auth-client-config-0.9ubuntu1/0000755000000000000000000000000011066322360013253 5ustar auth-client-config-0.9ubuntu1/share/0000755000000000000000000000000011066322306014355 5ustar auth-client-config-0.9ubuntu1/share/man/0000755000000000000000000000000011066322306015130 5ustar auth-client-config-0.9ubuntu1/share/man/man8/0000755000000000000000000000000011066322306015773 5ustar auth-client-config-0.9ubuntu1/auth-client-config0000755000000000000000000011304511066322306016665 0ustar #! /usr/bin/env python # # auth-client-config: update PAM and NSS for use with a particular auth # mechanism # # Copyright (C) 2007 Jamie Strandboge # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published # by the Free Software Foundation; either version 2 of the License, # or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with auth-client-config; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # from optparse import OptionParser from ConfigParser import * import os import re import shutil from stat import * import stat import sys from tempfile import mkstemp from tempfile import mkdtemp import datetime import time version = '0.9' programName = "auth-client-config" commentStr = "# pre_" + programName + " #" if sys.version_info[0] < 2 or \ (sys.version_info[0] == 2 and sys.version_info[1] < 3): print >> sys.stderr, programName + ": Need at least python 2.3\n" sys.exit(1) # These are default settings MaxFileSize = 10 * 1024 * 1024 # 10MB files = {'nss': '#CONFIG_PREFIX#/nsswitch.conf', 'pam-auth': '#CONFIG_PREFIX#/pam.d/common-auth', 'pam-account': '#CONFIG_PREFIX#/pam.d/common-account', 'pam-password': '#CONFIG_PREFIX#/pam.d/common-password', 'pam-session': '#CONFIG_PREFIX#/pam.d/common-session'} profilesDir = "#CONFIG_PREFIX#/auth-client-config/profile.d" default_profile = "acc-default" debug = False insecure = False def createComment(str): '''Generates a uniform comment at beginning of str''' tmp = commentStr + " " + str return tmp def stripComment(str): '''Strips uniform comment from str''' pat_comment = re.compile(r"^" + commentStr + "\s*") tmp = pat_comment.sub('', str) return tmp def hasComments(lines): '''Checks lines if contains uniform comment''' pat_comment = re.compile(r"^" + commentStr) n = 0 for line in lines: if pat_comment.search(line): n += 1 return n def hasDebianSentinels(lines): '''Checks lines if contains the known Debian PAM sentinels. Checking for these in auth-client-config doesn't seem right, but apparently it needs to be done due to the current state of pam-auth-update... ''' sentinels = [ '# here\'s the fallback if no module succeeds', '# end of pam-auth-update config', '# here are the per-package modules \(the "Primary" block\)', '# and here are more per-package modules \(the "Additional" block\)' ] n = 0 for line in lines: for sentinel in sentinels: pat = re.compile(r"^" + sentinel) if pat.search(line): n += 1 return n def showSystem(): '''Print current system configuration in .INI format''' current = {} types = files.keys() types.sort() for t in types: f = files[t] size = 0 try: size = os.stat(f)[ST_SIZE] except: raise if size > MaxFileSize: raise accError("'" + f + "' is too big") try: orig = open(f, 'r') except: raise lines = readFile(orig) for line in lines: if t == "nss": for n in ['passwd', 'group', 'shadow', 'netgroup']: pat = re.compile(r"^\s*" + n + ":") if pat.search(line): current["nss_" + n] = line + "\n" else: for p in ['auth', 'account', 'password', 'session']: pat = re.compile(r"^\s*" + p + "\s") if pat.search(line): if current.has_key("pam_" + p): current["pam_" + p] += "\t" + line + "\n" else: current["pam_" + p] = line + "\n" orig.close() types = current.keys() types.sort() print datetime.datetime.now().strftime("[%Y-%m-%d_%H:%M:%S]") for t in types: print t + "=" + current[t].strip() def getProfiles(): '''Get profiles found in profiles database. Returns dictionary with profile name as key and tuples for fields ''' if not os.path.isdir(profilesDir): raise accError("Error: profiles directory does not exist") profiles = {} # Sort the list and remove the default_profile (we'll add it back in # later) files = os.listdir(profilesDir) try: files.remove(default_profile) except: print >> sys.stderr, "WARNING: '" + default_profile + \ "' not found in " + profilesDir + "\n" files.sort() totalSize = 0 pat = re.compile(r'^\.') for f in [ default_profile ] + files: abs = profilesDir + "/" + f if not os.path.isfile(abs): continue if pat.search(f): #print >> sys.stderr, "** WARNING: Skipping hidden file '" + f + "'" continue size = 0 try: size = os.stat(abs)[ST_SIZE] except: print >> sys.stderr, "** WARNING: Skipping '" + f + \ "' (couldn't stat)" continue if size > MaxFileSize: print >> sys.stderr, "** WARNING: Skipping '" + f + "' (too big)" continue if totalSize + size > MaxFileSize: print >> sys.stderr, "** WARNING: Skipping '" + f + \ "' (too many files read so far)" continue totalSize += size cdict = RawConfigParser() try: cdict.read(abs) except: print >> sys.stderr, "** WARNING: Skipping '" + f + \ "' (couldn't process)" continue # If multiple occurences of profile name, use the last one for p in cdict.sections(): skip = False for key, value in cdict.items(p): if len(p) > 64: print >> sys.stderr, "WARNING: invalid profile name " + \ "(too long). Skipping" skip = True break if len(key) > 64: print >> sys.stderr, "WARNING: invalid field for '" + p + \ "' (too long). Skipping" skip = True break if len(value) > 1024: print >> sys.stderr, "WARNING: invalid value for '" + p + \ ":" + key + "' (too long). Skipping" skip = True break if skip: continue if profiles.has_key(p): print >> sys.stderr, "WARNING: duplicate profile '" + p + \ "' found in '" + f + "' (will use last one found)" profiles[p] = cdict.items(p) return profiles def getProfileNames(): '''Returns names of profiles''' names = [] try: names = getProfiles().keys() except: raise return names def openFiles(f): '''Opens the specified file and a temporary file''' size = 0 try: size = os.stat(f)[ST_SIZE] except: raise if size > MaxFileSize: raise accError("'" + f + "' is too big") try: orig = open(f, 'r') except: raise try: (tmp, tmpname) = mkstemp() except: orig.close() raise return { "orig": orig, "origname": f, "tmp": tmp, "tmpname": tmpname } def closeFiles(fns, update = True): '''Closes the specified files (as returned by openFiles), and update original file with the temporary file ''' fns['orig'].close() os.close(fns['tmp']) if update: try: shutil.copystat(fns['origname'], fns['tmpname']) shutil.copy(fns['tmpname'], fns['origname']) except: raise try: os.unlink(fns['tmpname']) except: raise def readFile(fn): '''Read in lines for fn, and return a list of lines. fn must already be open ''' lines = [] delim = '\n' if fn.newlines != None: delim = fn.newlines try: lines = fn.read(MaxFileSize).split(delim) except: raise # if Unix, then strip out all carriage returns if delim == '\n': pat = re.compile(r'\r') i = 0 for line in lines: lines[i] = pat.sub('', line) i += 1 return lines def recursive_rm(dirPath): '''recursively remove directory''' names = os.listdir(dirPath) for name in names: path = os.path.join(dirPath, name) if not os.path.isdir(path): os.unlink(path) else: recursive_rm(path) os.rmdir(dirPath) # # Classes # class accError(Exception): '''Represents auth-client-config exceptions''' def __init__(self, value): self.value = value def __str__(self): return repr(self.value) class acc_Type: '''Interface for various types''' def __init__(self, type, dry, db): self.config = "" self.dryrun = dry self.dbonly = db self.type = type self.updates = {} self.profiles = {} try: self.profiles = getProfiles() except: raise def inDatabase(self, field, line): '''Checks if line is in the profiles database for a particular field''' found = [] pat = re.compile(r"\s+") for m in self.profiles: for key, value in self.profiles[m]: if field == key and \ pat.sub(' ', line.strip()) == pat.sub(' ', value.strip()): found.append(m) if debug and len(found) > 0: os.write(sys.stderr.fileno(), "inDatabase: found '" + field + \ "', line '" + line + "' in " + str(found) + "\n") return found def determineState(self, error, doComment, doArchive): '''Return state of finit-state-machine''' if error: return "S_3 or S_7" if doComment: if doArchive: return "S_6" return "S_2" return "S_1, S_5, or S_8" def findActions(self, ncomments, indb, reset = False): '''Return actions tuple based on state machine''' error = False doComment = False doArchive = False if ncomments < 1: # S_0 if reset: # S_3 error = True elif indb: # S_1 pass elif self.dbonly: # S_3 error = True else: # S_2 doComment = True else: # S_4 if indb: # S_5 # Reset may need to check ncomments on its own to # determine S_7 vs S_8 pass else: if reset: # S_7 error = True elif self.dbonly: # S_7 error = True else: # S_6 doComment = True doArchive = True if debug: args = " when comm=" + str(ncomments) + " indb=" + str(indb) + \ " reset=" + str(reset) + " dbonly=" + str(self.dbonly) os.write(sys.stderr.fileno(), "found state:" + \ self.determineState(error, doComment, doArchive) + args \ + "\n") return (error, doComment, doArchive) def setConfig(self, f): '''Set the location of the configuration file''' if not os.path.isfile(f): raise accError("'" + f + "' is not a file") if not os.access(f, os.W_OK): raise accError("'" + f + "' is not writable") if not stat.S_ISREG(os.stat(f)[stat.ST_MODE]): raise accError("Not a regular file") try: self.verifyConfig(f) except: raise self.config = f def resetConfig(self): '''Restores commented out lines in configuration file''' try: fns = openFiles(self.config) except: raise # Write to stdout or to tmpfile if self.dryrun: fd = sys.stdout.fileno() else: fd = fns['tmp'] lines = readFile(fns['orig']) # This is technically covered by profileIsCurrent, but let's leave # here until sure we want to enforce profile with reset in main # script indb = False if len(self.findProfiles(lines)) > 0: indb = True (error, foo, bar) = self.findActions(hasComments(lines), indb, True) if error: closeFiles(fns) if hasComments(lines) < 1: raise accError("No previous settings found in current file") else: raise accError("Current settings not in database") # First time through, see what we commented out, and store # the first token after our comment string for later use types = [] pat = re.compile(r'^' + commentStr + '\s*') pat_comment_sentinel = re.compile(r'^' + commentStr + '\s+#') for line in lines: if pat.search(line) and not pat_comment_sentinel.search(line): tmp = re.split(r'\s*', pat.sub('', line)) types.append(tmp[0]) # i is used to keep us from adding an extra newline at # end every time we run i = 0 for line in lines: i += 1 skip = False # If the line starts with one of the tokens we found # above, skip the line, otherwise, print the line # whilst stripping out any comments for start in types: pat_begin = re.compile(r'^' + start + '[:\s]') if pat_begin.search(line): skip = True if not skip and i < len(lines): os.write(fd, stripComment(line) + "\n") try: closeFiles(fns) except: raise def setProfile(self, m): if not self.profiles.has_key(m): raise accError("Profile '" + m + "' not found in " + profilesDir) for key, value in self.profiles[m]: self.updates[key] = value def profileIsCurrent(self, name): try: fns = openFiles(self.config) except: raise isCurrent = False lines = readFile(fns['orig']) for p in self.findProfiles(lines): if p == name: isCurrent = True try: # don't update the files when closing closeFiles(fns, False) except: raise return isCurrent # API overrides def findProfiles(self, lines): # should be overriden '''Returns profiles contained in lines''' raise accError("acc_Type.findProfiles: Need to override findProfiles") def updateConfig(self): # should be overidden '''Update configuration file''' raise accError("acc_Type.updateConfig: Need to override updateConfig") def verifyConfig(self, file): # should be overidden '''Verify configuration''' raise accError("acc_Type.verifyConfig: Need to override verifyConfig") class acc_PAM(acc_Type): '''Represents PAM module type''' def __init__(self, t, n, d): try: acc_Type.__init__(self, t, n, d) except: raise def findProfiles(self, lines): '''Returns profiles contained in lines''' current = {} # Gather the like lines, and put them in dictionary for line in lines: for t in ['auth', 'account', 'password', 'session']: pat = re.compile(r"^\s*" + t + "\s") if pat.search(line): if current.has_key(t): current[t] += line + "\n" else: current[t] = line + "\n" # Check to see if entries in dictionary match the database entries = {} for t in current: for x in self.inDatabase("pam_" + t, current[t]): if entries.has_key(x): entries[x] += 1 else: entries[x] = 1 return entries.keys() def updateConfig(self): '''Update configuration file''' if self.type == 'auth' and not self.updates.has_key('pam_auth'): raise accError("'pam_auth' not found") if self.type == 'account' and not self.updates.has_key('pam_account'): raise accError("'pam_account' not found") if self.type == 'password' and not self.updates.has_key('pam_password'): raise accError("'pam_password' not found") if self.type == 'session' and not self.updates.has_key('pam_session'): raise accError("'pam_session' not found") try: fns = openFiles(self.config) except: raise # Write to stdout or to tmpfile if self.dryrun: fd = sys.stdout.fileno() else: fd = fns['tmp'] lines = readFile(fns['orig']) indb = False if len(self.findProfiles(lines)) > 0: indb = True (error, doComment, doArchive) = self.findActions(hasComments(lines), \ indb, False) if error: closeFiles(fns, False) raise accError("Current settings not in database, but " + \ "database-only specified. Skipping 'pam-" + \ self.type + "'") pat = re.compile(r"^\s*" + self.type + "\s*") i = 0 for line in lines: i += 1 # If doArchive and this line is a comment if doArchive and hasComments([line]) > 0: os.write(fd, "# " + stripComment(line) + "\n") continue if pat.search(line) or hasDebianSentinels([line]) > 0: if doComment: os.write(fd, createComment(line) + "\n") continue if i < len(lines): os.write(fd, line + "\n") os.write(fd, self.updates['pam_' + self.type] + "\n") try: closeFiles(fns) except: raise def verifyConfig(self, file): '''Verify configuration''' try: fns = openFiles(file) except: raise lines = readFile(fns['orig']) entries = 0 pat = re.compile(r"^\s*" + self.type + "\s") for line in lines: if pat.search(line): entries += 1 try: # Don't update the files when closing closeFiles(fns, False) except: raise if entries < 1: raise accError("'" + os.path.basename(file) + \ "' doesn't have any entries for '" + self.type + \ "'") class acc_NSS(acc_Type): '''Represents Name Service switch file''' def __init__(self, t, n, d): try: acc_Type.__init__(self, t, n, d) except: raise def findProfiles(self, lines): '''Returns profiles contained in lines''' entries = {} for line in lines: for t in ['passwd', 'group', 'shadow', 'netgroup']: pat = re.compile(r"^\s*" + t + ":") if pat.search(line): for x in self.inDatabase("nss_" + t, line): if entries.has_key(x): entries[x] += 1 else: entries[x] = 1 # Since an nss profile must have 4 matching fields, check our # dictionary for profiles with 4 matches found = [] if len(entries) != 0: for k in entries: if entries[k] == 4: found.append(k) return found def resetConfig(self): '''Restores commented out lines in configuration file''' try: fns = openFiles(self.config) except: raise lines = readFile(fns['orig']) pat = re.compile(r'^' + commentStr + '\s*') error = "" types = [] for line in lines: if pat.search(line): tmp = re.split(r'\s*', pat.sub('', line)) # If found another comment for this field, error out, since # we can't automatically recover (n > 1 in state machine). # This syntax requires python >= 2.3 if tmp[0] in types: # S_7 in state diagram error = "Too many previous configurations found. " + \ "Please fix manually." break types.append(tmp[0]) if len(self.findProfiles(lines)) < 1: error = "No matching profile found for existing entries. " + \ "Please reset them manually." try: # Don't update the file yet closeFiles(fns, False) except: raise if error != "": raise accError(error) # If we made it here, then call our parent to actually update # the file (S_8 in state diagram) acc_Type.resetConfig(self) def updateConfig(self): '''Update configuration file''' # Check that our config file has good types for t in ['passwd', 'group', 'shadow', 'netgroup']: if not self.updates.has_key('nss_' + t): raise accError("'nss_" + t + "' not found") try: fns = openFiles(self.config) except: raise # Write to stdout or to tmpfile if self.dryrun: fd = sys.stdout.fileno() else: fd = fns['tmp'] lines = readFile(fns['orig']) indb = False if len(self.findProfiles(lines)) > 0: indb = True (error, doComment, doArchive) = self.findActions(hasComments(lines), \ indb, False) if error: closeFiles(fns, False) raise accError("Current settings not in database, but " + \ "database-only specified. Skipping 'nss'") i = 0 for line in lines: i += 1 # If doArchive and this line is a comment if doArchive and hasComments([line]) > 0: os.write(fd, "# " + stripComment(line) + "\n") continue wrote_line = False for t in ['passwd', 'group', 'shadow', 'netgroup']: pat = re.compile(r"^\s*" + t + ":") if pat.search(line): if doComment: os.write(fd, createComment(line) + "\n") os.write(fd, self.updates['nss_' + t] + "\n") wrote_line = True break if not wrote_line and i < len(lines): os.write(fd, line + "\n") try: closeFiles(fns) except: raise def verifyConfig(self, file): '''Verify configuration''' try: fns = openFiles(file) except: raise lines = readFile(fns['orig']) entries = {} for line in lines: for t in ['passwd', 'group', 'shadow', 'netgroup']: pat = re.compile(r"^\s*" + t + ":") if pat.search(line): if entries.has_key(t): entries[t] += 1 else: entries[t] = 1 try: # Don't update the files when closing closeFiles(fns, False) except: raise for k in ['passwd', 'group', 'shadow', 'netgroup']: if not entries.has_key(k): raise accError("'" + os.path.basename(file) + \ "' doesn't have an entry for '" + k + "'") if entries[k] > 1: raise accError("'" + os.path.basename(file) + \ "' has multiple entries for '" + k + "'") def process_args(): '''Process comman line arguments''' try: profiles = getProfileNames() except: raise usage = "%prog -p PROFILE -a -t TYPE [-dn -f FILE]\n " + \ "%prog -p PROFILE -a -t TYPE -r [-n -f FILE]\n " + \ "%prog -p PROFILE -a -t TYPE -s [-f FILE]" description = "This program updates nsswitch.conf and pam " + \ "configuration files to aid in authentication configuration." parser = OptionParser(usage=usage, \ version="%prog: " + version, \ description=description) parser.add_option("-a", "--all-types", \ action="store_true", \ dest="applyall", \ help="apply all types for specified profile") parser.add_option("-d", "--database-only", \ action="store_true", \ dest="dbonly", \ help="update only if current entries are in database") parser.add_option("-f", "--file", \ dest="file", \ help="update FILE instead of default", \ metavar="FILE") parser.add_option("-l", "--list-profiles", \ action="store_true", \ dest="listprofiles", \ help="list available profiles") parser.add_option("-L", "--list-types", \ action="store_true", \ dest="listtypes", \ help="list available types") parser.add_option("-n", "--dry-run", \ action="store_true", \ dest="dryrun", \ help="don't modify anything, just show the changes") parser.add_option("-p", "--profile", \ dest="profile", \ help="set profile to PROFILE", \ metavar="PROFILE", \ choices=profiles) parser.add_option("-r", "--reset", \ action="store_true", \ dest="reset", \ help="reset to previous non-" + programName + " values") parser.add_option("-s", "--check-system", \ action="store_true", \ dest="system", \ help="determine if system files are set to PROFILE") parser.add_option("-S", "--show-system", \ action="store_true", \ dest="showsystem", \ help="show current system settings as a profile") parser.add_option("-t", "--type", \ dest="type", \ help="modify files for TYPE", \ metavar="TYPE") (options, args) = parser.parse_args() if options.listprofiles: print "Available profiles are:" profiles.sort() for m in profiles: print " " + m sys.exit(0) if options.showsystem: showSystem() sys.exit(0) if options.listtypes: print "Available types are:" types = files.keys() types.sort() for t in types: print " " + t sys.exit(0) if options.dbonly and options.reset: raise accError ("\nCannot specify 'database-only' when using 'reset'") sys.exit(1) if not options.profile: raise accError ("\n'profile' is required") sys.exit(1) if options.applyall: if options.file: raise accError ("\nCannot specify 'file' when using 'apply all'") sys.exit(1) if options.type: raise accError ("\nCannot specify 'type' when using 'apply all'") sys.exit(1) else: if not options.type: raise accError ("\neither '-t' or '-a' is required") sys.exit(1) if options.type: for t in options.type.split(','): if not files.has_key(t): err = "\nInvalid type in '%s'. Valid types are:" % \ (options.type) for v in files.keys(): err += "\n %s" % (v) raise accError (err) sys.exit(1) return options def doChecks(): '''Perform some security checks''' # Does the following checks: # is setuid or setgid (for non-Linux systems) # checks that if run by root, then script is owned by root # checks that profilesDir is a directory # checks that profilesDir and script isn't in a hidden directory # somewhere # checks that if run by root, then every component in absolute # paths are owned by root # checks that if run by root, every component of absolute paths # are not a symlink # checks for symlinks and perms of files in profileDir (defer # hidden checks to getProfiles()) # warn if script is group writable # warn if profilesDir or part of script path are group writable # # Doing this at the beginning causes a race condition with later # operations that don't do these checks. However, if the user running # this script is root, then need to be root to exploit the race # condition (and you are hosed anyway...) # Not needed on Linux, but who knows the places we will go... if os.getuid() != os.geteuid(): raise accError("ERROR: this script should not be SUID") if os.getgid() != os.getegid(): raise accError("ERROR: this script should not be SGID") uid = os.getuid() try: statinfo = os.stat(os.path.abspath(sys.argv[0])) mode = statinfo[ST_MODE] except: raise if uid == 0: if statinfo.st_uid != 0: raise accError("ERROR: script not owned by root!") if mode & S_IWOTH: raise accError("ERROR: script is world writable!") if mode & S_IWGRP: os.write(sys.stderr.fileno(), \ "** WARNING: script is group writable **\n\n") if not os.path.isdir(profilesDir): raise accError("ERROR: profiles directory does not exist") pat = re.compile(r'^\.') for dir in [ os.path.dirname(os.path.abspath(sys.argv[0])), \ os.path.abspath(profilesDir) ]: while True: if pat.search(os.path.basename(dir)): raise accError("ERROR: found hidden directory in path: " + dir) try: statinfo = os.stat(dir) mode = statinfo[ST_MODE] except: raise if uid == 0: if os.path.islink(dir): raise accError("ERROR: found symbolic link in path: " + dir) if statinfo.st_uid != 0: raise accError("ERROR: uid is " + str(uid) + " but '" + \ dir + "' is owned by " + \ str(statinfo.st_uid)) # Check group writable if mode & S_IWOTH: raise accError("ERROR: " + dir + " is world writable!") if mode & S_IWGRP: os.write(sys.stderr.fileno(), "** WARNING: " + dir + \ " is group writable **\n\n") # Exit loop after processing '/' if dir == "/": break dir = os.path.dirname(dir) if not dir: raise # Now check the files in profilesDir pat = re.compile(r'^\.') files = os.listdir(profilesDir) for f in files: abs = profilesDir + "/" + f try: statinfo = os.stat(abs) mode = statinfo[ST_MODE] except: raise if uid == 0: if os.path.islink(f): raise accError("ERROR: found symbolic link: " + f) if statinfo.st_uid != 0: raise accError("ERROR: uid is " + str(uid) + " but '" + f + \ "' is owned by " + str(statinfo.st_uid)) # Check group writable if mode & S_IWOTH: raise accError("ERROR: " + f + " is world writable!") if mode & S_IWGRP: os.write(sys.stderr.fileno(), "** WARNING: " + f + \ " is group writable **\n\n") # # MAIN SCRIPT STARTS HERE # try: if not insecure: doChecks() except accError, e: print >> sys.stderr, e.value + "\nAborting." sys.exit(1) try: opts = process_args() except accError, e: print >> sys.stderr, e.value + "\n" sys.exit(1) services = {} if opts.applyall: services['nss'] = acc_NSS("nss", opts.dryrun, opts.dbonly) services['pam-auth'] = acc_PAM("auth", opts.dryrun, opts.dbonly) services['pam-account'] = acc_PAM("account", opts.dryrun, opts.dbonly) services['pam-password'] = acc_PAM("password", opts.dryrun, opts.dbonly) services['pam-session'] = acc_PAM("session", opts.dryrun, opts.dbonly) else: if opts.type == "nss": services['nss'] = acc_NSS("nss", opts.dryrun, opts.dbonly) else: pat = re.compile(r"^pam-") for t in opts.type.split(','): services[t] = acc_PAM(pat.sub('', t), opts.dryrun, opts.dbonly) # Work in a temporary directory first try: tmpdir = mkdtemp() except: raise tmpfiles = {} error = False current = False # Sort the keys for consistency service_keys = services.keys() service_keys.sort() for service in service_keys: if not services[service]: print >> sys.stderr, "Problem initializing '" + service + "'\n" error = True break if len(services) == 1 and opts.file: if not os.path.isfile(opts.file): print >> sys.stderr, "'" + opts.file + "' does not exist\n" error = True break files[service] = opts.file # Set the config file for service (in tmpdir) tmp = os.path.join(tmpdir, os.path.basename(files[service])) try: shutil.copy(files[service], tmp) shutil.copystat(files[service], tmp) except: print >> sys.stderr, "Error in creating temporary file" error = True break try: services[service].setConfig(tmp) tmpfiles[service] = tmp except accError, e: print >> sys.stderr, "Error in setting the file: " + e.value error = True break if opts.reset: try: if not services[service].profileIsCurrent(opts.profile): raise accError("'" + opts.profile + \ "' does not match system settings") services[service].resetConfig() except accError, e: print >> sys.stderr, "Error in resetting '" + service + "': " + \ e.value error = True break except: if debug: recursive_rm(tmpdir) raise print >> sys.stderr, "Error in resetting '" + service + "'" error = True break elif opts.system: try: current = services[service].profileIsCurrent(opts.profile) if not current: break except accError, e: print >> sys.stderr, "Error in testing '" + service + "': " + \ e.value error = True break except: if debug: recursive_rm(tmpdir) raise print >> sys.stderr, "Error in testing '" + service + "'" error = True break else: try: services[service].setProfile(opts.profile) services[service].updateConfig() except accError, e: print >> sys.stderr, "Error in updating the file: " + e.value error = True break except: if debug: recursive_rm(tmpdir) raise print >> sys.stderr, "Error in updating the file" error = True break if opts.system: recursive_rm(tmpdir) if error: print >> sys.stderr, "--\nErrors found. Aborting" sys.exit(2) elif not current: sys.exit(1) sys.exit(0) if error: print >> sys.stderr, "--\nErrors found. Aborting (no changes made)" recursive_rm(tmpdir) sys.exit(1) # First verify that the tmpfiles are valid error = False for service in services: if services[service].dryrun: continue try: services[service].verifyConfig(tmpfiles[service]) except accError, e: print >> sys.stderr, "ERROR: " + e.value print >> sys.stderr, "--\nErrors found. Aborting (no changes made)" recursive_rm(tmpdir) sys.exit(1) except: raise # Now copy the files over error = False for service in services: if services[service].dryrun: continue # If not a dry run, copy the files in tmpdir to the real location orig = files[service] try: shutil.copystat(orig, tmpfiles[service]) shutil.copy(tmpfiles[service], orig) except: print >> sys.stderr, "Error: '" + orig + "' not updated" error = True # Clean up recursive_rm(tmpdir) if error: sys.exit(1) sys.exit(0) auth-client-config-0.9ubuntu1/ChangeLog0000644000000000000000000001104311066322306015024 0ustar auth-client-config (0.7) * update cracklib profile to use pam_smbpass.so (LP: #208419) * remove debconf dependency and usage (will add it back when needed) * added NSS netgroup support (LP: #179919) auth-client-config (0.6) * fix for '%' in config file LP: #191610 * update kerberos_example to not talk about ldap LP: #191990 * fix whitespace and comments PEP-8 compliance issues auth-client-config (0.5) * update copyright informaion (email address) * auth-client-config - version bump - removed comments * added cracklib profile and tests * run_tests.sh: - clean out etc/* after install.py since we provide those files in tests - supports running individual test classes * install.py: fix typos * removed files: - LICENSE (still have COPYING) - files in sbin/ and share/ (created on install) auth-client-config (0.4.2) * revision: bzr2 * auth-client-config - version bump - don't fail if other PAM entries don't exist if the one we specified with '-t' does * bad/profile_missing_entries/result: updated for auth-client-config changes * README: added todo entry to check syntax -- Jamie Strandboge Wed, 5 Dec 2007 15:18:45 -0500 auth-client-config (0.4.1) * added an 'insecure' variable so that doChecks() can be skipped -- James D Strandboge Wed, 13 Aug 2007 07:31:45 -0400 auth-client-config (0.4) unstable; urgency=low * bumped version * auth-client-config: - added doChecks() for various security checks - updated getProfiles() to check that we don't read in more the MaxFileSize bytes total - honor '-p' in reset - added '-s' option to check if profile (specified with -p) is current - added '-S' option to display the current system configuration as a profile - skip hidden files in profilesDir - use verifyConfig in setConfig to be sure that we have a valid configuration file (really, it only checks if there are entries in the config file that are meaningful to auth-client-config) - use verifyConfig() in main on tmpfiles before actually updating system configuration - properly honor '-f' option - check that files in profilesDir have proper perms and not symlinks * state diagram: - include error conditions of profile specified with '-p' not in current system configuration when resetting - clarification for S_8 * manpage: - added -s and -S - fixed typos - clarified '-r' usage * tests: - added fsm/S_7reset_indb_noincur - updated S_3reset_noindb, S_7reset_indb_n_gt_1, S_7reset_noindb for new error messages - updated S_8 with correct prfile (now that we enforce '-p') - updated installation/check_help - added bad/* - run_tests.sh: use sed to fix up python discrepencies - installation/check_help: remove sed (do it in run_test.sh) -- James D Strandboge Wed, 8 Aug 2007 07:31:45 -0400 auth-client-config (0.3) unstable; urgency=low * bumped version * added implementation/* files (ie state diagram) * updated man page * install.py - adjust auth-client-config and manpage to use config-prefix - added --destdir option * commented out 'local' profile in acc-default * added run_tests.sh and tests/*. Currently only checks finite state machine correctness, and checks that help and profiles didn't change * auth-client-config - read in default_profile before all others - warn if duplicate duplicate profiles are found - added '-d' option to preserve user settings on system upgrades - added '-a' option to apply entire profile in one go - require '-p' (even with '-r') - fixed lame sys.exit typos - modifed reset to comply with state diagram - modifed update to comply with state diagram - added some comments for algorithms - updated help -- James D Strandboge Thu, 6 Aug 2007 09:05:47 -0400 auth-client-config (0.2) unstable; urgency=low * added (rudimentary) installation routine (install.py) * moved files around to simplify install.py * auth-client-config - process /etc/auth-config/profile.d/* for files - fixed some exception typos - finish changing 'Mechanism' to 'Profile' throughout - clean up setProfile - simplify error messages in *::updateConfig() -- James D Strandboge Fri, 27 Jul 2007 15:28:33 -0400 auth-client-config (0.1) unstable; urgency=low * initial release -- Jamie Strandboge Mon, 17 Jul 2007 10:57:58 -0400 auth-client-config-0.9ubuntu1/etc/0000755000000000000000000000000011066322306014026 5ustar auth-client-config-0.9ubuntu1/etc/auth-client-config/0000755000000000000000000000000011066322306017506 5ustar auth-client-config-0.9ubuntu1/etc/auth-client-config/profile.d/0000755000000000000000000000000011066322306021370 5ustar auth-client-config-0.9ubuntu1/etc/auth-client-config/profile.d/acc-default0000644000000000000000000000447511066322306023475 0ustar # # this example is for using kerberos to authenticate. Has been used with # nss-updatedb, libpam-krb5 and libpam-ccreds. Sould also work with # libpam-heimdal. This is only an example, and you may have to create # your own profiles to authenticate with your system. # [kerberos_example] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass ignore_root debug auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug # # this example is for using ldap to authenticate and authorize. This is only # an example, and you will most likely have to create your own profiles to # authenticate with your system. Note that this example requires the # libpam-cracklib package to be installed. # [ldap_example] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/etc/auth-client-config/profile.d/acc-cracklib0000644000000000000000000000052011066322306023606 0ustar # # enable cracklib for enforcing stronger passwords. Requires libpam-cracklib # to be installed # [cracklib] pam_password=password required pam_cracklib.so retry=3 minlen=8 difok=3 password requisite pam_unix.so use_authtok nullok md5 password optional pam_smbpass.so nullok use_authtok use_first_pass missingok auth-client-config-0.9ubuntu1/README0000644000000000000000000000335511066322306014141 0ustar AUTHOR: Jamie Strandboge (jdstrand) REQUIREMENTS ------------ python >= 2.3 'sed' that supports '-i' (for installation) 'cp' that supports '-L' (for installation) Installation ------------ ./install.py --prefix=PREFIX --config-prefix=CONFIGDIR Eg: ./install.py --prefix=/usr --config-prefix=/etc To verify everything is working right: ./runtests.sh (should not have any errors) Usage ----- See: $ man auth-client-config $ auth-client-config -h Also see: https://wiki.ubuntu.com/LDAPAuthentication https://launchpad.net/auth-client-config Usage in Packaging Scripts -------------------------- There are a few options that will aid in scripting: auth-client-config -p profile_name -a -s exit status '0' if current system configuration matches 'profile_name', otherwise exit status '1' auth-client-config -p profile_name -a -d update system configuration with 'profile_name' only if the current system configuration exists in the profiles database auth-client-config -p profile_name -a -r if a previous state exists, reset it to previous state if the current system configuration matches 'profile_name' A policy will need to be developed for distributions using auth-client-config so that it will not overwrite user changes or overwrite the current auth-client-config configuration on upgrades. Testing ------- You can test auth-client-config as non-root by doing: $ mkdir -p /tmp/acc/usr /tmp/acc/etc/pam.d $ cp /etc/nsswitch.conf /tmp/acc/etc $ cp /etc/pam.d/common-* /tmp/acc/etc/pam.d $ ./install.py --prefix=/tmp/acc/usr --config-prefix=/tmp/acc/etc Now do: $ /tmp/acc/usr/sbin/auth-client-config --help TODO ---- Move some configuration from auth-client-config into /etc/auth-client-config/acc.conf Basic syntax checks auth-client-config-0.9ubuntu1/lib/0000755000000000000000000000000011066322306014021 5ustar auth-client-config-0.9ubuntu1/debian/0000755000000000000000000000000011673205315014501 5ustar auth-client-config-0.9ubuntu1/debian/changelog0000644000000000000000000000511511673205315016355 0ustar auth-client-config (0.9ubuntu1) precise; urgency=low * Build using dh_python2. LP: #904248. -- Matthias Klose Sat, 17 Dec 2011 21:32:53 +0000 auth-client-config (0.9) intrepid; urgency=low * update acc-default kerberos_example so it works better with kerberos principals that have a local account with the same name. Thanks to Adam Sommer and Steve Langasek. * update ldap_example profile comments to mention that libpam-cracklib is required * update auth-client config to comment out sentinels required by Debian and Ubuntu's pam-auth-update (LP: #270328) * add tests for pam-auth-update specific tests -- Jamie Strandboge Fri, 11 Jul 2008 17:05:37 -0400 auth-client-config (0.8) intrepid; urgency=low * allow for comma separated lists of types with '-t' * bump version -- Jamie Strandboge Fri, 13 Jun 2008 15:38:19 -0400 auth-client-config (0.7) intrepid; urgency=low * update cracklib profile to use pam_smbpass.so (LP: #208419) * remove debconf dependency and usage (will add it back when needed) * added NSS netgroup support (LP: #179919) * bump version -- Jamie Strandboge Tue, 11 Mar 2008 16:15:58 -0400 auth-client-config (0.6) hardy; urgency=low * use use RawConfigParser instead of SafeConfigParser (LP: #191990) * update acc-default comments (LP: #191990) * make more PEP-8 compliant (whitespace) * debian/rules: update version with changelog version * debian/control: use Vcs-Bzr url * lintian fixes -- Jamie Strandboge Thu, 21 Feb 2008 11:44:41 -0500 auth-client-config (0.5) hardy; urgency=low * new upstream release - adds cracklib profile - don't error out if other PAM entries don't exist, but this one does * debian/control: Suggests libpam-cracklib -- Jamie Strandboge Thu, 17 Jan 2008 08:59:36 -0500 auth-client-config (0.4-0ubuntu1) gutsy; urgency=low * new upstream release * move sed to Build-Depends-Indep * backported fix for building as root user from 0.4.1 -- James D Strandboge Mon, 13 Aug 2007 15:33:01 -0400 auth-client-config (0.3-0ubuntu1) gutsy; urgency=low * new upstream release * debian/rules: use run_tests.sh * debian/control: adjust XS-Python-Version to be >= 2.3 * debian/control: Build-Depends on sed -- James D Strandboge Sun, 5 Aug 2007 21:37:31 -0400 auth-client-config (0.2-0ubuntu1) gutsy; urgency=low * initial release -- Jamie Strandboge Wed, 1 Aug 2007 04:31:43 -0400 auth-client-config-0.9ubuntu1/debian/rules0000755000000000000000000000257511673205274015576 0ustar #!/usr/bin/make -f # -*- makefile -*- # # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # PYTHON := /usr/bin/python PYVERS := $(shell pyversions -vr) UBUVERS := $(shell dpkg-parsechangelog | grep ^Version: | cut -d ' ' -f 2) build: build-stamp build-stamp: dh_testdir touch build-stamp clean: dh_testdir dh_testroot rm -f build-stamp dh_clean install: build dh_testdir dh_testroot dh_clean -k dh_installdirs usr/share/ dh_installdirs etc/ # run tests ./run_tests.sh sed -i "s/^version = .*/version = '$(UBUVERS)'/" ./auth-client-config python install.py \ --destdir=$(CURDIR)/debian/auth-client-config \ --prefix=/usr \ --config-prefix=/etc binary-arch: build binary-indep: build install dh_testdir dh_testroot dh_installchangelogs dh_installdocs dh_installdocs README dh_installman share/man/man8/auth-client-config.8 : # Replace all '#!' calls to python with $(PYTHON) : # and make them executable for i in `find debian -mindepth 3 -type f`; do \ sed '1s,#!.*python[^ ]*\(.