pam_mail PAM module provides the "you have new mail" service to the user\&. It can be plugged into any application that has credential or session hooks\&. It gives a single message indicating the \fInewness\fR of any mail it finds in the user\*(Aqs mail folder\&. This module also sets the PAM environment variable, \fBMAIL\fR, to the user\*(Aqs mail directory\&. .PP If the mail spool file (be it /var/mail/$USER or a pathname given with the \fBdir=\fR parameter) is a directory then pam_mail assumes it is in the \fIMaildir\fR format\&. .SH "OPTIONS" .PP .PP \fBclose\fR .RS 4 Indicate if the user has any mail also on logout\&. .RE .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBdir=\fR\fB\fImaildir\fR\fR .RS 4 Look for the users\*(Aq mail in an alternative location defined by maildir/\&. The default location for mail is /var/mail/\&. Note, if the supplied maildir is prefixed by a \*(Aq~\*(Aq, the directory is interpreted as indicating a file in the user\*(Aqs home directory\&. .RE .PP \fBempty\fR .RS 4 Also print message if user has no mail\&. .RE .PP \fBhash=\fR\fB\fIcount\fR\fR .RS 4 Mail directory hash depth\&. For example, a \fIhashcount\fR of 2 would make the mail file be /var/spool/mail/u/s/user\&. .RE .PP \fBnoenv\fR .RS 4 Do not set the \fBMAIL\fR environment variable\&. .RE .PP \fBnopen\fR .RS 4 Don\*(Aqt print any mail information on login\&. This flag is useful to get the \fBMAIL\fR environment variable set, but to not display any information about it\&. .RE .PP \fBquiet\fR .RS 4 Only report when there is new mail\&. .RE .PP \fBstandard\fR .RS 4 Old style "You have\&.\&.\&." format which doesn\*(Aqt show the mail spool being used\&. This also implies "empty"\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBsession\fR and \fBauth\fR (on establishment and deletion of credentials) module types are provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_SERVICE_ERR .RS 4 Badly formed arguments\&. .RE .PP PAM_SUCCESS .RS 4 Success\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known\&. .RE .SH "EXAMPLES" .PP Add the following line to /etc/pam\&.d/login to indicate that the user has new mail when they login to the system\&. .sp .if n \{\ .RS 4 .\} .nf session optional pam_mail\&.so standard .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_mail was written by Andrew G\&. Morgan \&. pam/modules/pam_mail/pam_mail.8.xml0000644000000000000000000001615513261244762014436 0ustar pam_mail 8 Linux-PAM Manual pam_mail Inform about available mail pam_mail.so close debug dir=maildir empty hash=count noenv nopen quiet standard DESCRIPTION The pam_mail PAM module provides the "you have new mail" service to the user. It can be plugged into any application that has credential or session hooks. It gives a single message indicating the newness of any mail it finds in the user's mail folder. This module also sets the PAM environment variable, MAIL, to the user's mail directory. If the mail spool file (be it /var/mail/$USER or a pathname given with the parameter) is a directory then pam_mail assumes it is in the Maildir format. OPTIONS Indicate if the user has any mail also on logout. Print debug information. Look for the users' mail in an alternative location defined by maildir/<login>. The default location for mail is /var/mail/<login>. Note, if the supplied maildir is prefixed by a '~', the directory is interpreted as indicating a file in the user's home directory. Also print message if user has no mail. Mail directory hash depth. For example, a hashcount of 2 would make the mail file be /var/spool/mail/u/s/user. Do not set the MAIL environment variable. Don't print any mail information on login. This flag is useful to get the MAIL environment variable set, but to not display any information about it. Only report when there is new mail. Old style "You have..." format which doesn't show the mail spool being used. This also implies "empty". MODULE TYPES PROVIDED The and (on establishment and deletion of credentials) module types are provided. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_SERVICE_ERR Badly formed arguments. PAM_SUCCESS Success. PAM_USER_UNKNOWN User not known. EXAMPLES Add the following line to /etc/pam.d/login to indicate that the user has new mail when they login to the system. session optional pam_mail.so standard SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_mail was written by Andrew G. Morgan <morgan@kernel.org>. pam/modules/pam_mail/pam_mail.c0000644000000000000000000002701113261244762013703 0ustar /* pam_mail module */ /* * Written by Andrew Morgan 1996/3/11 * $HOME additions by David Kinchlea 1997/1/7 * mailhash additions by Chris Adams 1998/7/11 */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_PATHS_H #include #endif #define DEFAULT_MAIL_DIRECTORY PAM_PATH_MAILDIR #define MAIL_FILE_FORMAT "%s%s/%s" #define MAIL_ENV_NAME "MAIL" #define MAIL_ENV_FORMAT MAIL_ENV_NAME "=%s" /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_SESSION #define PAM_SM_AUTH #include #include #include #include /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 #define PAM_NO_LOGIN 0x0002 #define PAM_LOGOUT_TOO 0x0004 #define PAM_NEW_MAIL_DIR 0x0010 #define PAM_MAIL_SILENT 0x0020 #define PAM_NO_ENV 0x0040 #define PAM_HOME_MAIL 0x0100 #define PAM_EMPTY_TOO 0x0200 #define PAM_STANDARD_MAIL 0x0400 #define PAM_QUIET_MAIL 0x1000 #define HAVE_NEW_MAIL 0x1 #define HAVE_OLD_MAIL 0x2 #define HAVE_NO_MAIL 0x3 #define HAVE_MAIL 0x4 static int _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, const char **maildir, size_t *hashcount) { int ctrl=0; if (flags & PAM_SILENT) { ctrl |= PAM_MAIL_SILENT; } *hashcount = 0; /* step through arguments */ for (; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strcmp(*argv,"quiet")) ctrl |= PAM_QUIET_MAIL; else if (!strcmp(*argv,"standard")) ctrl |= PAM_STANDARD_MAIL | PAM_EMPTY_TOO; else if (!strncmp(*argv,"dir=",4)) { *maildir = 4 + *argv; if (**maildir != '\0') { D(("new mail directory: %s", *maildir)); ctrl |= PAM_NEW_MAIL_DIR; } else { pam_syslog(pamh, LOG_ERR, "dir= specification missing argument - ignored"); } } else if (!strncmp(*argv,"hash=",5)) { char *ep = NULL; *hashcount = strtoul(*argv+5,&ep,10); if (!ep) { *hashcount = 0; } } else if (!strcmp(*argv,"close")) { ctrl |= PAM_LOGOUT_TOO; } else if (!strcmp(*argv,"nopen")) { ctrl |= PAM_NO_LOGIN; } else if (!strcmp(*argv,"noenv")) { ctrl |= PAM_NO_ENV; } else if (!strcmp(*argv,"empty")) { ctrl |= PAM_EMPTY_TOO; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } if ((*hashcount != 0) && !(ctrl & PAM_NEW_MAIL_DIR)) { *maildir = DEFAULT_MAIL_DIRECTORY; ctrl |= PAM_NEW_MAIL_DIR; } return ctrl; } static int get_folder(pam_handle_t *pamh, int ctrl, const char *path_mail, char **folder_p, size_t hashcount, const struct passwd *pwd) { int retval; const char *path; char *folder = NULL; if (ctrl & PAM_NEW_MAIL_DIR) { path = path_mail; if (*path == '~') { /* support for $HOME delivery */ /* * "~/xxx" and "~xxx" are treated as same */ if (!*++path || (*path == '/' && !*++path)) { pam_syslog(pamh, LOG_ERR, "badly formed mail path [%s]", path_mail); retval = PAM_SERVICE_ERR; goto get_folder_cleanup; } ctrl |= PAM_HOME_MAIL; if (hashcount != 0) { pam_syslog(pamh, LOG_ERR, "cannot do hash= and home directory mail"); } } } else { path = DEFAULT_MAIL_DIRECTORY; } /* put folder together */ hashcount = hashcount < strlen(pwd->pw_name) ? hashcount : strlen(pwd->pw_name); retval = PAM_BUF_ERR; if (ctrl & PAM_HOME_MAIL) { if (asprintf(&folder, MAIL_FILE_FORMAT, pwd->pw_dir, "", path) < 0) goto get_folder_cleanup; } else { int rc; size_t i; char *hash; if ((hash = malloc(2 * hashcount + 1)) == NULL) goto get_folder_cleanup; for (i = 0; i < hashcount; i++) { hash[2 * i] = '/'; hash[2 * i + 1] = pwd->pw_name[i]; } hash[2 * i] = '\0'; rc = asprintf(&folder, MAIL_FILE_FORMAT, path, hash, pwd->pw_name); _pam_overwrite(hash); _pam_drop(hash); if (rc < 0) goto get_folder_cleanup; } D(("folder=[%s]", folder)); retval = PAM_SUCCESS; /* tidy up */ get_folder_cleanup: path = NULL; *folder_p = folder; folder = NULL; if (retval == PAM_BUF_ERR) pam_syslog(pamh, LOG_CRIT, "out of memory for mail folder"); return retval; } static int get_mail_status(pam_handle_t *pamh, int ctrl, const char *folder) { int type = 0; struct stat mail_st; if (stat(folder, &mail_st) < 0) return 0; if (S_ISDIR(mail_st.st_mode)) { /* Assume Maildir format */ int i, save_errno; char *dir; struct dirent **namelist; if (asprintf(&dir, "%s/new", folder) < 0) { pam_syslog(pamh, LOG_CRIT, "out of memory"); goto get_mail_status_cleanup; } i = scandir(dir, &namelist, 0, alphasort); save_errno = errno; _pam_overwrite(dir); _pam_drop(dir); if (i < 0) { type = 0; namelist = NULL; if (save_errno == ENOMEM) { pam_syslog(pamh, LOG_CRIT, "out of memory"); goto get_mail_status_cleanup; } } type = (i > 2) ? HAVE_NEW_MAIL : 0; while (--i >= 0) _pam_drop(namelist[i]); _pam_drop(namelist); if (type == 0) { if (asprintf(&dir, "%s/cur", folder) < 0) { pam_syslog(pamh, LOG_CRIT, "out of memory"); goto get_mail_status_cleanup; } i = scandir(dir, &namelist, 0, alphasort); save_errno = errno; _pam_overwrite(dir); _pam_drop(dir); if (i < 0) { type = 0; namelist = NULL; if (save_errno == ENOMEM) { pam_syslog(pamh, LOG_CRIT, "out of memory"); goto get_mail_status_cleanup; } } if (i > 2) type = HAVE_OLD_MAIL; else type = (ctrl & PAM_EMPTY_TOO) ? HAVE_NO_MAIL : 0; while (--i >= 0) _pam_drop(namelist[i]); _pam_drop(namelist); } } else { if (mail_st.st_size > 0) { if (mail_st.st_atime < mail_st.st_mtime) /* new */ type = HAVE_NEW_MAIL; else /* old */ type = (ctrl & PAM_STANDARD_MAIL) ? HAVE_MAIL : HAVE_OLD_MAIL; } else if (ctrl & PAM_EMPTY_TOO) { type = HAVE_NO_MAIL; } else { type = 0; } } get_mail_status_cleanup: memset(&mail_st, 0, sizeof(mail_st)); D(("user has %d mail in %s folder", type, folder)); return type; } static int report_mail(pam_handle_t *pamh, int ctrl, int type, const char *folder) { int retval; if ((ctrl & PAM_MAIL_SILENT) || ((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL)) { D(("keeping quiet")); retval = PAM_SUCCESS; } else { if (ctrl & PAM_STANDARD_MAIL) switch (type) { case HAVE_NO_MAIL: retval = pam_info (pamh, "%s", _("No mail.")); break; case HAVE_NEW_MAIL: retval = pam_info (pamh, "%s", _("You have new mail.")); break; case HAVE_OLD_MAIL: retval = pam_info (pamh, "%s", _("You have old mail.")); break; case HAVE_MAIL: default: retval = pam_info (pamh, "%s", _("You have mail.")); break; } else switch (type) { case HAVE_NO_MAIL: retval = pam_info (pamh, _("You have no mail in folder %s."), folder); break; case HAVE_NEW_MAIL: retval = pam_info (pamh, _("You have new mail in folder %s."), folder); break; case HAVE_OLD_MAIL: retval = pam_info (pamh, _("You have old mail in folder %s."), folder); break; case HAVE_MAIL: default: retval = pam_info (pamh, _("You have mail in folder %s."), folder); break; } } D(("returning %s", pam_strerror(pamh, retval))); return retval; } static int _do_mail(pam_handle_t *, int, int, const char **, int); /* --- authentication functions --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } /* Checking mail as part of authentication */ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { if (!(flags & (PAM_ESTABLISH_CRED|PAM_DELETE_CRED))) return PAM_IGNORE; return _do_mail(pamh,flags,argc,argv,(flags & PAM_ESTABLISH_CRED)); } /* --- session management functions --- */ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc ,const char **argv) { return _do_mail(pamh,flags,argc,argv,0); } /* Checking mail as part of the session management */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { return _do_mail(pamh,flags,argc,argv,1); } /* --- The Beaf (Tm) --- */ static int _do_mail(pam_handle_t *pamh, int flags, int argc, const char **argv, int est) { int retval, ctrl, type; size_t hashcount; char *folder = NULL; const char *user; const char *path_mail = NULL; const struct passwd *pwd = NULL; /* * this module (un)sets the MAIL environment variable, and checks if * the user has any new mail. */ ctrl = _pam_parse(pamh, flags, argc, argv, &path_mail, &hashcount); retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS || user == NULL) { pam_syslog(pamh, LOG_ERR, "cannot determine username"); return PAM_USER_UNKNOWN; } pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { pam_syslog(pamh, LOG_ERR, "user unknown"); return PAM_USER_UNKNOWN; } /* which folder? */ retval = get_folder(pamh, ctrl, path_mail, &folder, hashcount, pwd); if (retval != PAM_SUCCESS) { D(("failed to find folder")); return retval; } /* set the MAIL variable? */ if (!(ctrl & PAM_NO_ENV) && est) { char *tmp; if (asprintf(&tmp, MAIL_ENV_FORMAT, folder) < 0) { pam_syslog(pamh, LOG_CRIT, "no memory for " MAIL_ENV_NAME " variable"); retval = PAM_BUF_ERR; goto do_mail_cleanup; } D(("setting env: %s", tmp)); retval = pam_putenv(pamh, tmp); _pam_overwrite(tmp); _pam_drop(tmp); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_CRIT, "unable to set " MAIL_ENV_NAME " variable"); retval = PAM_BUF_ERR; goto do_mail_cleanup; } } else { D(("not setting " MAIL_ENV_NAME " variable")); } /* * OK. we've got the mail folder... what about its status? */ if ((est && !(ctrl & PAM_NO_LOGIN)) || (!est && (ctrl & PAM_LOGOUT_TOO))) { PAM_MODUTIL_DEF_PRIVS(privs); if (pam_modutil_drop_priv(pamh, &privs, pwd)) { retval = PAM_SESSION_ERR; goto do_mail_cleanup; } else { type = get_mail_status(pamh, ctrl, folder); if (pam_modutil_regain_priv(pamh, &privs)) { retval = PAM_SESSION_ERR; goto do_mail_cleanup; } } if (type != 0) { retval = report_mail(pamh, ctrl, type, folder); type = 0; } } /* Delete environment variable? */ if ( ! est && ! (ctrl & PAM_NO_ENV) ) (void) pam_putenv(pamh, MAIL_ENV_NAME); do_mail_cleanup: _pam_overwrite(folder); _pam_drop(folder); /* indicate success or failure */ return retval; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_mail_modstruct = { "pam_mail", pam_sm_authenticate, pam_sm_setcred, NULL, pam_sm_open_session, pam_sm_close_session, NULL, }; #endif /* end of module definition */ pam/modules/pam_mail/tst-pam_mail0000755000000000000000000000006313261244762014273 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_mail.so pam/modules/pam_mkhomedir/0000755000000000000000000000000013261244762013014 5ustar pam/modules/pam_mkhomedir/Makefile.am0000644000000000000000000000212413261244762015047 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # Copyright (c) 2008 Red Hat, Inc. # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkhomedir man_MANS = pam_mkhomedir.8 mkhomedir_helper.8 XMLS = README.xml pam_mkhomedir.8.xml mkhomedir_helper.8.xml TESTS = tst-pam_mkhomedir securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\" securelib_LTLIBRARIES = pam_mkhomedir.la pam_mkhomedir_la_SOURCES = pam_mkhomedir.c pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING pam_mkhomedir_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif sbin_PROGRAMS = mkhomedir_helper mkhomedir_helper_SOURCES = mkhomedir_helper.c mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_mkhomedir.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_mkhomedir/Makefile.in0000644000000000000000000006640513261244762015074 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # Copyright (c) 2008 Red Hat, Inc. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map sbin_PROGRAMS = mkhomedir_helper$(EXEEXT) subdir = modules/pam_mkhomedir DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" \ "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_mkhomedir_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la am_pam_mkhomedir_la_OBJECTS = pam_mkhomedir.lo pam_mkhomedir_la_OBJECTS = $(am_pam_mkhomedir_la_OBJECTS) pam_mkhomedir_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_mkhomedir_la_LDFLAGS) $(LDFLAGS) -o $@ PROGRAMS = $(sbin_PROGRAMS) am_mkhomedir_helper_OBJECTS = mkhomedir_helper.$(OBJEXT) mkhomedir_helper_OBJECTS = $(am_mkhomedir_helper_OBJECTS) mkhomedir_helper_DEPENDENCIES = $(top_builddir)/libpam/libpam.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) DIST_SOURCES = $(pam_mkhomedir_la_SOURCES) $(mkhomedir_helper_SOURCES) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_mkhomedir man_MANS = pam_mkhomedir.8 mkhomedir_helper.8 XMLS = README.xml pam_mkhomedir.8.xml mkhomedir_helper.8.xml TESTS = tst-pam_mkhomedir securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DMKHOMEDIR_HELPER=\"$(sbindir)/mkhomedir_helper\" securelib_LTLIBRARIES = pam_mkhomedir.la pam_mkhomedir_la_SOURCES = pam_mkhomedir.c pam_mkhomedir_la_LIBADD = $(top_builddir)/libpam/libpam.la pam_mkhomedir_la_LDFLAGS = -no-undefined -avoid-version -module \ $(am__append_1) mkhomedir_helper_SOURCES = mkhomedir_helper.c mkhomedir_helper_LDADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_mkhomedir/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_mkhomedir/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_mkhomedir.la: $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_DEPENDENCIES) $(pam_mkhomedir_la_LINK) -rpath $(securelibdir) $(pam_mkhomedir_la_OBJECTS) $(pam_mkhomedir_la_LIBADD) $(LIBS) install-sbinPROGRAMS: $(sbin_PROGRAMS) @$(NORMAL_INSTALL) test -z "$(sbindir)" || $(MKDIR_P) "$(DESTDIR)$(sbindir)" @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ for p in $$list; do echo "$$p $$p"; done | \ sed 's/$(EXEEXT)$$//' | \ while read p p1; do if test -f $$p || test -f $$p1; \ then echo "$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) files[d] = files[d] " " $$1; \ else { print "f", $$3 "/" $$4, $$1; } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \ } \ ; done uninstall-sbinPROGRAMS: @$(NORMAL_UNINSTALL) @list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" || list=; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ -e 's/$$/$(EXEEXT)/' `; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(sbindir)" && rm -f $$files clean-sbinPROGRAMS: @list='$(sbin_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list mkhomedir_helper$(EXEEXT): $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_DEPENDENCIES) @rm -f mkhomedir_helper$(EXEEXT) $(LINK) $(mkhomedir_helper_OBJECTS) $(mkhomedir_helper_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mkhomedir_helper.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_mkhomedir.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-sbinPROGRAMS \ clean-securelibLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-sbinPROGRAMS install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-sbinPROGRAMS \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-sbinPROGRAMS \ clean-securelibLTLIBRARIES ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-sbinPROGRAMS install-securelibLTLIBRARIES \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags uninstall uninstall-am uninstall-man \ uninstall-man8 uninstall-sbinPROGRAMS \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_mkhomedir.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_mkhomedir/README0000644000000000000000000000252113261244762013674 0ustar pam_mkhomedir — PAM module to create users home directory â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre-creating a large number of directories. The skeleton directory (usually /etc/skel/) is used to copy default files and also sets a umask for the creation. The new users home directory will not be removed after logout of the user. EXAMPLES A sample /etc/pam.d/login file: auth requisite pam_securetty.so auth sufficient pam_ldap.so auth required pam_unix.so auth required pam_nologin.so account sufficient pam_ldap.so account required pam_unix.so password required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_lastlog.so session optional pam_mail.so standard AUTHOR pam_mkhomedir was written by Jason Gunthorpe . pam/modules/pam_mkhomedir/README.xml0000644000000000000000000000176513261244762014504 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_mkhomedir.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_mkhomedir-name"]/*)'/>
pam/modules/pam_mkhomedir/mkhomedir_helper.80000644000000000000000000000424113261244762016424 0ustar '\" t .\" Title: mkhomedir_helper .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "MKHOMEDIR_HELPER" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" mkhomedir_helper \- Helper binary that creates home directories .SH "SYNOPSIS" .HP \w'\fBmkhomedir_helper\fR\ 'u \fBmkhomedir_helper\fR {\fIuser\fR} [\fIumask\fR\ [\ \fIpath\-to\-skel\fR\ ]] .SH "DESCRIPTION" .PP \fImkhomedir_helper\fR is a helper program for the \fIpam_mkhomedir\fR module that creates home directories and populates them with contents of the specified skel directory\&. .PP The default value of \fIumask\fR is 0022 and the default value of \fIpath\-to\-skel\fR is \fI/etc/skel\fR\&. .PP The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories\&. The SELinux domain transition happens when the module is executing the \fImkhomedir_helper\fR\&. .PP The helper never touches home directories if they already exist\&. .SH "SEE ALSO" .PP \fBpam_mkhomedir\fR(8) .SH "AUTHOR" .PP Written by Tomas Mraz based on the code originally in \fIpam_mkhomedir\fR module\&. pam/modules/pam_mkhomedir/mkhomedir_helper.8.xml0000644000000000000000000000443113261244762017224 0ustar mkhomedir_helper 8 Linux-PAM Manual mkhomedir_helper Helper binary that creates home directories mkhomedir_helper user umask path-to-skel DESCRIPTION mkhomedir_helper is a helper program for the pam_mkhomedir module that creates home directories and populates them with contents of the specified skel directory. The default value of umask is 0022 and the default value of path-to-skel is /etc/skel. The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories. The SELinux domain transition happens when the module is executing the mkhomedir_helper. The helper never touches home directories if they already exist. SEE ALSO pam_mkhomedir8 AUTHOR Written by Tomas Mraz based on the code originally in pam_mkhomedir module. pam/modules/pam_mkhomedir/mkhomedir_helper.c0000644000000000000000000002207413261244762016503 0ustar /* mkhomedir_helper - helper for pam_mkhomedir module Released under the GNU LGPL version 2 or later Copyright (c) Red Hat, Inc., 2009 Originally written by Jason Gunthorpe Feb 1999 Structure taken from pam_lastlogin by Andrew Morgan 1996 */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include static unsigned long u_mask = 0022; static char skeldir[BUFSIZ] = "/etc/skel"; /* Do the actual work of creating a home dir */ static int create_homedir(const struct passwd *pwd, const char *source, const char *dest) { char remark[BUFSIZ]; DIR *d; struct dirent *dent; int retval = PAM_SESSION_ERR; /* Create the new directory */ if (mkdir(dest, 0700) && errno != EEXIST) { pam_syslog(NULL, LOG_ERR, "unable to create directory %s: %m", dest); return PAM_PERM_DENIED; } /* See if we need to copy the skel dir over. */ if ((source == NULL) || (strlen(source) == 0)) { retval = PAM_SUCCESS; goto go_out; } /* Scan the directory */ d = opendir(source); if (d == NULL) { pam_syslog(NULL, LOG_DEBUG, "unable to read directory %s: %m", source); retval = PAM_PERM_DENIED; goto go_out; } for (dent = readdir(d); dent != NULL; dent = readdir(d)) { int srcfd; int destfd; int res; struct stat st; #ifndef PATH_MAX char *newsource = NULL, *newdest = NULL; /* track length of buffers */ int nslen = 0, ndlen = 0; int slen = strlen(source), dlen = strlen(dest); #else char newsource[PATH_MAX], newdest[PATH_MAX]; #endif /* Skip some files.. */ if (strcmp(dent->d_name,".") == 0 || strcmp(dent->d_name,"..") == 0) continue; /* Determine what kind of file it is. */ #ifndef PATH_MAX nslen = slen + strlen(dent->d_name) + 2; if (nslen <= 0) { retval = PAM_BUF_ERR; goto go_out; } if ((newsource = malloc(nslen)) == NULL) { retval = PAM_BUF_ERR; goto go_out; } sprintf(newsource, "%s/%s", source, dent->d_name); #else snprintf(newsource, sizeof(newsource), "%s/%s", source, dent->d_name); #endif if (lstat(newsource, &st) != 0) #ifndef PATH_MAX { free(newsource); newsource = NULL; continue; } #else continue; #endif /* We'll need the new file's name. */ #ifndef PATH_MAX ndlen = dlen + strlen(dent->d_name)+2; if (ndlen <= 0) { retval = PAM_BUF_ERR; goto go_out; } if ((newdest = malloc(ndlen)) == NULL) { free (newsource); retval = PAM_BUF_ERR; goto go_out; } sprintf (newdest, "%s/%s", dest, dent->d_name); #else snprintf (newdest, sizeof (newdest), "%s/%s", dest, dent->d_name); #endif /* If it's a directory, recurse. */ if (S_ISDIR(st.st_mode)) { retval = create_homedir(pwd, newsource, newdest); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif if (retval != PAM_SUCCESS) { closedir(d); goto go_out; } continue; } /* If it's a symlink, create a new link. */ if (S_ISLNK(st.st_mode)) { int pointedlen = 0; #ifndef PATH_MAX char *pointed = NULL; { int size = 100; while (1) { pointed = malloc(size); if (pointed == NULL) { free(newsource); free(newdest); return PAM_BUF_ERR; } pointedlen = readlink(newsource, pointed, size); if (pointedlen < 0) break; if (pointedlen < size) break; free(pointed); size *= 2; } } if (pointedlen < 0) free(pointed); else pointed[pointedlen] = 0; #else char pointed[PATH_MAX]; memset(pointed, 0, sizeof(pointed)); pointedlen = readlink(newsource, pointed, sizeof(pointed) - 1); #endif if (pointedlen >= 0) { if(symlink(pointed, newdest) == 0) { if (lchown(newdest, pwd->pw_uid, pwd->pw_gid) != 0) { pam_syslog(NULL, LOG_DEBUG, "unable to change perms on link %s: %m", newdest); closedir(d); #ifndef PATH_MAX free(pointed); free(newsource); free(newdest); #endif return PAM_PERM_DENIED; } } #ifndef PATH_MAX free(pointed); #endif } #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif continue; } /* If it's not a regular file, it's probably not a good idea to create * the new device node, FIFO, or whatever it is. */ if (!S_ISREG(st.st_mode)) { #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif continue; } /* Open the source file */ if ((srcfd = open(newsource, O_RDONLY)) < 0 || fstat(srcfd, &st) != 0) { pam_syslog(NULL, LOG_DEBUG, "unable to open src file %s: %m", newsource); closedir(d); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif return PAM_PERM_DENIED; } if (stat(newsource, &st) != 0) { pam_syslog(NULL, LOG_DEBUG, "unable to stat src file %s: %m", newsource); close(srcfd); closedir(d); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif return PAM_PERM_DENIED; } /* Open the dest file */ if ((destfd = open(newdest, O_WRONLY | O_TRUNC | O_CREAT, 0600)) < 0) { pam_syslog(NULL, LOG_DEBUG, "unable to open dest file %s: %m", newdest); close(srcfd); closedir(d); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif return PAM_PERM_DENIED; } /* Set the proper ownership and permissions for the module. We make the file a+w and then mask it with the set mask. This preseves execute bits */ if (fchmod(destfd, (st.st_mode | 0222) & (~u_mask)) != 0 || fchown(destfd, pwd->pw_uid, pwd->pw_gid) != 0) { pam_syslog(NULL, LOG_DEBUG, "unable to change perms on copy %s: %m", newdest); close(srcfd); close(destfd); closedir(d); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif return PAM_PERM_DENIED; } /* Copy the file */ do { res = pam_modutil_read(srcfd, remark, sizeof(remark)); if (res == 0) continue; if (res > 0) { if (pam_modutil_write(destfd, remark, res) == res) continue; } /* If we get here, pam_modutil_read returned a -1 or pam_modutil_write returned something unexpected. */ pam_syslog(NULL, LOG_DEBUG, "unable to perform IO: %m"); close(srcfd); close(destfd); closedir(d); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif return PAM_PERM_DENIED; } while (res != 0); close(srcfd); close(destfd); #ifndef PATH_MAX free(newsource); newsource = NULL; free(newdest); newdest = NULL; #endif } closedir(d); retval = PAM_SUCCESS; go_out: if (chmod(dest, 0777 & (~u_mask)) != 0 || chown(dest, pwd->pw_uid, pwd->pw_gid) != 0) { pam_syslog(NULL, LOG_DEBUG, "unable to change perms on directory %s: %m", dest); return PAM_PERM_DENIED; } return retval; } static int make_parent_dirs(char *dir, int make) { int rc = PAM_SUCCESS; char *cp = strrchr(dir, '/'); struct stat st; if (!cp || cp == dir) return rc; *cp = '\0'; if (stat(dir, &st) && errno == ENOENT) rc = make_parent_dirs(dir, 1); *cp = '/'; if (rc != PAM_SUCCESS) return rc; if (make && mkdir(dir, 0755) && errno != EEXIST) { pam_syslog(NULL, LOG_ERR, "unable to create directory %s: %m", dir); return PAM_PERM_DENIED; } return rc; } int main(int argc, char *argv[]) { struct passwd *pwd; struct stat st; if (argc < 2) { fprintf(stderr, "Usage: %s [ []]\n", argv[0]); return PAM_SESSION_ERR; } pwd = getpwnam(argv[1]); if (pwd == NULL) { pam_syslog(NULL, LOG_ERR, "User unknown."); return PAM_CRED_INSUFFICIENT; } if (argc >= 3) { char *eptr; errno = 0; u_mask = strtoul(argv[2], &eptr, 0); if (errno != 0 || *eptr != '\0') { pam_syslog(NULL, LOG_ERR, "Bogus umask value %s", argv[2]); return PAM_SESSION_ERR; } } if (argc >= 4) { if (strlen(argv[3]) >= sizeof(skeldir)) { pam_syslog(NULL, LOG_ERR, "Too long skeldir path."); return PAM_SESSION_ERR; } strcpy(skeldir, argv[3]); } /* Stat the home directory, if something exists then we assume it is correct and return a success */ if (stat(pwd->pw_dir, &st) == 0) return PAM_SUCCESS; if (make_parent_dirs(pwd->pw_dir, 0) != PAM_SUCCESS) return PAM_PERM_DENIED; return create_homedir(pwd, skeldir, pwd->pw_dir); } pam/modules/pam_mkhomedir/pam_mkhomedir.80000644000000000000000000000677313261244762015736 0ustar '\" t .\" Title: pam_mkhomedir .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MKHOMEDIR" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_mkhomedir \- PAM module to create users home directory .SH "SYNOPSIS" .HP \w'\fBpam_mkhomedir\&.so\fR\ 'u \fBpam_mkhomedir\&.so\fR [silent] [umask=\fImode\fR] [skel=\fIskeldir\fR] .SH "DESCRIPTION" .PP The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins\&. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre\-creating a large number of directories\&. The skeleton directory (usually /etc/skel/) is used to copy default files and also sets a umask for the creation\&. .PP The new users home directory will not be removed after logout of the user\&. .SH "OPTIONS" .PP \fBsilent\fR .RS 4 Don\*(Aqt print informative messages\&. .RE .PP \fBumask=\fR\fB\fImask\fR\fR .RS 4 The user file\-creation mask is set to \fImask\fR\&. The default value of mask is 0022\&. .RE .PP \fBskel=\fR\fB\fI/path/to/skel/directory\fR\fR .RS 4 Indicate an alternative skel directory to override the default /etc/skel\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_CRED_INSUFFICIENT .RS 4 Insufficient credentials to access authentication data\&. .RE .PP PAM_PERM_DENIED .RS 4 Not enough permissions to create the new directory or read the skel directory\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known to the underlying authentication module\&. .RE .PP PAM_SUCCESS .RS 4 Environment variables were set\&. .RE .SH "FILES" .PP /etc/skel .RS 4 Default skel directory .RE .SH "EXAMPLES" .PP A sample /etc/pam\&.d/login file: .sp .if n \{\ .RS 4 .\} .nf auth requisite pam_securetty\&.so auth sufficient pam_ldap\&.so auth required pam_unix\&.so auth required pam_nologin\&.so account sufficient pam_ldap\&.so account required pam_unix\&.so password required pam_unix\&.so session required pam_mkhomedir\&.so skel=/etc/skel/ umask=0022 session required pam_unix\&.so session optional pam_lastlog\&.so session optional pam_mail\&.so standard .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.d\fR(5), \fBpam\fR(8)\&. .SH "AUTHOR" .PP pam_mkhomedir was written by Jason Gunthorpe \&. pam/modules/pam_mkhomedir/pam_mkhomedir.8.xml0000644000000000000000000001274513261244762016531 0ustar pam_mkhomedir 8 Linux-PAM Manual pam_mkhomedir PAM module to create users home directory pam_mkhomedir.so silent umask=mode skel=skeldir DESCRIPTION The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins. This allows users to be present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre-creating a large number of directories. The skeleton directory (usually /etc/skel/) is used to copy default files and also sets a umask for the creation. The new users home directory will not be removed after logout of the user. OPTIONS Don't print informative messages. The user file-creation mask is set to mask. The default value of mask is 0022. Indicate an alternative skel directory to override the default /etc/skel. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_BUF_ERR Memory buffer error. PAM_CRED_INSUFFICIENT Insufficient credentials to access authentication data. PAM_PERM_DENIED Not enough permissions to create the new directory or read the skel directory. PAM_USER_UNKNOWN User not known to the underlying authentication module. PAM_SUCCESS Environment variables were set. FILES /etc/skel Default skel directory EXAMPLES A sample /etc/pam.d/login file: auth requisite pam_securetty.so auth sufficient pam_ldap.so auth required pam_unix.so auth required pam_nologin.so account sufficient pam_ldap.so account required pam_unix.so password required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_lastlog.so session optional pam_mail.so standard SEE ALSO pam.d5 , pam8 . AUTHOR pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>. pam/modules/pam_mkhomedir/pam_mkhomedir.c0000644000000000000000000001543513261244762016004 0ustar /* PAM Make Home Dir module This module will create a users home directory if it does not exist when the session begins. This allows users to be present in central database (such as nis, kerb or ldap) without using a distributed file system or pre-creating a large number of directories. Here is a sample /etc/pam.d/login file for Debian GNU/Linux 2.1: auth requisite pam_securetty.so auth sufficient pam_ldap.so auth required pam_unix.so auth optional pam_group.so auth optional pam_mail.so account requisite pam_time.so account sufficient pam_ldap.so account required pam_unix.so session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_lastlog.so password required pam_unix.so Released under the GNU LGPL version 2 or later Copyright (c) Red Hat, Inc. 2009 Originally written by Jason Gunthorpe Feb 1999 Structure taken from pam_lastlogin by Andrew Morgan 1996 */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_SESSION #include #include #include #include #define MAX_FD_NO 10000 /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ struct options_t { int ctrl; const char *umask; const char *skeldir; }; typedef struct options_t options_t; static void _pam_parse (const pam_handle_t *pamh, int flags, int argc, const char **argv, options_t *opt) { opt->ctrl = 0; opt->umask = "0022"; opt->skeldir = "/etc/skel"; /* does the appliction require quiet? */ if ((flags & PAM_SILENT) == PAM_SILENT) opt->ctrl |= MKHOMEDIR_QUIET; /* step through arguments */ for (; argc-- > 0; ++argv) { if (!strcmp(*argv, "silent")) { opt->ctrl |= MKHOMEDIR_QUIET; } else if (!strcmp(*argv, "debug")) { opt->ctrl |= MKHOMEDIR_DEBUG; } else if (!strncmp(*argv,"umask=",6)) { opt->umask = *argv+6; } else if (!strncmp(*argv,"skel=",5)) { opt->skeldir = *argv+5; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } } /* Do the actual work of creating a home dir */ static int create_homedir (pam_handle_t *pamh, options_t *opt, const struct passwd *pwd) { int retval, child; struct sigaction newsa, oldsa; /* Mention what is happening, if the notification fails that is OK */ if (!(opt->ctrl & MKHOMEDIR_QUIET)) pam_info(pamh, _("Creating directory '%s'."), pwd->pw_dir); D(("called.")); /* * This code arranges that the demise of the child does not cause * the application to receive a signal it is not expecting - which * may kill the application or worse. */ memset(&newsa, '\0', sizeof(newsa)); newsa.sa_handler = SIG_DFL; sigaction(SIGCHLD, &newsa, &oldsa); if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Executing mkhomedir_helper."); } /* fork */ child = fork(); if (child == 0) { int i; struct rlimit rlim; static char *envp[] = { NULL }; char *args[] = { NULL, NULL, NULL, NULL, NULL }; if (getrlimit(RLIMIT_NOFILE, &rlim)==0) { if (rlim.rlim_max >= MAX_FD_NO) rlim.rlim_max = MAX_FD_NO; for (i=0; i < (int)rlim.rlim_max; i++) { close(i); } } /* exec the mkhomedir helper */ args[0] = x_strdup(MKHOMEDIR_HELPER); args[1] = pwd->pw_name; args[2] = x_strdup(opt->umask); args[3] = x_strdup(opt->skeldir); execve(MKHOMEDIR_HELPER, args, envp); /* should not get here: exit with error */ D(("helper binary is not available")); _exit(PAM_SYSTEM_ERR); } else if (child > 0) { int rc; while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR); if (rc < 0) { pam_syslog(pamh, LOG_ERR, "waitpid failed: %m"); retval = PAM_SYSTEM_ERR; } else if (!WIFEXITED(retval)) { pam_syslog(pamh, LOG_ERR, "mkhomedir_helper abnormal exit: %d", retval); retval = PAM_SYSTEM_ERR; } else { retval = WEXITSTATUS(retval); } } else { D(("fork failed")); pam_syslog(pamh, LOG_ERR, "fork failed: %m"); retval = PAM_SYSTEM_ERR; } sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */ if (opt->ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "mkhomedir_helper returned %d", retval); } if (retval != PAM_SUCCESS && !(opt->ctrl & MKHOMEDIR_QUIET)) { pam_error(pamh, _("Unable to create and initialize directory '%s'."), pwd->pw_dir); } D(("returning %d", retval)); return retval; } /* --- authentication management functions (only) --- */ PAM_EXTERN int pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval; options_t opt; const void *user; const struct passwd *pwd; struct stat St; /* Parse the flag values */ _pam_parse(pamh, flags, argc, argv, &opt); /* Determine the user name so we can get the home directory */ retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { pam_syslog(pamh, LOG_NOTICE, "Cannot obtain the user name."); return PAM_USER_UNKNOWN; } /* Get the password entry */ pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) { pam_syslog(pamh, LOG_NOTICE, "User unknown."); D(("couldn't identify user %s", user)); return PAM_CRED_INSUFFICIENT; } /* Stat the home directory, if something exists then we assume it is correct and return a success*/ if (stat(pwd->pw_dir, &St) == 0) { if (opt.ctrl & MKHOMEDIR_DEBUG) { pam_syslog(pamh, LOG_DEBUG, "Home directory %s already exists.", pwd->pw_dir); } return PAM_SUCCESS; } return create_homedir(pamh, &opt, pwd); } /* Ignore */ PAM_EXTERN int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_mkhomedir_modstruct = { "pam_mkhomedir", NULL, NULL, NULL, pam_sm_open_session, pam_sm_close_session, NULL, }; #endif pam/modules/pam_mkhomedir/tst-pam_mkhomedir0000755000000000000000000000007013261244762016363 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_mkhomedir.so pam/modules/pam_motd/0000755000000000000000000000000013261244762012000 5ustar pam/modules/pam_motd/Makefile.am0000644000000000000000000000133013261244762014031 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd man_MANS = pam_motd.8 XMLS = README.xml pam_motd.8.xml TESTS = tst-pam_motd securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_motd.la pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_motd.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_motd/Makefile.in0000644000000000000000000006004313261244762014050 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_motd DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_motd_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_motd_la_SOURCES = pam_motd.c pam_motd_la_OBJECTS = pam_motd.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_motd.c DIST_SOURCES = pam_motd.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_motd man_MANS = pam_motd.8 XMLS = README.xml pam_motd.8.xml TESTS = tst-pam_motd securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_motd.la pam_motd_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_motd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_motd/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_motd.la: $(pam_motd_la_OBJECTS) $(pam_motd_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_motd_la_OBJECTS) $(pam_motd_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_motd.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_motd.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_motd/README0000644000000000000000000000136313261244762012663 0ustar pam_motd — Display the motd file â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login. By default the /etc/motd file is shown. The message size is limited to 64KB. OPTIONS motd=/path/filename The /path/filename file is displayed as message of the day. EXAMPLES The suggested usage for /etc/pam.d/login is: session optional pam_motd.so motd=/etc/motd AUTHOR pam_motd was written by Ben Collins . pam/modules/pam_motd/README.xml0000644000000000000000000000216713261244762013465 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_motd.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_motd-name"]/*)'/>