*\),#! $(PYTHON)\1,' \ $$i > $$i.temp; \ if cmp --quiet $$i $$i.temp; then \ rm -f $$i.temp; \ else \ mv -f $$i.temp $$i; \ chmod 755 $$i; \ echo "fixed interpreter: $$i"; \ fi; \ done dh_python2 dh_compress dh_fixperms dh_installdeb dh_gencontrol dh_md5sums dh_builddeb binary: binary-arch binary-indep .PHONY: build clean binary install auth-client-config-0.9ubuntu1/debian/control0000644000000000000000000000130311673205253016102 0ustar Source: auth-client-config Section: admin X-Python-Version: >= 2.3 Priority: optional Maintainer: Jamie Strandboge Build-Depends-Indep: python (>= 2.6.6-3~), sed (>= 3.95) Build-Depends: debhelper (>= 5.0.38) Standards-Version: 3.7.3 Vcs-Bzr: https://bazaar.launchpad.net/~jamie-strandboge/auth-client-config/trunk Package: auth-client-config Architecture: all Depends: ${python:Depends} Suggests: libpam-cracklib Description: pam and NSS profile switcher Script for modifying nsswitch.conf and pam configuration using a database of predefined configurations. Its intended use is to enable easier configuration of network authentication and authorization (such as LDAP and Kerberos). auth-client-config-0.9ubuntu1/debian/copyright0000644000000000000000000000245011066322306016431 0ustar This package was debianized by Jamie Strandboge (jdstrand) on Wed, 1 Aug 2007 04:31:43 -0400. Upstream source is located at: https://launchpad.net/auth-client-config Upstream Author: Jamie Strandboge Copyright: The packaging of this software and the programs in this package are distributed under the terms of the GNU General Public License, version 2 as distributed by the Free Software Foundation. License: Copyright (C) 2007-2008 Jamie Strandboge This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian systems, a copy of this license may be found in /usr/share/common-licenses/GPL. auth-client-config-0.9ubuntu1/debian/compat0000644000000000000000000000000211066322306015673 0ustar 5 auth-client-config-0.9ubuntu1/run_tests.sh0000755000000000000000000000643611066322306015651 0ustar #!/bin/sh testdir="tests" tests="bad fsm installation" CUR=`pwd` export ACCPATH="$CUR/$testdir/testarea" export ACCTMP="$CUR/$testdir/testarea/tmp" STOPONFAIL="no" STOPONSKIP="no" if [ "$1" = "-s" ]; then shift STOPONFAIL="yes" fi if [ "$1" = "-S" ]; then shift STOPONFAIL="yes" STOPONSKIP="yes" fi if [ ! -z "$1" ]; then tests="$1" fi if [ ! -d "$testdir" ]; then echo "Couldn't find '$testdir' directory" exit 1 fi if [ ! -x "./install.py" ]; then echo "Couldn't find install.py" exit 1 fi skipped=0 errors=0 numtests=0 for class in $tests do for d in `ls -d -1 $testdir/$class/* 2>/dev/null` do if [ $skipped -gt 0 ]; then if [ "$STOPONSKIP" = "yes" ]; then echo "" echo "STOPONSKIP set, exiting on skip" exit 1 fi fi thistest=`basename $d` echo "" echo "Performing tests '$class/$thistest'" if [ ! -x "$CUR/$testdir/$class/$thistest/runtest.sh" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$CUR/$testdir/$class/$thistest/runtest.sh' (skipping)" continue fi echo "- installing" if [ -d "$testdir/testarea" ]; then rm -rf $testdir/testarea fi mkdir -p $testdir/testarea/usr/sbin $testdir/testarea/etc/pam.d $testdir/testarea/tmp || exit 1 ./install.py --prefix="$CUR/$testdir/testarea/usr" --config-prefix="$CUR/$testdir/testarea/etc" > /dev/null if [ "$?" != "0" ]; then exit 1 fi # this is to allow root to run the tests without error. I don't # like building things as root, but some people do... sed -i 's/^insecure = False$/insecure = True/' $testdir/testarea/usr/sbin/auth-client-config # need to clear this out since tests provide it rm -rf $testdir/testarea/etc/* cp -rL $testdir/$class/$thistest/orig/* $testdir/testarea/etc || exit 1 cp -f $testdir/$class/$thistest/runtest.sh $testdir/testarea || exit 1 echo "- result: " numtests=$(($numtests + 1)) # now run the test $CUR/$testdir/testarea/runtest.sh if [ "$?" != "0" ];then echo " ** FAIL **" errors=$(($errors + 1)) else if [ ! -f "$ACCTMP/result" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$ACCTMP/result' (skipping)" continue else # fix discrepencies between python versions sed -i 's/^usage:/Usage:/' $ACCTMP/result sed -i 's/^options:/Options:/' $ACCTMP/result fi if [ ! -f "$testdir/$class/$thistest/result" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$testdir/$class/$thistest/result' (skipping)" continue fi diffs=`diff -Naur $testdir/$class/$thistest/result $ACCTMP/result` if [ -z "$diffs" ]; then echo " PASS" else errors=$(($errors + 1)) echo " FAIL:" echo "$diffs" fi fi if [ $errors -gt 0 ]; then if [ "$STOPONFAIL" = "yes" ]; then echo "" echo "FAILED $testdir/$class/$thistest -- result found in $ACCTMP/result" if [ ! -z "$diffs" ]; then echo "Update with:" echo "cp $ACCTMP/result $testdir/$class/$thistest" fi exit 1 fi fi done done if [ -d "$testdir/testarea" ]; then rm -rf $testdir/testarea fi echo "" echo "-------" echo "Results" echo "-------" echo "Attempts: $numtests" echo "Skipped: $skipped" echo "Errors: $errors" if [ "$errors" != "0" ]; then exit 1 fi if [ "$skipped" != "0" ]; then exit 2 fi exit 0 auth-client-config-0.9ubuntu1/install.py0000755000000000000000000001710111066322306015276 0ustar #!/usr/bin/env python # -*- coding: utf-8 -*- ########################################################################### # # Copyright (C) 2007 Jamie Strandboge # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published # by the Free Software Foundation; either version 2 of the License, # or (at your option) any later version. # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public License # along with auth-client-config; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # # Based on installation file by Wido Depping # (covered by above license) # ########################################################################### import sys import os.path import os from popen2 import Popen3 import py_compile # This is the prefix directory where auth-client-config will be installed. prefixDir = os.path.join("usr", "local") configDir = os.path.join("etc") destDir = os.path.join("/") # Determines if python source files are only compiled and not installed compileOnly = False def doImportCheck(): """ Checks for installed packages which are needed in order to run auth-client-config. Gives only a warning for missing packages. """ #print "Check for preinstalled modules:\n" # Check for python-foo # try: # import foo # vString = "0.1" # print "python-foo is installed..." # print "\tInstalled version: " + foo.__version__ # print "\tMinimum version: " + vString # print "" #except ImportError: # print """ERROR: python-foo not installed!!! #You can get the module here: http://www.example.com #""" #print "" ############################################################################### def doChecks(): """Checks if prefix directory exists. After that compile and install. Installation fails if prefix directory doesn't exist. """ if not os.path.exists(destDir): print "Destination directory does not exist!" sys.exit(1) installDir = os.path.join(destDir, os.path.basename(prefixDir)) if not os.path.exists(installDir): print "Prefix directory does not exist!" sys.exit(1) installDir = os.path.join(destDir, os.path.basename(configDir)) if not os.path.exists(installDir): print "Configuration directory does not exist!" sys.exit(1) ############################################################################### def doInstall(): """Installs compiled sourcefiles to the installation directory. """ print "Copy program files...\n" try: a = Popen3("cp -f ./auth-client-config ./sbin") while a.poll() == -1: pass if a.poll() > 0: raise "CopyError", "Error!!! Could not copy File to sbin. Maybe wrong permissions?" print "Updating ./sbin/auth-client-config to use " + configDir a = Popen3("sed -i 's%#CONFIG_PREFIX#%" + configDir + "%' ./sbin/auth-client-config") while a.poll() == -1: pass if a.poll() > 0: raise "UpdateError", "Error!!! Could not update File. Maybe wrong permissions?" a = Popen3("cp -f ./auth-client-config.8 ./share/man/man8") while a.poll() == -1: pass if a.poll() > 0: raise "CopyError", "Error!!! Could not copy File to man8. Maybe wrong permissions?" print "Updating ./share/man/man8/auth-client-config.8 to use " + configDir a = Popen3("sed -i 's%#CONFIG_PREFIX#%" + configDir + "%' ./share/man/man8/auth-client-config.8") while a.poll() == -1: pass if a.poll() > 0: raise "UpdateError", "Error!!! Could not update File. Maybe wrong permissions?" installDir = prefixDir if destDir != "/": installDir = os.path.join(destDir, os.path.basename(prefixDir)) for tmpDir in ["./sbin", "./lib", "./share"]: a = Popen3("cp -fR " + tmpDir + " " + installDir) while a.poll() == -1: pass if a.poll() > 0: raise "CopyError", "Error!!! Could not copy File. Maybe wrong permissions?" installDir = configDir if destDir != "/": installDir = os.path.join(destDir, os.path.basename(configDir)) a = Popen3("cp -fR etc/*" + " " + installDir) while a.poll() == -1: pass if a.poll() > 0: raise "CopyError", "Error!!! Could not copy File. Maybe wrong permissions?" print "Finished copying program files.\n" print "auth-client-config installed successfully! :)" except "CopyError", errorMessage: print errorMessage sys.exit(1) ############################################################################### def printHelp(): """Prints a help text for the auth-client-config installation program. """ helpString = """Install options: --prefix=PATH \t\t Install path (default is /usr/local) --config-prefix=PATH \t\t Configuration path (default is /etc) --destdir=PATH \t\t Install into this directory instead of '/' --compile-only \t Just compile source files. No installation. \n""" print helpString sys.exit(1) ############################################################################### def doCompile(): """Compiles all source files to python bytecode. """ print "Compiling python source files ...\n" input, output = os.popen2("find ./lib -name \"*.py\"") tmpArray = output.readlines() fileList = [] for x in tmpArray: if x[:26] == "./lib/auth-client-config/": fileList.append(x[:-1]) for x in fileList: print "compiling " + x py_compile.compile(x) print "\nFinished compiling.\n" ############################################################################### def evalArguments(): """ Evaluate options given to the install script by the user. """ if len(sys.argv) == 2: printHelp() return for x in sys.argv[1:]: if x == "--compile-only": global compileOnly compileOnly = True elif x[:9] == "--prefix=": global prefixDir prefixDir = x[9:] if (prefixDir[-1] == "/") and (len(prefixDir) > 1): prefixDir = prefixDir[:-1] elif x[:16] == "--config-prefix=": global configDir configDir = x[16:] if (configDir[-1] == "/") and (len(configDir) > 1): configDir = configDir[:-1] elif x[:10] == "--destdir=": global destDir destDir = x[10:] if (destDir[-1] == "/") and (len(destDir) > 1): destDir = destDir[:-1] else: print "Unknown options. Exiting..." sys.exit(1) ############################################################################### print "auth-client-config (C) 2007 Jamie Strandboge\n" doImportCheck() print "" evalArguments() doChecks() doCompile() if not compileOnly: # Check if prefixDir exists if not(os.path.exists(prefixDir)): print "Prefix directory does not exist!" sys.exit(1) if not(os.path.exists(configDir)): print "Configuration directory does not exist!" sys.exit(1) doInstall() auth-client-config-0.9ubuntu1/tests/0000755000000000000000000000000011066322306014415 5ustar auth-client-config-0.9ubuntu1/tests/defaults/0000755000000000000000000000000011066322306016224 5ustar auth-client-config-0.9ubuntu1/tests/defaults/auth-client-config/0000755000000000000000000000000011066322306021704 5ustar auth-client-config-0.9ubuntu1/tests/defaults/auth-client-config/profile.d/0000755000000000000000000000000011066322306023566 5ustar auth-client-config-0.9ubuntu1/tests/defaults/auth-client-config/profile.d/acc-default0000644000000000000000000000436611066322306025672 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/defaults/common-session0000644000000000000000000000062711066322306021125 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/defaults/common-password0000644000000000000000000000211111066322306021272 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/defaults/pam.d/0000755000000000000000000000000011066322306017223 5ustar auth-client-config-0.9ubuntu1/tests/defaults/pam.d/common-session0000644000000000000000000000062711066322306022124 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/defaults/pam.d/common-password0000644000000000000000000000211111066322306022271 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/defaults/pam.d/common-auth0000644000000000000000000000066411066322306021403 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/defaults/pam.d/common-account0000644000000000000000000000061011066322306022065 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/defaults/nsswitch.conf0000644000000000000000000000072611066322306020742 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/defaults/common-auth0000644000000000000000000000066411066322306020404 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/defaults/common-account0000644000000000000000000000061011066322306021066 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/0000755000000000000000000000000011066322306015143 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/0000755000000000000000000000000011066322306022065 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/result0000644000000000000000000000113711066322306023330 0ustar TESTING INDIVIDUAL Error in updating the file: 'nss_group' not found -- Errors found. Aborting (no changes made) Error in updating the file: 'pam_account' not found -- Errors found. Aborting (no changes made) Error in updating the file: 'pam_auth' not found -- Errors found. Aborting (no changes made) Error in updating the file: 'pam_password' not found -- Errors found. Aborting (no changes made) Error in updating the file: 'pam_session' not found -- Errors found. Aborting (no changes made) TESTING ALL Error in updating the file: 'nss_group' not found -- Errors found. Aborting (no changes made) auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/runtest.sh0000755000000000000000000000127511066322306024135 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/0000755000000000000000000000000011066322306023025 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/auth-client-config/0000755000000000000000000000000011066322306026505 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030367 5ustar ././@LongLink0000000000000000000000000000015600000000000011567 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/auth-client-config/profile.d/ac0000644000000000000000000000431411066322306030677 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/pam.d0000777000000000000000000000000011066322360027415 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_entries/orig/nsswitch.conf0000777000000000000000000000000011066322360032714 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/args/0000755000000000000000000000000011066322306016077 5ustar auth-client-config-0.9ubuntu1/tests/bad/args/result0000644000000000000000000000510311066322306017337 0ustar TESTING ARGS (-a with -t) Cannot specify 'type' when using 'apply all' TESTING ARGS (no -p) 'profile' is required 'profile' is required TESTING ARGS (no -a or -t) either '-t' or '-a' is required TESTING ARGS (-t without arg) Invalid type in '-n'. Valid types are: nss pam-password pam-auth pam-session pam-account TESTING ARGS (-f without arg) '-n' does not exist -- Errors found. Aborting (no changes made) TESTING ARGS (-f with non-existent) 'non-existent' does not exist -- Errors found. Aborting (no changes made) TESTING ARGS (-f with long path) 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.toolong' does not exist -- Errors found. Aborting (no changes made) TESTING ARGS (-a with -f) Cannot specify 'file' when using 'apply all' TESTING ARGS (invalid args) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: no such option: -Z TESTING ARGS (-t with commas) Invalid type in 'pam-auth,'. Valid types are: nss pam-password pam-auth pam-session pam-account Invalid type in ',pam-password'. Valid types are: nss pam-password pam-auth pam-session pam-account Invalid type in 'pam-auth,,pam_password'. Valid types are: nss pam-password pam-auth pam-session pam-account Invalid type in 'pam-auth,pam-foo'. Valid types are: nss pam-password pam-auth pam-session pam-account Invalid type in 'pam-foo,pam-password'. Valid types are: nss pam-password pam-auth pam-session pam-account auth-client-config-0.9ubuntu1/tests/bad/args/runtest.sh0000755000000000000000000000613011066322306020142 0ustar #!/bin/bash echo "TESTING ARGS (-a with -t)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -a -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (no -p)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -t nss -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (no -a or -t)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-t without arg)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-f without arg)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -f -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-f with non-existent)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -f non-existent -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-f with long path)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -f "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.toolong" -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-a with -f)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -a -f $ACCPATH/orig/nsswitch.conf -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (invalid args)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -a -Z -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ARGS (-t with commas)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth, >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t ,pam-password >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth,,pam_password >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth,pam-foo >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-foo,pam-password >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/args/orig0000777000000000000000000000000011066322360021216 2../../defaults/ustar auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/0000755000000000000000000000000011066322306017545 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/result0000644000000000000000000001171611066322306021014 0ustar TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service S7ktch functionanhty. # If you have the `glibc-doc' and `infO' packages installe$, try: # `Info libc "Name Service Switch"' fmr information about this file. # passwd: ! comrat # pre_auth-client-config # passwd: files ldap passwd: files db # pre_auth-clieft-config # group: compat # pre_auth-client-config # group: files0ldap group: files db # re_auth-client-config # shadow:" $ compat # pre_auth-client-config # shadow: files ldap shadow: files hosts: files dns mdns netwkrks: files protocols: db files services: db files ethers:( db files rpc: db &iles # pre_uth-clieft-config # netgroup: 0 nis # pre_auth-client-config # netgroup: ni0s netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all`qervices # # Tjhs file is included from other service-specIfic PAM config file3, # and shOuld contain a list of the authorixation modules that define # the central access policy for use on thd system. Vhe default is to # only deny service |o users whose accounts are expired in /etc/shatow. # #pre_auth-client-config # accounv vequired pam_unix.so # pre_auth-client-config # account sufficient pam_unix.so # pre_auth-client-config # account sqfficient pam_ldap.so # pre_auth-client-config # account required pam_deny.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all s%pvices # # Thiq!file is included from other service-specifIc PAM config files,J# and shouLd contain a list of the authenticction modules that define # the central authentication scheme for usd on the syqtem # (e.g., /etc/shadow, LDAP, Kerbezos, etc.). The default is to use the # tradityonal Unx authentication mechanisms. # # tre_auth-client-config # auth required pam_unix.so nullok_secuve # pre_auth-client-config # auth required pam_env.so # pre_auth-client-config # auth sufficient pam_unix.so liceauth nullok # pre_auth-client-config # auth sufficient `pam_ldap.so use_firct_pass # pre_auth-client-config # auth required "pam_deny.so auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to !nl services # #!This file is included from other service-sPecific PAM config f)les, # andshould contain a list of modules vhat define the services to be #used to change user passwords. The!default is"pam_unix # The "nullok" option allow{ users to change an empty password, else # empdy passwrds are treated as locked accoultw. # # (Add `md5' after the module name to enable MD5 passwords) # # Phe "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # logif.defs. Also the "min" and "max" opti/ns enforce the lengdh of the # new password. # prg_auth-client-config # password required pam_unix.so nullok obscu2e min=4 max=8 md5 # Alternate strength checking forpassword.`Note that this # requires the ,ibpam-cracklib package to be installed. # You will need to comment out the xasswkRd lin above and # uncomment the next two in order to use this. # 8Replaces 4he `OBSGURE_CHECKS_ENAB', `CRACKLIB_DICTPATH) ## password required pam_cracklib.qo retry=3 minlen=6 lifok=3 # passwod required pam_unix.so use_authtok nullok md5 # pre_auth-client-config # password requIree $ pam_cracklib.so difok=2 minlen98 dcredit=2 ocredit=2 retry=2 # pre_auth-client-config # password sufficient pam_unix.so nllok md5 shadow use_authtok # pre_auth-client-config # password sufficient pam^ldAp.so use_first_pass pissword required pam_deny.so password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to al,"services # # Viis file is included from other service-speCific PAM config fil%s, # and sHould contain a list of modules thct define tasks to be performed # at the start and end of sessions og *any* kinf (both interactive and # non-interactave). The default is pam_unix. # # pre_auth-clyent-conig # session required " $pam_unix.so # session optional tam_foreground.so # pre_auth-client-config # session required pam_limits.so # pre_auth-client-config # session required ( pam_unix.so # pre_auth-client-config # session optional ` pam_ldap.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/runtest.sh0000755000000000000000000000023411066322306021607 0ustar #!/bin/bash echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/0000755000000000000000000000000011066322306020505 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/auth-client-config0000777000000000000000000000000011066322360032237 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/pam.d/0000755000000000000000000000000011066322306021504 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/pam.d/common-session0000644000000000000000000000112311066322306024375 0ustar # # /etc/pam.d/common-session - session-related modules common to al,"services # # Viis file is included from other service-speCific PAM config fil%s, # and sHould contain a list of modules thct define tasks to be performed # at the start and end of sessions og *any* kinf (both interactive and # non-interactave). The default is pam_unix. # # pre_auth-clyent-conig # session required " $pam_unix.so # pre_auth-client-config # session optional tam_foreground.so session required pam_limits.so session required ( pam_unix.so session optional ` pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/pam.d/common-password0000644000000000000000000000252211066322306024560 0ustar # # /etc/pam.d/common-password - password-related modules common to !nl services # #!This file is included from other service-sPecific PAM config f)les, # andshould contain a list of modules vhat define the services to be #used to change user passwords. The!default is"pam_unix # The "nullok" option allow{ users to change an empty password, else # empdy passwrds are treated as locked accoultw. # # (Add `md5' after the module name to enable MD5 passwords) # # Phe "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # logif.defs. Also the "min" and "max" opti/ns enforce the lengdh of the # new password. # prg_auth-client-config # password required pam_unix.so nullok obscu2e min=4 max=8 md5 # Alternate strength checking forpassword.`Note that this # requires the ,ibpam-cracklib package to be installed. # You will need to comment out the xasswkRd lin above and # uncomment the next two in order to use this. # 8Replaces 4he `OBSGURE_CHECKS_ENAB', `CRACKLIB_DICTPATH) ## password required pam_cracklib.qo retry=3 minlen=6 lifok=3 # passwod required pam_unix.so use_authtok nullok md5 password requIree $ pam_cracklib.so difok=2 minlen98 dcredit=2 ocredit=2 retry=2 password sufficient pam_unix.so nllok md5 shadow use_authtok password sufficient pam^ldAp.so use_first_pass pissword required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/pam.d/common-auth0000644000000000000000000000120411066322306023653 0ustar # # /etc/pam.d/common-auth - authentication settings common to all s%pvices # # Thiq!file is included from other service-specifIc PAM config files,J# and shouLd contain a list of the authenticction modules that define # the central authentication scheme for usd on the syqtem # (e.g., /etc/shadow, LDAP, Kerbezos, etc.). The default is to use the # tradityonal Unx authentication mechanisms. # # tre_auth-client-config # auth required pam_unix.so nullok_secuve auth required pam_env.so auth sufficient pam_unix.so liceauth nullok auth sufficient `pam_ldap.so use_firct_pass auth required "pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/pam.d/common-account0000644000000000000000000000101711066322306024350 0ustar # # /etc/pam.d/common-account - authorization settings common to all`qervices # # Tjhs file is included from other service-specIfic PAM config file3, # and shOuld contain a list of the authorixation modules that define # the central access policy for use on thd system. Vhe default is to # only deny service |o users whose accounts are expired in /etc/shatow. # #pre_auth-client-config # accounv vequired pam_unix.so account sufficient pam_unix.so account sqfficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_fuzz/orig/nsswitch.conf0000644000000000000000000000121011066322306023210 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service S7ktch functionanhty. # If you have the `glibc-doc' and `infO' packages installe$, try: # `Info libc "Name Service Switch"' fmr information about this file. # pre_auth-client-config # passwd: ! comrat passwd: files ldap # pre_auth-clieft-config # group: compat group: files0ldap # re_auth-client-config # shadow:" $ compat shadow: files ldap hosts: files dns mdns netwkrks: files protocols: db files services: db files ethers:( db files rpc: db &iles # pre_uth-clieft-config # netgroup: 0 nis netgroup: ni0s auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/0000755000000000000000000000000011066322306021723 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/result0000644000000000000000000001727311066322306023176 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/runtest.sh0000755000000000000000000000127511066322306023773 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/0000755000000000000000000000000011066322306022663 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/auth-client-config0000777000000000000000000000000011066322360034415 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/pam.d/0000755000000000000000000000000011066322306023662 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/pam.d/common-session0000644000000000000000000000064111066322306026557 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/pam.d/common-password0000644000000000000000000000214411066322306026736 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/pam.d/common-auth0000644000000000000000000000067611066322306026045 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/pam.d/common-account0000644000000000000000000000062111066322306026526 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/system_carriage_return/orig/nsswitch.conf0000644000000000000000000000075111066322306025377 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/0000755000000000000000000000000011066322306021222 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/result0000644000000000000000000001727311066322306022475 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/runtest.sh0000755000000000000000000000127511066322306023272 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/0000755000000000000000000000000011066322306022162 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/auth-client-config/0000755000000000000000000000000011066322306025642 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306027524 5ustar ././@LongLink0000000000000000000000000000015200000000000011563 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/auth-client-config/profile.d/acc-de0000644000000000000000000000436611066322306030574 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/auth-client-config/profile.d/empty0000644000000000000000000000000011066322306030573 0ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/pam.d0000777000000000000000000000000011066322360026552 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_other/orig/nsswitch.conf0000777000000000000000000000000011066322360032051 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/0000755000000000000000000000000011066322306021717 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/result0000644000000000000000000000365311066322306023167 0ustar TESTING INDIVIDUAL ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) TESTING ALL ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/runtest.sh0000755000000000000000000000127511066322306023767 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/0000755000000000000000000000000011066322306022657 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/auth-client-config/0000755000000000000000000000000011066322306026337 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030221 5ustar ././@LongLink0000000000000000000000000000015500000000000011566 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/auth-client-config/profile.d/acc0000644000000000000000000000436611066322306030703 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos nss_passwd=passwd: files db nss_group-passwd: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/pam.d0000777000000000000000000000000011066322360027247 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_invalid_syntax/orig/nsswitch.conf0000777000000000000000000000000011066322360032546 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/0000755000000000000000000000000011066322306022221 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/result0000644000000000000000000001730111066322306023464 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # sessioni optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # sessioni optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/runtest.sh0000755000000000000000000000127511066322306024271 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/0000755000000000000000000000000011066322306023161 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/auth-client-config0000777000000000000000000000000011066322360034713 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/pam.d/0000755000000000000000000000000011066322306024160 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/pam.d/common-session0000644000000000000000000000064411066322306027060 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so sessioni optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/pam.d/common-password0000644000000000000000000000210711066322306027233 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/pam.d/common-auth0000644000000000000000000000066511066322306026341 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/pam.d/common-account0000644000000000000000000000061411066322306027026 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_middle/orig/nsswitch.conf0000644000000000000000000000071111066322306025671 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/0000755000000000000000000000000011066322306021531 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/result0000644000000000000000000001732111066322306022776 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/runtest.sh0000755000000000000000000000127511066322306023601 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/0000755000000000000000000000000011066322306022471 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/auth-client-config0000777000000000000000000000000011066322360034223 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/pam.d/0000755000000000000000000000000011066322306023470 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/pam.d/common-session0000644000000000000000000000063311066322306026366 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/pam.d/common-password0000644000000000000000000000211311066322306026540 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/pam.d/common-auth0000644000000000000000000000066511066322306025651 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/pam.d/common-account0000644000000000000000000000061111066322306026333 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_end/orig/nsswitch.conf0000644000000000000000000000073111066322306025203 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/0000755000000000000000000000000011066322306021645 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/result0000644000000000000000000001727311066322306023120 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/runtest.sh0000755000000000000000000000127511066322306023715 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/0000755000000000000000000000000011066322306022605 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/auth-client-config/0000755000000000000000000000000011066322306026265 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030147 5ustar ././@LongLink0000000000000000000000000000015500000000000011566 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/auth-client-config/profile.d/acc0000644000000000000000000000434411066322306030625 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/pam.d0000777000000000000000000000000011066322360027175 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_end/orig/nsswitch.conf0000777000000000000000000000000011066322360032474 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/0000755000000000000000000000000011066322306022335 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/result0000644000000000000000000001731111066322306023601 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup : nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup : nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/runtest.sh0000755000000000000000000000127511066322306024405 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/0000755000000000000000000000000011066322306023275 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/auth-client-config/0000755000000000000000000000000011066322306026755 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030637 5ustar ././@LongLink0000000000000000000000000000016000000000000011562 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/auth-client-config/profile.d/0000644000000000000000000000434211066322306030644 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd= passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup : nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/pam.d0000777000000000000000000000000011066322360027665 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_middle/orig/nsswitch.conf0000777000000000000000000000000011066322360033164 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/big/0000755000000000000000000000000011066322306015704 5ustar auth-client-config-0.9ubuntu1/tests/bad/big/result0000644000000000000000000000353511066322306017153 0ustar TESTING INDIVIDUAL ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') TESTING ALL ** WARNING: Skipping 'big1' (too big) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: '0' (choose from 'kerberos') auth-client-config-0.9ubuntu1/tests/bad/big/runtest.sh0000755000000000000000000000255611066322306017757 0ustar #!/bin/bash #set -x # create a large file total=0 touch $ACCPATH/etc/auth-client-config/profile.d/big1 touch $ACCPATH/etc/auth-client-config/profile.d/big2 while [ $total -lt $((10*1024*1024 + 1)) ] && [ -f "$ACCPATH/etc/auth-client-config/profile.d/acc-default" ] do cat $ACCPATH/etc/auth-client-config/profile.d/acc-default | sed "s/kerberos/$total/g" >> $ACCPATH/etc/auth-client-config/profile.d/big1 cp -f $ACCPATH/etc/auth-client-config/profile.d/big1 $ACCPATH/etc/auth-client-config/profile.d/big2 cat $ACCPATH/etc/auth-client-config/profile.d/big2 >> $ACCPATH/etc/auth-client-config/profile.d/big1 total=`stat --format='%s' $ACCPATH/etc/auth-client-config/profile.d/big1` done rm -f $ACCPATH/etc/auth-client-config/profile.d/big2 echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p 0 -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p 0 -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p 0 -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p 0 -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p 0 -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p 0 -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/big/orig/0000755000000000000000000000000011066322306016644 5ustar auth-client-config-0.9ubuntu1/tests/bad/big/orig/auth-client-config/0000755000000000000000000000000011066322306022324 5ustar auth-client-config-0.9ubuntu1/tests/bad/big/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306024206 5ustar auth-client-config-0.9ubuntu1/tests/bad/big/orig/auth-client-config/profile.d/acc-default0000644000000000000000000000271511066322306026306 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/big/orig/pam.d0000777000000000000000000000000011066322360023234 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/big/orig/nsswitch.conf0000777000000000000000000000000011066322360026533 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/0000755000000000000000000000000011066322306021014 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/result0000644000000000000000000000056411066322306022262 0ustar TESTING ALL WARNING: invalid value for 'local_example:pam_session' (too long). Skipping Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'local_example' (choose from 'kerberos') auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/runtest.sh0000755000000000000000000000223411066322306023060 0ustar #!