pam/modules/pam_motd/pam_motd.80000644000000000000000000000426713261244762013702 0ustar '\" t .\" Title: pam_motd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_MOTD" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_motd \- Display the motd file .SH "SYNOPSIS" .HP \w'\fBpam_motd\&.so\fR\ 'u \fBpam_motd\&.so\fR [motd=\fI/path/filename\fR] .SH "DESCRIPTION" .PP pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login\&. By default the /etc/motd file is shown\&. The message size is limited to 64KB\&. .SH "OPTIONS" .PP \fBmotd=\fR\fB\fI/path/filename\fR\fR .RS 4 The /path/filename file is displayed as message of the day\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_IGNORE .RS 4 This is the only return value of this module\&. .RE .SH "EXAMPLES" .PP The suggested usage for /etc/pam\&.d/login is: .sp .if n \{\ .RS 4 .\} .nf session optional pam_motd\&.so motd=/etc/motd .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBmotd\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_motd was written by Ben Collins \&. pam/modules/pam_motd/pam_motd.8.xml0000644000000000000000000000567513261244762014505 0ustar pam_motd 8 Linux-PAM Manual pam_motd Display the motd file pam_motd.so motd=/path/filename DESCRIPTION pam_motd is a PAM module that can be used to display arbitrary motd (message of the day) files after a successful login. By default the /etc/motd file is shown. The message size is limited to 64KB. OPTIONS The /path/filename file is displayed as message of the day. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_IGNORE This is the only return value of this module. EXAMPLES The suggested usage for /etc/pam.d/login is: session optional pam_motd.so motd=/etc/motd SEE ALSO motd5 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_motd was written by Ben Collins <bcollins@debian.org>. pam/modules/pam_motd/pam_motd.c0000644000000000000000000000506513261244762013752 0ustar /* pam_motd module */ /* * Modified for pam_motd by Ben Collins * * Based off of: * $Id$ * * Written by Michael K. Johnson 1996/10/24 * */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_SESSION #define DEFAULT_MOTD "/etc/motd" #include #include /* --- session management functions (only) --- */ PAM_EXTERN int pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } static char default_motd[] = DEFAULT_MOTD; PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval = PAM_IGNORE; int fd; const char *motd_path = NULL; char *mtmp = NULL; if (flags & PAM_SILENT) { return retval; } for (; argc-- > 0; ++argv) { if (!strncmp(*argv,"motd=",5)) { motd_path = 5 + *argv; if (*motd_path != '\0') { D(("set motd path: %s", motd_path)); } else { motd_path = NULL; pam_syslog(pamh, LOG_ERR, "motd= specification missing argument - ignored"); } } else pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } if (motd_path == NULL) motd_path = default_motd; while ((fd = open(motd_path, O_RDONLY, 0)) >= 0) { struct stat st; /* fill in message buffer with contents of motd */ if ((fstat(fd, &st) < 0) || !st.st_size || st.st_size > 0x10000) break; if (!(mtmp = malloc(st.st_size+1))) break; if (pam_modutil_read(fd, mtmp, st.st_size) != st.st_size) break; if (mtmp[st.st_size-1] == '\n') mtmp[st.st_size-1] = '\0'; else mtmp[st.st_size] = '\0'; pam_info (pamh, "%s", mtmp); break; } _pam_drop (mtmp); if (fd >= 0) close(fd); return retval; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_motd_modstruct = { "pam_motd", NULL, NULL, NULL, pam_sm_open_session, pam_sm_close_session, NULL, }; #endif /* end of module definition */ pam/modules/pam_motd/tst-pam_motd0000755000000000000000000000006313261244762014335 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_motd.so pam/modules/pam_namespace/0000755000000000000000000000000013261244762012771 5ustar pam/modules/pam_namespace/Makefile.am0000644000000000000000000000246113261244762015030 0ustar # # Copyright (c) 2009 Thorsten Kukuk # Copyright (c) 2006 Red Hat, Inc. # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MAN5) $(MAN8) README MAN5 = namespace.conf.5 MAN8 = pam_namespace.8 EXTRA_DIST = README namespace.conf namespace.init $(MAN5) $(MAN8) $(XMLS) tst-pam_namespace if HAVE_UNSHARE TESTS = tst-pam_namespace man_MANS = $(MAN5) $(MAN8) endif XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) namespaceddir = $(SCONFIGDIR)/namespace.d AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif noinst_HEADERS = md5.h pam_namespace.h argv_parse.h if HAVE_UNSHARE securelib_LTLIBRARIES = pam_namespace.la pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ secureconf_DATA = namespace.conf secureconf_SCRIPTS = namespace.init install-data-local: mkdir -p $(DESTDIR)$(namespaceddir) endif if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_namespace.8.xml namespace.conf.5.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_namespace/Makefile.in0000644000000000000000000007330713261244762015050 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2009 Thorsten Kukuk # Copyright (c) 2006 Red Hat, Inc. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_namespace DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" \ "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) @HAVE_UNSHARE_TRUE@pam_namespace_la_DEPENDENCIES = \ @HAVE_UNSHARE_TRUE@ $(top_builddir)/libpam/libpam.la am__pam_namespace_la_SOURCES_DIST = pam_namespace.c md5.c argv_parse.c @HAVE_UNSHARE_TRUE@am_pam_namespace_la_OBJECTS = pam_namespace.lo \ @HAVE_UNSHARE_TRUE@ md5.lo argv_parse.lo pam_namespace_la_OBJECTS = $(am_pam_namespace_la_OBJECTS) @HAVE_UNSHARE_TRUE@am_pam_namespace_la_rpath = -rpath $(securelibdir) SCRIPTS = $(secureconf_SCRIPTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(pam_namespace_la_SOURCES) DIST_SOURCES = $(am__pam_namespace_la_SOURCES_DIST) man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MAN5) $(MAN8) README MAN5 = namespace.conf.5 MAN8 = pam_namespace.8 EXTRA_DIST = README namespace.conf namespace.init $(MAN5) $(MAN8) $(XMLS) tst-pam_namespace @HAVE_UNSHARE_TRUE@TESTS = tst-pam_namespace @HAVE_UNSHARE_TRUE@man_MANS = $(MAN5) $(MAN8) XMLS = README.xml namespace.conf.5.xml pam_namespace.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) namespaceddir = $(SCONFIGDIR)/namespace.d AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -DSECURECONF_DIR=\"$(SCONFIGDIR)/\" AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) noinst_HEADERS = md5.h pam_namespace.h argv_parse.h @HAVE_UNSHARE_TRUE@securelib_LTLIBRARIES = pam_namespace.la @HAVE_UNSHARE_TRUE@pam_namespace_la_SOURCES = pam_namespace.c md5.c argv_parse.c @HAVE_UNSHARE_TRUE@pam_namespace_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @HAVE_UNSHARE_TRUE@secureconf_DATA = namespace.conf @HAVE_UNSHARE_TRUE@secureconf_SCRIPTS = namespace.init @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_namespace/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_namespace/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_namespace.la: $(pam_namespace_la_OBJECTS) $(pam_namespace_la_DEPENDENCIES) $(LINK) $(am_pam_namespace_la_rpath) $(pam_namespace_la_OBJECTS) $(pam_namespace_la_LIBADD) $(LIBS) install-secureconfSCRIPTS: $(secureconf_SCRIPTS) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ done | \ sed -e 'p;s,.*/,,;n' \ -e 'h;s|.*|.|' \ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ if ($$2 == $$4) { files[d] = files[d] " " $$1; \ if (++n[d] == $(am__install_max)) { \ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ else { print "f", d "/" $$4, $$1 } } \ END { for (d in files) print "f", d, files[d] }' | \ while read type dir files; do \ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ test -z "$$files" || { \ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(secureconfdir)$$dir'"; \ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(secureconfdir)$$dir" || exit $$?; \ } \ ; done uninstall-secureconfSCRIPTS: @$(NORMAL_UNINSTALL) @list='$(secureconf_SCRIPTS)'; test -n "$(secureconfdir)" || exit 0; \ files=`for p in $$list; do echo "$$p"; done | \ sed -e 's,.*/,,;$(transform)'`; \ test -n "$$list" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/argv_parse.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_namespace.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(SCRIPTS) $(MANS) $(DATA) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(secureconfdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) @HAVE_UNSHARE_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-man install-secureconfDATA \ install-secureconfSCRIPTS install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-secureconfSCRIPTS uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-data-local install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man5 \ install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-secureconfDATA install-secureconfSCRIPTS \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man5 \ uninstall-man8 uninstall-secureconfDATA \ uninstall-secureconfSCRIPTS uninstall-securelibLTLIBRARIES @HAVE_UNSHARE_TRUE@install-data-local: @HAVE_UNSHARE_TRUE@ mkdir -p $(DESTDIR)$(namespaceddir) @ENABLE_REGENERATE_MAN_TRUE@README: pam_namespace.8.xml namespace.conf.5.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_namespace/README0000644000000000000000000002537413261244762013664 0ustar pam_namespace — PAM module for configuring namespace for a session â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. If an executable script /etc/security/namespace.init exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated directory. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments. The pam_namespace module disassociates the session namespace from the parent namespace. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared-subtree feature. For additional information on shared-subtree feature, please refer to the mount (8) man page and the shared-subtree description at http://lwn.net/Articles/ 159077 and http://lwn.net/Articles/159092. OPTIONS debug A lot of debug information is logged using syslog unmnt_remnt For programs such as su and newrole, the login session has already setup a polyinstantiated namespace. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context unmnt_only For trusted programs that want to undo any existing bind mounts and process instance directories on their own, this argument allows them to unmount currently mounted instance directories require_selinux If selinux is not enabled, return failure gen_hash Instead of using the security context string for the instance name, generate and use its md5 hash. ignore_config_error If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line. Without this option, pam will return an error to the calling program resulting in termination of the session. ignore_instance_parent_mode Instance parent directories by default are expected to have the restrictive mode of 000. Using this option, an administrator can choose to ignore the mode of the instance parent. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism. unmount_on_close Explicitly unmount the polyinstantiated directories instead of relying on automatic namespace destruction after the last process in a namespace exits. This option should be used only in case it is ensured by other means that there cannot be any processes running in the private namespace left after the session close. It is also useful only in case there are multiple pam session calls in sequence from the same process. use_current_context Useful for services which do not change the SELinux context with setexeccon call. The module will use the current SELinux context of the calling process for the level and context polyinstantiation. use_default_context Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call. The module will use the default SELinux context of the user for the level and context polyinstantiation. mount_private This option can be used on systems where the / mount point or its submounts are made shared (for example with a mount --make-rshared / command). The module will mark the whole directory tree so any mount and unmount operations in the polyinstantiation namespace are private. Normally the pam_namespace will try to detect the shared / mount point and make the polyinstantiated directories private automatically. This option has to be used just when only a subtree is shared and / is not. Note that mounts and unmounts done in the private namespace will not affect the parent namespace if this option is used or when the shared / mount point is autodetected. DESCRIPTION The pam_namespace.so module allows setup of private namespaces with polyinstantiated directories. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context. If an executable script /etc/security/namespace.init exists, it is used to initialize the namespace every time an instance directory is set up and mounted. The script receives the polyinstantiated directory path and the instance directory path as its arguments. The /etc/security/namespace.conf file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed. When someone logs in, the file namespace.conf is scanned. Comments are marked by # characters. Each non comment line represents one polyinstantiated directory. The fields are separated by spaces but can be quoted by " characters also escape sequences \b, \n, and \t are recognized. The fields are as follows: polydir instance_prefix method list_of_uids The first field, polydir, is the absolute pathname of the directory to polyinstantiate. The special string $HOME is replaced with the user's home directory, and $USER with the username. This field cannot be blank. The second field, instance_prefix is the string prefix used to build the pathname for the instantiation of . Depending on the polyinstantiation method it is then appended with "instance differentiation string" to generate the final instance directory path. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column. The special string $HOME is replaced with the user's home directory, and $USER with the username. This field cannot be blank. The third field, method, is the method used for polyinstantiation. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user's session is closed. Methods "context" and "level" are only available with SELinux. This field cannot be blank. The fourth field, list_of_uids, is a comma separated list of user names for whom the polyinstantiation is not performed. If left blank, polyinstantiation will be performed for all users. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list. The method field can contain also following optional flags separated by : characters. create=mode,owner,group - create the polyinstantiated directory. The mode, owner and group parameters are optional. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user. iscript=path - path to the instance directory init script. The base directory for relative paths is /etc/security/namespace.d. noinit - instance directory init script will not be executed. shared - the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users. mntopts=value - value of this flag is passed to the mount call when the tmpfs mount is done. It allows for example the specification of the maximum size of the tmpfs instance that is created by the mount call. See mount(8) for details. The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000. The requirement that the instance parent be of mode 0000 can be overridden with the command line option ignore_instance_parent_mode In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon. This context must be set by the calling application or pam_selinux.so module. If this context is not set the polyinstatiation will be based just on user name. The "instance differentiation string" is for "user" method and _ for "context" and "level" methods. If the whole string is too long the end of it is replaced with md5sum of itself. Also when command line option gen_hash is used the whole string is replaced with md5sum of itself. EXAMPLES These are some example lines which might be specified in /etc/security/ namespace.conf.       # The following three lines will polyinstantiate /tmp,       # /var/tmp and user's home directories. /tmp and /var/tmp       # will be polyinstantiated based on the security level       # as well as user name, whereas home directory will be       # polyinstantiated based on the full security context and user name.       # Polyinstantiation will not be performed for user root       # and adm for directories /tmp and /var/tmp, whereas home       # directories will be polyinstantiated for all users.       #       # Note that instance directories do not have to reside inside       # the polyinstantiated directory. In the examples below,       # instances of /tmp will be created in /tmp-inst directory,       # where as instances of /var/tmp and users home directories       # will reside within the directories that are being       # polyinstantiated.       #       /tmp     /tmp-inst/               level      root,adm       /var/tmp /var/tmp/tmp-inst/    level      root,adm       $HOME    $HOME/$USER.inst/inst- context      For the s you need polyinstantiation (login for example) put the following line in /etc/pam.d/ as the last line for session group: session required pam_namespace.so [arguments] This module also depends on pam_selinux.so setting the context. pam/modules/pam_namespace/README.xml0000644000000000000000000000235313261244762014453 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_namespace.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_namespace-name"]/*)'/>
pam/modules/pam_namespace/argv_parse.c0000644000000000000000000000741413261244762015274 0ustar /* * argv_parse.c --- utility function for parsing a string into a * argc, argv array. * * This file defines a function argv_parse() which parsing a * passed-in string, handling double quotes and backslashes, and * creates an allocated argv vector which can be freed using the * argv_free() function. * * See argv_parse.h for the formal definition of the functions. * * Copyright 1999 by Theodore Ts'o. * * Permission to use, copy, modify, and distribute this software for * any purpose with or without fee is hereby granted, provided that * the above copyright notice and this permission notice appear in all * copies. THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. (Isn't * it sick that the U.S. culture of lawsuit-happy lawyers requires * this kind of disclaimer?) * * Version 1.1, modified 2/27/1999 */ #include #include #include #include "argv_parse.h" #define STATE_WHITESPACE 1 #define STATE_TOKEN 2 #define STATE_QUOTED 3 /* * Returns 0 on success, -1 on failure. */ int argv_parse(const char *in_buf, int *ret_argc, char ***ret_argv) { int argc = 0, max_argc = 0; char **argv, **new_argv, *buf, ch; const char *cp = NULL; char *outcp = NULL; int state = STATE_WHITESPACE; buf = malloc(strlen(in_buf)+1); if (!buf) return -1; argv = NULL; outcp = buf; for (cp = in_buf; (ch = *cp); cp++) { if (state == STATE_WHITESPACE) { if (isspace((int) ch)) continue; /* Not whitespace, so start a new token */ state = STATE_TOKEN; if (argc >= max_argc) { max_argc += 3; new_argv = realloc(argv, (max_argc+1)*sizeof(char *)); if (!new_argv) { if (argv) free(argv); free(buf); return -1; } argv = new_argv; } argv[argc++] = outcp; } if (state == STATE_QUOTED) { if (ch == '"') state = STATE_TOKEN; else *outcp++ = ch; continue; } /* Must be processing characters in a word */ if (isspace((int) ch)) { /* * Terminate the current word and start * looking for the beginning of the next word. */ *outcp++ = 0; state = STATE_WHITESPACE; continue; } if (ch == '"') { state = STATE_QUOTED; continue; } if (ch == '\\') { ch = *++cp; switch (ch) { case '\0': ch = '\\'; cp--; break; case 'n': ch = '\n'; break; case 't': ch = '\t'; break; case 'b': ch = '\b'; break; } } *outcp++ = ch; } if (state != STATE_WHITESPACE) *outcp++ = '\0'; if (ret_argv) { if (argv == NULL) { free(buf); if ((argv=malloc(sizeof(char *))) == NULL) return -1; } argv[argc] = NULL; *ret_argv = argv; } else { free(buf); free(argv); } if (ret_argc) *ret_argc = argc; return 0; } void argv_free(char **argv) { if (argv) { if (*argv) free(*argv); free(argv); } } #ifdef DEBUG_ARGV_PARSE /* * For debugging */ #include int main(int argc, char **argv) { int ac, ret; char **av, **cpp; char buf[256]; while (!feof(stdin)) { if (fgets(buf, sizeof(buf), stdin) == NULL) break; ret = argv_parse(buf, &ac, &av); if (ret != 0) { printf("Argv_parse returned %d!\n", ret); continue; } printf("Argv_parse returned %d arguments...\n", ac); for (cpp = av; *cpp; cpp++) { if (cpp != av) printf(", "); printf("'%s'", *cpp); } printf("\n"); argv_free(av); } exit(0); } #endif pam/modules/pam_namespace/argv_parse.h0000644000000000000000000000377413261244762015306 0ustar /* * argv_parse.h --- header file for the argv parser. * * This file defines the interface for the functions argv_parse() and * argv_free(). * *********************************************************************** * int argv_parse(char *in_buf, int *ret_argc, char ***ret_argv) * * This function takes as its first argument a string which it will * parse into an argv argument vector, with each white-space separated * word placed into its own slot in the argv. This function handles * double quotes and backslashes so that the parsed words can contain * special characters. The count of the number words found in the * parsed string, as well as the argument vector, are returned into * ret_argc and ret_argv, respectively. *********************************************************************** * extern void argv_free(char **argv); * * This function frees the argument vector created by argv_parse(). *********************************************************************** * * Copyright 1999 by Theodore Ts'o. * * Permission to use, copy, modify, and distribute this software for * any purpose with or without fee is hereby granted, provided that * the above copyright notice and this permission notice appear in all * copies. THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE * AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. (Isn't * it sick that the U.S. culture of lawsuit-happy lawyers requires * this kind of disclaimer?) * * Version 1.1, modified 2/27/1999 */ extern int argv_parse(const char *in_buf, int *ret_argc, char ***ret_argv); extern void argv_free(char **argv); pam/modules/pam_namespace/md5.c0000644000000000000000000001765513261244762013640 0ustar /* * $Id$ * * This code implements the MD5 message-digest algorithm. * The algorithm is due to Ron Rivest. This code was * written by Colin Plumb in 1993, no copyright is claimed. * This code is in the public domain; do with it what you wish. * * Equivalent code is available from RSA Data Security, Inc. * This code has been tested against that, and is equivalent, * except that you don't need to include two pages of legalese * with every copy. * * To compute the message digest of a chunk of bytes, declare an * MD5Context structure, pass it to MD5Init, call MD5Update as * needed on buffers full of bytes, and then call MD5Final, which * will fill a supplied 16-byte array with the digest. * */ #include #include "md5.h" #define MD5Name(x) x #if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) #define byteReverse(buf, len) /* Nothing */ #else static void byteReverse(unsigned char *buf, unsigned longs); /* * Note: this code is harmless on little-endian machines. */ static void byteReverse(unsigned char *buf, unsigned longs) { uint32 t; do { t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | ((unsigned) buf[1] << 8 | buf[0]); *(uint32 *) buf = t; buf += 4; } while (--longs); } #endif /* * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious * initialization constants. */ void MD5Name(MD5Init)(struct MD5Context *ctx) { ctx->buf[0] = 0x67452301U; ctx->buf[1] = 0xefcdab89U; ctx->buf[2] = 0x98badcfeU; ctx->buf[3] = 0x10325476U; ctx->bits[0] = 0; ctx->bits[1] = 0; } /* * Update context to reflect the concatenation of another buffer full * of bytes. */ void MD5Name(MD5Update)(struct MD5Context *ctx, unsigned const char *buf, unsigned len) { uint32 t; /* Update bitcount */ t = ctx->bits[0]; if ((ctx->bits[0] = t + ((uint32) len << 3)) < t) ctx->bits[1]++; /* Carry from low to high */ ctx->bits[1] += len >> 29; t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ /* Handle any leading odd-sized chunks */ if (t) { unsigned char *p = (unsigned char *) ctx->in + t; t = 64 - t; if (len < t) { memcpy(p, buf, len); return; } memcpy(p, buf, t); byteReverse(ctx->in, 16); MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); buf += t; len -= t; } /* Process data in 64-byte chunks */ while (len >= 64) { memcpy(ctx->in, buf, 64); byteReverse(ctx->in, 16); MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); buf += 64; len -= 64; } /* Handle any remaining bytes of data. */ memcpy(ctx->in, buf, len); } /* * Final wrapup - pad to 64-byte boundary with the bit pattern * 1 0* (64-bit count of bits processed, MSB-first) */ void MD5Name(MD5Final)(unsigned char digest[16], struct MD5Context *ctx) { unsigned count; unsigned char *p; /* Compute number of bytes mod 64 */ count = (ctx->bits[0] >> 3) & 0x3F; /* Set the first char of padding to 0x80. This is safe since there is always at least one byte free */ p = ctx->in + count; *p++ = 0x80; /* Bytes of padding needed to make 64 bytes */ count = 64 - 1 - count; /* Pad out to 56 mod 64 */ if (count < 8) { /* Two lots of padding: Pad the first block to 64 bytes */ memset(p, 0, count); byteReverse(ctx->in, 16); MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); /* Now fill the next block with 56 bytes */ memset(ctx->in, 0, 56); } else { /* Pad block to 56 bytes */ memset(p, 0, count - 8); } byteReverse(ctx->in, 14); /* Append length in bits and transform */ memcpy((uint32 *)ctx->in + 14, ctx->bits, 2*sizeof(uint32)); MD5Name(MD5Transform)(ctx->buf, (uint32 *) ctx->in); byteReverse((unsigned char *) ctx->buf, 4); memcpy(digest, ctx->buf, 16); memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ } /* The four core functions - F1 is optimized somewhat */ /* #define F1(x, y, z) (x & y | ~x & z) */ #define F1(x, y, z) (z ^ (x & (y ^ z))) #define F2(x, y, z) F1(z, x, y) #define F3(x, y, z) (x ^ y ^ z) #define F4(x, y, z) (y ^ (x | ~z)) /* This is the central step in the MD5 algorithm. */ #define MD5STEP(f, w, x, y, z, data, s) \ ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) /* * The core of the MD5 algorithm, this alters an existing MD5 hash to * reflect the addition of 16 longwords of new data. MD5Update blocks * the data and converts bytes into longwords for this routine. */ void MD5Name(MD5Transform)(uint32 buf[4], uint32 const in[16]) { register uint32 a, b, c, d; a = buf[0]; b = buf[1]; c = buf[2]; d = buf[3]; MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478U, 7); MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756U, 12); MD5STEP(F1, c, d, a, b, in[2] + 0x242070dbU, 17); MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceeeU, 22); MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0fafU, 7); MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62aU, 12); MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613U, 17); MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501U, 22); MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8U, 7); MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7afU, 12); MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1U, 17); MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7beU, 22); MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122U, 7); MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193U, 12); MD5STEP(F1, c, d, a, b, in[14] + 0xa679438eU, 17); MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821U, 22); MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562U, 5); MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340U, 9); MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51U, 14); MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aaU, 20); MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105dU, 5); MD5STEP(F2, d, a, b, c, in[10] + 0x02441453U, 9); MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681U, 14); MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8U, 20); MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6U, 5); MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6U, 9); MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87U, 14); MD5STEP(F2, b, c, d, a, in[8] + 0x455a14edU, 20); MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905U, 5); MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8U, 9); MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9U, 14); MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8aU, 20); MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942U, 4); MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681U, 11); MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122U, 16); MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380cU, 23); MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44U, 4); MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9U, 11); MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60U, 16); MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70U, 23); MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6U, 4); MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127faU, 11); MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085U, 16); MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05U, 23); MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039U, 4); MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5U, 11); MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8U, 16); MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665U, 23); MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244U, 6); MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97U, 10); MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7U, 15); MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039U, 21); MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3U, 6); MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92U, 10); MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47dU, 15); MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1U, 21); MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4fU, 6); MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0U, 10); MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314U, 15); MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1U, 21); MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82U, 6); MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235U, 10); MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bbU, 15); MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391U, 21); buf[0] += a; buf[1] += b; buf[2] += c; buf[3] += d; } void MD5Name(MD5)(unsigned const char *buf, unsigned len, unsigned char digest[16]) { struct MD5Context ctx; MD5Name(MD5Init)(&ctx); MD5Name(MD5Update)(&ctx, buf, len); MD5Name(MD5Final)(digest, &ctx); } pam/modules/pam_namespace/md5.h0000644000000000000000000000117713261244762013635 0ustar #ifndef MD5_H #define MD5_H typedef unsigned int uint32; struct MD5Context { uint32 buf[4]; uint32 bits[2]; unsigned char in[64]; }; #define MD5_DIGEST_LENGTH 16 void MD5Init(struct MD5Context *); void MD5Update(struct MD5Context *, unsigned const char *, unsigned); void MD5Final(unsigned char digest[MD5_DIGEST_LENGTH], struct MD5Context *); void MD5Transform(uint32 buf[4], uint32 const in[MD5_DIGEST_LENGTH]); void MD5(unsigned const char *, unsigned, unsigned char digest[MD5_DIGEST_LENGTH]); /* * This is needed to make RSAREF happy on some MS-DOS compilers. */ typedef struct MD5Context MD5_CTX; #endif /* MD5_H */ pam/modules/pam_namespace/namespace.conf0000644000000000000000000000264013261244762015576 0ustar # /etc/security/namespace.conf # # See /usr/share/doc/pam-*/txts/README.pam_namespace for more information. # # Uncommenting the following three lines will polyinstantiate # /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will # be polyinstantiated based on the MLS level part of the security context as well as user # name, Polyinstantion will not be performed for user root and adm for directories # /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. # The user name and context is appended to the instance prefix. # # Note that instance directories do not have to reside inside the # polyinstantiated directory. In the examples below, instances of /tmp # will be created in /tmp-inst directory, where as instances of /var/tmp # and users home directories will reside within the directories that # are being polyinstantiated. # # Instance parent directories must exist for the polyinstantiation # mechanism to work. By default, they should be created with the mode # of 000. pam_namespace module will enforce this mode unless it # is explicitly called with an argument to ignore the mode of the # instance parent. System administrators should use this argument with # caution, as it will reduce security and isolation achieved by # polyinstantiation. # #/tmp /tmp-inst/ level root,adm #/var/tmp /var/tmp/tmp-inst/ level root,adm #$HOME $HOME/$USER.inst/ level pam/modules/pam_namespace/namespace.conf.50000644000000000000000000001745013261244762015746 0ustar '\" t .\" Title: namespace.conf .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "NAMESPACE\&.CONF" "5" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" namespace.conf \- the namespace configuration file .SH "DESCRIPTION" .PP The \fIpam_namespace\&.so\fR module allows setup of private namespaces with polyinstantiated directories\&. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context\&. If an executable script /etc/security/namespace\&.init exists, it is used to initialize the namespace every time an instance directory is set up and mounted\&. The script receives the polyinstantiated directory path and the instance directory path as its arguments\&. .PP The /etc/security/namespace\&.conf file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed\&. .PP When someone logs in, the file namespace\&.conf is scanned\&. Comments are marked by \fI#\fR characters\&. Each non comment line represents one polyinstantiated directory\&. The fields are separated by spaces but can be quoted by \fI"\fR characters also escape sequences \fI\eb\fR, \fI\en\fR, and \fI\et\fR are recognized\&. The fields are as follows: .PP \fIpolydir\fR\fIinstance_prefix\fR\fImethod\fR\fIlist_of_uids\fR .PP The first field, \fIpolydir\fR, is the absolute pathname of the directory to polyinstantiate\&. The special string \fI$HOME\fR is replaced with the user\*(Aqs home directory, and \fI$USER\fR with the username\&. This field cannot be blank\&. .PP The second field, \fIinstance_prefix\fR is the string prefix used to build the pathname for the instantiation of \&. Depending on the polyinstantiation \fImethod\fR it is then appended with "instance differentiation string" to generate the final instance directory path\&. This directory is created if it did not exist already, and is then bind mounted on the to provide an instance of based on the column\&. The special string \fI$HOME\fR is replaced with the user\*(Aqs home directory, and \fI$USER\fR with the username\&. This field cannot be blank\&. .PP The third field, \fImethod\fR, is the method used for polyinstantiation\&. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user\*(Aqs session is closed\&. Methods "context" and "level" are only available with SELinux\&. This field cannot be blank\&. .PP The fourth field, \fIlist_of_uids\fR, is a comma separated list of user names for whom the polyinstantiation is not performed\&. If left blank, polyinstantiation will be performed for all users\&. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list\&. .PP The \fImethod\fR field can contain also following optional flags separated by \fI:\fR characters\&. .PP \fIcreate\fR=\fImode\fR,\fIowner\fR,\fIgroup\fR \- create the polyinstantiated directory\&. The mode, owner and group parameters are optional\&. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user\&. .PP \fIiscript\fR=\fIpath\fR \- path to the instance directory init script\&. The base directory for relative paths is /etc/security/namespace\&.d\&. .PP \fInoinit\fR \- instance directory init script will not be executed\&. .PP \fIshared\fR \- the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users\&. .PP \fImntopts\fR=\fIvalue\fR \- value of this flag is passed to the mount call when the tmpfs mount is done\&. It allows for example the specification of the maximum size of the tmpfs instance that is created by the mount call\&. See \fBmount\fR(8) for details\&. .PP The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000\&. The requirement that the instance parent be of mode 0000 can be overridden with the command line option \fIignore_instance_parent_mode\fR .PP In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon\&. This context must be set by the calling application or pam_selinux\&.so module\&. If this context is not set the polyinstatiation will be based just on user name\&. .PP The "instance differentiation string" is for "user" method and _ for "context" and "level" methods\&. If the whole string is too long the end of it is replaced with md5sum of itself\&. Also when command line option \fIgen_hash\fR is used the whole string is replaced with md5sum of itself\&. .SH "EXAMPLES" .PP These are some example lines which might be specified in /etc/security/namespace\&.conf\&. .sp .if n \{\ .RS 4 .\} .nf # The following three lines will polyinstantiate /tmp, # /var/tmp and user\*(Aqs home directories\&. /tmp and /var/tmp # will be polyinstantiated based on the security level # as well as user name, whereas home directory will be # polyinstantiated based on the full security context and user name\&. # Polyinstantiation will not be performed for user root # and adm for directories /tmp and /var/tmp, whereas home # directories will be polyinstantiated for all users\&. # # Note that instance directories do not have to reside inside # the polyinstantiated directory\&. In the examples below, # instances of /tmp will be created in /tmp\-inst directory, # where as instances of /var/tmp and users home directories # will reside within the directories that are being # polyinstantiated\&. # /tmp /tmp\-inst/ level root,adm /var/tmp /var/tmp/tmp\-inst/ level root,adm $HOME $HOME/$USER\&.inst/inst\- context .fi .if n \{\ .RE .\} .PP For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: .PP session required pam_namespace\&.so [arguments] .PP This module also depends on pam_selinux\&.so setting the context\&. .SH "SEE ALSO" .PP \fBpam_namespace\fR(8), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHORS" .PP The namespace\&.conf manual page was written by Janak Desai \&. More features added by Tomas Mraz \&. pam/modules/pam_namespace/namespace.conf.5.xml0000644000000000000000000002226713261244762016547 0ustar namespace.conf 5 Linux-PAM Manual namespace.conf the namespace configuration file DESCRIPTION The pam_namespace.so module allows setup of private namespaces with polyinstantiated directories. Directories can be polyinstantiated based on user name or, in the case of SELinux, user name, sensitivity level or complete security context. If an executable script /etc/security/namespace.init exists, it is used to initialize the namespace every time an instance directory is set up and mounted. The script receives the polyinstantiated directory path and the instance directory path as its arguments. The /etc/security/namespace.conf file specifies which directories are polyinstantiated, how they are polyinstantiated, how instance directories would be named, and any users for whom polyinstantiation would not be performed. When someone logs in, the file namespace.conf is scanned. Comments are marked by # characters. Each non comment line represents one polyinstantiated directory. The fields are separated by spaces but can be quoted by " characters also escape sequences \b, \n, and \t are recognized. The fields are as follows: polydir instance_prefix method list_of_uids The first field, polydir, is the absolute pathname of the directory to polyinstantiate. The special string $HOME is replaced with the user's home directory, and $USER with the username. This field cannot be blank. The second field, instance_prefix is the string prefix used to build the pathname for the instantiation of <polydir>. Depending on the polyinstantiation method it is then appended with "instance differentiation string" to generate the final instance directory path. This directory is created if it did not exist already, and is then bind mounted on the <polydir> to provide an instance of <polydir> based on the <method> column. The special string $HOME is replaced with the user's home directory, and $USER with the username. This field cannot be blank. The third field, method, is the method used for polyinstantiation. It can take these values; "user" for polyinstantiation based on user name, "level" for polyinstantiation based on process MLS level and user name, "context" for polyinstantiation based on process security context and user name, "tmpfs" for mounting tmpfs filesystem as an instance dir, and "tmpdir" for creating temporary directory as an instance dir which is removed when the user's session is closed. Methods "context" and "level" are only available with SELinux. This field cannot be blank. The fourth field, list_of_uids, is a comma separated list of user names for whom the polyinstantiation is not performed. If left blank, polyinstantiation will be performed for all users. If the list is preceded with a single "~" character, polyinstantiation is performed only for users in the list. The method field can contain also following optional flags separated by : characters. create=mode,owner,group - create the polyinstantiated directory. The mode, owner and group parameters are optional. The default for mode is determined by umask, the default owner is the user whose session is opened, the default group is the primary group of the user. iscript=path - path to the instance directory init script. The base directory for relative paths is /etc/security/namespace.d. noinit - instance directory init script will not be executed. shared - the instance directories for "context" and "level" methods will not contain the user name and will be shared among all users. mntopts=value - value of this flag is passed to the mount call when the tmpfs mount is done. It allows for example the specification of the maximum size of the tmpfs instance that is created by the mount call. See mount8 for details. The directory where polyinstantiated instances are to be created, must exist and must have, by default, the mode of 0000. The requirement that the instance parent be of mode 0000 can be overridden with the command line option ignore_instance_parent_mode In case of context or level polyinstantiation the SELinux context which is used for polyinstantiation is the context used for executing a new process as obtained by getexeccon. This context must be set by the calling application or pam_selinux.so module. If this context is not set the polyinstatiation will be based just on user name. The "instance differentiation string" is <user name> for "user" method and <user name>_<raw directory context> for "context" and "level" methods. If the whole string is too long the end of it is replaced with md5sum of itself. Also when command line option gen_hash is used the whole string is replaced with md5sum of itself. EXAMPLES These are some example lines which might be specified in /etc/security/namespace.conf. # The following three lines will polyinstantiate /tmp, # /var/tmp and user's home directories. /tmp and /var/tmp # will be polyinstantiated based on the security level # as well as user name, whereas home directory will be # polyinstantiated based on the full security context and user name. # Polyinstantiation will not be performed for user root # and adm for directories /tmp and /var/tmp, whereas home # directories will be polyinstantiated for all users. # # Note that instance directories do not have to reside inside # the polyinstantiated directory. In the examples below, # instances of /tmp will be created in /tmp-inst directory, # where as instances of /var/tmp and users home directories # will reside within the directories that are being # polyinstantiated. # /tmp /tmp-inst/ level root,adm /var/tmp /var/tmp/tmp-inst/ level root,adm $HOME $HOME/$USER.inst/inst- context For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam.d/<service> as the last line for session group: session required pam_namespace.so [arguments] This module also depends on pam_selinux.so setting the context. SEE ALSO pam_namespace8, pam.d5, pam8 AUTHORS The namespace.conf manual page was written by Janak Desai <janak@us.ibm.com>. More features added by Tomas Mraz <tmraz@redhat.com>. pam/modules/pam_namespace/namespace.init0000755000000000000000000000177313261244762015625 0ustar #!/bin/sh -p # It receives polydir path as $1, the instance path as $2, # a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3, # and user name in $4. # # The following section will copy the contents of /etc/skel if this is a # newly created home directory. if [ "$3" = 1 ]; then # This line will fix the labeling on all newly created directories [ -x /sbin/restorecon ] && /sbin/restorecon "$1" user="$4" passwd=$(getent passwd "$user") homedir=$(echo "$passwd" | cut -f6 -d":") if [ "$1" = "$homedir" ]; then gid=$(echo "$passwd" | cut -f4 -d":") cp -rT /etc/skel "$homedir" chown -R "$user":"$gid" "$homedir" mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs) mode=$(printf "%o" $((0777 & ~$mask))) chmod ${mode:-700} "$homedir" [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir" fi fi exit 0 pam/modules/pam_namespace/pam_namespace.80000644000000000000000000002207413261244762015660 0ustar '\" t .\" Title: pam_namespace .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_NAMESPACE" "8" "09/19/2013" "Linux-PAM Manual" "Linux-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_namespace \- PAM module for configuring namespace for a session .SH "SYNOPSIS" .HP \w'\fBpam_namespace\&.so\fR\ 'u \fBpam_namespace\&.so\fR [debug] [unmnt_remnt] [unmnt_only] [require_selinux] [gen_hash] [ignore_config_error] [ignore_instance_parent_mode] [unmount_on_close] [use_current_context] [use_default_context] [mount_private] .SH "DESCRIPTION" .PP The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories\&. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both\&. If an executable script /etc/security/namespace\&.init exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated directory\&. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments\&. .PP The pam_namespace module disassociates the session namespace from the parent namespace\&. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace\&. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared\-subtree feature\&. For additional information on shared\-subtree feature, please refer to the mount(8) man page and the shared\-subtree description at http://lwn\&.net/Articles/159077 and http://lwn\&.net/Articles/159092\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 A lot of debug information is logged using syslog .RE .PP \fBunmnt_remnt\fR .RS 4 For programs such as su and newrole, the login session has already setup a polyinstantiated namespace\&. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login\&. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context .RE .PP \fBunmnt_only\fR .RS 4 For trusted programs that want to undo any existing bind mounts and process instance directories on their own, this argument allows them to unmount currently mounted instance directories .RE .PP \fBrequire_selinux\fR .RS 4 If selinux is not enabled, return failure .RE .PP \fBgen_hash\fR .RS 4 Instead of using the security context string for the instance name, generate and use its md5 hash\&. .RE .PP \fBignore_config_error\fR .RS 4 If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line\&. Without this option, pam will return an error to the calling program resulting in termination of the session\&. .RE .PP \fBignore_instance_parent_mode\fR .RS 4 Instance parent directories by default are expected to have the restrictive mode of 000\&. Using this option, an administrator can choose to ignore the mode of the instance parent\&. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism\&. .RE .PP \fBunmount_on_close\fR .RS 4 Explicitly unmount the polyinstantiated directories instead of relying on automatic namespace destruction after the last process in a namespace exits\&. This option should be used only in case it is ensured by other means that there cannot be any processes running in the private namespace left after the session close\&. It is also useful only in case there are multiple pam session calls in sequence from the same process\&. .RE .PP \fBuse_current_context\fR .RS 4 Useful for services which do not change the SELinux context with setexeccon call\&. The module will use the current SELinux context of the calling process for the level and context polyinstantiation\&. .RE .PP \fBuse_default_context\fR .RS 4 Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call\&. The module will use the default SELinux context of the user for the level and context polyinstantiation\&. .RE .PP \fBmount_private\fR .RS 4 This option can be used on systems where the / mount point or its submounts are made shared (for example with a \fBmount \-\-make\-rshared /\fR command)\&. The module will mark the whole directory tree so any mount and unmount operations in the polyinstantiation namespace are private\&. Normally the pam_namespace will try to detect the shared / mount point and make the polyinstantiated directories private automatically\&. This option has to be used just when only a subtree is shared and / is not\&. .sp Note that mounts and unmounts done in the private namespace will not affect the parent namespace if this option is used or when the shared / mount point is autodetected\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. The module must not be called from multithreaded processes\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 Namespace setup was successful\&. .RE .PP PAM_SERVICE_ERR .RS 4 Unexpected system error occurred while setting up namespace\&. .RE .PP PAM_SESSION_ERR .RS 4 Unexpected namespace configuration error occurred\&. .RE .SH "FILES" .PP /etc/security/namespace\&.conf .RS 4 Main configuration file .RE .PP /etc/security/namespace\&.d .RS 4 Directory for additional configuration files .RE .PP /etc/security/namespace\&.init .RS 4 Init script for instance directories .RE .SH "EXAMPLES" .PP For the s you need polyinstantiation (login for example) put the following line in /etc/pam\&.d/ as the last line for session group: .PP session required pam_namespace\&.so [arguments] .PP To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default: .PP /usr/sbin/gdm\-safe\-restart .PP This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server\&. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets\&. Please use the initialization script /etc/security/namespace\&.init to ensure that the X server and its clients can appropriately access the communication socket X0\&. Please refer to the sample instructions provided in the comment section of the instance initialization script /etc/security/namespace\&.init\&. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: .PP .if n \{\ .RS 4 .\} .nf 1\&. Disable the use of font server by commenting out "FontPath" line in /etc/X11/xorg\&.conf\&. If you do want to use the font server then you will have to augment the instance initialization script to appropriately provide /tmp/\&.font\-unix from the polyinstantiated /tmp\&. 2\&. Ensure that the gdm service is setup to use pam_namespace, as described above, by modifying /etc/pam\&.d/gdm\&. 3\&. Ensure that the display manager is configured to restart X server with each new session\&. This default setup can be verified by making sure that /usr/share/gdm/defaults\&.conf contains "AlwaysRestartServer=true", and it is not overridden by /etc/gdm/custom\&.conf\&. .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBnamespace.conf\fR(5), \fBpam.d\fR(5), \fBmount\fR(8), \fBpam\fR(8)\&. .SH "AUTHORS" .PP The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers\&. The pam_namespace PAM module was developed by Janak Desai , Chad Sellers and Steve Grubb \&. Additional improvements by Xavier Toth and Tomas Mraz \&. pam/modules/pam_namespace/pam_namespace.8.xml0000644000000000000000000003266513261244762016466 0ustar pam_namespace 8 Linux-PAM Manual pam_namespace PAM module for configuring namespace for a session pam_namespace.so debug unmnt_remnt unmnt_only require_selinux gen_hash ignore_config_error ignore_instance_parent_mode unmount_on_close use_current_context use_default_context mount_private DESCRIPTION The pam_namespace PAM module sets up a private namespace for a session with polyinstantiated directories. A polyinstantiated directory provides a different instance of itself based on user name, or when using SELinux, user name, security context or both. If an executable script /etc/security/namespace.init exists, it is used to initialize the instance directory after it is set up and mounted on the polyinstantiated directory. The script receives the polyinstantiated directory path, the instance directory path, flag whether the instance directory was newly created (0 for no, 1 for yes), and the user name as its arguments. The pam_namespace module disassociates the session namespace from the parent namespace. Any mounts/unmounts performed in the parent namespace, such as mounting of devices, are not reflected in the session namespace. To propagate selected mount/unmount events from the parent namespace into the disassociated session namespace, an administrator may use the special shared-subtree feature. For additional information on shared-subtree feature, please refer to the mount(8) man page and the shared-subtree description at http://lwn.net/Articles/159077 and http://lwn.net/Articles/159092. OPTIONS A lot of debug information is logged using syslog For programs such as su and newrole, the login session has already setup a polyinstantiated namespace. For these programs, polyinstantiation is performed based on new user id or security context, however the command first needs to undo the polyinstantiation performed by login. This argument instructs the command to first undo previous polyinstantiation before proceeding with new polyinstantiation based on new id/context For trusted programs that want to undo any existing bind mounts and process instance directories on their own, this argument allows them to unmount currently mounted instance directories If selinux is not enabled, return failure Instead of using the security context string for the instance name, generate and use its md5 hash. If a line in the configuration file corresponding to a polyinstantiated directory contains format error, skip that line process the next line. Without this option, pam will return an error to the calling program resulting in termination of the session. Instance parent directories by default are expected to have the restrictive mode of 000. Using this option, an administrator can choose to ignore the mode of the instance parent. This option should be used with caution as it will reduce security and isolation goals of the polyinstantiation mechanism. Explicitly unmount the polyinstantiated directories instead of relying on automatic namespace destruction after the last process in a namespace exits. This option should be used only in case it is ensured by other means that there cannot be any processes running in the private namespace left after the session close. It is also useful only in case there are multiple pam session calls in sequence from the same process. Useful for services which do not change the SELinux context with setexeccon call. The module will use the current SELinux context of the calling process for the level and context polyinstantiation. Useful for services which do not use pam_selinux for changing the SELinux context with setexeccon call. The module will use the default SELinux context of the user for the level and context polyinstantiation. This option can be used on systems where the / mount point or its submounts are made shared (for example with a mount --make-rshared / command). The module will mark the whole directory tree so any mount and unmount operations in the polyinstantiation namespace are private. Normally the pam_namespace will try to detect the shared / mount point and make the polyinstantiated directories private automatically. This option has to be used just when only a subtree is shared and / is not. Note that mounts and unmounts done in the private namespace will not affect the parent namespace if this option is used or when the shared / mount point is autodetected. MODULE TYPES PROVIDED Only the module type is provided. The module must not be called from multithreaded processes. RETURN VALUES PAM_SUCCESS Namespace setup was successful. PAM_SERVICE_ERR Unexpected system error occurred while setting up namespace. PAM_SESSION_ERR Unexpected namespace configuration error occurred. FILES /etc/security/namespace.conf Main configuration file /etc/security/namespace.d Directory for additional configuration files /etc/security/namespace.init Init script for instance directories EXAMPLES For the <service>s you need polyinstantiation (login for example) put the following line in /etc/pam.d/<service> as the last line for session group: session required pam_namespace.so [arguments] To use polyinstantiation with graphical display manager gdm, insert the following line, before exit 0, in /etc/gdm/PostSession/Default: /usr/sbin/gdm-safe-restart This allows gdm to restart after each session and appropriately adjust namespaces of display manager and the X server. If polyinstantiation of /tmp is desired along with the graphical environment, then additional configuration changes are needed to address the interaction of X server and font server namespaces with their use of /tmp to create communication sockets. Please use the initialization script /etc/security/namespace.init to ensure that the X server and its clients can appropriately access the communication socket X0. Please refer to the sample instructions provided in the comment section of the instance initialization script /etc/security/namespace.init. In addition, perform the following changes to use graphical environment with polyinstantiation of /tmp: 1. Disable the use of font server by commenting out "FontPath" line in /etc/X11/xorg.conf. If you do want to use the font server then you will have to augment the instance initialization script to appropriately provide /tmp/.font-unix from the polyinstantiated /tmp. 2. Ensure that the gdm service is setup to use pam_namespace, as described above, by modifying /etc/pam.d/gdm. 3. Ensure that the display manager is configured to restart X server with each new session. This default setup can be verified by making sure that /usr/share/gdm/defaults.conf contains "AlwaysRestartServer=true", and it is not overridden by /etc/gdm/custom.conf. SEE ALSO namespace.conf5 , pam.d5 , mount8 , pam8 . AUTHORS The namespace setup scheme was designed by Stephen Smalley, Janak Desai and Chad Sellers. The pam_namespace PAM module was developed by Janak Desai <janak@us.ibm.com>, Chad Sellers <csellers@tresys.com> and Steve Grubb <sgrubb@redhat.com>. Additional improvements by Xavier Toth <txtoth@gmail.com> and Tomas Mraz <tmraz@redhat.com>. pam/modules/pam_namespace/pam_namespace.c0000644000000000000000000016400013261244762015727 0ustar /****************************************************************************** * A module for Linux-PAM that will set the default namespace after * establishing a session via PAM. * * (C) Copyright IBM Corporation 2005 * (C) Copyright Red Hat, Inc. 2006, 2008 * All Rights Reserved. * * Written by: Janak Desai * With Revisions by: Steve Grubb * Contributions by: Xavier Toth , * Tomas Mraz * Derived from a namespace setup patch by Chad Sellers * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * on the rights to use, copy, modify, merge, publish, distribute, sub * license, and/or sell copies of the Software, and to permit persons to whom * the Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice (including the next * paragraph) shall be included in all copies or substantial portions of the * Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL * IBM AND/OR THEIR SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ #define _ATFILE_SOURCE #include "pam_namespace.h" #include "argv_parse.h" /* * Adds an entry for a polyinstantiated directory to the linked list of * polyinstantiated directories. It is called from process_line() while * parsing the namespace configuration file. */ static void add_polydir_entry(struct instance_data *idata, struct polydir_s *ent) { /* Now attach to linked list */ ent->next = NULL; if (idata->polydirs_ptr == NULL) idata->polydirs_ptr = ent; else { struct polydir_s *tail; tail = idata->polydirs_ptr; while (tail->next) tail = tail->next; tail->next = ent; } } static void del_polydir(struct polydir_s *poly) { if (poly) { free(poly->uid); free(poly->init_script); free(poly->mount_opts); free(poly); } } /* * Deletes all the entries in the linked list. */ static void del_polydir_list(struct polydir_s *polydirs_ptr) { struct polydir_s *dptr = polydirs_ptr; while (dptr) { struct polydir_s *tptr = dptr; dptr = dptr->next; del_polydir(tptr); } } static void unprotect_dirs(struct protect_dir_s *dir) { struct protect_dir_s *next; while (dir != NULL) { umount(dir->dir); free(dir->dir); next = dir->next; free(dir); dir = next; } } static void cleanup_polydir_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) { del_polydir_list(data); } static void cleanup_protect_data(pam_handle_t *pamh UNUSED , void *data, int err UNUSED) { unprotect_dirs(data); } static char *expand_variables(const char *orig, const char *var_names[], const char *var_values[]) { const char *src = orig; char *dst; char *expanded; char c; size_t dstlen = 0; while (*src) { if (*src == '$') { int i; for (i = 0; var_names[i]; i++) { int namelen = strlen(var_names[i]); if (strncmp(var_names[i], src+1, namelen) == 0) { dstlen += strlen(var_values[i]) - 1; /* $ */ src += namelen; break; } } } ++dstlen; ++src; } if ((dst=expanded=malloc(dstlen + 1)) == NULL) return NULL; src = orig; while ((c=*src) != '\0') { if (c == '$') { int i; for (i = 0; var_names[i]; i++) { int namelen = strlen(var_names[i]); if (strncmp(var_names[i], src+1, namelen) == 0) { dst = stpcpy(dst, var_values[i]); --dst; c = *dst; /* replace $ */ src += namelen; break; } } } *dst = c; ++dst; ++src; } *dst = '\0'; return expanded; } static int parse_create_params(char *params, struct polydir_s *poly) { char *next; struct passwd *pwd = NULL; struct group *grp; poly->mode = (mode_t)ULONG_MAX; poly->owner = (uid_t)ULONG_MAX; poly->group = (gid_t)ULONG_MAX; if (*params != '=') return 0; params++; next = strchr(params, ','); if (next != NULL) { *next = '\0'; next++; } if (*params != '\0') { errno = 0; poly->mode = (mode_t)strtoul(params, NULL, 0); if (errno != 0) { poly->mode = (mode_t)ULONG_MAX; } } params = next; if (params == NULL) return 0; next = strchr(params, ','); if (next != NULL) { *next = '\0'; next++; } if (*params != '\0') { pwd = getpwnam(params); /* session modules are not reentrant */ if (pwd == NULL) return -1; poly->owner = pwd->pw_uid; } params = next; if (params == NULL || *params == '\0') { if (pwd != NULL) poly->group = pwd->pw_gid; return 0; } grp = getgrnam(params); if (grp == NULL) return -1; poly->group = grp->gr_gid; return 0; } static int parse_iscript_params(char *params, struct polydir_s *poly) { if (*params != '=') return 0; params++; if (*params != '\0') { if (*params != '/') { /* path is relative to NAMESPACE_D_DIR */ if (asprintf(&poly->init_script, "%s%s", NAMESPACE_D_DIR, params) == -1) return -1; } else { poly->init_script = strdup(params); } if (poly->init_script == NULL) return -1; } return 0; } static int parse_method(char *method, struct polydir_s *poly, struct instance_data *idata) { enum polymethod pm; char *sptr = NULL; static const char *method_names[] = { "user", "context", "level", "tmpdir", "tmpfs", NULL }; static const char *flag_names[] = { "create", "noinit", "iscript", "shared", "mntopts", NULL }; static const unsigned int flag_values[] = { POLYDIR_CREATE, POLYDIR_NOINIT, POLYDIR_ISCRIPT, POLYDIR_SHARED, POLYDIR_MNTOPTS }; int i; char *flag; method = strtok_r(method, ":", &sptr); pm = NONE; for (i = 0; method_names[i]; i++) { if (strcmp(method, method_names[i]) == 0) { pm = i + 1; /* 0 = NONE */ } } if (pm == NONE) { pam_syslog(idata->pamh, LOG_NOTICE, "Unknown method"); return -1; } poly->method = pm; while ((flag=strtok_r(NULL, ":", &sptr)) != NULL) { for (i = 0; flag_names[i]; i++) { int namelen = strlen(flag_names[i]); if (strncmp(flag, flag_names[i], namelen) == 0) { poly->flags |= flag_values[i]; switch (flag_values[i]) { case POLYDIR_CREATE: if (parse_create_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Invalid create parameters"); return -1; } break; case POLYDIR_ISCRIPT: if (parse_iscript_params(flag+namelen, poly) != 0) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); return -1; }; break; case POLYDIR_MNTOPTS: if (flag[namelen] != '=') break; if (poly->method != TMPFS) { pam_syslog(idata->pamh, LOG_WARNING, "Mount options applicable only to tmpfs method"); break; } free(poly->mount_opts); /* if duplicate mntopts specified */ if ((poly->mount_opts = strdup(flag+namelen+1)) == NULL) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); return -1; } break; } } } } return 0; } /* * Called from parse_config_file, this function processes a single line * of the namespace configuration file. It skips over comments and incomplete * or malformed lines. It processes a valid line with information on * polyinstantiating a directory by populating appropriate fields of a * polyinstatiated directory structure and then calling add_polydir_entry to * add that entry to the linked list of polyinstantiated directories. */ static int process_line(char *line, const char *home, const char *rhome, struct instance_data *idata) { char *dir = NULL, *instance_prefix = NULL, *rdir = NULL; char *method, *uids; char *tptr; struct polydir_s *poly; int retval = 0; char **config_options = NULL; static const char *var_names[] = {"HOME", "USER", NULL}; const char *var_values[] = {home, idata->user}; const char *rvar_values[] = {rhome, idata->ruser}; int len; /* * skip the leading white space */ while (*line && isspace(*line)) line++; /* * Rip off the comments */ tptr = strchr(line,'#'); if (tptr) *tptr = '\0'; /* * Rip off the newline char */ tptr = strchr(line,'\n'); if (tptr) *tptr = '\0'; /* * Anything left ? */ if (line[0] == 0) return 0; poly = calloc(1, sizeof(*poly)); if (poly == NULL) goto erralloc; /* * Initialize and scan the five strings from the line from the * namespace configuration file. */ retval = argv_parse(line, NULL, &config_options); if (retval != 0) { goto erralloc; } dir = config_options[0]; if (dir == NULL) { pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing polydir"); goto skipping; } instance_prefix = config_options[1]; if (instance_prefix == NULL) { pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing instance_prefix"); instance_prefix = NULL; goto skipping; } method = config_options[2]; if (method == NULL) { pam_syslog(idata->pamh, LOG_NOTICE, "Invalid line missing method"); instance_prefix = NULL; dir = NULL; goto skipping; } /* * Only the uids field is allowed to be blank, to indicate no * override users for polyinstantiation of that directory. If * any of the other fields are blank, the line is incomplete so * skip it. */ uids = config_options[3]; /* * Expand $HOME and $USER in poly dir and instance dir prefix */ if ((rdir=expand_variables(dir, var_names, rvar_values)) == NULL) { instance_prefix = NULL; dir = NULL; goto erralloc; } if ((dir=expand_variables(dir, var_names, var_values)) == NULL) { instance_prefix = NULL; goto erralloc; } if ((instance_prefix=expand_variables(instance_prefix, var_names, var_values)) == NULL) { goto erralloc; } if (idata->flags & PAMNS_DEBUG) { pam_syslog(idata->pamh, LOG_DEBUG, "Expanded polydir: '%s'", dir); pam_syslog(idata->pamh, LOG_DEBUG, "Expanded ruser polydir: '%s'", rdir); pam_syslog(idata->pamh, LOG_DEBUG, "Expanded instance prefix: '%s'", instance_prefix); } len = strlen(dir); if (len > 0 && dir[len-1] == '/') { dir[len-1] = '\0'; } len = strlen(rdir); if (len > 0 && rdir[len-1] == '/') { rdir[len-1] = '\0'; } if (dir[0] == '\0' || rdir[0] == '\0') { pam_syslog(idata->pamh, LOG_NOTICE, "Invalid polydir"); goto skipping; } /* * Populate polyinstantiated directory structure with appropriate * pathnames and the method with which to polyinstantiate. */ if (strlen(dir) >= sizeof(poly->dir) || strlen(rdir) >= sizeof(poly->rdir) || strlen(instance_prefix) >= sizeof(poly->instance_prefix)) { pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); goto skipping; } strcpy(poly->dir, dir); strcpy(poly->rdir, rdir); strcpy(poly->instance_prefix, instance_prefix); if (parse_method(method, poly, idata) != 0) { goto skipping; } if (poly->method == TMPDIR) { if (sizeof(poly->instance_prefix) - strlen(poly->instance_prefix) < 7) { pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames too long"); goto skipping; } strcat(poly->instance_prefix, "XXXXXX"); } /* * Ensure that all pathnames are absolute path names. */ if ((poly->dir[0] != '/') || (poly->method != TMPFS && poly->instance_prefix[0] != '/')) { pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames must start with '/'"); goto skipping; } if (strstr(dir, "..") || strstr(poly->instance_prefix, "..")) { pam_syslog(idata->pamh, LOG_NOTICE, "Pathnames must not contain '..'"); goto skipping; } /* * If the line in namespace.conf for a directory to polyinstantiate * contains a list of override users (users for whom polyinstantiation * is not performed), read the user ids, convert names into uids, and * add to polyinstantiated directory structure. */ if (uids) { uid_t *uidptr; const char *ustr, *sstr; int count, i; if (*uids == '~') { poly->flags |= POLYDIR_EXCLUSIVE; uids++; } for (count = 0, ustr = sstr = uids; sstr; ustr = sstr + 1, count++) sstr = strchr(ustr, ','); poly->num_uids = count; poly->uid = (uid_t *) malloc(count * sizeof (uid_t)); uidptr = poly->uid; if (uidptr == NULL) { goto erralloc; } ustr = uids; for (i = 0; i < count; i++) { struct passwd *pwd; tptr = strchr(ustr, ','); if (tptr) *tptr = '\0'; pwd = pam_modutil_getpwnam(idata->pamh, ustr); if (pwd == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Unknown user %s in configuration", ustr); poly->num_uids--; } else { *uidptr = pwd->pw_uid; uidptr++; } ustr = tptr + 1; } } /* * Add polyinstantiated directory structure to the linked list * of all polyinstantiated directory structures. */ add_polydir_entry(idata, poly); goto out; erralloc: pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); skipping: if (idata->flags & PAMNS_IGN_CONFIG_ERR) retval = 0; else retval = PAM_SERVICE_ERR; del_polydir(poly); out: free(rdir); free(dir); free(instance_prefix); argv_free(config_options); return retval; } /* * Parses /etc/security/namespace.conf file to build a linked list of * polyinstantiated directory structures of type polydir_s. Each entry * in the linked list contains information needed to polyinstantiate * one directory. */ static int parse_config_file(struct instance_data *idata) { FILE *fil; char *home, *rhome; const char *confname; struct passwd *cpwd; char *line; int retval; size_t len = 0; glob_t globbuf; const char *oldlocale; size_t n; /* * Extract the user's home directory to resolve $HOME entries * in the namespace configuration file. */ cpwd = pam_modutil_getpwnam(idata->pamh, idata->user); if (!cpwd) { pam_syslog(idata->pamh, LOG_ERR, "Error getting home dir for '%s'", idata->user); return PAM_SESSION_ERR; } if ((home=strdup(cpwd->pw_dir)) == NULL) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); return PAM_SESSION_ERR; } cpwd = pam_modutil_getpwnam(idata->pamh, idata->ruser); if (!cpwd) { pam_syslog(idata->pamh, LOG_ERR, "Error getting home dir for '%s'", idata->ruser); free(home); return PAM_SESSION_ERR; } if ((rhome=strdup(cpwd->pw_dir)) == NULL) { pam_syslog(idata->pamh, LOG_CRIT, "Memory allocation error"); free(home); return PAM_SESSION_ERR; } /* * Open configuration file, read one line at a time and call * process_line to process each line. */ memset(&globbuf, '\0', sizeof(globbuf)); oldlocale = setlocale(LC_COLLATE, "C"); glob(NAMESPACE_D_GLOB, 0, NULL, &globbuf); if (oldlocale != NULL) setlocale(LC_COLLATE, oldlocale); confname = PAM_NAMESPACE_CONFIG; n = 0; for (;;) { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Parsing config file %s", confname); fil = fopen(confname, "r"); if (fil == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error opening config file %s", confname); globfree(&globbuf); free(rhome); free(home); return PAM_SERVICE_ERR; } /* Use unlocked IO */ __fsetlocking(fil, FSETLOCKING_BYCALLER); line = NULL; /* loop reading the file */ while (getline(&line, &len, fil) > 0) { retval = process_line(line, home, rhome, idata); if (retval) { pam_syslog(idata->pamh, LOG_ERR, "Error processing conf file %s line %s", confname, line); fclose(fil); free(line); globfree(&globbuf); free(rhome); free(home); return PAM_SERVICE_ERR; } } fclose(fil); free(line); if (n >= globbuf.gl_pathc) break; confname = globbuf.gl_pathv[n]; n++; } globfree(&globbuf); free(rhome); free(home); /* All done...just some debug stuff */ if (idata->flags & PAMNS_DEBUG) { struct polydir_s *dptr = idata->polydirs_ptr; uid_t *iptr; uid_t i; pam_syslog(idata->pamh, LOG_DEBUG, dptr?"Configured poly dirs:":"No configured poly dirs"); while (dptr) { pam_syslog(idata->pamh, LOG_DEBUG, "dir='%s' iprefix='%s' meth=%d", dptr->dir, dptr->instance_prefix, dptr->method); for (i = 0, iptr = dptr->uid; i < dptr->num_uids; i++, iptr++) pam_syslog(idata->pamh, LOG_DEBUG, "override user %d ", *iptr); dptr = dptr->next; } } return PAM_SUCCESS; } /* * This funtion returns true if a given uid is present in the polyinstantiated * directory's list of override uids. If the uid is one of the override * uids for the polyinstantiated directory, polyinstantiation is not * performed for that user for that directory. * If exclusive is set the returned values are opposite. */ static int ns_override(struct polydir_s *polyptr, struct instance_data *idata, uid_t uid) { unsigned int i; if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Checking for ns override in dir %s for uid %d", polyptr->dir, uid); for (i = 0; i < polyptr->num_uids; i++) { if (uid == polyptr->uid[i]) { return !(polyptr->flags & POLYDIR_EXCLUSIVE); } } return !!(polyptr->flags & POLYDIR_EXCLUSIVE); } /* * md5hash generates a hash of the passed in instance directory name. */ static char *md5hash(const char *instname, struct instance_data *idata) { int i; char *md5inst = NULL; char *to; unsigned char inst_digest[MD5_DIGEST_LENGTH]; /* * Create MD5 hashes for instance pathname. */ MD5((const unsigned char *)instname, strlen(instname), inst_digest); if ((md5inst = malloc(MD5_DIGEST_LENGTH * 2 + 1)) == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Unable to allocate buffer"); return NULL; } to = md5inst; for (i = 0; i < MD5_DIGEST_LENGTH; i++) { snprintf(to, 3, "%02x", (unsigned int)inst_digest[i]); to += 2; } return md5inst; } #ifdef WITH_SELINUX static int form_context(const struct polydir_s *polyptr, security_context_t *i_context, security_context_t *origcon, struct instance_data *idata) { int rc = PAM_SUCCESS; security_context_t scon = NULL; security_class_t tclass; /* * Get the security context of the directory to polyinstantiate. */ rc = getfilecon(polyptr->dir, origcon); if (rc < 0 || *origcon == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error getting poly dir context, %m"); return PAM_SESSION_ERR; } if (polyptr->method == USER) return PAM_SUCCESS; if (idata->flags & PAMNS_USE_CURRENT_CONTEXT) { rc = getcon(&scon); } else if (idata->flags & PAMNS_USE_DEFAULT_CONTEXT) { char *seuser = NULL, *level = NULL; if ((rc=getseuserbyname(idata->user, &seuser, &level)) == 0) { rc = get_default_context_with_level(seuser, level, NULL, &scon); free(seuser); free(level); } } else { rc = getexeccon(&scon); } if (rc < 0 || scon == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error getting exec context, %m"); return PAM_SESSION_ERR; } /* * If polyinstantiating based on security context, get current * process security context, get security class for directories, * and ask the policy to provide security context of the * polyinstantiated instance directory. */ if (polyptr->method == CONTEXT) { tclass = string_to_security_class("dir"); if (security_compute_member(scon, *origcon, tclass, i_context) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error computing poly dir member context"); freecon(scon); return PAM_SESSION_ERR; } else if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "member context returned by policy %s", *i_context); freecon(scon); return PAM_SUCCESS; } /* * If polyinstantiating based on security level, get current * process security context, get security class for directories, * and change the directories MLS Level to match process. */ if (polyptr->method == LEVEL) { context_t scontext = NULL; context_t fcontext = NULL; rc = PAM_SESSION_ERR; scontext = context_new(scon); if (! scontext) { pam_syslog(idata->pamh, LOG_ERR, "out of memory"); goto fail; } fcontext = context_new(*origcon); if (! fcontext) { pam_syslog(idata->pamh, LOG_ERR, "out of memory"); goto fail; } if (context_range_set(fcontext, context_range_get(scontext)) != 0) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set MLS Componant of context"); goto fail; } *i_context=strdup(context_str(fcontext)); if (! *i_context) { pam_syslog(idata->pamh, LOG_ERR, "out of memory"); goto fail; } rc = PAM_SUCCESS; fail: context_free(scontext); context_free(fcontext); freecon(scon); return rc; } /* Should never get here */ return PAM_SUCCESS; } #endif /* * poly_name returns the name of the polyinstantiated instance directory * based on the method used for polyinstantiation (user, context or level) * In addition, the function also returns the security contexts of the * original directory to polyinstantiate and the polyinstantiated instance * directory. */ #ifdef WITH_SELINUX static int poly_name(const struct polydir_s *polyptr, char **i_name, security_context_t *i_context, security_context_t *origcon, struct instance_data *idata) #else static int poly_name(const struct polydir_s *polyptr, char **i_name, struct instance_data *idata) #endif { int rc; char *hash = NULL; enum polymethod pm; #ifdef WITH_SELINUX security_context_t rawcon = NULL; #endif *i_name = NULL; #ifdef WITH_SELINUX *i_context = NULL; *origcon = NULL; if ((idata->flags & PAMNS_SELINUX_ENABLED) && (rc=form_context(polyptr, i_context, origcon, idata)) != PAM_SUCCESS) { return rc; } #endif rc = PAM_SESSION_ERR; /* * Set the name of the polyinstantiated instance dir based on the * polyinstantiation method. */ pm = polyptr->method; if (pm == LEVEL || pm == CONTEXT) #ifdef WITH_SELINUX if (!(idata->flags & PAMNS_CTXT_BASED_INST)) { #else { pam_syslog(idata->pamh, LOG_NOTICE, "Context and level methods not available, using user method"); #endif if (polyptr->flags & POLYDIR_SHARED) { rc = PAM_IGNORE; goto fail; } pm = USER; } switch (pm) { case USER: if (asprintf(i_name, "%s", idata->user) < 0) { *i_name = NULL; goto fail; } break; #ifdef WITH_SELINUX case LEVEL: case CONTEXT: if (selinux_trans_to_raw_context(*i_context, &rawcon) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error translating directory context"); goto fail; } if (polyptr->flags & POLYDIR_SHARED) { if (asprintf(i_name, "%s", rawcon) < 0) { *i_name = NULL; goto fail; } } else { if (asprintf(i_name, "%s_%s", rawcon, idata->user) < 0) { *i_name = NULL; goto fail; } } break; #endif /* WITH_SELINUX */ case TMPDIR: case TMPFS: if ((*i_name=strdup("")) == NULL) goto fail; return PAM_SUCCESS; default: if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_ERR, "Unknown method"); goto fail; } if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "poly_name %s", *i_name); if ((idata->flags & PAMNS_GEN_HASH) || strlen(*i_name) > NAMESPACE_MAX_DIR_LEN) { hash = md5hash(*i_name, idata); if (hash == NULL) { goto fail; } if (idata->flags & PAMNS_GEN_HASH) { free(*i_name); *i_name = hash; hash = NULL; } else { char *newname; if (asprintf(&newname, "%.*s_%s", NAMESPACE_MAX_DIR_LEN-1-(int)strlen(hash), *i_name, hash) < 0) { goto fail; } free(*i_name); *i_name = newname; } } rc = PAM_SUCCESS; fail: free(hash); #ifdef WITH_SELINUX freecon(rawcon); #endif if (rc != PAM_SUCCESS) { #ifdef WITH_SELINUX freecon(*i_context); *i_context = NULL; freecon(*origcon); *origcon = NULL; #endif free(*i_name); *i_name = NULL; } return rc; } static int protect_mount(int dfd, const char *path, struct instance_data *idata) { struct protect_dir_s *dir = idata->protect_dirs; char tmpbuf[64]; while (dir != NULL) { if (strcmp(path, dir->dir) == 0) { return 0; } dir = dir->next; } dir = calloc(1, sizeof(*dir)); if (dir == NULL) { return -1; } dir->dir = strdup(path); if (dir->dir == NULL) { free(dir); return -1; } snprintf(tmpbuf, sizeof(tmpbuf), "/proc/self/fd/%d", dfd); if (idata->flags & PAMNS_DEBUG) { pam_syslog(idata->pamh, LOG_INFO, "Protect mount of %s over itself", path); } if (mount(tmpbuf, tmpbuf, NULL, MS_BIND, NULL) != 0) { int save_errno = errno; pam_syslog(idata->pamh, LOG_ERR, "Protect mount of %s failed: %m", tmpbuf); free(dir->dir); free(dir); errno = save_errno; return -1; } dir->next = idata->protect_dirs; idata->protect_dirs = dir; return 0; } static int protect_dir(const char *path, mode_t mode, int do_mkdir, struct instance_data *idata) { char *p = strdup(path); char *d; char *dir = p; int dfd = AT_FDCWD; int dfd_next; int save_errno; int flags = O_RDONLY; int rv = -1; struct stat st; if (p == NULL) { goto error; } if (*dir == '/') { dfd = open("/", flags); if (dfd == -1) { goto error; } dir++; /* assume / is safe */ } while ((d=strchr(dir, '/')) != NULL) { *d = '\0'; dfd_next = openat(dfd, dir, flags); if (dfd_next == -1) { goto error; } if (dfd != AT_FDCWD) close(dfd); dfd = dfd_next; if (fstat(dfd, &st) != 0) { goto error; } if (flags & O_NOFOLLOW) { /* we are inside user-owned dir - protect */ if (protect_mount(dfd, p, idata) == -1) goto error; } else if (st.st_uid != 0 || st.st_gid != 0 || (st.st_mode & S_IWOTH)) { /* do not follow symlinks on subdirectories */ flags |= O_NOFOLLOW; } *d = '/'; dir = d + 1; } rv = openat(dfd, dir, flags); if (rv == -1) { if (!do_mkdir || mkdirat(dfd, dir, mode) != 0) { goto error; } rv = openat(dfd, dir, flags); } if (rv != -1) { if (fstat(rv, &st) != 0) { save_errno = errno; close(rv); rv = -1; errno = save_errno; goto error; } if (!S_ISDIR(st.st_mode)) { close(rv); errno = ENOTDIR; rv = -1; goto error; } } if (flags & O_NOFOLLOW) { /* we are inside user-owned dir - protect */ if (protect_mount(rv, p, idata) == -1) { save_errno = errno; close(rv); rv = -1; errno = save_errno; } } error: save_errno = errno; free(p); if (dfd != AT_FDCWD && dfd >= 0) close(dfd); errno = save_errno; return rv; } static int check_inst_parent(char *ipath, struct instance_data *idata) { struct stat instpbuf; char *inst_parent, *trailing_slash; int dfd; /* * stat the instance parent path to make sure it exists * and is a directory. Check that its mode is 000 (unless the * admin explicitly instructs to ignore the instance parent * mode by the "ignore_instance_parent_mode" argument). */ inst_parent = (char *) malloc(strlen(ipath)+1); if (!inst_parent) { pam_syslog(idata->pamh, LOG_ERR, "Error allocating pathname string"); return PAM_SESSION_ERR; } strcpy(inst_parent, ipath); trailing_slash = strrchr(inst_parent, '/'); if (trailing_slash) *trailing_slash = '\0'; dfd = protect_dir(inst_parent, 0, 1, idata); if (dfd == -1 || fstat(dfd, &instpbuf) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error creating or accessing instance parent %s, %m", inst_parent); if (dfd != -1) close(dfd); free(inst_parent); return PAM_SESSION_ERR; } if ((idata->flags & PAMNS_IGN_INST_PARENT_MODE) == 0) { if ((instpbuf.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) || instpbuf.st_uid != 0) { pam_syslog(idata->pamh, LOG_ERR, "Mode of inst parent %s not 000 or owner not root", inst_parent); close(dfd); free(inst_parent); return PAM_SESSION_ERR; } } close(dfd); free(inst_parent); return PAM_SUCCESS; } /* * Check to see if there is a namespace initialization script in * the /etc/security directory. If such a script exists * execute it and pass directory to polyinstantiate and instance * directory as arguments. */ static int inst_init(const struct polydir_s *polyptr, const char *ipath, struct instance_data *idata, int newdir) { pid_t rc, pid; struct sigaction newsa, oldsa; int status; const char *init_script = NAMESPACE_INIT_SCRIPT; memset(&newsa, '\0', sizeof(newsa)); newsa.sa_handler = SIG_DFL; if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); return PAM_SESSION_ERR; } if ((polyptr->flags & POLYDIR_ISCRIPT) && polyptr->init_script) init_script = polyptr->init_script; if (access(init_script, F_OK) == 0) { if (access(init_script, X_OK) < 0) { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_ERR, "Namespace init script not executable"); rc = PAM_SESSION_ERR; goto out; } else { pid = fork(); if (pid == 0) { static char *envp[] = { NULL }; #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) _exit(1); } #endif if (execle(init_script, init_script, polyptr->dir, ipath, newdir?"1":"0", idata->user, NULL, envp) < 0) _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); if (rc == (pid_t)-1) { pam_syslog(idata->pamh, LOG_ERR, "waitpid failed- %m"); rc = PAM_SESSION_ERR; goto out; } if (!WIFEXITED(status) || WIFSIGNALED(status) > 0) { pam_syslog(idata->pamh, LOG_ERR, "Error initializing instance"); rc = PAM_SESSION_ERR; goto out; } } else if (pid < 0) { pam_syslog(idata->pamh, LOG_ERR, "Cannot fork to run namespace init script, %m"); rc = PAM_SESSION_ERR; goto out; } } } rc = PAM_SUCCESS; out: (void) sigaction(SIGCHLD, &oldsa, NULL); return rc; } static int create_polydir(struct polydir_s *polyptr, struct instance_data *idata) { mode_t mode; int rc; #ifdef WITH_SELINUX security_context_t dircon, oldcon = NULL; #endif const char *dir = polyptr->dir; uid_t uid; gid_t gid; if (polyptr->mode != (mode_t)ULONG_MAX) mode = polyptr->mode; else mode = 0777; #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { getfscreatecon(&oldcon); rc = matchpathcon(dir, S_IFDIR, &dircon); if (rc) { pam_syslog(idata->pamh, LOG_NOTICE, "Unable to get default context for directory %s, check your policy: %m", dir); } else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Polydir %s context: %s", dir, (char *)dircon); if (setfscreatecon(dircon) != 0) pam_syslog(idata->pamh, LOG_NOTICE, "Error setting context for directory %s: %m", dir); freecon(dircon); } matchpathcon_fini(); } #endif rc = protect_dir(dir, mode, 1, idata); if (rc == -1) { pam_syslog(idata->pamh, LOG_ERR, "Error creating directory %s: %m", dir); return PAM_SESSION_ERR; } #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setfscreatecon(oldcon) != 0) pam_syslog(idata->pamh, LOG_NOTICE, "Error resetting fs create context: %m"); freecon(oldcon); } #endif if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Created polydir %s", dir); if (polyptr->mode != (mode_t)ULONG_MAX) { /* explicit mode requested */ if (fchmod(rc, mode) != 0) { pam_syslog(idata->pamh, LOG_ERR, "Error changing mode of directory %s: %m", dir); close(rc); umount(dir); /* undo the eventual protection bind mount */ rmdir(dir); return PAM_SESSION_ERR; } } if (polyptr->owner != (uid_t)ULONG_MAX) uid = polyptr->owner; else uid = idata->uid; if (polyptr->group != (gid_t)ULONG_MAX) gid = polyptr->group; else gid = idata->gid; if (fchown(rc, uid, gid) != 0) { pam_syslog(idata->pamh, LOG_ERR, "Unable to change owner on directory %s: %m", dir); close(rc); umount(dir); /* undo the eventual protection bind mount */ rmdir(dir); return PAM_SESSION_ERR; } close(rc); if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Polydir owner %u group %u", uid, gid); return PAM_SUCCESS; } /* * Create polyinstantiated instance directory (ipath). */ #ifdef WITH_SELINUX static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, security_context_t icontext, security_context_t ocontext, struct instance_data *idata) #else static int create_instance(struct polydir_s *polyptr, char *ipath, struct stat *statbuf, struct instance_data *idata) #endif { struct stat newstatbuf; int fd; /* * Check to make sure instance parent is valid. */ if (check_inst_parent(ipath, idata)) return PAM_SESSION_ERR; /* * Create instance directory and set its security context to the context * returned by the security policy. Set its mode and ownership * attributes to match that of the original directory that is being * polyinstantiated. */ if (polyptr->method == TMPDIR) { if (mkdtemp(polyptr->instance_prefix) == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Error creating temporary instance %s, %m", polyptr->instance_prefix); polyptr->method = NONE; /* do not clean up! */ return PAM_SESSION_ERR; } /* copy the actual directory name to ipath */ strcpy(ipath, polyptr->instance_prefix); } else if (mkdir(ipath, S_IRUSR) < 0) { if (errno == EEXIST) return PAM_IGNORE; else { pam_syslog(idata->pamh, LOG_ERR, "Error creating %s, %m", ipath); return PAM_SESSION_ERR; } } /* Open a descriptor to it to prevent races */ fd = open(ipath, O_DIRECTORY | O_RDONLY); if (fd < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error opening %s, %m", ipath); rmdir(ipath); return PAM_SESSION_ERR; } #ifdef WITH_SELINUX /* If SE Linux is disabled, no need to label it */ if (idata->flags & PAMNS_SELINUX_ENABLED) { /* If method is USER, icontext is NULL */ if (icontext) { if (fsetfilecon(fd, icontext) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error setting context of %s to %s", ipath, icontext); close(fd); rmdir(ipath); return PAM_SESSION_ERR; } } else { if (fsetfilecon(fd, ocontext) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error setting context of %s to %s", ipath, ocontext); close(fd); rmdir(ipath); return PAM_SESSION_ERR; } } } #endif if (fstat(fd, &newstatbuf) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error stating %s, %m", ipath); rmdir(ipath); return PAM_SESSION_ERR; } if (newstatbuf.st_uid != statbuf->st_uid || newstatbuf.st_gid != statbuf->st_gid) { if (fchown(fd, statbuf->st_uid, statbuf->st_gid) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error changing owner for %s, %m", ipath); close(fd); rmdir(ipath); return PAM_SESSION_ERR; } } if (fchmod(fd, statbuf->st_mode & 07777) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error changing mode for %s, %m", ipath); close(fd); rmdir(ipath); return PAM_SESSION_ERR; } close(fd); return PAM_SUCCESS; } /* * This function performs the namespace setup for a particular directory * that is being polyinstantiated. It calls poly_name to create name of instance * directory, calls create_instance to mkdir it with appropriate * security attributes, and performs bind mount to setup the process * namespace. */ static int ns_setup(struct polydir_s *polyptr, struct instance_data *idata) { int retval; int newdir = 1; char *inst_dir = NULL; char *instname = NULL; struct stat statbuf; #ifdef WITH_SELINUX security_context_t instcontext = NULL, origcontext = NULL; #endif if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Set namespace for directory %s", polyptr->dir); retval = protect_dir(polyptr->dir, 0, 0, idata); if (retval < 0 && errno != ENOENT) { pam_syslog(idata->pamh, LOG_ERR, "Polydir %s access error: %m", polyptr->dir); return PAM_SESSION_ERR; } if (retval < 0) { if ((polyptr->flags & POLYDIR_CREATE) && create_polydir(polyptr, idata) != PAM_SUCCESS) return PAM_SESSION_ERR; } else { close(retval); } if (polyptr->method == TMPFS) { if (mount("tmpfs", polyptr->dir, "tmpfs", 0, polyptr->mount_opts) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error mounting tmpfs on %s, %m", polyptr->dir); return PAM_SESSION_ERR; } if (polyptr->flags & POLYDIR_NOINIT) return PAM_SUCCESS; return inst_init(polyptr, "tmpfs", idata, 1); } if (stat(polyptr->dir, &statbuf) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error stating %s: %m", polyptr->dir); return PAM_SESSION_ERR; } /* * Obtain the name of instance pathname based on the * polyinstantiation method and instance context returned by * security policy. */ #ifdef WITH_SELINUX retval = poly_name(polyptr, &instname, &instcontext, &origcontext, idata); #else retval = poly_name(polyptr, &instname, idata); #endif if (retval != PAM_SUCCESS) { if (retval != PAM_IGNORE) pam_syslog(idata->pamh, LOG_ERR, "Error getting instance name"); goto cleanup; } else { #ifdef WITH_SELINUX if ((idata->flags & PAMNS_DEBUG) && (idata->flags & PAMNS_SELINUX_ENABLED)) pam_syslog(idata->pamh, LOG_DEBUG, "Inst ctxt %s Orig ctxt %s", instcontext, origcontext); #endif } if (asprintf(&inst_dir, "%s%s", polyptr->instance_prefix, instname) < 0) goto error_out; if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "instance_dir %s", inst_dir); /* * Create instance directory with appropriate security * contexts, owner, group and mode bits. */ #ifdef WITH_SELINUX retval = create_instance(polyptr, inst_dir, &statbuf, instcontext, origcontext, idata); #else retval = create_instance(polyptr, inst_dir, &statbuf, idata); #endif if (retval == PAM_IGNORE) { newdir = 0; retval = PAM_SUCCESS; } if (retval != PAM_SUCCESS) { goto error_out; } /* * Bind mount instance directory on top of the polyinstantiated * directory to provide an instance of polyinstantiated directory * based on polyinstantiated method. */ if (mount(inst_dir, polyptr->dir, NULL, MS_BIND, NULL) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Error mounting %s on %s, %m", inst_dir, polyptr->dir); goto error_out; } if (!(polyptr->flags & POLYDIR_NOINIT)) retval = inst_init(polyptr, inst_dir, idata, newdir); goto cleanup; /* * various error exit points. Free allocated memory and set return * value to indicate a pam session error. */ error_out: retval = PAM_SESSION_ERR; cleanup: free(inst_dir); free(instname); #ifdef WITH_SELINUX freecon(instcontext); freecon(origcontext); #endif return retval; } /* * This function checks to see if the current working directory is * inside the directory passed in as the first argument. */ static int cwd_in(char *dir, struct instance_data *idata) { int retval = 0; char cwd[PATH_MAX]; if (getcwd(cwd, PATH_MAX) == NULL) { pam_syslog(idata->pamh, LOG_ERR, "Can't get current dir, %m"); return -1; } if (strncmp(cwd, dir, strlen(dir)) == 0) { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "cwd is inside %s", dir); retval = 1; } else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "cwd is outside %s", dir); } return retval; } static int cleanup_tmpdirs(struct instance_data *idata) { struct polydir_s *pptr; pid_t rc, pid; struct sigaction newsa, oldsa; int status; memset(&newsa, '\0', sizeof(newsa)); newsa.sa_handler = SIG_DFL; if (sigaction(SIGCHLD, &newsa, &oldsa) == -1) { pam_syslog(idata->pamh, LOG_ERR, "Cannot set signal value"); return PAM_SESSION_ERR; } for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { if (pptr->method == TMPDIR && access(pptr->instance_prefix, F_OK) == 0) { pid = fork(); if (pid == 0) { static char *envp[] = { NULL }; #ifdef WITH_SELINUX if (idata->flags & PAMNS_SELINUX_ENABLED) { if (setexeccon(NULL) < 0) _exit(1); } #endif if (execle("/bin/rm", "/bin/rm", "-rf", pptr->instance_prefix, NULL, envp) < 0) _exit(1); } else if (pid > 0) { while (((rc = waitpid(pid, &status, 0)) == (pid_t)-1) && (errno == EINTR)); if (rc == (pid_t)-1) { pam_syslog(idata->pamh, LOG_ERR, "waitpid failed: %m"); rc = PAM_SESSION_ERR; goto out; } if (!WIFEXITED(status) || WIFSIGNALED(status) > 0) { pam_syslog(idata->pamh, LOG_ERR, "Error removing %s", pptr->instance_prefix); } } else if (pid < 0) { pam_syslog(idata->pamh, LOG_ERR, "Cannot fork to run namespace init script, %m"); rc = PAM_SESSION_ERR; goto out; } } } rc = PAM_SUCCESS; out: sigaction(SIGCHLD, &oldsa, NULL); return rc; } /* * This function checks to see if polyinstantiation is needed for any * of the directories listed in the configuration file. If needed, * cycles through all polyinstantiated directory entries and calls * ns_setup to setup polyinstantiation for each one of them. */ static int setup_namespace(struct instance_data *idata, enum unmnt_op unmnt) { int retval = 0, need_poly = 0, changing_dir = 0; char *cptr, *fptr, poly_parent[PATH_MAX]; struct polydir_s *pptr; if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Set up namespace for pid %d", getpid()); /* * Cycle through all polyinstantiated directory entries to see if * polyinstantiation is needed at all. */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { if (ns_override(pptr, idata, idata->uid)) { if (unmnt == NO_UNMNT || ns_override(pptr, idata, idata->ruid)) { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Overriding poly for user %d for dir %s", idata->uid, pptr->dir); } else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Need unmount ns for user %d for dir %s", idata->ruid, pptr->dir); need_poly = 1; break; } continue; } else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Need poly ns for user %d for dir %s", idata->uid, pptr->dir); need_poly = 1; break; } } /* * If polyinstantiation is needed, call the unshare system call to * disassociate from the parent namespace. */ if (need_poly) { if (unshare(CLONE_NEWNS) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Unable to unshare from parent namespace, %m"); return PAM_SESSION_ERR; } if (idata->flags & PAMNS_MOUNT_PRIVATE) { /* * Remount / as SLAVE so that nothing mounted in the namespace * shows up in the parent */ if (mount("/", "/", NULL, MS_SLAVE | MS_REC , NULL) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Failed to mark / as a slave mount point, %m"); return PAM_SESSION_ERR; } if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "The / mount point was marked as slave"); } } else { del_polydir_list(idata->polydirs_ptr); return PAM_SUCCESS; } /* * Again cycle through all polyinstantiated directories, this time, * call ns_setup to setup polyinstantiation for a particular entry. */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { enum unmnt_op dir_unmnt = unmnt; if (ns_override(pptr, idata, idata->ruid)) { dir_unmnt = NO_UNMNT; } if (ns_override(pptr, idata, idata->uid)) { if (dir_unmnt == NO_UNMNT) { continue; } else { dir_unmnt = UNMNT_ONLY; } } if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Setting poly ns for user %d for dir %s", idata->uid, pptr->dir); if ((dir_unmnt == UNMNT_REMNT) || (dir_unmnt == UNMNT_ONLY)) { /* * Check to see if process current directory is in the * bind mounted instance_parent directory that we are trying to * umount */ if ((changing_dir = cwd_in(pptr->rdir, idata)) < 0) { retval = PAM_SESSION_ERR; goto out; } else if (changing_dir) { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "changing cwd"); /* * Change current working directory to the parent of * the mount point, that is parent of the orig * directory where original contents of the polydir * are available from */ strcpy(poly_parent, pptr->rdir); fptr = strchr(poly_parent, '/'); cptr = strrchr(poly_parent, '/'); if (fptr && cptr && (fptr == cptr)) strcpy(poly_parent, "/"); else if (cptr) *cptr = '\0'; if (chdir(poly_parent) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Can't chdir to %s, %m", poly_parent); } } if (umount(pptr->rdir) < 0) { int saved_errno = errno; pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", pptr->rdir); if (saved_errno != EINVAL) { retval = PAM_SESSION_ERR; goto out; } } else if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Umount succeeded %s", pptr->rdir); } if (dir_unmnt != UNMNT_ONLY) { retval = ns_setup(pptr, idata); if (retval == PAM_IGNORE) retval = PAM_SUCCESS; if (retval != PAM_SUCCESS) break; } } out: if (retval != PAM_SUCCESS) { cleanup_tmpdirs(idata); unprotect_dirs(idata->protect_dirs); } else if (pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, idata->protect_dirs, cleanup_protect_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace protect data"); cleanup_tmpdirs(idata); unprotect_dirs(idata->protect_dirs); return PAM_SYSTEM_ERR; } else if (pam_set_data(idata->pamh, NAMESPACE_POLYDIR_DATA, idata->polydirs_ptr, cleanup_polydir_data) != PAM_SUCCESS) { pam_syslog(idata->pamh, LOG_ERR, "Unable to set namespace polydir data"); cleanup_tmpdirs(idata); pam_set_data(idata->pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); idata->protect_dirs = NULL; return PAM_SYSTEM_ERR; } return retval; } /* * Orig namespace. This function is called from when closing a pam * session. If authorized, it unmounts instance directory. */ static int orig_namespace(struct instance_data *idata) { struct polydir_s *pptr; if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "orig namespace for pid %d", getpid()); /* * Cycle through all polyinstantiated directories from the namespace * configuration file to see if polyinstantiation was performed for * this user for each of the entry. If it was, try and unmount * appropriate polyinstantiated instance directories. */ for (pptr = idata->polydirs_ptr; pptr; pptr = pptr->next) { if (ns_override(pptr, idata, idata->uid)) continue; else { if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Unmounting instance dir for user %d & dir %s", idata->uid, pptr->dir); if (umount(pptr->dir) < 0) { pam_syslog(idata->pamh, LOG_ERR, "Unmount of %s failed, %m", pptr->dir); return PAM_SESSION_ERR; } else if (idata->flags & PAMNS_DEBUG) pam_syslog(idata->pamh, LOG_DEBUG, "Unmount of %s succeeded", pptr->dir); } } cleanup_tmpdirs(idata); return 0; } #ifdef WITH_SELINUX /* * This function checks if the calling program has requested context * change by calling setexeccon(). If context change is not requested * then it does not make sense to polyinstantiate based on context. * The return value from this function is used when selecting the * polyinstantiation method. If context change is not requested then * the polyinstantiation method is set to USER, even if the configuration * file lists the method as "context" or "level". */ static int ctxt_based_inst_needed(void) { security_context_t scon = NULL; int rc = 0; rc = getexeccon(&scon); if (rc < 0 || scon == NULL) return 0; else { freecon(scon); return 1; } } #endif static int root_shared(void) { FILE *f; char *line = NULL; size_t n = 0; int rv = 0; f = fopen("/proc/self/mountinfo", "r"); if (f == NULL) return 0; while(getline(&line, &n, f) != -1) { char *l; char *sptr; int i; l = line; sptr = NULL; for (i = 0; i < 7; i++) { char *tok; tok = strtok_r(l, " ", &sptr); l = NULL; if (tok == NULL) /* next mountinfo line */ break; if (i == 4 && strcmp(tok, "/") != 0) /* next mountinfo line */ break; if (i == 6) { if (strncmp(tok, "shared:", 7) == 0) /* there might be more / mounts, the last one counts */ rv = 1; else rv = 0; } } } free(line); fclose(f); return rv; } static int get_user_data(struct instance_data *idata) { int retval; char *user_name; struct passwd *pwd; /* * Lookup user and fill struct items */ retval = pam_get_item(idata->pamh, PAM_USER, (void*) &user_name ); if ( user_name == NULL || retval != PAM_SUCCESS ) { pam_syslog(idata->pamh, LOG_ERR, "Error recovering pam user name"); return PAM_SESSION_ERR; } pwd = pam_modutil_getpwnam(idata->pamh, user_name); if (!pwd) { pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name); return PAM_USER_UNKNOWN; } /* * Add the user info to the instance data so we can refer to them later. */ idata->user[0] = 0; strncat(idata->user, user_name, sizeof(idata->user) - 1); idata->uid = pwd->pw_uid; idata->gid = pwd->pw_gid; /* Fill in RUSER too */ retval = pam_get_item(idata->pamh, PAM_RUSER, (void*) &user_name ); if ( user_name != NULL && retval == PAM_SUCCESS && user_name[0] != '\0' ) { strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); pwd = pam_modutil_getpwnam(idata->pamh, user_name); } else { pwd = pam_modutil_getpwuid(idata->pamh, getuid()); } if (!pwd) { pam_syslog(idata->pamh, LOG_ERR, "user unknown '%s'", user_name); return PAM_USER_UNKNOWN; } user_name = pwd->pw_name; idata->ruser[0] = 0; strncat(idata->ruser, user_name, sizeof(idata->ruser) - 1); idata->ruid = pwd->pw_uid; return PAM_SUCCESS; } /* * Entry point from pam_open_session call. */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, retval; struct instance_data idata; enum unmnt_op unmnt = NO_UNMNT; /* init instance data */ idata.flags = 0; idata.polydirs_ptr = NULL; idata.protect_dirs = NULL; idata.pamh = pamh; #ifdef WITH_SELINUX if (is_selinux_enabled()) idata.flags |= PAMNS_SELINUX_ENABLED; if (ctxt_based_inst_needed()) idata.flags |= PAMNS_CTXT_BASED_INST; #endif /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) idata.flags |= PAMNS_DEBUG; if (strcmp(argv[i], "gen_hash") == 0) idata.flags |= PAMNS_GEN_HASH; if (strcmp(argv[i], "ignore_config_error") == 0) idata.flags |= PAMNS_IGN_CONFIG_ERR; if (strcmp(argv[i], "ignore_instance_parent_mode") == 0) idata.flags |= PAMNS_IGN_INST_PARENT_MODE; if (strcmp(argv[i], "use_current_context") == 0) { idata.flags |= PAMNS_USE_CURRENT_CONTEXT; idata.flags |= PAMNS_CTXT_BASED_INST; } if (strcmp(argv[i], "use_default_context") == 0) { idata.flags |= PAMNS_USE_DEFAULT_CONTEXT; idata.flags |= PAMNS_CTXT_BASED_INST; } if (strcmp(argv[i], "mount_private") == 0) { idata.flags |= PAMNS_MOUNT_PRIVATE; } if (strcmp(argv[i], "unmnt_remnt") == 0) unmnt = UNMNT_REMNT; if (strcmp(argv[i], "unmnt_only") == 0) unmnt = UNMNT_ONLY; if (strcmp(argv[i], "require_selinux") == 0) { if (!