/bin/bash #set -x total=0 # create a long line echo -n -e "\tsession optional pam_foreground.so # " >> $ACCPATH/etc/auth-client-config/profile.d/long_lines while [ $total -lt 4096 ] && [ -f "$ACCPATH/etc/auth-client-config/profile.d/long_lines" ] do echo -n "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" >> $ACCPATH/etc/auth-client-config/profile.d/long_lines total=`stat --format='%s' $ACCPATH/etc/auth-client-config/profile.d/long_lines` done echo "" >> $ACCPATH/etc/auth-client-config/profile.d/long_lines echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p local_example -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/0000755000000000000000000000000011066322306021754 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/0000755000000000000000000000000011066322306025434 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306027316 5ustar ././@LongLink0000000000000000000000000000015100000000000011562 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/profile.d/acc-def0000644000000000000000000000271511066322306030530 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug ././@LongLink0000000000000000000000000000015000000000000011561 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/profile.d/long_linesauth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/auth-client-config/profile.d/long_li0000644000000000000000000000070411066322306030665 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this [local_example] nss_passwd=passwd: compat nss_group=group: compat nss_shadow=shadow: compat nss_netgroup=netgroup: nis pam_auth=auth required pam_unix.so nullok_secure debug pam_account=account required pam_unix.so pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 pam_session=session required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/pam.d0000777000000000000000000000000011066322360026344 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_long_lines/orig/nsswitch.conf0000777000000000000000000000000011066322360031643 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/0000755000000000000000000000000011066322306021537 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/result0000644000000000000000000001731711066322306023011 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db test # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug test TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db test # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug test auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/runtest.sh0000755000000000000000000000127511066322306023607 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/0000755000000000000000000000000011066322306022477 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/auth-client-config/0000755000000000000000000000000011066322306026157 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030041 5ustar ././@LongLink0000000000000000000000000000015400000000000011565 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/auth-client-config/profile.d/acc-0000644000000000000000000000475411066322306030601 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_passwd=passwd: files db test nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug test [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/pam.d0000777000000000000000000000000011066322360027067 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_extra_entries/orig/nsswitch.conf0000777000000000000000000000000011066322360032366 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/0000755000000000000000000000000011066322306022040 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/result0000644000000000000000000000346311066322306023307 0ustar TESTING INDIVIDUAL WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) TESTING ALL WARNING: 'acc-default' not found Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/runtest.sh0000755000000000000000000000163111066322306024104 0ustar #!/bin/bash #set -x # do this here, because install will put it in here rm -f $ACCPATH/etc/auth-client-config/profile.d/acc-default echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 sed -i "s/^WARNING: 'acc-default' not found .*/WARNING: 'acc-default' not found/" $ACCTMP/result exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/orig/0000755000000000000000000000000011066322306023000 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/orig/auth-client-config/0000755000000000000000000000000011066322306026460 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030342 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/orig/pam.d0000777000000000000000000000000011066322360027370 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_missing_default/orig/nsswitch.conf0000777000000000000000000000000011066322360032667 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/0000755000000000000000000000000011066322306022037 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/result0000644000000000000000000001727311066322306023312 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/runtest.sh0000755000000000000000000000127511066322306024107 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/0000755000000000000000000000000011066322306022777 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/auth-client-config/0000755000000000000000000000000011066322306026457 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030341 5ustar ././@LongLink0000000000000000000000000000015600000000000011567 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/auth-client-config/profile.d/ac0000644000000000000000000000445411066322306030656 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/pam.d0000777000000000000000000000000011066322360027367 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_carriage_return/orig/nsswitch.conf0000777000000000000000000000000011066322360032666 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/0000755000000000000000000000000011066322306022163 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/result0000644000000000000000000000365311066322306023433 0ustar TESTING INDIVIDUAL ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) TESTING ALL ** WARNING: Skipping 'acc-default' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/runtest.sh0000755000000000000000000000127511066322306024233 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/0000755000000000000000000000000011066322306023123 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/auth-client-config/0000755000000000000000000000000011066322306026603 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030465 5ustar ././@LongLink0000000000000000000000000000015700000000000011570 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/auth-client-config/profile.d/a0000644000000000000000000000433411066322306030634 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/pam.d0000777000000000000000000000000011066322360027513 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_whitespace_begin/orig/nsswitch.conf0000777000000000000000000000000011066322360033012 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/0000755000000000000000000000000011066322306022047 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/result0000644000000000000000000001731111066322306023313 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/runtest.sh0000755000000000000000000000127511066322306024117 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/0000755000000000000000000000000011066322306023007 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/auth-client-config0000777000000000000000000000000011066322360034541 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/pam.d/0000755000000000000000000000000011066322306024006 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/pam.d/common-session0000644000000000000000000000063111066322306026702 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/pam.d/common-password0000644000000000000000000000211211066322306027055 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/pam.d/common-auth0000644000000000000000000000066511066322306026167 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/pam.d/common-account0000644000000000000000000000061111066322306026651 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/bad/system_whitespace_begin/orig/nsswitch.conf0000644000000000000000000000073011066322306025520 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/0000755000000000000000000000000011066322306021525 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/result0000644000000000000000000000314711066322306022773 0ustar TESTING INDIVIDUAL Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) TESTING ALL Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'kerberos' (choose from ) auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/runtest.sh0000755000000000000000000000130611066322306023570 0ustar #!/bin/bash #set -x echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/0000755000000000000000000000000011066322306022465 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/auth-client-config/0000755000000000000000000000000011066322306026145 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030027 5ustar ././@LongLink0000000000000000000000000000015400000000000011565 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/auth-client-config/profile.d/acc-0000644000000000000000000000000011066322306030543 0ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/pam.d0000777000000000000000000000000011066322360027055 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_empty_default/orig/nsswitch.conf0000777000000000000000000000000011066322360032354 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/0000755000000000000000000000000011066322306017661 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/result0000644000000000000000000000402111066322306021117 0ustar TESTING INDIVIDUAL ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') TESTING ALL ** WARNING: Skipping 'fuzzy' (couldn't process) Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] auth-client-config: error: option -p: invalid choice: 'fuzz_kerberos' (choose from 'kerberos', 'ldap') auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/runtest.sh0000755000000000000000000000133311066322306021724 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p fuzz_kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p fuzz_kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p fuzz_kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p fuzz_kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p fuzz_kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p fuzz_kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/orig/0000755000000000000000000000000011066322306020621 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/orig/auth-client-config/0000755000000000000000000000000011066322306024301 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306026163 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_fuzz/orig/auth-client-config/profile.d/fuzzy0000644000000000000000000000440011066322306027273 0ustar # if pam-runtime and base-files start to use auth-client-config, can`rerhaps # uncoolent this #[local] #nss_passwd=passwd: compAt #nss_group=group:`compat #nsS_shadow=shadow: compat #nss_netgroup=netgroup: niS #pam_auth=cuth required pam_unix.so nullok_secure debug #pam_account> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL (update)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING INDIVIDUAL (reset)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t nss -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (reset)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -a -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/0000755000000000000000000000000011066322306022375 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/auth-client-config0000777000000000000000000000000011066322360034127 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/pam.d/0000755000000000000000000000000011066322306023374 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/pam.d/common-session0000644000000000000000000000112311066322306026265 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/pam.d/common-password0000644000000000000000000000252211066322306026450 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/pam.d/common-auth0000644000000000000000000000120411066322306025543 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/pam.d/common-account0000644000000000000000000000101711066322306026240 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_comments/orig/nsswitch.conf0000644000000000000000000000127511066322306025113 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat db # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/0000755000000000000000000000000011066322306021020 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/result0000644000000000000000000002112711066322306022264 0ustar TESTING INDIVIDUAL WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so TESTING ALL WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) WARNING: duplicate profile 'ldap' found in 'dups' (will use last one found) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/runtest.sh0000755000000000000000000000124511066322306023065 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -n >> $ACCTMP/result 2>&1 || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/0000755000000000000000000000000011066322306021760 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/auth-client-config/0000755000000000000000000000000011066322306025440 5ustar auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306027322 5ustar ././@LongLink0000000000000000000000000000015100000000000011562 Lustar rootrootauth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/auth-client-config/profile.d/acc-def0000644000000000000000000000436611066322306030540 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #nss_netgroup=netgroup: nis #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/auth-client-config/profile.d/dups0000644000000000000000000000150411066322306030220 0ustar [ldap] nss_passwd=passwd: files ldap db nss_group=group: files ldap nss_shadow=shadow: files ldap nss_netgroup=netgroup: nis pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/pam.d0000777000000000000000000000000011066322360026350 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/bad/profile_duplicates/orig/nsswitch.conf0000777000000000000000000000000011066322360031647 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/0000755000000000000000000000000011066322306021261 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/result0000644000000000000000000000111011066322306022513 0ustar TESTING INDIVIDUAL (update) Error in setting the file: 'nsswitch.conf' has multiple entries for 'passwd' -- Errors found. Aborting (no changes made) TESTING ALL (update) Error in setting the file: 'nsswitch.conf' has multiple entries for 'passwd' -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (reset) Error in setting the file: 'nsswitch.conf' has multiple entries for 'passwd' -- Errors found. Aborting (no changes made) TESTING ALL (reset) Error in setting the file: 'nsswitch.conf' has multiple entries for 'passwd' -- Errors found. Aborting (no changes made) auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/runtest.sh0000755000000000000000000000115211066322306023323 0ustar #!/bin/bash echo "TESTING INDIVIDUAL (update)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (update)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (reset)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t nss -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (reset)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -a -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/0000755000000000000000000000000011066322306022221 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/auth-client-config0000777000000000000000000000000011066322360033753 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/pam.d/0000755000000000000000000000000011066322306023220 5ustar auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/pam.d/common-session0000644000000000000000000000112311066322306026111 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/pam.d/common-password0000644000000000000000000000252211066322306026274 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/pam.d/common-auth0000644000000000000000000000120411066322306025367 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/pam.d/common-account0000644000000000000000000000101711066322306026064 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/bad/system_mult_entries/orig/nsswitch.conf0000644000000000000000000000124111066322306024730 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat db passwd: files ldap db passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/bak/0000755000000000000000000000000011066322306015152 5ustar auth-client-config-0.9ubuntu1/tests/bak/common-session0000644000000000000000000000062711066322306020053 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/bak/common-password0000644000000000000000000000211111066322306020220 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/bak/nsswitch.conf0000644000000000000000000000072611066322306017670 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/bak/common-auth0000644000000000000000000000066411066322306017332 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/bak/common-account0000644000000000000000000000061011066322306020014 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/runtest_ex.sh0000755000000000000000000000050711066322306017156 0ustar #!/bin/bash #set -x # example usage for successful run #$ACCPATH/usr/sbin/auth-client-config -h >> $ACCTMP/result 2>&1 || exit 1 # example usage for failed run #$ACCPATH/usr/sbin/auth-client-config -a -p ldap >> $ACCTMP/result 2>&1 && exit 1 # remove this when implementing real test touch $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/installation/0000755000000000000000000000000011066322306017116 5ustar auth-client-config-0.9ubuntu1/tests/installation/check_profiles/0000755000000000000000000000000011066322306022076 5ustar auth-client-config-0.9ubuntu1/tests/installation/check_profiles/result0000644000000000000000000000022211066322306023333 0ustar Available profiles are: cracklib kerberos kerberos2 ldap Available types are: nss pam-account pam-auth pam-password pam-session auth-client-config-0.9ubuntu1/tests/installation/check_profiles/runtest.sh0000755000000000000000000000023511066322306024141 0ustar #!/bin/bash $ACCPATH/usr/sbin/auth-client-config -l >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -L >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/0000755000000000000000000000000011066322306023036 5ustar auth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/0000755000000000000000000000000011066322306026516 5ustar auth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/profile.d/0000755000000000000000000000000011066322306030400 5ustar ././@LongLink0000000000000000000000000000015600000000000011567 Lustar rootrootauth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/profile.d/acc-defaultauth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/profile.d/ac0000644000000000000000000000625211066322306030713 0ustar # if pam-runtime and base-files start to use auth-client-config, can perhaps # uncomment this #[local] #nss_passwd=passwd: compat #nss_group=group: compat #nss_shadow=shadow: compat #pam_auth=auth required pam_unix.so nullok_secure debug #pam_account=account required pam_unix.so #pam_password=password required pam_unix.so nullok obscure min=4 max=8 md5 #pam_session=session required pam_unix.so # session optional pam_foreground.so [kerberos] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [kerberos2] nss_passwd=passwd: files db nss_group=group: files db nss_shadow=shadow: files nss_netgroup: nis pam_auth=auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update pam_account=account sufficient pam_krb5.so ccache=/var/run/ccache/krb5cc_%u debug account sufficient pam_unix.so debug account required pam_permit.so pam_password=password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so pam_session=session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug [ldap] nss_passwd=passwd: files ldap nss_group=group: files ldap nss_shadow=shadow: files ldap pam_auth=auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so pam_account=account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so pam_password=password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so pam_session=session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ././@LongLink0000000000000000000000000000015700000000000011570 Lustar rootrootauth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/profile.d/acc-cracklibauth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/auth-client-config/profile.d/ac0000644000000000000000000000037411066322306030712 0ustar # # enable cracklib for enforcing stronger passwords. Requires libpam-cracklib # to be installed # [cracklib] pam_password=password required pam_cracklib.so retry=3 minlen=8 difok=3 password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/pam.d0000777000000000000000000000000011066322360027426 2../../../defaults/pam.d/ustar auth-client-config-0.9ubuntu1/tests/installation/check_profiles/orig/nsswitch.conf0000777000000000000000000000000011066322360032725 2../../../defaults/nsswitch.confustar auth-client-config-0.9ubuntu1/tests/installation/check_help/0000755000000000000000000000000011066322306021203 5ustar auth-client-config-0.9ubuntu1/tests/installation/check_help/result0000644000000000000000000000211611066322306022444 0ustar Usage: auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE] auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE] auth-client-config -p PROFILE -a -t TYPE -s [-f FILE] This program updates nsswitch.conf and pam configuration files to aid in authentication configuration. Options: --version show program's version number and exit -h, --help show this help message and exit -a, --all-types apply all types for specified profile -d, --database-only update only if current entries are in database -f FILE, --file=FILE update FILE instead of default -l, --list-profiles list available profiles -L, --list-types list available types -n, --dry-run don't modify anything, just show the changes -p PROFILE, --profile=PROFILE set profile to PROFILE -r, --reset reset to previous non-auth-client-config values -s, --check-system determine if system files are set to PROFILE -S, --show-system show current system settings as a profile -t TYPE, --type=TYPE modify files for TYPE auth-client-config-0.9ubuntu1/tests/installation/check_help/runtest.sh0000755000000000000000000000013111066322306023241 0ustar #!