(idata.flags & PAMNS_SELINUX_ENABLED)) { pam_syslog(idata.pamh, LOG_ERR, "selinux_required option given and selinux is disabled"); return PAM_SESSION_ERR; } } } if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "open_session - start"); retval = get_user_data(&idata); if (retval != PAM_SUCCESS) return retval; if (root_shared()) { idata.flags |= PAMNS_MOUNT_PRIVATE; } /* * Parse namespace configuration file which lists directories to * polyinstantiate, directory where instance directories are to * be created and the method used for polyinstantiation. */ retval = parse_config_file(&idata); if (retval != PAM_SUCCESS) { del_polydir_list(idata.polydirs_ptr); return PAM_SESSION_ERR; } if (idata.polydirs_ptr) { retval = setup_namespace(&idata, unmnt); if (idata.flags & PAMNS_DEBUG) { if (retval) pam_syslog(idata.pamh, LOG_DEBUG, "namespace setup failed for pid %d", getpid()); else pam_syslog(idata.pamh, LOG_DEBUG, "namespace setup ok for pid %d", getpid()); } } else if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "Nothing to polyinstantiate"); if (retval != PAM_SUCCESS) del_polydir_list(idata.polydirs_ptr); return retval; } /* * Entry point from pam_close_session call. */ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, retval; struct instance_data idata; void *polyptr; /* init instance data */ idata.flags = 0; idata.polydirs_ptr = NULL; idata.pamh = pamh; #ifdef WITH_SELINUX if (is_selinux_enabled()) idata.flags |= PAMNS_SELINUX_ENABLED; if (ctxt_based_inst_needed()) idata.flags |= PAMNS_CTXT_BASED_INST; #endif /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) idata.flags |= PAMNS_DEBUG; if (strcmp(argv[i], "ignore_config_error") == 0) idata.flags |= PAMNS_IGN_CONFIG_ERR; if (strcmp(argv[i], "unmount_on_close") == 0) idata.flags |= PAMNS_UNMOUNT_ON_CLOSE; } if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "close_session - start"); /* * Normally the unmount is implicitly done when the last * process in the private namespace exits. * If it is ensured that there are no child processes left in * the private namespace by other means and if there are * multiple sessions opened and closed sequentially by the * same process, the "unmount_on_close" option might be * used to unmount the polydirs explicitly. */ if (!(idata.flags & PAMNS_UNMOUNT_ON_CLOSE)) { pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "close_session - sucessful"); return PAM_SUCCESS; } retval = get_user_data(&idata); if (retval != PAM_SUCCESS) return retval; retval = pam_get_data(idata.pamh, NAMESPACE_POLYDIR_DATA, (const void **)&polyptr); if (retval != PAM_SUCCESS || polyptr == NULL) /* nothing to reset */ return PAM_SUCCESS; idata.polydirs_ptr = polyptr; if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "Resetting namespace for pid %d", getpid()); retval = orig_namespace(&idata); if (idata.flags & PAMNS_DEBUG) { if (retval) pam_syslog(idata.pamh, LOG_DEBUG, "resetting namespace failed for pid %d", getpid()); else pam_syslog(idata.pamh, LOG_DEBUG, "resetting namespace ok for pid %d", getpid()); } pam_set_data(idata.pamh, NAMESPACE_POLYDIR_DATA, NULL, NULL); pam_set_data(idata.pamh, NAMESPACE_PROTECT_DATA, NULL, NULL); return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_namespace_modstruct = { "pam_namespace", NULL, NULL, NULL, pam_sm_open_session, pam_sm_close_session, NULL }; #endif pam/modules/pam_namespace/pam_namespace.h0000644000000000000000000001526713261244762015746 0ustar /****************************************************************************** * A module for Linux-PAM that will set the default namespace after * establishing a session via PAM. * * (C) Copyright IBM Corporation 2005 * (C) Copyright Red Hat 2006 * All Rights Reserved. * * Written by: Janak Desai * With Revisions by: Steve Grubb * Derived from a namespace setup patch by Chad Sellers * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the "Software"), * to deal in the Software without restriction, including without limitation * on the rights to use, copy, modify, merge, publish, distribute, sub * license, and/or sell copies of the Software, and to permit persons to whom * the Software is furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice (including the next * paragraph) shall be included in all copies or substantial portions of the * Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL * IBM AND/OR THEIR SUPPLIERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ #if !(defined(linux)) #error THIS CODE IS KNOWN TO WORK ONLY ON LINUX !!! #endif #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "security/pam_modules.h" #include "security/pam_modutil.h" #include "security/pam_ext.h" #include "md5.h" #ifdef WITH_SELINUX #include #include #include #endif #ifndef CLONE_NEWNS #define CLONE_NEWNS 0x00020000 /* Flag to create new namespace */ #endif /* mount flags for mount_private */ #ifndef MS_REC #define MS_REC (1<<14) #endif #ifndef MS_PRIVATE #define MS_PRIVATE (1<<18) #endif #ifndef MS_SLAVE #define MS_SLAVE (1<<19) #endif /* * Module defines */ #ifndef SECURECONF_DIR #define SECURECONF_DIR "/etc/security/" #endif #define PAM_NAMESPACE_CONFIG (SECURECONF_DIR "namespace.conf") #define NAMESPACE_INIT_SCRIPT (SECURECONF_DIR "namespace.init") #define NAMESPACE_D_DIR (SECURECONF_DIR "namespace.d/") #define NAMESPACE_D_GLOB (SECURECONF_DIR "namespace.d/*.conf") /* module flags */ #define PAMNS_DEBUG 0x00000100 /* Running in debug mode */ #define PAMNS_SELINUX_ENABLED 0x00000400 /* SELinux is enabled */ #define PAMNS_CTXT_BASED_INST 0x00000800 /* Context based instance needed */ #define PAMNS_GEN_HASH 0x00002000 /* Generate md5 hash for inst names */ #define PAMNS_IGN_CONFIG_ERR 0x00004000 /* Ignore format error in conf file */ #define PAMNS_IGN_INST_PARENT_MODE 0x00008000 /* Ignore instance parent mode */ #define PAMNS_UNMOUNT_ON_CLOSE 0x00010000 /* Unmount at session close */ #define PAMNS_USE_CURRENT_CONTEXT 0x00020000 /* use getcon instead of getexeccon */ #define PAMNS_USE_DEFAULT_CONTEXT 0x00040000 /* use get_default_context instead of getexeccon */ #define PAMNS_MOUNT_PRIVATE 0x00080000 /* Make the polydir mounts private */ /* polydir flags */ #define POLYDIR_EXCLUSIVE 0x00000001 /* polyinstatiate exclusively for override uids */ #define POLYDIR_CREATE 0x00000002 /* create the polydir */ #define POLYDIR_NOINIT 0x00000004 /* no init script */ #define POLYDIR_SHARED 0x00000008 /* share context/level instances among users */ #define POLYDIR_ISCRIPT 0x00000010 /* non default init script */ #define POLYDIR_MNTOPTS 0x00000020 /* mount options for tmpfs mount */ #define NAMESPACE_MAX_DIR_LEN 80 #define NAMESPACE_POLYDIR_DATA "pam_namespace:polydir_data" #define NAMESPACE_PROTECT_DATA "pam_namespace:protect_data" /* * Polyinstantiation method options, based on user, security context * or both */ enum polymethod { NONE, USER, CONTEXT, LEVEL, TMPDIR, TMPFS }; /* * Depending on the application using this namespace module, we * may need to unmount priviously bind mounted instance directory. * Applications such as login and sshd, that establish a new * session unmount of instance directory is not needed. For applications * such as su and newrole, that switch the identity, this module * has to unmount previous instance directory first and re-mount * based on the new indentity. For other trusted applications that * just want to undo polyinstantiation, only unmount of previous * instance directory is needed. */ enum unmnt_op { NO_UNMNT, UNMNT_REMNT, UNMNT_ONLY, }; /* * Structure that holds information about a directory to polyinstantiate */ struct polydir_s { char dir[PATH_MAX]; /* directory to polyinstantiate */ char rdir[PATH_MAX]; /* directory to unmount (based on RUSER) */ char instance_prefix[PATH_MAX]; /* prefix for instance dir path name */ enum polymethod method; /* method used to polyinstantiate */ unsigned int num_uids; /* number of override uids */ uid_t *uid; /* list of override uids */ unsigned int flags; /* polydir flags */ char *init_script; /* path to init script */ char *mount_opts; /* mount options for tmpfs mount */ uid_t owner; /* user which should own the polydir */ gid_t group; /* group which should own the polydir */ mode_t mode; /* mode of the polydir */ struct polydir_s *next; /* pointer to the next polydir entry */ }; struct protect_dir_s { char *dir; /* protected directory */ struct protect_dir_s *next; /* next entry */ }; struct instance_data { pam_handle_t *pamh; /* The pam handle for this instance */ struct polydir_s *polydirs_ptr; /* The linked list pointer */ struct protect_dir_s *protect_dirs; /* The pointer to stack of mount-protected dirs */ char user[LOGIN_NAME_MAX]; /* User name */ char ruser[LOGIN_NAME_MAX]; /* Requesting user name */ uid_t uid; /* The uid of the user */ gid_t gid; /* The gid of the user's primary group */ uid_t ruid; /* The uid of the requesting user */ unsigned long flags; /* Flags for debug, selinux etc */ }; pam/modules/pam_namespace/tst-pam_namespace0000755000000000000000000000007013261244762016315 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_namespace.so pam/modules/pam_nologin/0000755000000000000000000000000013261244762012502 5ustar pam/modules/pam_nologin/Makefile.am0000644000000000000000000000135513261244762014542 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_nologin TESTS = tst-pam_nologin man_MANS = pam_nologin.8 XMLS = README.xml pam_nologin.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_nologin.la pam_nologin_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_nologin.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_nologin/Makefile.in0000644000000000000000000006015013261244762014551 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_nologin DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_nologin_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_nologin_la_SOURCES = pam_nologin.c pam_nologin_la_OBJECTS = pam_nologin.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_nologin.c DIST_SOURCES = pam_nologin.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_nologin TESTS = tst-pam_nologin man_MANS = pam_nologin.8 XMLS = README.xml pam_nologin.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_nologin.la pam_nologin_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_nologin/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_nologin/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_nologin.la: $(pam_nologin_la_OBJECTS) $(pam_nologin_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_nologin_la_OBJECTS) $(pam_nologin_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_nologin.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_nologin.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_nologin/README0000644000000000000000000000250413261244762013363 0ustar pam_nologin — Prevent non-root users from login â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in. OPTIONS file=/path/nologin Use this file instead the default /var/run/nologin or /etc/nologin. successok Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE. EXAMPLES The suggested usage for /etc/pam.d/login is: auth required pam_nologin.so NOTES In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any sufficient methods in order to get standard Unix nologin semantics. Note, the use of successok module argument causes the module to return PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin module succeeded. AUTHOR pam_nologin was written by Michael K. Johnson . pam/modules/pam_nologin/README.xml0000644000000000000000000000251213261244762014161 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_nologin.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_nologin-name"]/*)'/>
pam/modules/pam_nologin/pam_nologin.80000644000000000000000000000630713261244762015103 0ustar '\" t .\" Title: pam_nologin .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_NOLOGIN" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_nologin \- Prevent non\-root users from login .SH "SYNOPSIS" .HP \w'\fBpam_nologin\&.so\fR\ 'u \fBpam_nologin\&.so\fR [file=\fI/path/nologin\fR] [successok] .SH "DESCRIPTION" .PP pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists\&. The contents of the file are displayed to the user\&. The pam_nologin module has no effect on the root user\*(Aqs ability to log in\&. .SH "OPTIONS" .PP \fBfile=\fR\fB\fI/path/nologin\fR\fR .RS 4 Use this file instead the default /var/run/nologin or /etc/nologin\&. .RE .PP \fBsuccessok\fR .RS 4 Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR and \fBacct\fR module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR .RS 4 The user is not root and /etc/nologin exists, so the user is not permitted to log in\&. .RE .PP PAM_BUF_ERR .RS 4 Memory buffer error\&. .RE .PP PAM_IGNORE .RS 4 This is the default return value\&. .RE .PP PAM_SUCCESS .RS 4 Success: either the user is root or the nologin file does not exist\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User not known to the underlying authentication module\&. .RE .SH "EXAMPLES" .PP The suggested usage for /etc/pam\&.d/login is: .sp .if n \{\ .RS 4 .\} .nf auth required pam_nologin\&.so .fi .if n \{\ .RE .\} .sp .SH "NOTES" .PP In order to make this module effective, all login methods should be secured by it\&. It should be used as a \fIrequired\fR method listed before any \fIsufficient\fR methods in order to get standard Unix nologin semantics\&. Note, the use of \fBsuccessok\fR module argument causes the module to return \fIPAM_SUCCESS\fR and as such would break such a configuration \- failing \fIsufficient\fR modules would lead to a successful login because the nologin module \fIsucceeded\fR\&. .SH "SEE ALSO" .PP \fBnologin\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_nologin was written by Michael K\&. Johnson \&. pam/modules/pam_nologin/pam_nologin.8.xml0000644000000000000000000001200313261244762015670 0ustar pam_nologin 8 Linux-PAM Manual pam_nologin Prevent non-root users from login pam_nologin.so file=/path/nologin successok DESCRIPTION pam_nologin is a PAM module that prevents users from logging into the system when /var/run/nologin or /etc/nologin exists. The contents of the file are displayed to the user. The pam_nologin module has no effect on the root user's ability to log in. OPTIONS Use this file instead the default /var/run/nologin or /etc/nologin. Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE. MODULE TYPES PROVIDED The and module types are provided. RETURN VALUES PAM_AUTH_ERR The user is not root and /etc/nologin exists, so the user is not permitted to log in. PAM_BUF_ERR Memory buffer error. PAM_IGNORE This is the default return value. PAM_SUCCESS Success: either the user is root or the nologin file does not exist. PAM_USER_UNKNOWN User not known to the underlying authentication module. EXAMPLES The suggested usage for /etc/pam.d/login is: auth required pam_nologin.so NOTES In order to make this module effective, all login methods should be secured by it. It should be used as a required method listed before any sufficient methods in order to get standard Unix nologin semantics. Note, the use of module argument causes the module to return PAM_SUCCESS and as such would break such a configuration - failing sufficient modules would lead to a successful login because the nologin module succeeded. SEE ALSO nologin5 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_nologin was written by Michael K. Johnson <johnsonm@redhat.com>. pam/modules/pam_nologin/pam_nologin.c0000644000000000000000000000753613261244762015163 0ustar /* pam_nologin module */ /* * $Id$ * * Written by Michael K. Johnson 1996/10/24 * */ #include "config.h" #include #include #include #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #include #include #include #define DEFAULT_NOLOGIN_PATH "/var/run/nologin" #define COMPAT_NOLOGIN_PATH "/etc/nologin" /* * parse some command line options */ struct opt_s { int retval_when_nofile; const char *nologin_file; }; static void parse_args(pam_handle_t *pamh, int argc, const char **argv, struct opt_s *opts) { int i; memset(opts, 0, sizeof(*opts)); opts->retval_when_nofile = PAM_IGNORE; for (i=0; iretval_when_nofile = PAM_SUCCESS; } else if (!strncmp("file=", argv[i], 5)) { opts->nologin_file = argv[i] + 5; } else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", argv[i]); } } } /* * do the meat of the work for this module */ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) { const char *username; int retval = opts->retval_when_nofile; int fd = -1; if ((pam_get_user(pamh, &username, NULL) != PAM_SUCCESS) || !username) { pam_syslog(pamh, LOG_WARNING, "cannot determine username"); return PAM_USER_UNKNOWN; } if (opts->nologin_file == NULL) { if ((fd = open(DEFAULT_NOLOGIN_PATH, O_RDONLY, 0)) < 0) { fd = open(COMPAT_NOLOGIN_PATH, O_RDONLY, 0); } } else { fd = open(opts->nologin_file, O_RDONLY, 0); } if (fd >= 0) { char *mtmp=NULL; int msg_style = PAM_TEXT_INFO; struct passwd *user_pwd; struct stat st; user_pwd = pam_modutil_getpwnam(pamh, username); if (user_pwd == NULL) { retval = PAM_USER_UNKNOWN; msg_style = PAM_ERROR_MSG; } else if (user_pwd->pw_uid) { retval = PAM_AUTH_ERR; msg_style = PAM_ERROR_MSG; } /* fill in message buffer with contents of /etc/nologin */ if (fstat(fd, &st) < 0) { /* give up trying to display message */ goto clean_up_fd; } mtmp = malloc(st.st_size+1); if (!mtmp) { pam_syslog(pamh, LOG_ERR, "out of memory"); retval = PAM_BUF_ERR; goto clean_up_fd; } if (pam_modutil_read(fd, mtmp, st.st_size) == st.st_size) { mtmp[st.st_size] = '\0'; (void) pam_prompt (pamh, msg_style, NULL, "%s", mtmp); } else retval = PAM_SYSTEM_ERR; free(mtmp); clean_up_fd: close(fd); } return retval; } /* --- authentication management functions --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { struct opt_s opts; parse_args(pamh, argc, argv, &opts); return perform_check(pamh, &opts); } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc, const char **argv) { struct opt_s opts; parse_args(pamh, argc, argv, &opts); return opts.retval_when_nofile; } /* --- account management function --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { struct opt_s opts; parse_args(pamh, argc, argv, &opts); return perform_check(pamh, &opts); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_nologin_modstruct = { "pam_nologin", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, NULL, NULL, NULL, }; #endif /* PAM_STATIC */ /* end of module definition */ pam/modules/pam_nologin/tst-pam_nologin0000755000000000000000000000006613261244762015544 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_nologin.so pam/modules/pam_permit/0000755000000000000000000000000013261244762012335 5ustar pam/modules/pam_permit/Makefile.am0000644000000000000000000000134613261244762014375 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_permit man_MANS = pam_permit.8 XMLS = README.xml pam_permit.8.xml TESTS = tst-pam_permit securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_permit.la pam_permit_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_permit.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_permit/Makefile.in0000644000000000000000000006012113261244762014402 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_permit DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_permit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_permit_la_SOURCES = pam_permit.c pam_permit_la_OBJECTS = pam_permit.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_permit.c DIST_SOURCES = pam_permit.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_permit man_MANS = pam_permit.8 XMLS = README.xml pam_permit.8.xml TESTS = tst-pam_permit securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_permit.la pam_permit_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_permit/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_permit/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_permit.la: $(pam_permit_la_OBJECTS) $(pam_permit_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_permit_la_OBJECTS) $(pam_permit_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_permit.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_permit.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_permit/README0000644000000000000000000000161313261244762013216 0ustar pam_permit — The promiscuous module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_permit is a PAM module that always permit access. It does nothing else. In the case of authentication, the user's name will be set to nobody if the application didn't set one. Many applications and PAM modules become confused if this name is unknown. This module is very dangerous. It should be used with extreme caution. OPTIONS This module does not recognise any options. EXAMPLES Add this line to your other login entries to disable account management, but continue to permit users to log in. account required pam_permit.so AUTHOR pam_permit was written by Andrew G. Morgan, . pam/modules/pam_permit/README.xml0000644000000000000000000000221513261244762014014 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_permit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_permit-name"]/*)'/>
pam/modules/pam_permit/pam_permit.80000644000000000000000000000452613261244762014572 0ustar '\" t .\" Title: pam_permit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_PERMIT" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_permit \- The promiscuous module .SH "SYNOPSIS" .HP \w'\fBpam_permit\&.so\fR\ 'u \fBpam_permit\&.so\fR .SH "DESCRIPTION" .PP pam_permit is a PAM module that always permit access\&. It does nothing else\&. .PP In the case of authentication, the user\*(Aqs name will be set to \fInobody\fR if the application didn\*(Aqt set one\&. Many applications and PAM modules become confused if this name is unknown\&. .PP This module is very dangerous\&. It should be used with extreme caution\&. .SH "OPTIONS" .PP This module does not recognise any options\&. .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR, \fBaccount\fR, \fBpassword\fR and \fBsession\fR module types are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 This module always returns this value\&. .RE .SH "EXAMPLES" .PP Add this line to your other login entries to disable account management, but continue to permit users to log in\&. .sp .if n \{\ .RS 4 .\} .nf account required pam_permit\&.so .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_permit was written by Andrew G\&. Morgan, \&. pam/modules/pam_permit/pam_permit.8.xml0000644000000000000000000000545513261244762015373 0ustar pam_permit 8 Linux-PAM Manual pam_permit The promiscuous module pam_permit.so DESCRIPTION pam_permit is a PAM module that always permit access. It does nothing else. In the case of authentication, the user's name will be set to nobody if the application didn't set one. Many applications and PAM modules become confused if this name is unknown. This module is very dangerous. It should be used with extreme caution. OPTIONS This module does not recognise any options. MODULE TYPES PROVIDED The , , and module types are provided. RETURN VALUES PAM_SUCCESS This module always returns this value. EXAMPLES Add this line to your other login entries to disable account management, but continue to permit users to log in. account required pam_permit.so SEE ALSO pam.conf5 , pam.d5 , pam8 AUTHOR pam_permit was written by Andrew G. Morgan, <morgan@kernel.org>. pam/modules/pam_permit/pam_permit.c0000644000000000000000000000477413261244762014652 0ustar /* pam_permit module */ /* * $Id$ * * Written by Andrew Morgan 1996/3/11 * */ #include "config.h" #define DEFAULT_USER "nobody" #include /* * here, we make definitions for the externally accessible functions * in this file (these definitions are required for static modules * but strongly encouraged generally) they are used to instruct the * modules include file to define their prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #define PAM_SM_SESSION #define PAM_SM_PASSWORD #include #include /* --- authentication management functions --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { int retval; const char *user=NULL; /* * authentication requires we know who the user wants to be */ retval = pam_get_user(pamh, &user, NULL); if (retval != PAM_SUCCESS) { D(("get user returned error: %s", pam_strerror(pamh,retval))); return retval; } if (user == NULL || *user == '\0') { D(("username not known")); retval = pam_set_item(pamh, PAM_USER, (const void *) DEFAULT_USER); if (retval != PAM_SUCCESS) return PAM_USER_UNKNOWN; } user = NULL; /* clean up */ return PAM_SUCCESS; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* --- account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* --- password management --- */ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* --- session management --- */ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* end of module definition */ #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_permit_modstruct = { "pam_permit", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, pam_sm_open_session, pam_sm_close_session, pam_sm_chauthtok }; #endif pam/modules/pam_permit/tst-pam_permit0000755000000000000000000000006513261244762015231 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_permit.so pam/modules/pam_pwhistory/0000755000000000000000000000000013261244762013105 5ustar pam/modules/pam_pwhistory/Makefile.am0000644000000000000000000000152213261244762015141 0ustar # # Copyright (c) 2008, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory TESTS = tst-pam_pwhistory man_MANS = pam_pwhistory.8 XMLS = README.xml pam_pwhistory.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif noinst_HEADERS = opasswd.h securelib_LTLIBRARIES = pam_pwhistory.la pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_pwhistory.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_pwhistory/Makefile.in0000644000000000000000000006064513261244762015165 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2008, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_pwhistory DIST_COMMON = README $(noinst_HEADERS) $(srcdir)/Makefile.am \ $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_pwhistory_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la am_pam_pwhistory_la_OBJECTS = pam_pwhistory.lo opasswd.lo pam_pwhistory_la_OBJECTS = $(am_pam_pwhistory_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(pam_pwhistory_la_SOURCES) DIST_SOURCES = $(pam_pwhistory_la_SOURCES) man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) HEADERS = $(noinst_HEADERS) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_pwhistory TESTS = tst-pam_pwhistory man_MANS = pam_pwhistory.8 XMLS = README.xml pam_pwhistory.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) noinst_HEADERS = opasswd.h securelib_LTLIBRARIES = pam_pwhistory.la pam_pwhistory_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBCRYPT@ pam_pwhistory_la_SOURCES = pam_pwhistory.c opasswd.c @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_pwhistory/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_pwhistory/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_pwhistory.la: $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_pwhistory_la_OBJECTS) $(pam_pwhistory_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/opasswd.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_pwhistory.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) $(HEADERS) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_pwhistory.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_pwhistory/README0000644000000000000000000000362213261244762013770 0ustar pam_pwhistory — PAM module to remember last passwords â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently. This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking. OPTIONS debug Turns on debugging via syslog(3). use_authtok When password changing enforce the module to use the new password provided by a previously stacked password module (this is used in the example of the stacking of the pam_cracklib module documented below). enforce_for_root If this option is set, the check is enforced for root, too. remember=N The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged. retry=N Prompt user at most N times before returning with error. The default is 1. authtok_type=STRING See pam_get_authtok(3) for more details. EXAMPLES An example password section would be: #%PAM-1.0 password required pam_pwhistory.so password required pam_unix.so use_authtok In combination with pam_cracklib: #%PAM-1.0 password required pam_cracklib.so retry=3 password required pam_pwhistory.so use_authtok password required pam_unix.so use_authtok AUTHOR pam_pwhistory was written by Thorsten Kukuk pam/modules/pam_pwhistory/README.xml0000644000000000000000000000225613261244762014571 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_pwhistory.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_pwhistory-name"]/*)'/>
pam/modules/pam_pwhistory/opasswd.c0000644000000000000000000002742413261244762014742 0ustar /* * Copyright (c) 2008 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #if defined(HAVE_CONFIG_H) #include #endif #include #include #include #include #include #include #include #include #include #include #include #if defined (HAVE_XCRYPT_H) #include #elif defined (HAVE_CRYPT_H) #include #endif #include #include #include "opasswd.h" #ifndef RANDOM_DEVICE #define RANDOM_DEVICE "/dev/urandom" #endif #define OLD_PASSWORDS_FILE "/etc/security/opasswd" #define TMP_PASSWORDS_FILE OLD_PASSWORDS_FILE".tmpXXXXXX" #define DEFAULT_BUFLEN 4096 typedef struct { char *user; char *uid; int count; char *old_passwords; } opwd; static int parse_entry (char *line, opwd *data) { const char delimiters[] = ":"; char *endptr; data->user = strsep (&line, delimiters); data->uid = strsep (&line, delimiters); data->count = strtol (strsep (&line, delimiters), &endptr, 10); if (endptr != NULL && *endptr != '\0') return 1; data->old_passwords = strsep (&line, delimiters); return 0; } static int compare_password(const char *newpass, const char *oldpass) { char *outval; #ifdef HAVE_CRYPT_R struct crypt_data output; output.initialized = 0; outval = crypt_r (newpass, oldpass, &output); #else outval = crypt (newpass, oldpass); #endif return outval != NULL && strcmp(outval, oldpass) == 0; } /* Check, if the new password is already in the opasswd file. */ int check_old_pass (pam_handle_t *pamh, const char *user, const char *newpass, int debug) { int retval = PAM_SUCCESS; FILE *oldpf; char *buf = NULL; size_t buflen = 0; opwd entry; int found = 0; if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) { if (errno != ENOENT) pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); return PAM_SUCCESS; } while (!feof (oldpf)) { char *cp, *tmp; #if defined(HAVE_GETLINE) ssize_t n = getline (&buf, &buflen, oldpf); #elif defined (HAVE_GETDELIM) ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); #else ssize_t n; if (buf == NULL) { buflen = DEFAULT_BUFLEN; buf = malloc (buflen); if (buf == NULL) return PAM_BUF_ERR; } buf[0] = '\0'; fgets (buf, buflen - 1, oldpf); n = strlen (buf); #endif /* HAVE_GETLINE / HAVE_GETDELIM */ cp = buf; if (n < 1) break; tmp = strchr (cp, '#'); /* remove comments */ if (tmp) *tmp = '\0'; while (isspace ((int)*cp)) /* remove spaces and tabs */ ++cp; if (*cp == '\0') /* ignore empty lines */ continue; if (cp[strlen (cp) - 1] == '\n') cp[strlen (cp) - 1] = '\0'; if (strncmp (cp, user, strlen (user)) == 0 && cp[strlen (user)] == ':') { /* We found the line we needed */ if (parse_entry (cp, &entry) == 0) { found = 1; break; } } } fclose (oldpf); if (found && entry.old_passwords) { const char delimiters[] = ","; char *running; char *oldpass; running = entry.old_passwords; do { oldpass = strsep (&running, delimiters); if (oldpass && strlen (oldpass) > 0 && compare_password(newpass, oldpass) ) { if (debug) pam_syslog (pamh, LOG_DEBUG, "New password already used"); retval = PAM_AUTHTOK_ERR; break; } } while (oldpass != NULL); } if (buf) free (buf); return retval; } int save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, const char *oldpass, int howmany, int debug UNUSED) { char opasswd_tmp[] = TMP_PASSWORDS_FILE; struct stat opasswd_stat; FILE *oldpf, *newpf; int newpf_fd; int do_create = 0; int retval = PAM_SUCCESS; char *buf = NULL; size_t buflen = 0; int found = 0; if (howmany <= 0) return PAM_SUCCESS; if (oldpass == NULL || *oldpass == '\0') return PAM_SUCCESS; if ((oldpf = fopen (OLD_PASSWORDS_FILE, "r")) == NULL) { if (errno == ENOENT) { pam_syslog (pamh, LOG_NOTICE, "Creating %s", OLD_PASSWORDS_FILE); do_create = 1; } else { pam_syslog (pamh, LOG_ERR, "Cannot open %s: %m", OLD_PASSWORDS_FILE); return PAM_AUTHTOK_ERR; } } else if (fstat (fileno (oldpf), &opasswd_stat) < 0) { pam_syslog (pamh, LOG_ERR, "Cannot stat %s: %m", OLD_PASSWORDS_FILE); fclose (oldpf); return PAM_AUTHTOK_ERR; } /* Open a temp passwd file */ newpf_fd = mkstemp (opasswd_tmp); if (newpf_fd == -1) { pam_syslog (pamh, LOG_ERR, "Cannot create %s temp file: %m", OLD_PASSWORDS_FILE); if (oldpf) fclose (oldpf); return PAM_AUTHTOK_ERR; } if (do_create) { if (fchmod (newpf_fd, S_IRUSR|S_IWUSR) != 0) pam_syslog (pamh, LOG_ERR, "Cannot set permissions of %s temp file: %m", OLD_PASSWORDS_FILE); if (fchown (newpf_fd, 0, 0) != 0) pam_syslog (pamh, LOG_ERR, "Cannot set owner/group of %s temp file: %m", OLD_PASSWORDS_FILE); } else { if (fchmod (newpf_fd, opasswd_stat.st_mode) != 0) pam_syslog (pamh, LOG_ERR, "Cannot set permissions of %s temp file: %m", OLD_PASSWORDS_FILE); if (fchown (newpf_fd, opasswd_stat.st_uid, opasswd_stat.st_gid) != 0) pam_syslog (pamh, LOG_ERR, "Cannot set owner/group of %s temp file: %m", OLD_PASSWORDS_FILE); } newpf = fdopen (newpf_fd, "w+"); if (newpf == NULL) { pam_syslog (pamh, LOG_ERR, "Cannot fdopen %s: %m", opasswd_tmp); if (oldpf) fclose (oldpf); close (newpf_fd); retval = PAM_AUTHTOK_ERR; goto error_opasswd; } if (!do_create) while (!feof (oldpf)) { char *cp, *tmp, *save; #if defined(HAVE_GETLINE) ssize_t n = getline (&buf, &buflen, oldpf); #elif defined (HAVE_GETDELIM) ssize_t n = getdelim (&buf, &buflen, '\n', oldpf); #else ssize_t n; if (buf == NULL) { buflen = DEFAULT_BUFLEN; buf = malloc (buflen); if (buf == NULL) { fclose (oldpf); fclose (newpf); retval = PAM_BUF_ERR; goto error_opasswd; } } buf[0] = '\0'; fgets (buf, buflen - 1, oldpf); n = strlen (buf); #endif /* HAVE_GETLINE / HAVE_GETDELIM */ cp = buf; save = strdup (buf); /* Copy to write the original data back. */ if (save == NULL) { fclose (oldpf); fclose (newpf); retval = PAM_BUF_ERR; goto error_opasswd; } if (n < 1) break; tmp = strchr (cp, '#'); /* remove comments */ if (tmp) *tmp = '\0'; while (isspace ((int)*cp)) /* remove spaces and tabs */ ++cp; if (*cp == '\0') /* ignore empty lines */ goto write_old_data; if (cp[strlen (cp) - 1] == '\n') cp[strlen (cp) - 1] = '\0'; if (strncmp (cp, user, strlen (user)) == 0 && cp[strlen (user)] == ':') { /* We found the line we needed */ opwd entry; if (parse_entry (cp, &entry) == 0) { char *out = NULL; found = 1; /* Don't save the current password twice */ if (entry.old_passwords && entry.old_passwords[0] != '\0') { char *last = entry.old_passwords; cp = entry.old_passwords; entry.count = 1; /* Don't believe the count */ while ((cp = strchr (cp, ',')) != NULL) { entry.count++; last = ++cp; } /* compare the last password */ if (strcmp (last, oldpass) == 0) goto write_old_data; } else entry.count = 0; /* increase count. */ entry.count++; /* check that we don't remember to many passwords. */ while (entry.count > howmany && entry.count > 1) { char *p = strpbrk (entry.old_passwords, ","); if (p != NULL) entry.old_passwords = ++p; entry.count--; } if (entry.count == 1) { if (asprintf (&out, "%s:%s:%d:%s\n", entry.user, entry.uid, entry.count, oldpass) < 0) { free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); goto error_opasswd; } } else { if (asprintf (&out, "%s:%s:%d:%s,%s\n", entry.user, entry.uid, entry.count, entry.old_passwords, oldpass) < 0) { free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); goto error_opasswd; } } if (fputs (out, newpf) < 0) { free (out); free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); goto error_opasswd; } free (out); } } else { write_old_data: if (fputs (save, newpf) < 0) { free (save); retval = PAM_AUTHTOK_ERR; fclose (oldpf); fclose (newpf); goto error_opasswd; } } free (save); } if (!found) { char *out; if (asprintf (&out, "%s:%d:1:%s\n", user, uid, oldpass) < 0) { retval = PAM_AUTHTOK_ERR; if (oldpf) fclose (oldpf); fclose (newpf); goto error_opasswd; } if (fputs (out, newpf) < 0) { free (out); retval = PAM_AUTHTOK_ERR; if (oldpf) fclose (oldpf); fclose (newpf); goto error_opasswd; } free (out); } if (oldpf) if (fclose (oldpf) != 0) { pam_syslog (pamh, LOG_ERR, "Error while closing old opasswd file: %m"); retval = PAM_AUTHTOK_ERR; fclose (newpf); goto error_opasswd; } if (fflush (newpf) != 0 || fsync (fileno (newpf)) != 0) { pam_syslog (pamh, LOG_ERR, "Error while syncing temporary opasswd file: %m"); retval = PAM_AUTHTOK_ERR; fclose (newpf); goto error_opasswd; } if (fclose (newpf) != 0) { pam_syslog (pamh, LOG_ERR, "Error while closing temporary opasswd file: %m"); retval = PAM_AUTHTOK_ERR; goto error_opasswd; } unlink (OLD_PASSWORDS_FILE".old"); if (link (OLD_PASSWORDS_FILE, OLD_PASSWORDS_FILE".old") != 0 && errno != ENOENT) pam_syslog (pamh, LOG_ERR, "Cannot create backup file of %s: %m", OLD_PASSWORDS_FILE); rename (opasswd_tmp, OLD_PASSWORDS_FILE); error_opasswd: unlink (opasswd_tmp); free (buf); return retval; } pam/modules/pam_pwhistory/opasswd.h0000644000000000000000000000413513261244762014741 0ustar /* * Copyright (c) 2008 Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef __OPASSWD_H__ #define __OPASSWD_H__ extern int check_old_pass (pam_handle_t *pamh, const char *user, const char *newpass, int debug); extern int save_old_pass (pam_handle_t *pamh, const char *user, uid_t uid, const char *oldpass, int howmany, int debug); #endif /* __OPASSWD_H__ */ pam/modules/pam_pwhistory/pam_pwhistory.80000644000000000000000000000773413261244762016116 0ustar '\" t .