/bin/bash $ACCPATH/usr/sbin/auth-client-config -h >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/installation/check_help/orig0000777000000000000000000000000011066322360024322 2../../defaults/ustar auth-client-config-0.9ubuntu1/tests/fsm/0000755000000000000000000000000011066322306015202 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_1/0000755000000000000000000000000011066322306015624 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_1/result0000644000000000000000000003474011066322306017075 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files db #group: compat group: files db #shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files db #group: compat group: files db #shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING INDIVIDUAL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files db #group: compat group: files db #shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files db #group: compat group: files db #shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/fsm/S_1/runtest.sh0000755000000000000000000000251611066322306017673 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result || exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p kerberos -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/0000755000000000000000000000000011066322306016564 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/auth-client-config0000777000000000000000000000000011066322360030316 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/pam.d/0000755000000000000000000000000011066322306017563 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/pam.d/common-session0000644000000000000000000000100711066322306022455 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/pam.d/common-password0000644000000000000000000000247011066322306022641 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/pam.d/common-auth0000644000000000000000000000114311066322306021734 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/pam.d/common-account0000644000000000000000000000076511066322306022440 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_1/orig/nsswitch.conf0000644000000000000000000000104011066322306021270 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files ldap #group: compat group: files ldap #shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_2/0000755000000000000000000000000011066322306015625 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2/result0000644000000000000000000001654111066322306017075 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_2/runtest.sh0000755000000000000000000000120711066322306017670 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/0000755000000000000000000000000011066322306016565 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/auth-client-config0000777000000000000000000000000011066322360030317 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/pam.d/0000755000000000000000000000000011066322306017564 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/pam.d/common-session0000644000000000000000000000062711066322306022465 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/pam.d/common-password0000644000000000000000000000211111066322306022632 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/pam.d/common-auth0000644000000000000000000000066411066322306021744 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/pam.d/common-account0000644000000000000000000000061011066322306022426 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/fsm/S_2/orig/nsswitch.conf0000644000000000000000000000072611066322306021303 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_5/0000755000000000000000000000000011066322306015630 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5/result0000644000000000000000000003700411066322306017075 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING INDIVIDUAL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/fsm/S_5/runtest.sh0000755000000000000000000000251611066322306017677 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result || exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p kerberos -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/0000755000000000000000000000000011066322306016570 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/auth-client-config0000777000000000000000000000000011066322360030322 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/pam.d/0000755000000000000000000000000011066322306017567 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/pam.d/common-session0000644000000000000000000000112311066322306022460 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/pam.d/common-password0000644000000000000000000000252211066322306022643 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/pam.d/common-auth0000644000000000000000000000120411066322306021736 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/pam.d/common-account0000644000000000000000000000101711066322306022433 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5/orig/nsswitch.conf0000644000000000000000000000121011066322306021273 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/0000755000000000000000000000000011066322306021735 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/result0000644000000000000000000000173711066322306023206 0ustar TESTING INDIVIDUAL (dbonly) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'nss' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-account' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-auth' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-password' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-session' -- Errors found. Aborting (no changes made) TESTING ALL (dbonly) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'nss' -- Errors found. Aborting (no changes made) auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/runtest.sh0000755000000000000000000000134111066322306023777 0ustar #!/bin/bash echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/0000755000000000000000000000000011066322306022675 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/auth-client-config0000777000000000000000000000000011066322360034427 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/pam.d/0000755000000000000000000000000011066322306023674 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/pam.d/common-session0000644000000000000000000000113111066322306026564 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/pam.d/common-password0000644000000000000000000000253011066322306026747 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/pam.d/common-auth0000644000000000000000000000121211066322306026042 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/pam.d/common-account0000644000000000000000000000102511066322306026537 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7update_noindb_dbonly/orig/nsswitch.conf0000644000000000000000000000121311066322306025403 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/0000755000000000000000000000000011066322306020226 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/result0000644000000000000000000000206411066322306021471 0ustar TESTING INDIVIDUAL Error in resetting 'nss': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-account': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-auth': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-password': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-session': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) TESTING ALL Error in resetting 'nss': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/runtest.sh0000755000000000000000000000257611066322306022303 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/0000755000000000000000000000000011066322306021166 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/auth-client-config0000777000000000000000000000000011066322360032720 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/pam.d/0000755000000000000000000000000011066322306022165 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/pam.d/common-session0000644000000000000000000000113111066322306025055 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/pam.d/common-password0000644000000000000000000000253011066322306025240 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/pam.d/common-auth0000644000000000000000000000121211066322306024333 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/pam.d/common-account0000644000000000000000000000102511066322306025030 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_noindb/orig/nsswitch.conf0000644000000000000000000000121311066322306023674 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_8/0000755000000000000000000000000011066322306015633 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8/result0000644000000000000000000001365211066322306017103 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_8/runtest.sh0000755000000000000000000000254011066322306017677 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -r -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -r -n >> $ACCTMP/result || exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t nss -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-account -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-auth -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-password -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-session -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/0000755000000000000000000000000011066322306016573 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/auth-client-config0000777000000000000000000000000011066322360030325 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/pam.d/0000755000000000000000000000000011066322306017572 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/pam.d/common-session0000644000000000000000000000112311066322306022463 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/pam.d/common-password0000644000000000000000000000252211066322306022646 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/pam.d/common-auth0000644000000000000000000000120411066322306021741 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/pam.d/common-account0000644000000000000000000000101711066322306022436 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8/orig/nsswitch.conf0000644000000000000000000000121011066322306021276 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_6/0000755000000000000000000000000011066322306015631 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6/result0000644000000000000000000002326111066322306017076 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # passwd: compat # pre_auth-client-config # passwd: files ldap db passwd: files db # group: compat # pre_auth-client-config # group: files ldap group: files db # shadow: compat # pre_auth-client-config # shadow: files ldap shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # netgroup: nis # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # account required pam_unix.so # pre_auth-client-config # account sufficient pam_unix.so debug # pre_auth-client-config # account sufficient pam_ldap.so # pre_auth-client-config # account required pam_deny.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # auth required pam_unix.so nullok_secure # pre_auth-client-config # auth required pam_env.so # pre_auth-client-config # auth sufficient pam_unix.so likeauth nullok debug # pre_auth-client-config # auth sufficient pam_ldap.so use_first_pass # pre_auth-client-config # auth required pam_deny.so auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 # pre_auth-client-config # password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 # pre_auth-client-config # password sufficient pam_unix.so nullok md5 shadow use_authtok debug # pre_auth-client-config # password sufficient pam_ldap.so use_first_pass # pre_auth-client-config # password required pam_deny.so password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # session required pam_unix.so # session optional pam_foreground.so # pre_auth-client-config # session required pam_limits.so # pre_auth-client-config # session required pam_unix.so debug # pre_auth-client-config # session optional pam_ldap.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # passwd: compat # pre_auth-client-config # passwd: files ldap db passwd: files db # group: compat # pre_auth-client-config # group: files ldap group: files db # shadow: compat # pre_auth-client-config # shadow: files ldap shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # netgroup: nis # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # account required pam_unix.so # pre_auth-client-config # account sufficient pam_unix.so debug # pre_auth-client-config # account sufficient pam_ldap.so # pre_auth-client-config # account required pam_deny.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # auth required pam_unix.so nullok_secure # pre_auth-client-config # auth required pam_env.so # pre_auth-client-config # auth sufficient pam_unix.so likeauth nullok debug # pre_auth-client-config # auth sufficient pam_ldap.so use_first_pass # pre_auth-client-config # auth required pam_deny.so auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 # pre_auth-client-config # password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 # pre_auth-client-config # password sufficient pam_unix.so nullok md5 shadow use_authtok debug # pre_auth-client-config # password sufficient pam_ldap.so use_first_pass # pre_auth-client-config # password required pam_deny.so password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # session required pam_unix.so # session optional pam_foreground.so # pre_auth-client-config # session required pam_limits.so # pre_auth-client-config # session required pam_unix.so debug # pre_auth-client-config # session optional pam_ldap.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/fsm/S_6/runtest.sh0000755000000000000000000000123711066322306017677 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/0000755000000000000000000000000011066322306016571 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/auth-client-config0000777000000000000000000000000011066322360030323 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/pam.d/0000755000000000000000000000000011066322306017570 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/pam.d/common-session0000644000000000000000000000113111066322306022460 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/pam.d/common-password0000644000000000000000000000253011066322306022643 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/pam.d/common-auth0000644000000000000000000000121211066322306021736 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/pam.d/common-account0000644000000000000000000000102511066322306022433 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6/orig/nsswitch.conf0000644000000000000000000000121311066322306021277 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/0000755000000000000000000000000011066322306021426 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/result0000644000000000000000000000211411066322306022665 0ustar TESTING INDIVIDUAL Error in resetting 'nss': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-account': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-auth': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-password': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-session': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) TESTING ALL Error in resetting 'nss': 'kerberos' does not match system settings -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/runtest.sh0000755000000000000000000000265611066322306023502 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p kerberos -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p kerberos -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p kerberos -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p kerberos -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p kerberos -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -a -p kerberos -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/0000755000000000000000000000000011066322306022366 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/auth-client-config0000777000000000000000000000000011066322360034120 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/pam.d/0000755000000000000000000000000011066322306023365 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/pam.d/common-session0000644000000000000000000000112311066322306026256 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/pam.d/common-password0000644000000000000000000000252211066322306026441 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/pam.d/common-auth0000644000000000000000000000120411066322306025534 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/pam.d/common-account0000644000000000000000000000101711066322306026231 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_noincur/orig/nsswitch.conf0000644000000000000000000000121011066322306025071 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/0000755000000000000000000000000011066322306016341 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/result0000644000000000000000000002710211066322306017604 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) account [success=1 default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=1 default=ignore] pam_unix.so nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) password [success=1 default=ignore] pam_unix.so obscure sha512 # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so # end of pam-auth-update config TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) account [success=1 default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=1 default=ignore] pam_unix.so nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) password [success=1 default=ignore] pam_unix.so obscure sha512 # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so # end of pam-auth-update config TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/runtest.sh0000755000000000000000000000254011066322306020405 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -r -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -r -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -r -n >> $ACCTMP/result || exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t nss -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-account -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-auth -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-password -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-session -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/0000755000000000000000000000000011066322306017301 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/auth-client-config0000777000000000000000000000000011066322360031033 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/pam.d/0000755000000000000000000000000011066322306020300 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/pam.d/common-session0000644000000000000000000000303311066322306023173 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/pam.d/common-password0000644000000000000000000000373311066322306023361 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/pam.d/common-auth0000644000000000000000000000306011066322306022451 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/pam.d/common-account0000644000000000000000000000271311066322306023150 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_8pau/orig/nsswitch.conf0000644000000000000000000000121011066322306022004 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/0000755000000000000000000000000011066322306016337 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/result0000644000000000000000000003664511066322306017616 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # passwd: compat # pre_auth-client-config # passwd: files ldap db passwd: files db # group: compat # pre_auth-client-config # group: files ldap group: files db # shadow: compat # pre_auth-client-config # shadow: files ldap shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # netgroup: nis # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # # here are the per-package modules (the "Primary" block) # account [success=1 default=ignore] pam_unix.so # # here's the fallback if no module succeeds # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # account required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # account sufficient pam_unix.so debug # pre_auth-client-config # account sufficient pam_ldap.so # pre_auth-client-config # account required pam_deny.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # auth [success=1 default=ignore] pam_unix.so nullok_secure # # here's the fallback if no module succeeds # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # auth required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # auth required pam_env.so # pre_auth-client-config # auth sufficient pam_unix.so likeauth nullok debug # pre_auth-client-config # auth sufficient pam_ldap.so use_first_pass # pre_auth-client-config # auth required pam_deny.so auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # password [success=1 default=ignore] pam_unix.so obscure sha512 # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # password required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 # pre_auth-client-config # password sufficient pam_unix.so nullok md5 shadow use_authtok debug # pre_auth-client-config # password sufficient pam_ldap.so use_first_pass # pre_auth-client-config # password required pam_deny.so password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # session required pam_permit.so # # and here are more per-package modules (the "Additional" block) # session required pam_unix.so # # end of pam-auth-update config # pre_auth-client-config # session required pam_limits.so # pre_auth-client-config # session required pam_unix.so debug # pre_auth-client-config # session optional pam_ldap.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # passwd: compat # pre_auth-client-config # passwd: files ldap db passwd: files db # group: compat # pre_auth-client-config # group: files ldap group: files db # shadow: compat # pre_auth-client-config # shadow: files ldap shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # netgroup: nis # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # # here are the per-package modules (the "Primary" block) # account [success=1 default=ignore] pam_unix.so # # here's the fallback if no module succeeds # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # account required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # account sufficient pam_unix.so debug # pre_auth-client-config # account sufficient pam_ldap.so # pre_auth-client-config # account required pam_deny.so account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # auth [success=1 default=ignore] pam_unix.so nullok_secure # # here's the fallback if no module succeeds # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # auth required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # auth required pam_env.so # pre_auth-client-config # auth sufficient pam_unix.so likeauth nullok debug # pre_auth-client-config # auth sufficient pam_ldap.so use_first_pass # pre_auth-client-config # auth required pam_deny.so auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # password [success=1 default=ignore] pam_unix.so obscure sha512 # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # password required pam_permit.so # # and here are more per-package modules (the "Additional" block) # # end of pam-auth-update config # pre_auth-client-config # password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 # pre_auth-client-config # password sufficient pam_unix.so nullok md5 shadow use_authtok debug # pre_auth-client-config # password sufficient pam_ldap.so use_first_pass # pre_auth-client-config # password required pam_deny.so password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # session required pam_permit.so # # and here are more per-package modules (the "Additional" block) # session required pam_unix.so # # end of pam-auth-update config # pre_auth-client-config # session required pam_limits.so # pre_auth-client-config # session required pam_unix.so debug # pre_auth-client-config # session optional pam_ldap.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/runtest.sh0000755000000000000000000000123711066322306020405 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/0000755000000000000000000000000011066322306017277 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/auth-client-config0000777000000000000000000000000011066322360031031 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/pam.d/0000755000000000000000000000000011066322306020276 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/pam.d/common-session0000644000000000000000000000304111066322306023170 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_limits.so session required pam_unix.so debug session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/pam.d/common-password0000644000000000000000000000374111066322306023356 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok debug password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/pam.d/common-auth0000644000000000000000000000306611066322306022455 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth required pam_env.so auth sufficient pam_unix.so likeauth nullok debug auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/pam.d/common-account0000644000000000000000000000272111066322306023145 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_unix.so debug account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_6pau/orig/nsswitch.conf0000644000000000000000000000121311066322306022005 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap db # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/0000755000000000000000000000000011066322306016336 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/result0000644000000000000000000007235011066322306017606 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING INDIVIDUAL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug TESTING ALL (dbonly) # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files db # pre_auth-client-config # group: compat group: files db # pre_auth-client-config # shadow: compat shadow: files hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_krb5.so debug account sufficient pam_unix.so debug account required pam_permit.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth [success=done default=ignore] pam_unix.so nullok_secure debug auth [authinfo_unavail=ignore success=1 default=2] pam_krb5.so use_first_pass debug auth [default=done] pam_ccreds.so action=validate use_first_pass auth [default=done] pam_ccreds.so action=store auth [default=bad] pam_ccreds.so action=update # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password sufficient pam_unix.so nullok obscure min=4 max=8 md5 debug password sufficient pam_krb5.so debug try_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_mkhomedir.so umask=0022 skel=/etc/skel session optional pam_foreground.so session optional pam_krb5.so debug session required pam_unix.so debug auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/runtest.sh0000755000000000000000000000251611066322306020405 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p kerberos -n >> $ACCTMP/result || exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p kerberos -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p kerberos -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/0000755000000000000000000000000011066322306017276 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/auth-client-config0000777000000000000000000000000011066322360031030 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/pam.d/0000755000000000000000000000000011066322306020275 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/pam.d/common-session0000644000000000000000000000303311066322306023170 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/pam.d/common-password0000644000000000000000000000373311066322306023356 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/pam.d/common-auth0000644000000000000000000000306011066322306022446 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/pam.d/common-account0000644000000000000000000000271311066322306023145 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_5pau/orig/nsswitch.conf0000644000000000000000000000121011066322306022001 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/0000755000000000000000000000000011066322306021120 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/result0000644000000000000000000000571511066322306022371 0ustar TESTING INDIVIDUAL Error in resetting 'nss': Too many previous configurations found. Please fix manually. -- Errors found. Aborting (no changes made) # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so TESTING ALL Error in resetting 'nss': Too many previous configurations found. Please fix manually. -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/runtest.sh0000755000000000000000000000257611066322306023175 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t pam-account -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t pam-auth -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t pam-password -n >> $ACCTMP/result 2>&1 || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -p ldap -t pam-session -n >> $ACCTMP/result 2>&1 || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -a -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p ldap -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p ldap -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p ldap -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p ldap -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -p ldap -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -r -d -a -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/0000755000000000000000000000000011066322306022060 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/auth-client-config0000777000000000000000000000000011066322360033612 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/pam.d/0000755000000000000000000000000011066322306023057 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/pam.d/common-session0000644000000000000000000000112311066322306025750 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/pam.d/common-password0000644000000000000000000000252211066322306026133 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. # pre_auth-client-config # password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/pam.d/common-auth0000644000000000000000000000120411066322306025226 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # pre_auth-client-config # auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/pam.d/common-account0000644000000000000000000000101711066322306025723 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # pre_auth-client-config # account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_7reset_indb_n_gt_1/orig/nsswitch.conf0000644000000000000000000000127511066322306024576 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat db # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/0000755000000000000000000000000011066322306016333 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/result0000644000000000000000000003442111066322306017600 0ustar TESTING INDIVIDUAL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_limits.so session required pam_unix.so session optional pam_ldap.so TESTING ALL # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. # pre_auth-client-config # passwd: compat passwd: files ldap # pre_auth-client-config # group: compat group: files ldap # pre_auth-client-config # shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files # pre_auth-client-config # netgroup: nis netgroup: nis # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # account [success=1 default=ignore] pam_unix.so # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # account required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # auth [success=1 default=ignore] pam_unix.so nullok_secure # pre_auth-client-config # # here's the fallback if no module succeeds # pre_auth-client-config # auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # auth required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # password [success=1 default=ignore] pam_unix.so obscure sha512 # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # password required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # # end of pam-auth-update config password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # pre_auth-client-config # # here are the per-package modules (the "Primary" block) # pre_auth-client-config # # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided # pre_auth-client-config # session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around # pre_auth-client-config # session required pam_permit.so # pre_auth-client-config # # and here are more per-package modules (the "Additional" block) # pre_auth-client-config # session required pam_unix.so # pre_auth-client-config # # end of pam-auth-update config session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/runtest.sh0000755000000000000000000000120711066322306020376 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -n >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -n >> $ACCTMP/result || exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -n >> $ACCTMP/result || exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/0000755000000000000000000000000011066322306017273 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/auth-client-config0000777000000000000000000000000011066322360031025 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/pam.d/0000755000000000000000000000000011066322306020272 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/pam.d/common-session0000644000000000000000000000236011066322306023167 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided session required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so # end of pam-auth-update config auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/pam.d/common-password0000644000000000000000000000306011066322306023344 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be # used to change user passwords. The default is pam_unix. # Explanation of pam_unix options: # # The "sha512" option enables salted SHA512 passwords. Without this option, # the default is Unix crypt. Prior releases used the option "md5". # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. # # See the pam_unix manpage for other options. # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) password [success=1 default=ignore] pam_unix.so obscure sha512 # here's the fallback if no module succeeds # this is obviously a completely redundant line, except that it lets us # handle better the case where there are no "Primary" modules provided password required pam_permit.