\" Title: pam_pwhistory .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_PWHISTORY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_pwhistory \- PAM module to remember last passwords .SH "SYNOPSIS" .HP \w'\fBpam_pwhistory\&.so\fR\ 'u \fBpam_pwhistory\&.so\fR [debug] [use_authtok] [enforce_for_root] [remember=\fIN\fR] [retry=\fIN\fR] [authtok_type=\fISTRING\fR] .SH "DESCRIPTION" .PP This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently\&. .PP This module does not work together with kerberos\&. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Turns on debugging via \fBsyslog\fR(3)\&. .RE .PP \fBuse_authtok\fR .RS 4 When password changing enforce the module to use the new password provided by a previously stacked \fBpassword\fR module (this is used in the example of the stacking of the \fBpam_cracklib\fR module documented below)\&. .RE .PP \fBenforce_for_root\fR .RS 4 If this option is set, the check is enforced for root, too\&. .RE .PP \fBremember=\fR\fB\fIN\fR\fR .RS 4 The last \fIN\fR passwords for each user are saved in /etc/security/opasswd\&. The default is \fI10\fR\&. Value of \fI0\fR makes the module to keep the existing contents of the opasswd file unchanged\&. .RE .PP \fBretry=\fR\fB\fIN\fR\fR .RS 4 Prompt user at most \fIN\fR times before returning with error\&. The default is \fI1\fR\&. .RE .PP \fBauthtok_type=\fR\fB\fISTRING\fR\fR .RS 4 See \fBpam_get_authtok\fR(3) for more details\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBpassword\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_AUTHTOK_ERR .RS 4 No new password was entered, the user aborted password change or new password couldn\*(Aqt be set\&. .RE .PP PAM_IGNORE .RS 4 Password history was disabled\&. .RE .PP PAM_MAXTRIES .RS 4 Password was rejected too often\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User is not known to system\&. .RE .SH "EXAMPLES" .PP An example password section would be: .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 password required pam_pwhistory\&.so password required pam_unix\&.so use_authtok .fi .if n \{\ .RE .\} .PP In combination with \fBpam_cracklib\fR: .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 password required pam_cracklib\&.so retry=3 password required pam_pwhistory\&.so use_authtok password required pam_unix\&.so use_authtok .fi .if n \{\ .RE .\} .sp .SH "FILES" .PP /etc/security/opasswd .RS 4 File with password history .RE .SH "SEE ALSO" .PP \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\fBpam_get_authtok\fR(3) .SH "AUTHOR" .PP pam_pwhistory was written by Thorsten Kukuk pam/modules/pam_pwhistory/pam_pwhistory.8.xml0000644000000000000000000001572013261244762016707 0ustar pam_pwhistory 8 Linux-PAM Manual pam_pwhistory PAM module to remember last passwords pam_pwhistory.so debug use_authtok enforce_for_root remember=N retry=N authtok_type=STRING DESCRIPTION This module saves the last passwords for each user in order to force password change history and keep the user from alternating between the same password too frequently. This module does not work together with kerberos. In general, it does not make much sense to use this module in conjunction with NIS or LDAP, since the old passwords are stored on the local machine and are not available on another machine for password history checking. OPTIONS Turns on debugging via syslog3 . When password changing enforce the module to use the new password provided by a previously stacked module (this is used in the example of the stacking of the pam_cracklib module documented below). If this option is set, the check is enforced for root, too. The last N passwords for each user are saved in /etc/security/opasswd. The default is 10. Value of 0 makes the module to keep the existing contents of the opasswd file unchanged. Prompt user at most N times before returning with error. The default is 1. See pam_get_authtok3 for more details. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_AUTHTOK_ERR No new password was entered, the user aborted password change or new password couldn't be set. PAM_IGNORE Password history was disabled. PAM_MAXTRIES Password was rejected too often. PAM_USER_UNKNOWN User is not known to system. EXAMPLES An example password section would be: #%PAM-1.0 password required pam_pwhistory.so password required pam_unix.so use_authtok In combination with pam_cracklib: #%PAM-1.0 password required pam_cracklib.so retry=3 password required pam_pwhistory.so use_authtok password required pam_unix.so use_authtok FILES /etc/security/opasswd File with password history SEE ALSO pam.conf5 , pam.d5 , pam8 pam_get_authtok3 AUTHOR pam_pwhistory was written by Thorsten Kukuk <kukuk@thkukuk.de> pam/modules/pam_pwhistory/pam_pwhistory.c0000644000000000000000000001555713261244762016173 0ustar /* * Copyright (c) 2008, 2012 Thorsten Kukuk * Author: Thorsten Kukuk * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #if defined(HAVE_CONFIG_H) #include #endif #define PAM_SM_PASSWORD #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "opasswd.h" #define DEFAULT_BUFLEN 2048 struct options_t { int debug; int enforce_for_root; int remember; int tries; }; typedef struct options_t options_t; static void parse_option (pam_handle_t *pamh, const char *argv, options_t *options) { if (strcasecmp (argv, "try_first_pass") == 0) /* ignore */; else if (strcasecmp (argv, "use_first_pass") == 0) /* ignore */; else if (strcasecmp (argv, "use_authtok") == 0) /* ignore, handled by pam_get_authtok */; else if (strcasecmp (argv, "debug") == 0) options->debug = 1; else if (strncasecmp (argv, "remember=", 9) == 0) { options->remember = strtol(&argv[9], NULL, 10); if (options->remember < 0) options->remember = 0; if (options->remember > 400) options->remember = 400; } else if (strncasecmp (argv, "retry=", 6) == 0) { options->tries = strtol(&argv[6], NULL, 10); if (options->tries < 0) options->tries = 1; } else if (strcasecmp (argv, "enforce_for_root") == 0) options->enforce_for_root = 1; else if (strncasecmp (argv, "authtok_type=", 13) == 0) { /* ignore, for pam_get_authtok */; } else pam_syslog (pamh, LOG_ERR, "pam_pwhistory: unknown option: %s", argv); } /* This module saves the current crypted password in /etc/security/opasswd and then compares the new password with all entries in this file. */ PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { struct passwd *pwd; const char *newpass; const char *user; int retval, tries; options_t options; memset (&options, 0, sizeof (options)); /* Set some default values, which could be overwritten later. */ options.remember = 10; options.tries = 1; /* Parse parameters for module */ for ( ; argc-- > 0; argv++) parse_option (pamh, *argv, &options); if (options.debug) pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok entered"); if (options.remember == 0) return PAM_IGNORE; retval = pam_get_user (pamh, &user, NULL); if (retval != PAM_SUCCESS) return retval; if (user == NULL || strlen (user) == 0) { if (options.debug) pam_syslog (pamh, LOG_DEBUG, "User is not known to system"); return PAM_USER_UNKNOWN; } if (flags & PAM_PRELIM_CHECK) { if (options.debug) pam_syslog (pamh, LOG_DEBUG, "pam_sm_chauthtok(PAM_PRELIM_CHECK)"); return PAM_SUCCESS; } pwd = pam_modutil_getpwnam (pamh, user); if (pwd == NULL) return PAM_USER_UNKNOWN; if ((strcmp(pwd->pw_passwd, "x") == 0) || ((pwd->pw_passwd[0] == '#') && (pwd->pw_passwd[1] == '#') && (strcmp(pwd->pw_name, pwd->pw_passwd + 2) == 0))) { struct spwd *spw = pam_modutil_getspnam (pamh, user); if (spw == NULL) return PAM_USER_UNKNOWN; retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp, options.remember, options.debug); if (retval != PAM_SUCCESS) return retval; } else { retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd, options.remember, options.debug); if (retval != PAM_SUCCESS) return retval; } newpass = NULL; tries = 0; while ((newpass == NULL) && (tries < options.tries)) { retval = pam_get_authtok (pamh, PAM_AUTHTOK, &newpass, NULL); if (retval != PAM_SUCCESS && retval != PAM_TRY_AGAIN) { if (retval == PAM_CONV_AGAIN) retval = PAM_INCOMPLETE; return retval; } tries++; if (options.debug) { if (newpass) pam_syslog (pamh, LOG_DEBUG, "got new auth token"); else pam_syslog (pamh, LOG_DEBUG, "got no auth token"); } if (newpass == NULL || retval == PAM_TRY_AGAIN) continue; if (options.debug) pam_syslog (pamh, LOG_DEBUG, "check against old password file"); if (check_old_pass (pamh, user, newpass, options.debug) != PAM_SUCCESS) { if (getuid() || options.enforce_for_root || (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) { pam_error (pamh, _("Password has been already used. Choose another.")); newpass = NULL; /* Remove password item, else following module will use it */ pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); } else pam_info (pamh, _("Password has been already used.")); } } if (newpass == NULL && tries >= options.tries) { if (options.debug) pam_syslog (pamh, LOG_DEBUG, "Aborted, too many tries"); return PAM_MAXTRIES; } return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_pwhistory_modstruct = { "pam_pwhistory", NULL, NULL, NULL, NULL, NULL, pam_sm_chauthtok }; #endif pam/modules/pam_pwhistory/tst-pam_pwhistory0000755000000000000000000000007013261244762016545 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_pwhistory.so pam/modules/pam_rhosts/0000755000000000000000000000000013261244762012357 5ustar pam/modules/pam_rhosts/Makefile.am0000644000000000000000000000135513261244762014417 0ustar # # Copyright (c) 2005, 2006, 2008, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rhosts TESTS = tst-pam_rhosts man_MANS = pam_rhosts.8 XMLS = README.xml pam_rhosts.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_rhosts.la pam_rhosts_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_rhosts.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_rhosts/Makefile.in0000644000000000000000000006012713261244762014432 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2008, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_rhosts DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_rhosts_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_rhosts_la_SOURCES = pam_rhosts.c pam_rhosts_la_OBJECTS = pam_rhosts.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_rhosts.c DIST_SOURCES = pam_rhosts.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rhosts TESTS = tst-pam_rhosts man_MANS = pam_rhosts.8 XMLS = README.xml pam_rhosts.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_rhosts.la pam_rhosts_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_rhosts/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_rhosts/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_rhosts.la: $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_rhosts_la_OBJECTS) $(pam_rhosts_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rhosts.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_rhosts.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_rhosts/README0000644000000000000000000000353113261244762013241 0ustar pam_rhosts — The rhosts PAM module â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION This module performs the standard network authentication for services, as used by traditional implementations of rlogin and rsh etc. The authentication mechanism of this module is based on the contents of two files; /etc/hosts.equiv (or and ~/.rhosts. Firstly, hosts listed in the former file are treated as equivalent to the localhost. Secondly, entries in the user's own copy of the latter file is used to map "remote-host remote-user" pairs to that user's account on the current host. Access is granted to the user if their host is present in /etc/hosts.equiv and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file. The module authenticates a remote user (internally specified by the item PAM_RUSER connecting from the remote host (internally specified by the item PAM_RHOST). Accordingly, for applications to be compatible this authentication module they must set these items prior to calling pam_authenticate(). The module is not capable of independently probing the network connection for such information. OPTIONS debug Print debug information. silent Don't print informative messages. superuser=account Handle account as root. EXAMPLES To grant a remote user access by /etc/hosts.equiv or .rhosts for rsh add the following lines to /etc/pam.d/rsh: #%PAM-1.0 # auth required pam_rhosts.so auth required pam_nologin.so auth required pam_env.so auth required pam_unix.so AUTHOR pam_rhosts was written by Thorsten Kukuk pam/modules/pam_rhosts/README.xml0000644000000000000000000000221513261244762014036 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rhosts.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rhosts-name"]/*)'/>
pam/modules/pam_rhosts/pam_rhosts.80000644000000000000000000000707413261244762014637 0ustar '\" t .\" Title: pam_rhosts .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_RHOSTS" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_rhosts \- The rhosts PAM module .SH "SYNOPSIS" .HP \w'\fBpam_rhosts\&.so\fR\ 'u \fBpam_rhosts\&.so\fR .SH "DESCRIPTION" .PP This module performs the standard network authentication for services, as used by traditional implementations of \fBrlogin\fR and \fBrsh\fR etc\&. .PP The authentication mechanism of this module is based on the contents of two files; /etc/hosts\&.equiv (or and ~/\&.rhosts\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\*(Aqs own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\*(Aqs account on the current host\&. Access is granted to the user if their host is present in /etc/hosts\&.equiv and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&. .PP The module authenticates a remote user (internally specified by the item \fIPAM_RUSER\fR connecting from the remote host (internally specified by the item \fBPAM_RHOST\fR)\&. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling \fBpam_authenticate()\fR\&. The module is not capable of independently probing the network connection for such information\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBsilent\fR .RS 4 Don\*(Aqt print informative messages\&. .RE .PP \fBsuperuser=\fR\fB\fIaccount\fR\fR .RS 4 Handle \fIaccount\fR as root\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR .RS 4 The remote host, remote user name or the local user name couldn\*(Aqt be determined or access was denied by \&.rhosts file\&. .RE .PP PAM_USER_UNKNOWN .RS 4 User is not known to system\&. .RE .SH "EXAMPLES" .PP To grant a remote user access by /etc/hosts\&.equiv or \&.rhosts for \fBrsh\fR add the following lines to /etc/pam\&.d/rsh: .sp .if n \{\ .RS 4 .\} .nf #%PAM\-1\&.0 # auth required pam_rhosts\&.so auth required pam_nologin\&.so auth required pam_env\&.so auth required pam_unix\&.so .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBrootok\fR(3), \fBhosts.equiv\fR(5), \fBrhosts\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_rhosts was written by Thorsten Kukuk pam/modules/pam_rhosts/pam_rhosts.8.xml0000644000000000000000000001232113261244762015425 0ustar pam_rhosts 8 Linux-PAM Manual pam_rhosts The rhosts PAM module pam_rhosts.so DESCRIPTION This module performs the standard network authentication for services, as used by traditional implementations of rlogin and rsh etc. The authentication mechanism of this module is based on the contents of two files; /etc/hosts.equiv (or and ~/.rhosts. Firstly, hosts listed in the former file are treated as equivalent to the localhost. Secondly, entries in the user's own copy of the latter file is used to map "remote-host remote-user" pairs to that user's account on the current host. Access is granted to the user if their host is present in /etc/hosts.equiv and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file. The module authenticates a remote user (internally specified by the item PAM_RUSER connecting from the remote host (internally specified by the item PAM_RHOST). Accordingly, for applications to be compatible this authentication module they must set these items prior to calling pam_authenticate(). The module is not capable of independently probing the network connection for such information. OPTIONS Print debug information. Don't print informative messages. Handle account as root. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_AUTH_ERR The remote host, remote user name or the local user name couldn't be determined or access was denied by .rhosts file. PAM_USER_UNKNOWN User is not known to system. EXAMPLES To grant a remote user access by /etc/hosts.equiv or .rhosts for rsh add the following lines to /etc/pam.d/rsh: #%PAM-1.0 # auth required pam_rhosts.so auth required pam_nologin.so auth required pam_env.so auth required pam_unix.so SEE ALSO rootok3 , hosts.equiv5 , rhosts5 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de> pam/modules/pam_rhosts/pam_rhosts.c0000644000000000000000000001120513261244762014701 0ustar /* * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include #include #include #include #define PAM_SM_AUTH /* only defines this management group */ #include #include #include PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *luser = NULL; const char *ruser = NULL, *rhost = NULL; const char *opt_superuser = NULL; const void *c_void; int opt_debug = 0; int opt_silent; int as_root; int retval; opt_silent = flags & PAM_SILENT; while (argc-- > 0) { if (strcmp(*argv, "debug") == 0) opt_debug = 1; else if (strcmp (*argv, "silent") == 0 || strcmp(*argv, "suppress") == 0) opt_silent = 1; else if (strncmp(*argv, "superuser=", sizeof("superuser=")-1) == 0) opt_superuser = *argv+sizeof("superuser=")-1; else pam_syslog(pamh, LOG_WARNING, "unrecognized option '%s'", *argv); ++argv; } retval = pam_get_item (pamh, PAM_RHOST, &c_void); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "could not get the remote host name"); return retval; } rhost = c_void; retval = pam_get_item(pamh, PAM_RUSER, &c_void); ruser = c_void; if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "could not get the remote username"); return retval; } retval = pam_get_user(pamh, &luser, NULL); if (retval != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "could not determine name of local user"); return retval; } if (rhost == NULL || ruser == NULL || luser == NULL) return PAM_AUTH_ERR; if (opt_superuser && strcmp(opt_superuser, luser) == 0) as_root = 1; else { struct passwd *lpwd; lpwd = pam_modutil_getpwnam(pamh, luser); if (lpwd == NULL) { if (opt_debug) /* don't print by default, could be the users password */ pam_syslog(pamh, LOG_DEBUG, "user '%s' unknown to this system", luser); return PAM_USER_UNKNOWN; } as_root = (lpwd->pw_uid == 0); } #ifdef HAVE_RUSEROK_AF retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC); #else retval = ruserok (rhost, as_root, ruser, luser); #endif if (retval != 0) { if (!opt_silent || opt_debug) pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s", ruser, rhost, luser); return PAM_AUTH_ERR; } else { if (!opt_silent || opt_debug) pam_syslog(pamh, LOG_NOTICE, "allowed access to %s@%s as %s", ruser, rhost, luser); return PAM_SUCCESS; } } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_rhosts_modstruct = { "pam_rhosts", pam_sm_authenticate, pam_sm_setcred, NULL, NULL, NULL, NULL, }; #endif pam/modules/pam_rhosts/tst-pam_rhosts0000755000000000000000000000006513261244762015275 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_rhosts.so pam/modules/pam_rootok/0000755000000000000000000000000013261244762012352 5ustar pam/modules/pam_rootok/Makefile.am0000644000000000000000000000146313261244762014412 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok man_MANS = pam_rootok.8 XMLS = README.xml pam_rootok.8.xml TESTS = tst-pam_rootok securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include if HAVE_LIBSELINUX AM_CFLAGS += -DWITH_SELINUX endif AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_rootok.la pam_rootok_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@ if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_rootok.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_rootok/Makefile.in0000644000000000000000000006026013261244762014423 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_LIBSELINUX_TRUE@am__append_1 = -DWITH_SELINUX @HAVE_VERSIONING_TRUE@am__append_2 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_rootok DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_rootok_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_rootok_la_SOURCES = pam_rootok.c pam_rootok_la_OBJECTS = pam_rootok.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_rootok.c DIST_SOURCES = pam_rootok.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_rootok man_MANS = pam_rootok.8 XMLS = README.xml pam_rootok.8.xml TESTS = tst-pam_rootok securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include \ -I$(top_srcdir)/libpamc/include $(am__append_1) AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_2) securelib_LTLIBRARIES = pam_rootok.la pam_rootok_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@ @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_rootok/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_rootok/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_rootok.la: $(pam_rootok_la_OBJECTS) $(pam_rootok_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_rootok_la_OBJECTS) $(pam_rootok_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_rootok.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_rootok.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_rootok/README0000644000000000000000000000207613261244762013237 0ustar pam_rootok — Gain only root access â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked. OPTIONS debug Print debug information. EXAMPLES In the case of the su(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su configuration file: # su authentication. Root is granted access by default. auth sufficient pam_rootok.so auth required pam_unix.so AUTHOR pam_rootok was written by Andrew G. Morgan, . pam/modules/pam_rootok/README.xml0000644000000000000000000000221513261244762014031 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_rootok.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_rootok-name"]/*)'/>
pam/modules/pam_rootok/pam_rootok.80000644000000000000000000000513013261244762014614 0ustar '\" t .\" Title: pam_rootok .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_ROOTOK" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_rootok \- Gain only root access .SH "SYNOPSIS" .HP \w'\fBpam_rootok\&.so\fR\ 'u \fBpam_rootok\&.so\fR [debug] .SH "DESCRIPTION" .PP pam_rootok is a PAM module that authenticates the user if their \fIUID\fR is \fI0\fR\&. Applications that are created setuid\-root generally retain the \fIUID\fR of the user but run with the authority of an enhanced effective\-UID\&. It is the real \fIUID\fR that is checked\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR, \fBacct\fR and \fBpassword\fR module types are provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 The \fIUID\fR is \fI0\fR\&. .RE .PP PAM_AUTH_ERR .RS 4 The \fIUID\fR is \fBnot\fR\fI0\fR\&. .RE .SH "EXAMPLES" .PP In the case of the \fBsu\fR(1) application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password\&. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam\&.d/su configuration file: .sp .if n \{\ .RS 4 .\} .nf # su authentication\&. Root is granted access by default\&. auth sufficient pam_rootok\&.so auth required pam_unix\&.so .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBsu\fR(1), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_rootok was written by Andrew G\&. Morgan, \&. pam/modules/pam_rootok/pam_rootok.8.xml0000644000000000000000000000732413261244762015422 0ustar pam_rootok 8 Linux-PAM Manual pam_rootok Gain only root access pam_rootok.so debug DESCRIPTION pam_rootok is a PAM module that authenticates the user if their UID is 0. Applications that are created setuid-root generally retain the UID of the user but run with the authority of an enhanced effective-UID. It is the real UID that is checked. OPTIONS Print debug information. MODULE TYPES PROVIDED The , and module types are provided. RETURN VALUES PAM_SUCCESS The UID is 0. PAM_AUTH_ERR The UID is not 0. EXAMPLES In the case of the su1 application the historical usage is to permit the superuser to adopt the identity of a lesser user without the use of a password. To obtain this behavior with PAM the following pair of lines are needed for the corresponding entry in the /etc/pam.d/su configuration file: # su authentication. Root is granted access by default. auth sufficient pam_rootok.so auth required pam_unix.so SEE ALSO su1 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_rootok was written by Andrew G. Morgan, <morgan@kernel.org>. pam/modules/pam_rootok/pam_rootok.c0000644000000000000000000000727613261244762014704 0ustar /* pam_rootok module */ /* * $Id$ * * Written by Andrew Morgan 1996/3/11 */ #include "config.h" #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH #include #include #ifdef WITH_SELINUX #include #include #endif #ifdef HAVE_LIBAUDIT #include #endif /* argument parsing */ #define PAM_DEBUG_ARG 01 static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) { int ctrl=0; /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return ctrl; } #ifdef WITH_SELINUX static int log_callback (int type, const char *fmt, ...) { int audit_fd; va_list ap; va_start(ap, fmt); #ifdef HAVE_LIBAUDIT audit_fd = audit_open(); if (audit_fd >= 0) { char *buf; if (vasprintf (&buf, fmt, ap) < 0) return 0; audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0); audit_close(audit_fd); free(buf); return 0; } #endif vsyslog (LOG_USER | LOG_INFO, fmt, ap); va_end(ap); return 0; } static int selinux_check_root (void) { int status = -1; security_context_t user_context; union selinux_callback old_callback; if (is_selinux_enabled() < 1) return 0; old_callback = selinux_get_callback(SELINUX_CB_LOG); /* setup callbacks */ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback); if ((status = getprevcon(&user_context)) < 0) { selinux_set_callback(SELINUX_CB_LOG, old_callback); return status; } status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL); selinux_set_callback(SELINUX_CB_LOG, old_callback); freecon(user_context); return status; } #endif static int check_for_root (pam_handle_t *pamh, int ctrl) { int retval = PAM_AUTH_ERR; if (getuid() == 0) #ifdef WITH_SELINUX if (selinux_check_root() == 0 || security_getenforce() == 0) #endif retval = PAM_SUCCESS; if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "root check %s", (retval==PAM_SUCCESS) ? "succeeded" : "failed"); } return retval; } /* --- management functions --- */ PAM_EXTERN int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ctrl; ctrl = _pam_parse(pamh, argc, argv); return check_for_root (pamh, ctrl); } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ctrl; ctrl = _pam_parse(pamh, argc, argv); return check_for_root (pamh, ctrl); } PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ctrl; ctrl = _pam_parse(pamh, argc, argv); return check_for_root (pamh, ctrl); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_rootok_modstruct = { "pam_rootok", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, NULL, NULL, pam_sm_chauthtok, }; #endif /* end of module definition */ pam/modules/pam_rootok/tst-pam_rootok0000755000000000000000000000006513261244762015263 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_rootok.so pam/modules/pam_securetty/0000755000000000000000000000000013261244762013064 5ustar pam/modules/pam_securetty/Makefile.am0000644000000000000000000000137313261244762015124 0ustar # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty TESTS = tst-pam_securetty man_MANS = pam_securetty.8 XMLS = README.xml pam_securetty.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif securelib_LTLIBRARIES = pam_securetty.la pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la if ENABLE_REGENERATE_MAN noinst_DATA = README README: pam_securetty.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_securetty/Makefile.in0000644000000000000000000006022613261244762015137 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2009 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_securetty DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_securetty_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_securetty_la_SOURCES = pam_securetty.c pam_securetty_la_OBJECTS = pam_securetty.lo DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_securetty.c DIST_SOURCES = pam_securetty.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(MANS) $(XMLS) tst-pam_securetty TESTS = tst-pam_securetty man_MANS = pam_securetty.8 XMLS = README.xml pam_securetty.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include AM_LDFLAGS = -no-undefined -avoid-version -module $(am__append_1) securelib_LTLIBRARIES = pam_securetty.la pam_securetty_la_LIBADD = $(top_builddir)/libpam/libpam.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_securetty/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_securetty/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_securetty.la: $(pam_securetty_la_OBJECTS) $(pam_securetty_la_DEPENDENCIES) $(LINK) -rpath $(securelibdir) $(pam_securetty_la_OBJECTS) $(pam_securetty_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_securetty.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man8 install-pdf \ install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_securetty.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_securetty/README0000644000000000000000000000247613261244762013755 0ustar pam_securetty — Limit root login to special devices â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in /etc/securetty. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable. It will also allow root logins on the tty specified with console= switch on the kernel command line and on ttys from the /sys/class/tty/ console/active. This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly. For canonical usage, should be listed as a required authentication method before any sufficient authentication methods. OPTIONS debug Print debug information. noconsole Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the /etc/securetty file. EXAMPLES auth required pam_securetty.so auth required pam_unix.so AUTHOR pam_securetty was written by Elliot Lee . pam/modules/pam_securetty/README.xml0000644000000000000000000000225613261244762014550 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_securetty.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_securetty-name"]/*)'/>
pam/modules/pam_securetty/pam_securetty.80000644000000000000000000000710113261244762016040 0ustar '\" t .\" Title: pam_securetty .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 09/19/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SECURETTY" "8" "09/19/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_securetty \- Limit root login to special devices .SH "SYNOPSIS" .HP \w'\fBpam_securetty\&.so\fR\ 'u \fBpam_securetty\&.so\fR [debug] .SH "DESCRIPTION" .PP pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in /etc/securetty\&. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable\&. It will also allow root logins on the tty specified with \fBconsole=\fR switch on the kernel command line and on ttys from the /sys/class/tty/console/active\&. .PP This module has no effect on non\-root users and requires that the application fills in the \fBPAM_TTY\fR item correctly\&. .PP For canonical usage, should be listed as a \fBrequired\fR authentication method before any \fBsufficient\fR authentication methods\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Print debug information\&. .RE .PP \fBnoconsole\fR .RS 4 Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the /etc/securetty file\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBauth\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 The user is allowed to continue authentication\&. Either the user is not root, or the root user is trying to log in on an acceptable device\&. .RE .PP PAM_AUTH_ERR .RS 4 Authentication is rejected\&. Either root is attempting to log in via an unacceptable device, or the /etc/securetty file is world writable or not a normal file\&. .RE .PP PAM_INCOMPLETE .RS 4 An application error occurred\&. pam_securetty was not able to get information it required from the application that called it\&. .RE .PP PAM_SERVICE_ERR .RS 4 An error occurred while the module was determining the user\*(Aqs name or tty, or the module could not open /etc/securetty\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The module could not find the user name in the /etc/passwd file to verify whether the user had a UID of 0\&. Therefore, the results of running this module are ignored\&. .RE .SH "EXAMPLES" .PP .if n \{\ .RS 4 .\} .nf auth required pam_securetty\&.so auth required pam_unix\&.so .fi .if n \{\ .RE .\} .sp .SH "SEE ALSO" .PP \fBsecuretty\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8) .SH "AUTHOR" .PP pam_securetty was written by Elliot Lee \&. pam/modules/pam_securetty/pam_securetty.8.xml0000644000000000000000000001267413261244762016652 0ustar pam_securetty 8 Linux-PAM Manual pam_securetty Limit root login to special devices pam_securetty.so debug DESCRIPTION pam_securetty is a PAM module that allows root logins only if the user is logging in on a "secure" tty, as defined by the listing in /etc/securetty. pam_securetty also checks to make sure that /etc/securetty is a plain file and not world writable. It will also allow root logins on the tty specified with switch on the kernel command line and on ttys from the /sys/class/tty/console/active. This module has no effect on non-root users and requires that the application fills in the PAM_TTY item correctly. For canonical usage, should be listed as a required authentication method before any sufficient authentication methods. OPTIONS Print debug information. Do not automatically allow root logins on the kernel console device, as specified on the kernel command line or by the sys file, if it is not also specified in the /etc/securetty file. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS The user is allowed to continue authentication. Either the user is not root, or the root user is trying to log in on an acceptable device. PAM_AUTH_ERR Authentication is rejected. Either root is attempting to log in via an unacceptable device, or the /etc/securetty file is world writable or not a normal file. PAM_INCOMPLETE An application error occurred. pam_securetty was not able to get information it required from the application that called it. PAM_SERVICE_ERR An error occurred while the module was determining the user's name or tty, or the module could not open /etc/securetty. PAM_USER_UNKNOWN The module could not find the user name in the /etc/passwd file to verify whether the user had a UID of 0. Therefore, the results of running this module are ignored. EXAMPLES auth required pam_securetty.so auth required pam_unix.so SEE ALSO securetty5 , pam.conf5 , pam.d5 , pam8 AUTHOR pam_securetty was written by Elliot Lee <sopwith@cuc.edu>. pam/modules/pam_securetty/pam_securetty.c0000644000000000000000000001641313261244762016121 0ustar /* pam_securetty module */ #define SECURETTY_FILE "/etc/securetty" #define TTY_PREFIX "/dev/" #define CMDLINE_FILE "/proc/cmdline" #define CONSOLEACTIVE_FILE "/sys/class/tty/console/active" /* * by Elliot Lee , Red Hat Software. * July 25, 1996. * This code shamelessly ripped from the pam_rootok module. * Slight modifications AGM. 1996/12/3 */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include /* * here, we make a definition for the externally accessible function * in this file (this definition is required for static a module * but strongly encouraged generally) it is used to instruct the * modules include file to define the function prototypes. */ #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #include #include #include #define PAM_DEBUG_ARG 0x0001 #define PAM_NOCONSOLE_ARG 0x0002 static int _pam_parse (const pam_handle_t *pamh, int argc, const char **argv) { int ctrl=0; /* step through arguments */ for (ctrl=0; argc-- > 0; ++argv) { /* generic options */ if (!strcmp(*argv,"debug")) ctrl |= PAM_DEBUG_ARG; else if (!strcmp(*argv, "noconsole")) ctrl |= PAM_NOCONSOLE_ARG; else { pam_syslog(pamh, LOG_ERR, "unknown option: %s", *argv); } } return ctrl; } static int securetty_perform_check (pam_handle_t *pamh, int ctrl, const char *function_name) { int retval = PAM_AUTH_ERR; const char *username; const char *uttyname; const void *void_uttyname; char ttyfileline[256]; char ptname[256]; struct stat ttyfileinfo; struct passwd *user_pwd; FILE *ttyfile; /* log a trail for debugging */ if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "pam_securetty called via %s function", function_name); } retval = pam_get_user(pamh, &username, NULL); if (retval != PAM_SUCCESS || username == NULL) { pam_syslog(pamh, LOG_WARNING, "cannot determine username"); return (retval == PAM_CONV_AGAIN ? PAM_INCOMPLETE:PAM_SERVICE_ERR); } user_pwd = pam_modutil_getpwnam(pamh, username); if (user_pwd != NULL && user_pwd->pw_uid != 0) { /* If the user is not root, securetty's does not apply to them */ return PAM_SUCCESS; } /* The user is now either root or an invalid / mistyped username */ retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); uttyname = void_uttyname; if (retval != PAM_SUCCESS || uttyname == NULL) { pam_syslog (pamh, LOG_WARNING, "cannot determine user's tty"); return PAM_SERVICE_ERR; } /* The PAM_TTY item may be prefixed with "/dev/" - skip that */ if (strncmp(TTY_PREFIX, uttyname, sizeof(TTY_PREFIX)-1) == 0) { uttyname += sizeof(TTY_PREFIX)-1; } if (stat(SECURETTY_FILE, &ttyfileinfo)) { pam_syslog(pamh, LOG_NOTICE, "Couldn't open %s: %m", SECURETTY_FILE); return PAM_SUCCESS; /* for compatibility with old securetty handling, this needs to succeed. But we still log the error. */ } if ((ttyfileinfo.st_mode & S_IWOTH) || !S_ISREG(ttyfileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ pam_syslog(pamh, LOG_ERR, "%s is either world writable or not a normal file", SECURETTY_FILE); return PAM_AUTH_ERR; } ttyfile = fopen(SECURETTY_FILE,"r"); if (ttyfile == NULL) { /* Check that we opened it successfully */ pam_syslog(pamh, LOG_ERR, "Error opening %s: %m", SECURETTY_FILE); return PAM_SERVICE_ERR; } if (isdigit(uttyname[0])) { snprintf(ptname, sizeof(ptname), "pts/%s", uttyname); } else { ptname[0] = '\0'; } retval = 1; while ((fgets(ttyfileline, sizeof(ttyfileline)-1, ttyfile) != NULL) && retval) { if (ttyfileline[strlen(ttyfileline) - 1] == '\n') ttyfileline[strlen(ttyfileline) - 1] = '\0'; retval = ( strcmp(ttyfileline, uttyname) && (!ptname[0] || strcmp(ptname, uttyname)) ); } fclose(ttyfile); if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { FILE *cmdlinefile; /* Allow access from the kernel console, if enabled */ cmdlinefile = fopen(CMDLINE_FILE, "r"); if (cmdlinefile != NULL) { char line[LINE_MAX], *p; line[0] = 0; fgets(line, sizeof(line), cmdlinefile); fclose(cmdlinefile); for (p = line; p; p = strstr(p+1, "console=")) { char *e; /* Test whether this is a beginning of a word? */ if (p > line && p[-1] != ' ') continue; /* Is this our console? */ if (strncmp(p + 8, uttyname, strlen(uttyname))) continue; /* Is there any garbage after the TTY name? */ e = p + 8 + strlen(uttyname); if (*e == ',' || *e == ' ' || *e == '\n' || *e == 0) { retval = 0; break; } } } } if (retval && !(ctrl & PAM_NOCONSOLE_ARG)) { FILE *consoleactivefile; /* Allow access from the active console */ consoleactivefile = fopen(CONSOLEACTIVE_FILE, "r"); if (consoleactivefile != NULL) { char line[LINE_MAX], *p, *n; line[0] = 0; p = fgets(line, sizeof(line), consoleactivefile); fclose(consoleactivefile); if (p) { /* remove the newline character at end */ if (line[strlen(line)-1] == '\n') line[strlen(line)-1] = 0; for (n = p; n != NULL; p = n+1) { if ((n = strchr(p, ' ')) != NULL) *n = '\0'; if (strcmp(p, uttyname) == 0) { retval = 0; break; } } } } } if (retval) { pam_syslog(pamh, LOG_WARNING, "access denied: tty '%s' is not secure !", uttyname); retval = PAM_AUTH_ERR; if (user_pwd == NULL) { retval = PAM_USER_UNKNOWN; } } else { if (ctrl & PAM_DEBUG_ARG) { pam_syslog(pamh, LOG_DEBUG, "access allowed for '%s' on '%s'", username, uttyname); } retval = PAM_SUCCESS; } return retval; } /* --- authentication management functions --- */ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ctrl; /* parse the arguments */ ctrl = _pam_parse (pamh, argc, argv); return securetty_perform_check(pamh, ctrl, __FUNCTION__); } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } /* --- account management functions --- */ PAM_EXTERN int pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int ctrl; /* parse the arguments */ ctrl = _pam_parse (pamh, argc, argv); /* take the easy route */ return securetty_perform_check(pamh, ctrl, __FUNCTION__); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_securetty_modstruct = { "pam_securetty", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, NULL, NULL, NULL, }; #endif /* PAM_STATIC */ /* end of module definition */ pam/modules/pam_securetty/tst-pam_securetty0000755000000000000000000000007013261244762016503 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_securetty.so pam/modules/pam_selinux/0000755000000000000000000000000013261244762012524 5ustar pam/modules/pam_selinux/Makefile.am0000644000000000000000000000210213261244762014553 0ustar # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \ tst-pam_selinux if HAVE_LIBSELINUX TESTS = tst-pam_selinux man_MANS = pam_selinux.8 endif XMLS = README.xml pam_selinux.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module pam_selinux_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@ if HAVE_VERSIONING pam_selinux_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif if HAVE_LIBSELINUX securelib_LTLIBRARIES = pam_selinux.la noinst_PROGRAMS = pam_selinux_check pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \ $(top_builddir)/libpam_misc/libpam_misc.la endif if ENABLE_REGENERATE_MAN noinst_DATA = README pam_selinux.8 README: pam_selinux.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_selinux/Makefile.in0000644000000000000000000006333013261244762014576 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map @HAVE_LIBSELINUX_TRUE@noinst_PROGRAMS = pam_selinux_check$(EXEEXT) subdir = modules/pam_selinux DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_selinux_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_selinux_la_SOURCES = pam_selinux.c pam_selinux_la_OBJECTS = pam_selinux.lo pam_selinux_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_selinux_la_LDFLAGS) $(LDFLAGS) -o $@ @HAVE_LIBSELINUX_TRUE@am_pam_selinux_la_rpath = -rpath $(securelibdir) PROGRAMS = $(noinst_PROGRAMS) pam_selinux_check_SOURCES = pam_selinux_check.c pam_selinux_check_OBJECTS = pam_selinux_check.$(OBJEXT) @HAVE_LIBSELINUX_TRUE@pam_selinux_check_DEPENDENCIES = \ @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam/libpam.la \ @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam_misc/libpam_misc.la DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_selinux.c pam_selinux_check.c DIST_SOURCES = pam_selinux.c pam_selinux_check.c man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_selinux.8 pam_selinux_check.8 \ tst-pam_selinux @HAVE_LIBSELINUX_TRUE@TESTS = tst-pam_selinux @HAVE_LIBSELINUX_TRUE@man_MANS = pam_selinux.8 XMLS = README.xml pam_selinux.8.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include pam_selinux_la_LDFLAGS = -no-undefined -avoid-version -module \ $(am__append_1) pam_selinux_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ @LIBAUDIT@ @HAVE_LIBSELINUX_TRUE@securelib_LTLIBRARIES = pam_selinux.la @HAVE_LIBSELINUX_TRUE@pam_selinux_check_LDADD = $(top_builddir)/libpam/libpam.la \ @HAVE_LIBSELINUX_TRUE@ $(top_builddir)/libpam_misc/libpam_misc.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_selinux.8 all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_selinux/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_selinux/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_selinux.la: $(pam_selinux_la_OBJECTS) $(pam_selinux_la_DEPENDENCIES) $(pam_selinux_la_LINK) $(am_pam_selinux_la_rpath) $(pam_selinux_la_OBJECTS) $(pam_selinux_la_LIBADD) $(LIBS) clean-noinstPROGRAMS: @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ rm -f $$list || exit $$?; \ test -n "$(EXEEXT)" || exit 0; \ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list pam_selinux_check$(EXEEXT): $(pam_selinux_check_OBJECTS) $(pam_selinux_check_DEPENDENCIES) @rm -f pam_selinux_check$(EXEEXT) $(LINK) $(pam_selinux_check_OBJECTS) $(pam_selinux_check_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_selinux_check.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-am clean-am: clean-generic clean-libtool clean-noinstPROGRAMS \ clean-securelibLTLIBRARIES mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-man install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-noinstPROGRAMS \ clean-securelibLTLIBRARIES ctags distclean distclean-compile \ distclean-generic distclean-libtool distclean-tags distdir dvi \ dvi-am html html-am info info-am install install-am \ install-data install-data-am install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man8 \ install-pdf install-pdf-am install-ps install-ps-am \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man8 \ uninstall-securelibLTLIBRARIES @ENABLE_REGENERATE_MAN_TRUE@README: pam_selinux.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_selinux/README0000644000000000000000000000553513261244762013414 0ustar pam_selinux — PAM module to set the default security context â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION pam_selinux is a PAM module that sets up the default SELinux security context for the next executed process. When a new session is started, the open_session part of the module computes and sets up the execution security context used for the next execve(2) call, the file security context for the controlling terminal, and the security context used for creating a new kernel keyring. When the session is ended, the close_session part of the module restores old security contexts that were in effect before the change made by the open_session part of the module. Adding pam_selinux into the PAM stack might disrupt behavior of other PAM modules which execute applications. To avoid that, pam_selinux.so open should be placed after such modules in the PAM stack, and pam_selinux.so close should be placed before them. When such a placement is not feasible, pam_selinux.so restore could be used to temporary restore original security contexts. OPTIONS open Only execute the open_session part of the module. close Only execute the close_session part of the module. restore In open_session part of the module, temporarily restore the security contexts as they were before the previous call of the module. Another call of this module without the restore option will set up the new security contexts again. nottys Do not setup security context of the controlling terminal. debug Turn on debug messages via syslog(3). verbose Attempt to inform the user when security context is set. select_context Attempt to ask the user for a custom security context role. If MLS is on, ask also for sensitivity level. env_params Attempt to obtain a custom security context role from PAM environment. If MLS is on, obtain also sensitivity level. This option and the select_context option are mutually exclusive. The respective PAM environment variables are SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module. use_current_range Use the sensitivity level of the current process for the user context instead of the default level. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment. EXAMPLES auth required pam_unix.so session required pam_permit.so session optional pam_selinux.so AUTHOR pam_selinux was written by Dan Walsh . pam/modules/pam_selinux/README.xml0000644000000000000000000000223013261244762014200 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_selinux.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_selinux-name"]/*)'/>
pam/modules/pam_selinux/pam_selinux.80000644000000000000000000001132513261244762015143 0ustar '\" t .\" Title: pam_selinux .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 06/18/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SELINUX" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_selinux \- PAM module to set the default security context .SH "SYNOPSIS" .HP \w'\fBpam_selinux\&.so\fR\ 'u \fBpam_selinux\&.so\fR [open] [close] [restore] [nottys] [debug] [verbose] [select_context] [env_params] [use_current_range] .SH "DESCRIPTION" .PP pam_selinux is a PAM module that sets up the default SELinux security context for the next executed process\&. .PP When a new session is started, the open_session part of the module computes and sets up the execution security context used for the next \fBexecve\fR(2) call, the file security context for the controlling terminal, and the security context used for creating a new kernel keyring\&. .PP When the session is ended, the close_session part of the module restores old security contexts that were in effect before the change made by the open_session part of the module\&. .PP Adding pam_selinux into the PAM stack might disrupt behavior of other PAM modules which execute applications\&. To avoid that, \fIpam_selinux\&.so open\fR should be placed after such modules in the PAM stack, and \fIpam_selinux\&.so close\fR should be placed before them\&. When such a placement is not feasible, \fIpam_selinux\&.so restore\fR could be used to temporary restore original security contexts\&. .SH "OPTIONS" .PP \fBopen\fR .RS 4 Only execute the open_session part of the module\&. .RE .PP \fBclose\fR .RS 4 Only execute the close_session part of the module\&. .RE .PP \fBrestore\fR .RS 4 In open_session part of the module, temporarily restore the security contexts as they were before the previous call of the module\&. Another call of this module without the restore option will set up the new security contexts again\&. .RE .PP \fBnottys\fR .RS 4 Do not setup security context of the controlling terminal\&. .RE .PP \fBdebug\fR .RS 4 Turn on debug messages via \fBsyslog\fR(3)\&. .RE .PP \fBverbose\fR .RS 4 Attempt to inform the user when security context is set\&. .RE .PP \fBselect_context\fR .RS 4 Attempt to ask the user for a custom security context role\&. If MLS is on, ask also for sensitivity level\&. .RE .PP \fBenv_params\fR .RS 4 Attempt to obtain a custom security context role from PAM environment\&. If MLS is on, obtain also sensitivity level\&. This option and the select_context option are mutually exclusive\&. The respective PAM environment variables are \fISELINUX_ROLE_REQUESTED\fR, \fISELINUX_LEVEL_REQUESTED\fR, and \fISELINUX_USE_CURRENT_RANGE\fR\&. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module\&. .RE .PP \fBuse_current_range\fR .RS 4 Use the sensitivity level of the current process for the user context instead of the default level\&. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment\&. .RE .SH "MODULE TYPES PROVIDED" .PP Only the \fBsession\fR module type is provided\&. .SH "RETURN VALUES" .PP PAM_SUCCESS .RS 4 The security context was set successfully\&. .RE .PP PAM_SESSION_ERR .RS 4 Unable to get or set a valid context\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The user is not known to the system\&. .RE .PP PAM_BUF_ERR .RS 4 Memory allocation error\&. .RE .SH "EXAMPLES" .sp .if n \{\ .RS 4 .\} .nf auth required pam_unix\&.so session required pam_permit\&.so session optional pam_selinux\&.so .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBexecve\fR(2), \fBtty\fR(4), \fBpam.d\fR(5), \fBpam\fR(8), \fBselinux\fR(8) .SH "AUTHOR" .PP pam_selinux was written by Dan Walsh \&. pam/modules/pam_selinux/pam_selinux.8.xml0000644000000000000000000001772713261244762015756 0ustar pam_selinux 8 Linux-PAM Manual pam_selinux PAM module to set the default security context pam_selinux.so open close restore nottys debug verbose select_context env_params use_current_range DESCRIPTION pam_selinux is a PAM module that sets up the default SELinux security context for the next executed process. When a new session is started, the open_session part of the module computes and sets up the execution security context used for the next execve2 call, the file security context for the controlling terminal, and the security context used for creating a new kernel keyring. When the session is ended, the close_session part of the module restores old security contexts that were in effect before the change made by the open_session part of the module. Adding pam_selinux into the PAM stack might disrupt behavior of other PAM modules which execute applications. To avoid that, pam_selinux.so open should be placed after such modules in the PAM stack, and pam_selinux.so close should be placed before them. When such a placement is not feasible, pam_selinux.so restore could be used to temporary restore original security contexts. OPTIONS Only execute the open_session part of the module. Only execute the close_session part of the module. In open_session part of the module, temporarily restore the security contexts as they were before the previous call of the module. Another call of this module without the restore option will set up the new security contexts again. Do not setup security context of the controlling terminal. Turn on debug messages via syslog3 . Attempt to inform the user when security context is set. Attempt to ask the user for a custom security context role. If MLS is on, ask also for sensitivity level. Attempt to obtain a custom security context role from PAM environment. If MLS is on, obtain also sensitivity level. This option and the select_context option are mutually exclusive. The respective PAM environment variables are SELINUX_ROLE_REQUESTED, SELINUX_LEVEL_REQUESTED, and SELINUX_USE_CURRENT_RANGE. The first two variables are self describing and the last one if set to 1 makes the PAM module behave as if the use_current_range was specified on the command line of the module. Use the sensitivity level of the current process for the user context instead of the default level. Also suppresses asking of the sensitivity level from the user or obtaining it from PAM environment. MODULE TYPES PROVIDED Only the module type is provided. RETURN VALUES PAM_SUCCESS The security context was set successfully. PAM_SESSION_ERR Unable to get or set a valid context. PAM_USER_UNKNOWN The user is not known to the system. PAM_BUF_ERR Memory allocation error. EXAMPLES auth required pam_unix.so session required pam_permit.so session optional pam_selinux.so SEE ALSO execve2 , tty4 , pam.d5 , pam8 , selinux8 AUTHOR pam_selinux was written by Dan Walsh <dwalsh@redhat.com>. pam/modules/pam_selinux/pam_selinux.c0000644000000000000000000005673613261244762015235 0ustar /****************************************************************************** * A module for Linux-PAM that will set the default security context after login * via PAM. * * Copyright (c) 2003-2008 Red Hat, Inc. * Written by Dan Walsh * Additional improvements by Tomas Mraz * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_SESSION #include #include #include #include #include #include #include #include #include #include #include #ifdef HAVE_LIBAUDIT #include #include #include #endif /* Send audit message */ static int send_audit_message(pam_handle_t *pamh, int success, security_context_t default_context, security_context_t selected_context) { int rc=0; #ifdef HAVE_LIBAUDIT char *msg = NULL; int audit_fd = audit_open(); security_context_t default_raw=NULL; security_context_t selected_raw=NULL; const void *tty = NULL, *rhost = NULL; rc = -1; if (audit_fd < 0) { if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) return 0; /* No audit support in kernel */ pam_syslog(pamh, LOG_ERR, "Error connecting to audit system."); return rc; } (void)pam_get_item(pamh, PAM_TTY, &tty); (void)pam_get_item(pamh, PAM_RHOST, &rhost); if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { pam_syslog(pamh, LOG_ERR, "Error translating default context."); default_raw = NULL; } if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) { pam_syslog(pamh, LOG_ERR, "Error translating selected context."); selected_raw = NULL; } if (asprintf(&msg, "pam: default-context=%s selected-context=%s", default_raw ? default_raw : (default_context ? default_context : "?"), selected_raw ? selected_raw : (selected_context ? selected_context : "?")) < 0) { pam_syslog(pamh, LOG_ERR, "Error allocating memory."); goto out; } if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, msg, rhost, NULL, tty, success) <= 0) { pam_syslog(pamh, LOG_ERR, "Error sending audit message."); goto out; } rc = 0; out: free(msg); freecon(default_raw); freecon(selected_raw); close(audit_fd); #else pam_syslog(pamh, LOG_NOTICE, "pam: default-context=%s selected-context=%s success %d", default_context, selected_context, success); #endif return rc; } static int send_text (pam_handle_t *pamh, const char *text, int debug) { if (debug) pam_syslog(pamh, LOG_NOTICE, "%s", text); return pam_info (pamh, "%s", text); } /* * This function sends a message to the user and gets the response. The caller * is responsible for freeing the responses. */ static int query_response (pam_handle_t *pamh, const char *text, const char *def, char **response, int debug) { int rc; if (def) rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s [%s] ", text, def); else rc = pam_prompt (pamh, PAM_PROMPT_ECHO_ON, response, "%s ", text); if (*response == NULL) { rc = PAM_CONV_ERR; } if (rc != PAM_SUCCESS) { pam_syslog(pamh, LOG_WARNING, "No response to query: %s", text); } else if (debug) pam_syslog(pamh, LOG_NOTICE, "%s %s", text, *response); return rc; } static int mls_range_allowed(pam_handle_t *pamh, security_context_t src, security_context_t dst, int debug) { struct av_decision avd; int retval; security_class_t class; access_vector_t bit; context_t src_context; context_t dst_context; class = string_to_security_class("context"); if (!class) { pam_syslog(pamh, LOG_ERR, "Failed to translate security class context. %m"); return 0; } bit = string_to_av_perm(class, "contains"); if (!bit) { pam_syslog(pamh, LOG_ERR, "Failed to translate av perm contains. %m"); return 0; } src_context = context_new (src); dst_context = context_new (dst); context_range_set(dst_context, context_range_get(src_context)); if (debug) pam_syslog(pamh, LOG_NOTICE, "Checking if %s mls range valid for %s", dst, context_str(dst_context)); retval = security_compute_av(context_str(dst_context), dst, class, bit, &avd); context_free(src_context); context_free(dst_context); if (retval || ((bit & avd.allowed) != bit)) return 0; return 1; } static security_context_t config_context (pam_handle_t *pamh, security_context_t defaultcon, int use_current_range, int debug) { security_context_t newcon=NULL; context_t new_context; int mls_enabled = is_selinux_mls_enabled(); char *response=NULL; char *type=NULL; char resp_val = 0; pam_prompt (pamh, PAM_TEXT_INFO, NULL, _("Default Security Context %s\n"), defaultcon); while (1) { if (query_response(pamh, _("Would you like to enter a different role or level?"), "n", &response, debug) == PAM_SUCCESS) { resp_val = response[0]; _pam_drop(response); } else { resp_val = 'N'; } if ((resp_val == 'y') || (resp_val == 'Y')) { if ((new_context = context_new(defaultcon)) == NULL) goto fail_set; /* Allow the user to enter role and level individually */ if (query_response(pamh, _("role:"), context_role_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (get_default_type(response, &type)) { pam_prompt (pamh, PAM_ERROR_MSG, NULL, _("No default type for role %s\n"), response); _pam_drop(response); continue; } else { if (context_role_set(new_context, response)) goto fail_set; if (context_type_set (new_context, type)) goto fail_set; _pam_drop(type); } } _pam_drop(response); if (mls_enabled) { if (use_current_range) { security_context_t mycon = NULL; context_t my_context; if (getcon(&mycon) != 0) goto fail_set; my_context = context_new(mycon); if (my_context == NULL) { freecon(mycon); goto fail_set; } freecon(mycon); if (context_range_set(new_context, context_range_get(my_context))) { context_free(my_context); goto fail_set; } context_free(my_context); } else if (query_response(pamh, _("level:"), context_range_get(new_context), &response, debug) == PAM_SUCCESS && response[0]) { if (context_range_set(new_context, response)) goto fail_set; } _pam_drop(response); } if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", context_str(new_context)); /* Get the string value of the context and see if it is valid. */ if (!security_check_context(context_str(new_context))) { newcon = strdup(context_str(new_context)); if (newcon == NULL) goto fail_set; context_free(new_context); /* we have to check that this user is allowed to go into the range they have specified ... role is tied to an seuser, so that'll be checked at setexeccon time */ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); send_audit_message(pamh, 0, defaultcon, newcon); free(newcon); goto fail_range; } return newcon; } else { send_audit_message(pamh, 0, defaultcon, context_str(new_context)); send_text(pamh,_("Not a valid security context"),debug); } context_free(new_context); /* next time around allocates another */ } else return strdup(defaultcon); } /* end while */ return NULL; fail_set: free(type); _pam_drop(response); context_free (new_context); send_audit_message(pamh, 0, defaultcon, NULL); fail_range: return NULL; } static security_context_t context_from_env (pam_handle_t *pamh, security_context_t defaultcon, int env_params, int use_current_range, int debug) { security_context_t newcon = NULL; context_t new_context; context_t my_context = NULL; int mls_enabled = is_selinux_mls_enabled(); const char *env = NULL; char *type = NULL; int fail = 1; if ((new_context = context_new(defaultcon)) == NULL) goto fail_set; if (env_params && (env = pam_getenv(pamh, "SELINUX_ROLE_REQUESTED")) != NULL && env[0] != '\0') { if (debug) pam_syslog(pamh, LOG_NOTICE, "Requested role: %s", env); if (get_default_type(env, &type)) { pam_syslog(pamh, LOG_NOTICE, "No default type for role %s", env); goto fail_set; } else { if (context_role_set(new_context, env)) goto fail_set; if (context_type_set(new_context, type)) goto fail_set; } } if (mls_enabled) { if ((env = pam_getenv(pamh, "SELINUX_USE_CURRENT_RANGE")) != NULL && env[0] == '1') { if (debug) pam_syslog(pamh, LOG_NOTICE, "SELINUX_USE_CURRENT_RANGE is set"); use_current_range = 1; } if (use_current_range) { security_context_t mycon = NULL; if (getcon(&mycon) != 0) goto fail_set; my_context = context_new(mycon); if (my_context == NULL) { freecon(mycon); goto fail_set; } freecon(mycon); env = context_range_get(my_context); } else { env = pam_getenv(pamh, "SELINUX_LEVEL_REQUESTED"); } if (env != NULL && env[0] != '\0') { if (debug) pam_syslog(pamh, LOG_NOTICE, "Requested level: %s", env); if (context_range_set(new_context, env)) goto fail_set; } } newcon = strdup(context_str(new_context)); if (newcon == NULL) goto fail_set; if (debug) pam_syslog(pamh, LOG_NOTICE, "Selected Security Context %s", newcon); /* Get the string value of the context and see if it is valid. */ if (security_check_context(newcon)) { pam_syslog(pamh, LOG_NOTICE, "Not a valid security context %s", newcon); goto fail_set; } /* we have to check that this user is allowed to go into the range they have specified ... role is tied to an seuser, so that'll be checked at setexeccon time */ if (mls_enabled && !mls_range_allowed(pamh, defaultcon, newcon, debug)) { pam_syslog(pamh, LOG_NOTICE, "Security context %s is not allowed for %s", defaultcon, newcon); goto fail_set; } fail = 0; fail_set: free(type); context_free(my_context); context_free(new_context); if (fail) { send_audit_message(pamh, 0, defaultcon, newcon); freecon(newcon); newcon = NULL; } return newcon; } #define DATANAME "pam_selinux_context" typedef struct { security_context_t exec_context; security_context_t prev_exec_context; security_context_t default_user_context; security_context_t tty_context; security_context_t prev_tty_context; char *tty_path; } module_data_t; static void free_module_data(module_data_t *data) { free(data->tty_path); freecon(data->prev_tty_context); freecon(data->tty_context); freecon(data->default_user_context); freecon(data->prev_exec_context); if (data->exec_context != data->default_user_context) freecon(data->exec_context); memset(data, 0, sizeof(*data)); free(data); } static void cleanup(pam_handle_t *pamh UNUSED, void *data, int err UNUSED) { free_module_data(data); } static const module_data_t * get_module_data(const pam_handle_t *pamh) { const void *data; return (pam_get_data(pamh, DATANAME, &data) == PAM_SUCCESS) ? data : NULL; } static const char * get_item(const pam_handle_t *pamh, int item_type) { const void *item; return (pam_get_item(pamh, item_type, &item) == PAM_SUCCESS) ? item : NULL; } static int set_exec_context(const pam_handle_t *pamh, security_context_t context) { if (setexeccon(context) == 0) return 0; pam_syslog(pamh, LOG_ERR, "Setting executable context \"%s\" failed: %m", context ? context : ""); return -1; } static int set_file_context(const pam_handle_t *pamh, security_context_t context, const char *file) { if (!file) return 0; if (setfilecon(file, context) == 0 || errno == ENOENT) return 0; pam_syslog(pamh, LOG_ERR, "Setting file context \"%s\" failed for %s: %m", context ? context : "", file); return -1; } static int compute_exec_context(pam_handle_t *pamh, module_data_t *data, int select_context, int use_current_range, int env_params, int debug) { const char *username; #ifdef HAVE_GETSEUSER const char *service; #endif char *seuser = NULL; char *level = NULL; security_context_t *contextlist = NULL; int num_contexts = 0; if (!(username = get_item(pamh, PAM_USER))) { pam_syslog(pamh, LOG_ERR, "Cannot obtain the user name"); return PAM_USER_UNKNOWN; } /* compute execute context */ #ifdef HAVE_GETSEUSER if (!(service = get_item(pamh, PAM_SERVICE))) { pam_syslog(pamh, LOG_ERR, "Cannot obtain the service name"); return PAM_SESSION_ERR; } if (getseuser(username, service, &seuser, &level) == 0) { #else if (getseuserbyname(username, &seuser, &level) == 0) { #endif num_contexts = get_ordered_context_list_with_level(seuser, level, NULL, &contextlist); if (debug) pam_syslog(pamh, LOG_DEBUG, "Username= %s SELinux User= %s Level= %s", username, seuser, level); free(level); } if (num_contexts > 0) { free(seuser); data->default_user_context = strdup(contextlist[0]); freeconary(contextlist); if (!data->default_user_context) { pam_syslog(pamh, LOG_ERR, "Out of memory"); return PAM_BUF_ERR; } data->exec_context = data->default_user_context; if (select_context) data->exec_context = config_context(pamh, data->default_user_context, use_current_range, debug); else if (env_params || use_current_range) data->exec_context = context_from_env(pamh, data->default_user_context, env_params, use_current_range, debug); } if (!data->exec_context) { pam_syslog(pamh, LOG_ERR, "Unable to get valid context for %s", username); pam_prompt(pamh, PAM_ERROR_MSG, NULL, _("Unable to get valid context for %s"), username); } if (getexeccon(&data->prev_exec_context) < 0) data->prev_exec_context = NULL; return PAM_SUCCESS; } static int compute_tty_context(const pam_handle_t *pamh, module_data_t *data) { const char *tty = get_item(pamh, PAM_TTY); if (!tty || !*tty || !strcmp(tty, "ssh") || !strncmp(tty, "NODEV", 5)) { tty = ttyname(STDIN_FILENO); if (!tty || !*tty) tty = ttyname(STDOUT_FILENO); if (!tty || !*tty) tty = ttyname(STDERR_FILENO); if (!tty || !*tty) return PAM_SUCCESS; } if (strncmp("/dev/", tty, 5)) { if (asprintf(&data->tty_path, "%s%s", "/dev/", tty) < 0) data->tty_path = NULL; } else { data->tty_path = strdup(tty); } if (!data->tty_path) { pam_syslog(pamh, LOG_ERR, "Out of memory"); return PAM_BUF_ERR; } if (getfilecon(data->tty_path, &data->prev_tty_context) < 0) { data->prev_tty_context = NULL; if (errno == ENOENT) { free(data->tty_path); data->tty_path = NULL; return PAM_SUCCESS; } pam_syslog(pamh, LOG_ERR, "Failed to get current context for %s: %m", data->tty_path); return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS; } if (security_compute_relabel(data->exec_context, data->prev_tty_context, SECCLASS_CHR_FILE, &data->tty_context)) { data->tty_context = NULL; pam_syslog(pamh, LOG_ERR, "Failed to compute new context for %s: %m", data->tty_path); freecon(data->prev_tty_context); data->prev_tty_context = NULL; free(data->tty_path); data->tty_path = NULL; return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS; } return PAM_SUCCESS; } static int restore_context(const pam_handle_t *pamh, const module_data_t *data, int debug) { int err; if (!data) { if (debug) pam_syslog(pamh, LOG_NOTICE, "No context to restore"); return PAM_SUCCESS; } if (debug && data->tty_path) pam_syslog(pamh, LOG_NOTICE, "Restore file context of tty %s: [%s] -> [%s]", data->tty_path, data->tty_context ? data->tty_context : "", data->prev_tty_context ? data->prev_tty_context : ""); err = set_file_context(pamh, data->prev_tty_context, data->tty_path); if (debug) pam_syslog(pamh, LOG_NOTICE, "Restore executable context: [%s] -> [%s]", data->exec_context, data->prev_exec_context ? data->prev_exec_context : ""); err |= set_exec_context(pamh, data->prev_exec_context); if (err && security_getenforce() == 1) return PAM_SESSION_ERR; return PAM_SUCCESS; } static int set_context(pam_handle_t *pamh, const module_data_t *data, int debug, int verbose) { int rc, err; if (debug && data->tty_path) pam_syslog(pamh, LOG_NOTICE, "Set file context of tty %s: [%s] -> [%s]", data->tty_path, data->prev_tty_context ? data->prev_tty_context : "", data->tty_context ? data->tty_context : ""); err = set_file_context(pamh, data->tty_context, data->tty_path); if (debug) pam_syslog(pamh, LOG_NOTICE, "Set executable context: [%s] -> [%s]", data->prev_exec_context ? data->prev_exec_context : "", data->exec_context); rc = set_exec_context(pamh, data->exec_context); err |= rc; send_audit_message(pamh, !rc, data->default_user_context, data->exec_context); if (verbose && !rc) { char msg[PATH_MAX]; snprintf(msg, sizeof(msg), _("Security Context %s Assigned"), data->exec_context); send_text(pamh, msg, debug); } #ifdef HAVE_SETKEYCREATECON if (debug) pam_syslog(pamh, LOG_NOTICE, "Set key creation context to %s", data->exec_context ? data->exec_context : ""); rc = setkeycreatecon(data->exec_context); err |= rc; if (rc) pam_syslog(pamh, LOG_ERR, "Setting key creation context %s failed: %m", data->exec_context ? data->exec_context : ""); if (verbose && !rc) { char msg[PATH_MAX]; snprintf(msg, sizeof(msg), _("Key Creation Context %s Assigned"), data->exec_context); send_text(pamh, msg, debug); } #endif if (err && security_getenforce() == 1) return PAM_SESSION_ERR; return PAM_SUCCESS; } static int create_context(pam_handle_t *pamh, int argc, const char **argv, int debug, int verbose) { int i; int ttys = 1; int select_context = 0; int use_current_range = 0; int env_params = 0; module_data_t *data; /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "nottys") == 0) { ttys = 0; } if (strcmp(argv[i], "select_context") == 0) { select_context = 1; } if (strcmp(argv[i], "use_current_range") == 0) { use_current_range = 1; } if (strcmp(argv[i], "env_params") == 0) { env_params = 1; } } if (is_selinux_enabled() <= 0) { if (debug) pam_syslog(pamh, LOG_NOTICE, "SELinux is not enabled"); return PAM_SUCCESS; } if (select_context && env_params) { pam_syslog(pamh, LOG_ERR, "select_context cannot be used with env_params"); select_context = 0; } if (!(data = calloc(1, sizeof(*data)))) { pam_syslog(pamh, LOG_ERR, "Out of memory"); return PAM_BUF_ERR; } i = compute_exec_context(pamh, data, select_context, use_current_range, env_params, debug); if (i != PAM_SUCCESS) { free_module_data(data); return i; } if (!data->exec_context) { free_module_data(data); return (security_getenforce() == 1) ? PAM_SESSION_ERR : PAM_SUCCESS; } if (ttys && (i = compute_tty_context(pamh, data)) != PAM_SUCCESS) { free_module_data(data); return i; } if ((i = pam_set_data(pamh, DATANAME, data, cleanup)) != PAM_SUCCESS) { pam_syslog(pamh, LOG_ERR, "Error saving context: %m"); free_module_data(data); return i; } return set_context(pamh, data, debug, verbose); } PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { /* Fail by default. */ return PAM_AUTH_ERR; } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { const module_data_t *data; int i, debug = 0, verbose = 0, close_session = 0, restore = 0; /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) { debug = 1; } if (strcmp(argv[i], "verbose") == 0) { verbose = 1; } if (strcmp(argv[i], "close") == 0) { close_session = 1; } if (strcmp(argv[i], "restore") == 0) { restore = 1; } } if (debug) pam_syslog(pamh, LOG_NOTICE, "Open Session"); /* Is this module supposed to execute close_session only? */ if (close_session) return PAM_SUCCESS; data = get_module_data(pamh); /* Is this module supposed only to restore original context? */ if (restore) return restore_context(pamh, data, debug); /* If there is a saved context, this module is supposed to set it again. */ return data ? set_context(pamh, data, debug, verbose) : create_context(pamh, argc, argv, debug, verbose); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i, debug = 0, open_session = 0; /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) { debug = 1; } if (strcmp(argv[i], "open") == 0) { open_session = 1; } } if (debug) pam_syslog(pamh, LOG_NOTICE, "Close Session"); /* Is this module supposed to execute open_session only? */ if (open_session) return PAM_SUCCESS; /* Restore original context. */ return restore_context(pamh, get_module_data(pamh), debug); } pam/modules/pam_selinux/pam_selinux_check.80000644000000000000000000000131613261244762016277 0ustar .TH pam_selinux_check 8 2002/05/23 "Red Hat Linux" "System Administrator's Manual" .SH NAME pam_selinux_check \- login program to test pam_selinux.so .SH SYNOPSIS .B pam_selinux_check [user] .br .SH DESCRIPTION With no arguments, .B pam_selinux_check will prompt for user .SH OPTIONS .IP target_user The user to login as. .SH DIAGNOSTICS You must setup a /etc/pam.d/pam_selinux_check file, in order for the check to work. When checking if a selinux is valid, .B pam_selinux_check returns an exit code of 0 for success and > 0 on error: .nf 1: Authentication failure .fi .SH SEE ALSO pam_selinux(8) .SH BUGS Let's hope not, but if you find any, please email the author. .SH AUTHOR Dan Walsh pam/modules/pam_selinux/pam_selinux_check.c0000644000000000000000000001255113261244762016355 0ustar /****************************************************************************** * A module for Linux-PAM that will set the default security context after login * via PAM. * * Copyright (c) 2003 Red Hat, Inc. * Written by Dan Walsh * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ /************************************************************************ * * All PAM code goes in this section. * ************************************************************************/ #include "config.h" #include #include #include /* for getuid(), exit(), getopt() */ #include #include /* for wait() */ #include /* for PAM functions */ #include /* for misc_conv PAM utility function */ #define SERVICE_NAME "pam_selinux_check" /* the name of this program for PAM */ /* The file containing the context to run * the scripts under. */ int authenticate_via_pam( const char *user , pam_handle_t **pamh); /* authenticate_via_pam() * * in: user * out: nothing * return: value condition * ----- --------- * 1 pam thinks that the user authenticated themselves properly * 0 otherwise * * this function uses pam to authenticate the user running this * program. this is the only function in this program that makes pam * calls. * */ int authenticate_via_pam( const char *user , pam_handle_t **pamh) { struct pam_conv *conv; int result = 0; /* our result, set to 0 (not authenticated) by default */ /* this is a jump table of functions for pam to use when it wants to * * communicate with the user. we'll be using misc_conv(), which is * * provided for us via pam_misc.h. */ struct pam_conv pam_conversation = { misc_conv, NULL }; conv = &pam_conversation; /* make `p_pam_handle' a valid pam handle so we can use it when * * calling pam functions. */ if( PAM_SUCCESS != pam_start( SERVICE_NAME, user, conv, pamh ) ) { fprintf( stderr, _("failed to initialize PAM\n") ); exit( -1 ); } if( PAM_SUCCESS != pam_set_item(*pamh, PAM_RUSER, user)) { fprintf( stderr, _("failed to pam_set_item()\n") ); exit( -1 ); } /* Ask PAM to authenticate the user running this program */ if( PAM_SUCCESS == pam_authenticate(*pamh,0) ) { if ( PAM_SUCCESS == pam_open_session(*pamh, 0) ) result = 1; /* user authenticated OK! */ } return( result ); } /* authenticate_via_pam() */ int main (int argc, char **argv) { pam_handle_t *pamh; int childPid; if (argc < 1) exit (-1); if (!authenticate_via_pam(argv[1],&pamh)) exit(-1); childPid = fork(); if (childPid < 0) { /* error in fork() */ fprintf(stderr, _("login: failure forking: %m")); pam_close_session(pamh, 0); /* We're done with PAM. Free `pam_handle'. */ pam_end( pamh, PAM_SUCCESS ); exit(0); } if (childPid) { close(0); close(1); close(2); struct sigaction sa; memset(&sa,0,sizeof(sa)); sa.sa_handler = SIG_IGN; sigaction(SIGQUIT, &sa, NULL); sigaction(SIGINT, &sa, NULL); while(wait(NULL) == -1 && errno == EINTR) /**/ ; openlog("login", LOG_ODELAY, LOG_AUTHPRIV); pam_close_session(pamh, 0); /* We're done with PAM. Free `pam_handle'. */ pam_end( pamh, PAM_SUCCESS ); exit(0); } argv[0]=strdup ("/bin/sh"); argv[1]=NULL; /* NOTE: The environment has not been sanitized. LD_PRELOAD and other fun * things could be set. */ execv("/bin/sh",argv); fprintf(stderr,"Failure\n"); return 0; } pam/modules/pam_selinux/tst-pam_selinux0000755000000000000000000000006613261244762015610 0ustar #!/bin/sh ../../tests/tst-dlopen .libs/pam_selinux.so pam/modules/pam_sepermit/0000755000000000000000000000000013261244762012665 5ustar pam/modules/pam_sepermit/Makefile.am0000644000000000000000000000240313261244762014720 0ustar # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # Copyright (c) 2008, 2009 Red Hat, Inc. # CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_sepermit.8 sepermit.conf sepermit.conf.5 tst-pam_sepermit if HAVE_LIBSELINUX TESTS = tst-pam_sepermit man_MANS = pam_sepermit.8 sepermit.conf.5 endif XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) sepermitlockdir = ${localstatedir}/run/sepermit AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include \ -D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \ -D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ pam_sepermit_la_LDFLAGS = -no-undefined -avoid-version -module if HAVE_VERSIONING pam_sepermit_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map endif if HAVE_LIBSELINUX secureconf_DATA = sepermit.conf securelib_LTLIBRARIES = pam_sepermit.la install-data-local: mkdir -p $(DESTDIR)$(sepermitlockdir) endif if ENABLE_REGENERATE_MAN noinst_DATA = README pam_sepermit.8 sepermit.conf.5 README: pam_sepermit.8.xml -include $(top_srcdir)/Make.xml.rules endif pam/modules/pam_sepermit/Makefile.in0000644000000000000000000006730513261244762014745 0ustar # Makefile.in generated by automake 1.11.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, # 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, # Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # # Copyright (c) 2005, 2006, 2007 Thorsten Kukuk # Copyright (c) 2008, 2009 Red Hat, Inc. # VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @HAVE_VERSIONING_TRUE@am__append_1 = -Wl,--version-script=$(srcdir)/../modules.map subdir = modules/pam_sepermit DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \ $(top_srcdir)/m4/iconv.m4 \ $(top_srcdir)/m4/japhar_grep_cflags.m4 \ $(top_srcdir)/m4/jh_path_xml_catalog.m4 \ $(top_srcdir)/m4/ld-O1.m4 $(top_srcdir)/m4/ld-as-needed.m4 \ $(top_srcdir)/m4/ld-no-undefined.m4 $(top_srcdir)/m4/lib-ld.m4 \ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \ $(top_srcdir)/m4/libprelude.m4 $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)" LTLIBRARIES = $(securelib_LTLIBRARIES) pam_sepermit_la_DEPENDENCIES = $(top_builddir)/libpam/libpam.la pam_sepermit_la_SOURCES = pam_sepermit.c pam_sepermit_la_OBJECTS = pam_sepermit.lo pam_sepermit_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(pam_sepermit_la_LDFLAGS) $(LDFLAGS) -o $@ @HAVE_LIBSELINUX_TRUE@am_pam_sepermit_la_rpath = -rpath \ @HAVE_LIBSELINUX_TRUE@ $(securelibdir) DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp am__depfiles_maybe = depfiles am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = pam_sepermit.c DIST_SOURCES = pam_sepermit.c man5dir = $(mandir)/man5 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) DATA = $(noinst_DATA) $(secureconf_DATA) ETAGS = etags CTAGS = ctags am__tty_colors = \ red=; grn=; lgn=; blu=; std= DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BROWSER = @BROWSER@ BUILD_CFLAGS = @BUILD_CFLAGS@ BUILD_LDFLAGS = @BUILD_LDFLAGS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CC_FOR_BUILD = @CC_FOR_BUILD@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ FO2PDF = @FO2PDF@ GMSGFMT = @GMSGFMT@ GMSGFMT_015 = @GMSGFMT_015@ GREP = @GREP@ HAVE_KEY_MANAGEMENT = @HAVE_KEY_MANAGEMENT@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ INTLLIBS = @INTLLIBS@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ LIBAUDIT = @LIBAUDIT@ LIBCRACK = @LIBCRACK@ LIBCRYPT = @LIBCRYPT@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBICONV = @LIBICONV@ LIBINTL = @LIBINTL@ LIBOBJS = @LIBOBJS@ LIBPRELUDE_CFLAGS = @LIBPRELUDE_CFLAGS@ LIBPRELUDE_CONFIG = @LIBPRELUDE_CONFIG@ LIBPRELUDE_CONFIG_PREFIX = @LIBPRELUDE_CONFIG_PREFIX@ LIBPRELUDE_LDFLAGS = @LIBPRELUDE_LDFLAGS@ LIBPRELUDE_LIBS = @LIBPRELUDE_LIBS@ LIBPRELUDE_PREFIX = @LIBPRELUDE_PREFIX@ LIBPRELUDE_PTHREAD_CFLAGS = @LIBPRELUDE_PTHREAD_CFLAGS@ LIBS = @LIBS@ LIBSELINUX = @LIBSELINUX@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBICONV = @LTLIBICONV@ LTLIBINTL = @LTLIBINTL@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ MSGFMT = @MSGFMT@ MSGFMT_015 = @MSGFMT_015@ MSGMERGE = @MSGMERGE@ NIS_CFLAGS = @NIS_CFLAGS@ NIS_LIBS = @NIS_LIBS@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PIE_CFLAGS = @PIE_CFLAGS@ PIE_LDFLAGS = @PIE_LDFLAGS@ PKG_CONFIG = @PKG_CONFIG@ POSUB = @POSUB@ RANLIB = @RANLIB@ SCONFIGDIR = @SCONFIGDIR@ SECUREDIR = @SECUREDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ USE_NLS = @USE_NLS@ VERSION = @VERSION@ XGETTEXT = @XGETTEXT@ XGETTEXT_015 = @XGETTEXT_015@ XMLCATALOG = @XMLCATALOG@ XMLLINT = @XMLLINT@ XML_CATALOG_FILE = @XML_CATALOG_FILE@ XSLTPROC = @XSLTPROC@ YACC = @YACC@ YFLAGS = @YFLAGS@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libc_cv_fpie = @libc_cv_fpie@ libdir = @libdir@ libexecdir = @libexecdir@ libtirpc_CFLAGS = @libtirpc_CFLAGS@ libtirpc_LIBS = @libtirpc_LIBS@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pam_cv_ld_O1 = @pam_cv_ld_O1@ pam_cv_ld_as_needed = @pam_cv_ld_as_needed@ pam_cv_ld_no_undefined = @pam_cv_ld_no_undefined@ pam_xauth_path = @pam_xauth_path@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ CLEANFILES = *~ MAINTAINERCLEANFILES = $(MANS) README EXTRA_DIST = README $(XMLS) pam_sepermit.8 sepermit.conf sepermit.conf.5 tst-pam_sepermit @HAVE_LIBSELINUX_TRUE@TESTS = tst-pam_sepermit @HAVE_LIBSELINUX_TRUE@man_MANS = pam_sepermit.8 sepermit.conf.5 XMLS = README.xml pam_sepermit.8.xml sepermit.conf.5.xml securelibdir = $(SECUREDIR) secureconfdir = $(SCONFIGDIR) sepermitlockdir = ${localstatedir}/run/sepermit AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -I$(top_srcdir)/libpam_misc/include \ -D SEPERMIT_CONF_FILE=\"$(SCONFIGDIR)/sepermit.conf\" \ -D SEPERMIT_LOCKDIR=\"$(sepermitlockdir)\" pam_sepermit_la_LIBADD = $(top_builddir)/libpam/libpam.la @LIBSELINUX@ pam_sepermit_la_LDFLAGS = -no-undefined -avoid-version -module \ $(am__append_1) @HAVE_LIBSELINUX_TRUE@secureconf_DATA = sepermit.conf @HAVE_LIBSELINUX_TRUE@securelib_LTLIBRARIES = pam_sepermit.la @ENABLE_REGENERATE_MAN_TRUE@noinst_DATA = README pam_sepermit.8 sepermit.conf.5 all: all-am .SUFFIXES: .SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu modules/pam_sepermit/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu modules/pam_sepermit/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): install-securelibLTLIBRARIES: $(securelib_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(securelibdir)" || $(MKDIR_P) "$(DESTDIR)$(securelibdir)" @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(securelibdir)'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(securelibdir)"; \ } uninstall-securelibLTLIBRARIES: @$(NORMAL_UNINSTALL) @list='$(securelib_LTLIBRARIES)'; test -n "$(securelibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(securelibdir)/$$f'"; \ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(securelibdir)/$$f"; \ done clean-securelibLTLIBRARIES: -test -z "$(securelib_LTLIBRARIES)" || rm -f $(securelib_LTLIBRARIES) @list='$(securelib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done pam_sepermit.la: $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_DEPENDENCIES) $(pam_sepermit_la_LINK) $(am_pam_sepermit_la_rpath) $(pam_sepermit_la_OBJECTS) $(pam_sepermit_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_sepermit.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man5: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man5dir)" || $(MKDIR_P) "$(DESTDIR)$(man5dir)" @list=''; test -n "$(man5dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man5dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man5dir)" && rm -f $$files; } install-man8: $(man_MANS) @$(NORMAL_INSTALL) test -z "$(man8dir)" || $(MKDIR_P) "$(DESTDIR)$(man8dir)" @list=''; test -n "$(man8dir)" || exit 0; \ { for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ test -z "$$files" || { \ echo " ( cd '$(DESTDIR)$(man8dir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(man8dir)" && rm -f $$files; } install-secureconfDATA: $(secureconf_DATA) @$(NORMAL_INSTALL) test -z "$(secureconfdir)" || $(MKDIR_P) "$(DESTDIR)$(secureconfdir)" @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(secureconfdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(secureconfdir)" || exit $$?; \ done uninstall-secureconfDATA: @$(NORMAL_UNINSTALL) @list='$(secureconf_DATA)'; test -n "$(secureconfdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ test -n "$$files" || exit 0; \ echo " ( cd '$(DESTDIR)$(secureconfdir)' && rm -f" $$files ")"; \ cd "$(DESTDIR)$(secureconfdir)" && rm -f $$files ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ mkid -fID $$unique tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags check-TESTS: $(TESTS) @failed=0; all=0; xfail=0; xpass=0; skip=0; \ srcdir=$(srcdir); export srcdir; \ list=' $(TESTS) '; \ $(am__tty_colors); \ if test -n "$$list"; then \ for tst in $$list; do \ if test -f ./$$tst; then dir=./; \ elif test -f $$tst; then dir=; \ else dir="$(srcdir)/"; fi; \ if $(TESTS_ENVIRONMENT) $${dir}$$tst; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xpass=`expr $$xpass + 1`; \ failed=`expr $$failed + 1`; \ col=$$red; res=XPASS; \ ;; \ *) \ col=$$grn; res=PASS; \ ;; \ esac; \ elif test $$? -ne 77; then \ all=`expr $$all + 1`; \ case " $(XFAIL_TESTS) " in \ *[\ \ ]$$tst[\ \ ]*) \ xfail=`expr $$xfail + 1`; \ col=$$lgn; res=XFAIL; \ ;; \ *) \ failed=`expr $$failed + 1`; \ col=$$red; res=FAIL; \ ;; \ esac; \ else \ skip=`expr $$skip + 1`; \ col=$$blu; res=SKIP; \ fi; \ echo "$${col}$$res$${std}: $$tst"; \ done; \ if test "$$all" -eq 1; then \ tests="test"; \ All=""; \ else \ tests="tests"; \ All="All "; \ fi; \ if test "$$failed" -eq 0; then \ if test "$$xfail" -eq 0; then \ banner="$$All$$all $$tests passed"; \ else \ if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ else \ if test "$$xpass" -eq 0; then \ banner="$$failed of $$all $$tests failed"; \ else \ if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ fi; \ fi; \ dashes="$$banner"; \ skipped=""; \ if test "$$skip" -ne 0; then \ if test "$$skip" -eq 1; then \ skipped="($$skip test was not run)"; \ else \ skipped="($$skip tests were not run)"; \ fi; \ test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$skipped"; \ fi; \ report=""; \ if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ report="Please report to $(PACKAGE_BUGREPORT)"; \ test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ dashes="$$report"; \ fi; \ dashes=`echo "$$dashes" | sed s/./=/g`; \ if test "$$failed" -eq 0; then \ echo "$$grn$$dashes"; \ else \ echo "$$red$$dashes"; \ fi; \ echo "$$banner"; \ test -z "$$skipped" || echo "$$skipped"; \ test -z "$$report" || echo "$$report"; \ echo "$$dashes$$std"; \ test "$$failed" -eq 0; \ else :; fi distdir: $(DISTFILES) @list='$(MANS)'; if test -n "$$list"; then \ list=`for p in $$list; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \ if test -n "$$list" && \ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \ echo " typically \`make maintainer-clean' will remove them" >&2; \ exit 1; \ else :; fi; \ else :; fi @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile $(LTLIBRARIES) $(MANS) $(DATA) installdirs: for dir in "$(DESTDIR)$(securelibdir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)" "$(DESTDIR)$(secureconfdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ `test -z '$(STRIP)' || \ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install mostlyclean-generic: clean-generic: -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) @HAVE_LIBSELINUX_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool clean-securelibLTLIBRARIES \ mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-data-local install-man install-secureconfDATA \ install-securelibLTLIBRARIES install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-man5 install-man8 install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -rf ./$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-compile mostlyclean-generic \ mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-man uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES uninstall-man: uninstall-man5 uninstall-man8 .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS all all-am check check-TESTS check-am clean \ clean-generic clean-libtool clean-securelibLTLIBRARIES ctags \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-data-local install-dvi install-dvi-am \ install-exec install-exec-am install-html install-html-am \ install-info install-info-am install-man install-man5 \ install-man8 install-pdf install-pdf-am install-ps \ install-ps-am install-secureconfDATA \ install-securelibLTLIBRARIES install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-man uninstall-man5 \ uninstall-man8 uninstall-secureconfDATA \ uninstall-securelibLTLIBRARIES @HAVE_LIBSELINUX_TRUE@install-data-local: @HAVE_LIBSELINUX_TRUE@ mkdir -p $(DESTDIR)$(sepermitlockdir) @ENABLE_REGENERATE_MAN_TRUE@README: pam_sepermit.8.xml @ENABLE_REGENERATE_MAN_TRUE@-include $(top_srcdir)/Make.xml.rules # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: pam/modules/pam_sepermit/README0000644000000000000000000000316013261244762013545 0ustar pam_sepermit — PAM module to allow/deny login depending on SELinux enforcement state â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â”â” DESCRIPTION The pam_sepermit module allows or denies login depending on SELinux enforcement state. When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode. Otherwise he is denied access. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value. The config file contains a list of user names one per line with optional arguments. If the name is prefixed with @ character it means that all users in the group name match. If it is prefixed with a % character the SELinux user is used to match against the name instead of the account name. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE. See sepermit.conf(5) for details. OPTIONS debug Turns on debugging via syslog(3). conf=/path/to/config/file Path to alternative config file overriding the default. EXAMPLES auth [success=done ignore=ignore default=bad] pam_sepermit.so auth required pam_unix.so account required pam_unix.so session required pam_permit.so AUTHOR pam_sepermit and this manual page were written by Tomas Mraz . pam/modules/pam_sepermit/README.xml0000644000000000000000000000224313261244762014345 0ustar --> ]>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/>
pam/modules/pam_sepermit/pam_sepermit.80000644000000000000000000000717413261244762015454 0ustar '\" t .\" Title: pam_sepermit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 06/18/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "PAM_SEPERMIT" "8" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" pam_sepermit \- PAM module to allow/deny login depending on SELinux enforcement state .SH "SYNOPSIS" .HP \w'\fBpam_sepermit\&.so\fR\ 'u \fBpam_sepermit\&.so\fR [debug] [conf=\fI/path/to/config/file\fR] .SH "DESCRIPTION" .PP The pam_sepermit module allows or denies login depending on SELinux enforcement state\&. .PP When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode\&. Otherwise he is denied access\&. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value\&. .PP The config file contains a list of user names one per line with optional arguments\&. If the \fIname\fR is prefixed with \fI@\fR character it means that all users in the group \fIname\fR match\&. If it is prefixed with a \fI%\fR character the SELinux user is used to match against the \fIname\fR instead of the account name\&. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined\&. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE\&. .PP See \fBsepermit.conf\fR(5) for details\&. .SH "OPTIONS" .PP \fBdebug\fR .RS 4 Turns on debugging via \fBsyslog\fR(3)\&. .RE .PP \fBconf=\fR\fB\fI/path/to/config/file\fR\fR .RS 4 Path to alternative config file overriding the default\&. .RE .SH "MODULE TYPES PROVIDED" .PP The \fBauth\fR and \fBaccount\fR module types are provided\&. .SH "RETURN VALUES" .PP PAM_AUTH_ERR .RS 4 SELinux is disabled or in the permissive mode and the user matches\&. .RE .PP PAM_SUCCESS .RS 4 SELinux is in the enforcing mode and the user matches\&. .RE .PP PAM_IGNORE .RS 4 The user does not match any entry in the config file\&. .RE .PP PAM_USER_UNKNOWN .RS 4 The module was unable to determine the user\*(Aqs name\&. .RE .PP PAM_SERVICE_ERR .RS 4 Error during reading or parsing the config file\&. .RE .SH "FILES" .PP /etc/security/sepermit\&.conf .RS 4 Default configuration file .RE .SH "EXAMPLES" .sp .if n \{\ .RS 4 .\} .nf auth [success=done ignore=ignore default=bad] pam_sepermit\&.so auth required pam_unix\&.so account required pam_unix\&.so session required pam_permit\&.so .fi .if n \{\ .RE .\} .SH "SEE ALSO" .PP \fBsepermit.conf\fR(5), \fBpam.conf\fR(5), \fBpam.d\fR(5), \fBpam\fR(8)\fBselinux\fR(8) .SH "AUTHOR" .PP pam_sepermit and this manual page were written by Tomas Mraz \&. pam/modules/pam_sepermit/pam_sepermit.8.xml0000644000000000000000000001340513261244762016245 0ustar pam_sepermit 8 Linux-PAM Manual pam_sepermit PAM module to allow/deny login depending on SELinux enforcement state pam_sepermit.so debug conf=/path/to/config/file DESCRIPTION The pam_sepermit module allows or denies login depending on SELinux enforcement state. When the user which is logging in matches an entry in the config file he is allowed access only when the SELinux is in enforcing mode. Otherwise he is denied access. For users not matching any entry in the config file the pam_sepermit module returns PAM_IGNORE return value. The config file contains a list of user names one per line with optional arguments. If the name is prefixed with @ character it means that all users in the group name match. If it is prefixed with a % character the SELinux user is used to match against the name instead of the account name. Note that when SELinux is disabled the SELinux user assigned to the account cannot be determined. This means that such entries are never matched when SELinux is disabled and pam_sepermit will return PAM_IGNORE. See sepermit.conf5 for details. OPTIONS Turns on debugging via syslog3 . Path to alternative config file overriding the default. MODULE TYPES PROVIDED The and module types are provided. RETURN VALUES PAM_AUTH_ERR SELinux is disabled or in the permissive mode and the user matches. PAM_SUCCESS SELinux is in the enforcing mode and the user matches. PAM_IGNORE The user does not match any entry in the config file. PAM_USER_UNKNOWN The module was unable to determine the user's name. PAM_SERVICE_ERR Error during reading or parsing the config file. FILES /etc/security/sepermit.conf Default configuration file EXAMPLES auth [success=done ignore=ignore default=bad] pam_sepermit.so auth required pam_unix.so account required pam_unix.so session required pam_permit.so SEE ALSO sepermit.conf5 , pam.conf5 , pam.d5 , pam8 selinux8 AUTHOR pam_sepermit and this manual page were written by Tomas Mraz <tmraz@redhat.com>. pam/modules/pam_sepermit/pam_sepermit.c0000644000000000000000000002546013261244762015525 0ustar /****************************************************************************** * A module for Linux-PAM that allows/denies acces based on SELinux state. * * Copyright (c) 2007, 2008, 2009 Red Hat, Inc. * Originally written by Tomas Mraz * Contributions by Dan Walsh * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, and the entire permission notice in its entirety, * including the disclaimer of warranties. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "config.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define PAM_SM_AUTH #define PAM_SM_ACCOUNT #include #include #include #include #include #define MODULE "pam_sepermit" #define OPT_DELIM ":" struct lockfd { uid_t uid; int fd; int debug; }; #define PROC_BASE "/proc" #define MAX_NAMES (int)(sizeof(unsigned long)*8) static int match_process_uid(pid_t pid, uid_t uid) { char buf[128]; uid_t puid; FILE *f; int re = 0; snprintf (buf, sizeof buf, PROC_BASE "/%d/status", pid); if (!(f = fopen (buf, "r"))) return 0; while (fgets(buf, sizeof buf, f)) { if (sscanf (buf, "Uid:\t%d", &puid)) { re = uid == puid; break; } } fclose(f); return re; } static int check_running (pam_handle_t *pamh, uid_t uid, int killall, int debug) { DIR *dir; struct dirent *de; pid_t *pid_table, pid, self; int i; int pids, max_pids; int running = 0; self = getpid(); if (!(dir = opendir(PROC_BASE))) { pam_syslog(pamh, LOG_ERR, "Failed to open proc directory file %s:", PROC_BASE); return -1; } max_pids = 256; pid_table = malloc(max_pids * sizeof (pid_t)); if (!pid_table) { (void)closedir(dir); pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); return -1; } pids = 0; while ((de = readdir (dir)) != NULL) { if (!(pid = (pid_t)atoi(de->d_name)) || pid == self) continue; if (pids == max_pids) { pid_t *npt; if (!(npt = realloc(pid_table, 2*pids*sizeof(pid_t)))) { free(pid_table); (void)closedir(dir); pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); return -1; } pid_table = npt; max_pids *= 2; } pid_table[pids++] = pid; } (void)closedir(dir); for (i = 0; i < pids; i++) { pid_t id; if (match_process_uid(pid_table[i], uid) == 0) continue; id = pid_table[i]; if (killall) { if (debug) pam_syslog(pamh, LOG_NOTICE, "Attempting to kill %d", id); kill(id, SIGKILL); } running++; } free(pid_table); return running; } /* * This function reads the loginuid from the /proc system. It returns * (uid_t)-1 on failure. */ static uid_t get_loginuid(pam_handle_t *pamh) { int fd, count; char loginuid[24]; char *eptr; uid_t rv = (uid_t)-1; fd = open("/proc/self/loginuid", O_NOFOLLOW|O_RDONLY); if (fd < 0) { if (errno != ENOENT) { pam_syslog(pamh, LOG_ERR, "Cannot open /proc/self/loginuid: %m"); } return rv; } if ((count = pam_modutil_read(fd, loginuid, sizeof(loginuid)-1)) < 1) { close(fd); return rv; } loginuid[count] = '\0'; close(fd); errno = 0; rv = strtoul(loginuid, &eptr, 10); if (errno != 0 || eptr == loginuid) rv = (uid_t) -1; return rv; } static void sepermit_unlock(pam_handle_t *pamh, void *plockfd, int error_status UNUSED) { struct lockfd *lockfd = plockfd; struct flock fl; memset(&fl, 0, sizeof(fl)); fl.l_type = F_UNLCK; fl.l_whence = SEEK_SET; if (lockfd->debug) pam_syslog(pamh, LOG_ERR, "Unlocking fd: %d uid: %d", lockfd->fd, lockfd->uid); /* Don't kill uid==0 */ if (lockfd->uid) /* This is a DOS but it prevents an app from forking to prevent killing */ while(check_running(pamh, lockfd->uid, 1, lockfd->debug) > 0) continue; (void)fcntl(lockfd->fd, F_SETLK, &fl); (void)close(lockfd->fd); free(lockfd); } static int sepermit_lock(pam_handle_t *pamh, const char *user, int debug) { char buf[PATH_MAX]; struct flock fl; memset(&fl, 0, sizeof(fl)); fl.l_type = F_WRLCK; fl.l_whence = SEEK_SET; struct passwd *pw = pam_modutil_getpwnam( pamh, user ); if (!pw) { pam_syslog(pamh, LOG_ERR, "Unable to find uid for user %s", user); return -1; } if (check_running(pamh, pw->pw_uid, 0, debug) > 0) { pam_syslog(pamh, LOG_ERR, "User %s processes are running. Exclusive login not allowed", user); return -1; } snprintf(buf, sizeof(buf), "%s/%d.lock", SEPERMIT_LOCKDIR, pw->pw_uid); int fd = open(buf, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR); if (fd < 0) { pam_syslog(pamh, LOG_ERR, "Unable to open lock file %s/%d.lock", SEPERMIT_LOCKDIR, pw->pw_uid); return -1; } /* Need to close on exec */ fcntl(fd, F_SETFD, FD_CLOEXEC); if (fcntl(fd, F_SETLK, &fl) == -1) { pam_syslog(pamh, LOG_ERR, "User %s with exclusive login already logged in", user); close(fd); return -1; } struct lockfd *lockfd=calloc(1, sizeof(struct lockfd)); if (!lockfd) { close(fd); pam_syslog(pamh, LOG_CRIT, "Memory allocation error"); return -1; } lockfd->uid = pw->pw_uid; lockfd->debug = debug; lockfd->fd=fd; pam_set_data(pamh, MODULE, lockfd, sepermit_unlock); return 0; } /* return 0 when matched, -1 when unmatched, pam error otherwise */ static int sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, const char *seuser, int debug, int *sense) { FILE *f; char *line = NULL; char *start; size_t len = 0; int matched = 0; int exclusive = 0; int ignore = 0; f = fopen(cfgfile, "r"); if (!f) { pam_syslog(pamh, LOG_ERR, "Failed to open config file %s: %m", cfgfile); return PAM_SERVICE_ERR; } while (!matched && getline(&line, &len, f) != -1) { size_t n; char *sptr; char *opt; if (line[0] == '#') continue; start = line; while (isspace(*start)) ++start; n = strlen(start); while (n > 0 && isspace(start[n-1])) { --n; } if (n == 0) continue; start[n] = '\0'; start = strtok_r(start, OPT_DELIM, &sptr); switch (start[0]) { case '@': ++start; if (debug) pam_syslog(pamh, LOG_NOTICE, "Matching user %s against group %s", user, start); if (pam_modutil_user_in_group_nam_nam(pamh, user, start)) { matched = 1; } break; case '%': if (seuser == NULL) break; ++start; if (debug) pam_syslog(pamh, LOG_NOTICE, "Matching seuser %s against seuser %s", seuser, start); if (strcmp(seuser, start) == 0) { matched = 1; } break; default: if (debug) pam_syslog(pamh, LOG_NOTICE, "Matching user %s against user %s", user, start); if (strcmp(user, start) == 0) { matched = 1; } } if (matched) while ((opt=strtok_r(NULL, OPT_DELIM, &sptr)) != NULL) { if (strcmp(opt, "exclusive") == 0) exclusive = 1; else if (strcmp(opt, "ignore") == 0) ignore = 1; else if (debug) { pam_syslog(pamh, LOG_NOTICE, "Unknown user option: %s", opt); } } } free(line); fclose(f); if (matched) { if (*sense == PAM_SUCCESS) { if (ignore) *sense = PAM_IGNORE; if (geteuid() == 0 && exclusive && get_loginuid(pamh) == -1) if (sepermit_lock(pamh, user, debug) < 0) *sense = PAM_AUTH_ERR; } return 0; } else return -1; } PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { int i; int rv; int debug = 0; int sense = PAM_AUTH_ERR; const char *user = NULL; char *seuser = NULL; char *level = NULL; const char *cfgfile = SEPERMIT_CONF_FILE; /* Parse arguments. */ for (i = 0; i < argc; i++) { if (strcmp(argv[i], "debug") == 0) { debug = 1; } if (strcmp(argv[i], "conf=") == 0) { cfgfile = argv[i] + 5; } } if (debug) pam_syslog(pamh, LOG_NOTICE, "Parsing config file: %s", cfgfile); if (pam_get_user(pamh, &user, NULL) != PAM_SUCCESS || user == NULL || *user == '\0') { pam_syslog(pamh, LOG_ERR, "Cannot determine the user's name"); return PAM_USER_UNKNOWN; } if (is_selinux_enabled() > 0) { if (security_getenforce() == 1) { if (debug) pam_syslog(pamh, LOG_NOTICE, "Enforcing mode, access will be allowed on match"); sense = PAM_SUCCESS; } } if (getseuserbyname(user, &seuser, &level) != 0) { seuser = NULL; level = NULL; pam_syslog(pamh, LOG_ERR, "getseuserbyname failed: %m"); } if (debug && sense != PAM_SUCCESS) pam_syslog(pamh, LOG_NOTICE, "Access will not be allowed on match"); rv = sepermit_match(pamh, cfgfile, user, seuser, debug, &sense); if (debug) pam_syslog(pamh, LOG_NOTICE, "sepermit_match returned: %d", rv); free(seuser); free(level); switch (rv) { case -1: return PAM_IGNORE; case 0: return sense; } return rv; } PAM_EXTERN int pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) { return PAM_IGNORE; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { return pam_sm_authenticate(pamh, flags, argc, argv); } #ifdef PAM_STATIC /* static module data */ struct pam_module _pam_sepermit_modstruct = { "pam_sepermit", pam_sm_authenticate, pam_sm_setcred, pam_sm_acct_mgmt, NULL, NULL, NULL }; #endif pam/modules/pam_sepermit/sepermit.conf0000644000000000000000000000064313261244762015367 0ustar # /etc/security/sepermit.conf # # Each line contains either: # - an user name # - a group name, with @group syntax # - a SELinux user name, with %seuser syntax # Each line can contain optional arguments separated by : # The possible arguments are: # - exclusive - only single login session will # be allowed for the user and the user's processes # will be killed on logout pam/modules/pam_sepermit/sepermit.conf.50000644000000000000000000000545513261244762015540 0ustar '\" t .\" Title: sepermit.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.78.1 .\" Date: 06/18/2013 .\" Manual: Linux-PAM Manual .\" Source: Linux-PAM Manual .\" Language: English .\" .TH "SEPERMIT\&.CONF" "5" "06/18/2013" "Linux-PAM Manual" "Linux\-PAM Manual" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" sepermit.conf \- configuration file for the pam_sepermit module .SH "DESCRIPTION" .PP The lines of the configuration file have the following syntax: .PP \fI\fR[:\fI