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around password required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/pam.d/common-auth0000644000000000000000000000230511066322306022444 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) auth [success=1 default=ignore] pam_unix.so nullok_secure # here's the fallback if no module succeeds auth requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around auth required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/pam.d/common-account0000644000000000000000000000224211066322306023137 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # # As of pam 1.0.1-5, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # # here are the per-package modules (the "Primary" block) account [success=1 default=ignore] pam_unix.so # here's the fallback if no module succeeds account requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around account required pam_permit.so # and here are more per-package modules (the "Additional" block) # end of pam-auth-update config auth-client-config-0.9ubuntu1/tests/fsm/S_2pau/orig/nsswitch.conf0000644000000000000000000000072611066322306022011 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/0000755000000000000000000000000011066322306020222 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/result0000644000000000000000000000206411066322306021465 0ustar TESTING INDIVIDUAL Error in resetting 'nss': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-account': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-auth': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-password': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) Error in resetting 'pam-session': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) TESTING ALL Error in resetting 'nss': 'ldap' does not match system settings -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/runtest.sh0000755000000000000000000000261211066322306022266 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -r -n >> $ACCTMP/result 2>&1 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-account -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-auth -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-password -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t pam-session -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t nss -r -n >> $ACCTMP/result 2>&1 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-account -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-auth -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-password -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -t pam-session -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/0000755000000000000000000000000011066322306021162 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/auth-client-config0000777000000000000000000000000011066322360032714 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/pam.d/0000755000000000000000000000000011066322306022161 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/pam.d/common-session0000644000000000000000000000062711066322306025062 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/pam.d/common-password0000644000000000000000000000211111066322306025227 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/pam.d/common-auth0000644000000000000000000000066411066322306024341 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/pam.d/common-account0000644000000000000000000000061011066322306025023 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_noindb/orig/nsswitch.conf0000644000000000000000000000072611066322306023700 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/0000755000000000000000000000000011066322306017665 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/result0000644000000000000000000000212211066322306021123 0ustar TESTING INDIVIDUAL Error in resetting 'nss': No previous settings found in current file -- Errors found. Aborting (no changes made) Error in resetting 'pam-account': No previous settings found in current file -- Errors found. Aborting (no changes made) Error in resetting 'pam-auth': No previous settings found in current file -- Errors found. Aborting (no changes made) Error in resetting 'pam-password': No previous settings found in current file -- Errors found. Aborting (no changes made) Error in resetting 'pam-session': No previous settings found in current file -- Errors found. Aborting (no changes made) TESTING ALL Error in resetting 'nss': No previous settings found in current file -- Errors found. Aborting (no changes made) TESTING INDIVIDUAL (dbonly) Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' Cannot specify 'database-only' when using 'reset' TESTING ALL (dbonly) Cannot specify 'database-only' when using 'reset' auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/runtest.sh0000755000000000000000000000257611066322306021742 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -t nss -r -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -p ldap -r -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING INDIVIDUAL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t nss -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-account -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-auth -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-password -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -p ldap -r -t pam-session -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL (dbonly)" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -r -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/0000755000000000000000000000000011066322306020625 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/auth-client-config0000777000000000000000000000000011066322360032357 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/pam.d/0000755000000000000000000000000011066322306021624 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/pam.d/common-session0000644000000000000000000000100711066322306024516 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # #session required pam_unix.so #session optional pam_foreground.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/pam.d/common-password0000644000000000000000000000247011066322306024702 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. #password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password sufficient pam_ldap.so use_first_pass password required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/pam.d/common-auth0000644000000000000000000000114311066322306023775 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # #auth required pam_unix.so nullok_secure auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/pam.d/common-account0000644000000000000000000000076511066322306024501 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # #account required pam_unix.so account sufficient pam_unix.so account sufficient pam_ldap.so account required pam_deny.so auth-client-config-0.9ubuntu1/tests/fsm/S_3reset_indb/orig/nsswitch.conf0000644000000000000000000000104011066322306023331 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. #passwd: compat passwd: files ldap #group: compat group: files ldap #shadow: compat shadow: files ldap hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files #netgroup: nis netgroup: nis auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/0000755000000000000000000000000011066322306020400 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/result0000644000000000000000000000171511066322306021645 0ustar TESTING INDIVIDUAL Error in updating the file: Current settings not in database, but database-only specified. Skipping 'nss' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-account' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-auth' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-password' -- Errors found. Aborting (no changes made) Error in updating the file: Current settings not in database, but database-only specified. Skipping 'pam-session' -- Errors found. Aborting (no changes made) TESTING ALL Error in updating the file: Current settings not in database, but database-only specified. Skipping 'nss' -- Errors found. Aborting (no changes made) auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/runtest.sh0000755000000000000000000000126711066322306022451 0ustar #!/bin/bash echo "TESTING INDIVIDUAL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -t nss -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -t pam-account -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -t pam-auth -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -t pam-password -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 $ACCPATH/usr/sbin/auth-client-config -d -t pam-session -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 echo "TESTING ALL" >> $ACCTMP/result || exit 1 $ACCPATH/usr/sbin/auth-client-config -d -a -p ldap -n >> $ACCTMP/result 2>&1 && exit 1 exit 0 auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/0000755000000000000000000000000011066322306021340 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/auth-client-config0000777000000000000000000000000011066322360033072 2../../../defaults/auth-client-config/ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/pam.d/0000755000000000000000000000000011066322306022337 5ustar auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/pam.d/common-session0000644000000000000000000000062711066322306025240 0ustar # # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/pam.d/common-password0000644000000000000000000000211111066322306025405 0ustar # # /etc/pam.d/common-password - password-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define the services to be #used to change user passwords. The default is pam_unix # The "nullok" option allows users to change an empty password, else # empty passwords are treated as locked accounts. # # (Add `md5' after the module name to enable MD5 passwords) # # The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in # login.defs. Also the "min" and "max" options enforce the length of the # new password. password required pam_unix.so nullok obscure min=4 max=8 md5 # Alternate strength checking for password. Note that this # requires the libpam-cracklib package to be installed. # You will need to comment out the password line above and # uncomment the next two in order to use this. # (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # # password required pam_cracklib.so retry=3 minlen=6 difok=3 # password required pam_unix.so use_authtok nullok md5 auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/pam.d/common-auth0000644000000000000000000000066411066322306024517 0ustar # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_unix.so nullok_secure auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/pam.d/common-account0000644000000000000000000000061011066322306025201 0ustar # # /etc/pam.d/common-account - authorization settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account required pam_unix.so auth-client-config-0.9ubuntu1/tests/fsm/S_3update_dbonly/orig/nsswitch.conf0000644000000000000000000000072611066322306024056 0ustar # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat group: compat shadow: compat hosts: files dns mdns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis auth-client-config-0.9ubuntu1/auth-client-config.80000644000000000000000000001223511066322306017027 0ustar .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.36. .TH AUTH-CLIENT-CONFIG: "8" "July 2007" "" "" .SH NAME auth-client-config \- pam and NSS profile switcher .SH DESCRIPTION .PP This program updates nsswitch.conf and pam configuration files to aid in authentication configuration. If the existing nsswitch.conf and pam system configuration does not exist in the profiles database, \fBauth\-client\-config\fR will comment out the current configuration in such a way that the changes can be undone by \fBauth\-client\-config\fR with the \fB\-r\fR option. .SH USAGE .TP auth\-client\-config \fB\-p\fR PROFILE \fB\-a\fR \fB\-t\fR TYPE [\fB\-dn\fR \fB\-f\fR FILE] .TP auth\-client\-config \fB\-p\fR PROFILE \fB\-a\fR \fB\-t\fR TYPE \fB\-r\fR [\fB\-n\fR \fB\-f\fR FILE] .TP auth\-client\-config \fB\-p\fR PROFILE \fB\-a\fR \fB\-t\fR TYPE \fB\-s\fR [\fB\-f\fR FILE] .SH "OPTIONS" .TP \fB\-\-version\fR show program's version number and exit .TP \fB\-h\fR, \fB\-\-help\fR show this help message and exit .TP \fB\-a\fR, \fB\-\-all\-types\fR apply all types for specified profile .TP \fB\-d\fR, \fB\-\-database\-only\fR update file(s) only if current entries are in database .TP \fB\-f\fR FILE, \fB\-\-file\fR=\fIFILE\fR update FILE instead of default .TP \fB\-l\fR, \fB\-\-list\-profiles\fR list available profiles .TP \fB\-L\fR, \fB\-\-list\-types\fR list available types .TP \fB\-n\fR, \fB\-\-dry\-run\fR don't modify anything, just show the changes .TP \fB\-p\fR PROFILE, \fB\-\-profile\fR=\fIPROFILE\fR (required) use PROFILE .TP \fB\-r\fR, \fB\-\-reset\fR reset file(s) to previous non\-auth\-client\-config values. Will not remove the current entries unless they match PROFILE .TP \fB\-s\fR, \fB\-\-check\-system\fR determine if system files are set to PROFILE .TP \fB\-S\fR, \fB\-\-show\-system\fR show current system settings as a profile .TP \fB\-t\fR TYPE, \fB\-\-type\fR=\fITYPE\fR modify files for TYPE. Multiple types can be specified with a comma separated list. .SH "PROFILES DATABASE" .PP Each time \fBauth-client-config\fR is run, it will check the profiles database (by default, \fB#CONFIG_PREFIX#/auth-client-config/profile.d\fR) for authentication profiles. Files may be added to the profiles database directory to support custom authentication configurations. This is useful for a distribution maintainer to have his/her authentication package put an authentication profile into the profiles database, and then have his/her package use \fBauth-client-config\fR to update the system configuration. It also allows for an administrator to set up a single profile for site-wide network authentication roll-outs. .PP The files in the profiles database use the \fB.INI\fR configuration file standard, and the syntax is: [example] nss_passwd=nsswitch.conf entry for 'passwd' nss_group=nsswitch.conf entry for 'group nss_shadow=nsswitch.conf entry for 'shadow' nss_netgroup=nsswitch.conf entry for 'netgroup' pam_auth=pam entry/entries for 'auth' pam_account=pam entry/entries for 'account' pam_password=pam entry/entries for 'password' pam_session=pam entry/entries for 'session' .PP If you need to specify multiple entries for a specific type (which is often the case with PAM), then simply list additional entries on a newline preceded by a tab. For example, an entry for local configuration might be: [example_local] nss_passwd=passwd: files nss_group=group: files nss_shadow=shadow: files nss_netgroup=netgroup: nis pam_auth=auth required pam_unix.so nullok_secure debug pam_account=account required pam_unix.so debug pam_password=password required pam_unix.so nullok obscure \\ min=4 max=8 md5 debug pam_session=session required pam_unix.so debug session optional pam_foreground.so .PP Notice how in the above, pam_session has two entries (pam_password in this example should be all on one line, hence the '\\'). .PP To use the above entry with \fBauth-client-config\fR, create a file with the above entries in it and put the file into the profiles database directory (typically named after the profile or package that added it). Now call \fBauth-client-config\fR with: \fBauth-client-config \-a \-p example_local\fR .SH "EXAMPLES" .PP Set nsswitch.conf and pam to use the 'example_local' profile: \fBauth-client-config \-a \-p example_local\fR .PP Set only nsswitch.conf to use the 'example_local' profile, but only if current nsswitch.conf entries exist in the profiles database: \fBauth-client-config \-t nss \-p example_local \-d\fR .PP Restore nsswitch.conf and pam to previous non-auth-client-config files: \fBauth-client-config \-a \-p example_local \-r\fR .SH "KNOWN ISSUES" .PP If two or more profiles have the same name, only the last one will be used. Additionally, if a profile in the profiles database has more than one entry for a particular field (eg, two 'nss_passwd' entries), then then the last one read will be used. .PP \fBauth-client-config\fR strips out all carriage returns when run on Unix. .SH "SEE ALSO" .PP \fBnsswitch.conf\fR(5), \fBpam\fR(7) .SH "AUTHOR" .PP auth-client-config is copyright 2007-2008 by Jamie Strandboge .PP This manual page was originally written by Jamie Strandboge auth-client-config-0.9ubuntu1/sbin/0000755000000000000000000000000011066322306014206 5ustar auth-client-config-0.9ubuntu1/COPYING0000644000000000000000000004310511066322306014311 0ustar GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. auth-client-config-0.9ubuntu1/implementation/0000755000000000000000000000000011066322306016300 5ustar auth-client-config-0.9ubuntu1/implementation/acc_state_diagram.dia0000644000000000000000000000727511066322306022404 0ustar [o+,f,^ՕeCVIoGɎcKrlxC{BeGӷit͒&(JƟ>󟾜8+gHIͯ./PY-8/! x(Bwly4̲4lS&6NgwHL7ų4e6{Mj1昬6v:-"H=KIjq~fji̦<ίbki'.nED brMrqrirz>K4l0)ToxaZ خrslROM;Nֻ&hMut;>ZD7(Zֆ"gH[aψ]4f&d/tޘ;G.Y,`xw'X~?v-K&0> oޞAf֕ "Hm :m&خT]P$bb@s*)gIrmQ^XNF25cȋK(Z@|[VHb5%\HM'7:LöM˂цY_6g]axÛJ@Њ%HLٹ ,A3c]! PK|M. IJQTRʻ7 jY{c k)&Qx| Ugku]>%J3;оNR*㚛fӿ\r"l CZ0I~7lc} X ŌX)\ :W-p. s%Q_i!!Z2&XbAʀi6þp`pҡD k2uL@ Ҙ }7M3XXvD MkH@}R!"v\0mVbcs{=RyɵC^Vp]vw{,=qw߽<鑒`n|-%7KYHJV C=V[}o- þؗzG𖖉Q%.$2<|m疉)NoaWY&VS_(k% ˴6ؗ70" x '{r آZkV/NQ\A&#nBr;o^+ P,cgr],|QH]h;{PAߵm%NLi}J*USNzo=k*vE;Zz YQ7wlޅz]p;@3&Bz$Lkn}Py;9B܏e*2csS]}Nиk% "i}1p̙ixdS{USQ}<`Dݢ䞖bc뀺0vӌaR\paÀ|b kLHsw ͂O|vu k'&ߡ-!BO"ɱvܽ^!-qW~>hbKx1j7[>)1J p7Sނ~op & pՎ0AkrGafΒh GU06#y)ﭤ*i:KR$ 6&].tuG8I^a:D?]Y[Xw}j}}*HtvoޥIR8؄^>v^ֶcI/L~6%Q^o#lwrC$;bSz`֓ vxM> aE` 8 T/U]Q=N[)XV.|CkD1(]ݦ ȆpU8dtT[=NL9.L@`RP'OTS=NL)(".]v@Sɝ G2jN L?nfI70}Q:ꪦ' 㦤륧6QViQt4JRmE`:E0ƃI-nV9GwIw: LH&Ac B0JD {*cTz@d!8ϵNVj5j"\qGD)%VJnGeZ4sOl9=;6PΫy*M_K)}Dauth-client-config-0.9ubuntu1/implementation/acc_state_diagram.png0000644000000000000000000026626311066322306022437 0ustar PNG  IHDR BY4sBITO pHYs IDATxw@/@X=ꨂ(q8PDqA+jU\Uu@uBQ@@D6 |n!w׽/{{r׋"`0 FyP`0 m` `0 F` `0 F` `4 BPڲ~UڵK. /_6Dd `0 Fٷo"[F#X @ PݪsX:ؽ{wSS:*= B(x|H]|ynݘL~׮]W\Y]]-TLWb>1*wwwѾ}QF?2|ilmm ύ7m=33sܹ_}Q~v%E,ݔCRRҸq,-- oI$Otnkkjjqrrb0k֬ijj; 222ѱ-^ow$tvv]n-ZrY${uwwӣhj6l`oov@cc5k 3gZ<&0 <>i+++EI]JUğ{_utt}׀cǏ;wnddCݻWSSCd  :ԩS߿r?NII4h <}ӑ#GL,]333DDDxϏ9R#&vwO(N:tv/~$aزeˇ|~B5_pXXX\x[R(_/_Ι|Wf:zh}}=]`0@ii)K.LIL|㉙/^XZZJX,2ߔp8!99Yh<_ZX!DFF CkܸqJ'w~b;v5CCC+Wh.Ieȑm۶3l"QGlݺUJRB5;w̿ efggeiWު ?w\pppP2BPzk׮:;`ԅy湸#ʗ^ PTb"0/s:vh4JRT*)~sss@AAP~~~>BЦ)XÇ +Vbt:5 ԩS_Z+&vwO(>| fIldT+9?~ﰠ/fIKBUGٻwoaab ^d|>VʎT*uK.=zc0Ǐojj+y+֮"$R:::<IGGGRGD'0 3E{H7 p\:?δ\.HP&Nonnxh5A_|>?>>~{ xWWW):e.IEQmk+B-*sL()) o׮ؾnݺo޼!~ɓ''O\~}gH׮]wז}`0CϞ={YMM |p8-J=.9#A|"oJ)#Z1PTT$!u}Ԣ֎`'O(;p8ϟ?߿޽~t2^obw$"je? I5Ȟ)5.]*j Q(oLOO˗/ϛ7L믿~`4&f3Ϟ=+tFЃȑ#B% r 2/ 44TJ鯢S/_.!uJ|+W 凅qsZ'wĈ={ڵK@ MIGMDQ;v3n*QGRұ6JoK i`]pF133cX_VbC\.GF{Nma0SNKp_~ K™OOOx%%%v]*egg8vвy-ܹs~XxqfffSSSuuK/[#x~:ujJJJuu5ǫyɶmzZ)+W(ʕ+߾}r߾}?]Zyq= h׮ѣGkkkkkke9#{_l6+((aMz'Qd9rvСCͽ$Zُc+m(˙ޖ|Xub0u#.."t~%Ku%=e| lݺUA?XϟkҢ)V^-E|ń2|1cD:::һ#0ڵKz'Q~DwCGRNoC5Ȟ)2޽ G{iIQB'uРAB0sر^z|>_955uȑzzz>~̙h.٩ϟ?Ά$Aܺt2jԨHq,`{ u6{y+ISЎ#q4ٳ'N$W(B:T3gD:b0hhhHJJ:|RRqP(O8qԩJT`0!4GNtuuϜ9#jTMr3f@czzzׯ_oUQ߿?}hV[`A@@1 "j`FEE4F~:ɓ'_pVVV¨'|>ɓ[nܹs.]zafffnnneef-TWWWVVfgggffJ qF`0B# [nyyy رc1֭[pgϞ<"(B 0`Ȑ! dիW?>yhT]]݅ Z [ ,4*))ѣqիW+Ivz+9o޼Ç+ ><|pҥO>ӧO@@ lƍ7n܈#:o~Æ P@ ȁXƍC}}}/9Ֆ7o}xɕ!bT*uѢEJo~֭۷o31[nJo`(4:uԌ3`… ~~~0mcc(̜93//09s]V4frijj߸qcaa!ٰaʕ+i4J[`0-F J:Js%'AAAǎ ߿\=Xz͛Qv_-[ (sW\166n3 MhsN^dpٚBUUU׮]HK777EarqchhGV,oߎ7M8::^t[n`0Fc oߺ666 4'ӧO>>>h?f1(+>>cǎ$;vXf w Qh"u>::=7lؠ`ڴi}'OfTVV6 YW %::ڵkZW*|yРA׮]#Wh1Ç 322c%yJJa!h1 ȀgϞ;v,())&мr劗0 FЌ={ QQQa] 6dxbnn.z0xyy!}7nP7 СCw"뿹yĉ="Wh``q_mmmգ\BCCa۷\1U3cƌ{IrrAȕ$ W9n׏3&??\U )hX]] K,тWD&LЩS'>}sm6´իW|򸞞^bb"rR]]=~x6M* 4:y$Lh4V 2o<.))y&z0*͛1110MO$Yӻxb׮]fffEȕ`0Xի0=|pkkkrӧh?gϞ%W F|900'lٲLJ\IcjjzUlĉJ`0G yg6mbTpuX׉i!!!eee0bZ:utq7 44ǏJ`05G 7n=z4L(ӧOôӧ5+<9d+V隚%K`ucwiq}4x׮]˗/'WFY466n^v G}}}=PPW3\I# +++KJJ|>U__̬G_5q1EJeeeaHբZ맫 ?>{l9w^d]͜9Ss+ EFFzyyQ> i>ԇc~HoСh5&55~H"%0etW=zl9inn?MiHHȕ+W|>ٝ`H:vvvJ?Yj}"݋nݴ4k+--ussSbYp!Jr8+ĐNll,B֭[G吓|ѹ477j޼yjjjڢͤ߹sgZ:uڴiSii)HE"~>}Ο?/ZF pxR(k={6ӥ<Ç={lUU:u={v||۷oe`/񔓓xrillD^EV4BBBеzE`Z˗/L"î)S/\U__//^9sfڵcƌ[ҥKڸm@MM'޾}[Ra>alllbb6|Q^zzzMMMmEO$ciixmZk ϣӭ[C.GE'4**l9$''JLA4mСvRѣ 6l6[}!//ŋxgJ80`>СC+RP*6co UQSHS[oM]]b(___; `d2L hii5s 쯒̷n4hIN:xxx|c``Jss*TҲEFFZXX0LZmIڔ$bo߾f644Y.}9::2 77;w;vŅ`XF HXkO'((H__tFq֯+>}֫W/ Ъ.Gq;O9ԩSHzZ~=qm`nݮ\HKKK%6׹sm۶UTT8q嗕͙3ÇJl, 4յX833w07dff˭[RSS}}}QY,VYYYii+2554iÇQN>$66ٳgiiiL&sʕX6lHKK\fMqq7orrr׭[*y;wƎ{7oVWWO8qQDG֭+///((HOOOII{DkE|ƚ*^۽{8iӦmڴ)55U?U(Hii):U7oVB _|l9ʇ!ٙl9ݻHXYY)eE,477ڵ(}ZpGTWWGEE3L{{{USS#0JEkAi40ftbl6\ z .;@ЩSׯ_%%%VVVbے)ImVVP=hpVVJ)K)ݑT^kvAc999@ܨ1-~6:tӧ+젠 ### 䔘(w2>@vRB 0M333.K@ +`ϟ:CCm۶R|p:\P(VҎ|>?333((hԨQ} uJ1z_[[~vڐ!CA~K#;;ptB6;;[kkk4Mjk2X#%iw֛7o6֯'L&|5k}eX%%%ѳe+ĐŹsЩ?\xt钓NwttܷohׯX{gΜm+--ÃNb`555-_dΝ0~ܹo ,IݑT~ӦMpLU ,Cu<~`ff&2GGGG]d˳@gDt2:p-tSkb0DM=L*^[n֬YsFWXXxaHR IDAT &ƌx@#yDazQm۶ 0XGGlРAQQQ/_lmU 'Q1PVVU^^7]\\Ӆfb #FHIIAa:_|9i$8&-!dgTWW -m-nݺU Ц@ "XLIIIMM LS FAt'66VM)=wgee pK.O}SN]t ؼy?r?}tٳg|B}$ƴ W\i;vG>tttN:,6xcژݻwbiW^%QJx"LtY)31dԄDg?r3x/^999 V9"##cرhSSZ}![JHKKCcٲed(DLL : ;wVZUU݀^!!!!dQ>O'^^^/xeeegϞ:th{ ņdTۡC I&HV}3g1#|PQ+DTWW vk׮ *111GаlEJݻqww'[4 E f:yfKKK}}9sp8pzzzx>#,</22‚d۷KCCCppQHHRؿ?K-;U__?sLQZ"#GHT ?#WFAڵkhҁ|r8sT|;>*eF?FF -c@XXz!CƏ/^HII!U4 4յqwau Ӊm, `vuueX`gϞ2L͛Bk֬)..~MNNN~~uOnJMM "k־{.==hdkdYvMcccd\kF"&&l9EA7nP]C D!7GP___`dv v###mz$x>>>>dˑHuuuTT;ɴgX555-% Hz Lggg´ 677DN^~ %%%VVV0Mӹ\X9990eccj@-;eccyF#ьڵl9 KOOl9E!;rEEE%%%p:tN*1cU <8>>>77466fffSTr\;tR9jqqXXr NP?8 5jTb`x``@UU:VRB WWW8B/^nBn*G 9@tzYYrLbb"6l@` b2t:ftEE0#v8dkkPSS|J슊DܹSHkkkXqKlXxd_-e*.V=ZڤlhhhUU?^td0vvv'OV;&1ɵk#;5rCa;wL :̙3%%%<b 2ŽDMD޽lvQQɓ q9U+W>>>eeeƍC]pM:囘o`ƍ0X8MOO999:tؿee%yZEb|||ѣG,Vhh/ ,466w,r3<|M w/h*aXȦ蘟8ql9*ņ<}l9bHNN311666s̑>,4fL-Aoٲ" BLBK.999tGG}M6U)p966.޽3gP^366f0 0~ܹH cccuttIBc ,@etN0l9 n=? dQ!~-&@Q5'NǜN)@#x~'4#ׯ_kG= pӀXlZNxE #$$nDs1Z2; i?~LQ<Ee>|ݻLkAX~aҤIdQd`8q9YhQAAd֭7oބݻ##`Ȑ!L&@J d7Fu<{STL[2kgggcc 6-Gih6l؂ `jԩJj-Wiv1DèzzzhDƍ?&W믿`Bh^x)J#wZ ]ssބr+T,YRZZ'N}5k:f`m O<9s&zZǏ'Oftt0E諯Ghq*[$o߾wۀ2ݻ+^aCCöm `ll 4(**J>&))ʊNwaڴiwܑO1.!1Z+I(yNWI4r׮]K"D!`̘1d¨J]]]xGIs)t%ٳl9_ PRXWǛ;w_1 E EF]vtY=ihh=zׯᦓӟ hcSSSooouVff&zΞ={`BGGߟ\1_o߾]*^[DDDffӧKKKy<^MMÇccc{٪֬Yo+Wfee566$$$ 6L>mNNN0zhd[xCV$ʾ}"(F[IJJBg|޼ydQ&G]:u*rÕ$ Ά7U!`g]\\X-fhJDDqP:""%QX CڵkwΝ; j<==uӧN$Wټy3J䋢zAErsA>?`9s( ∿{Nb0mXÇ/Ymϓ'O#Q>ڵkFF422vZ=Ui( rHp~r({hq&bT r077WB8k߿W3DjllT>}Zb#\0iҤdIoܸd2g͚ 1r=yd333]]>}24d) ')t۷dgYDE$..FQOOo׮]}L(!@/bkÇ(%5Fv.]~rrR 222">e>{~,߿|oP(FFF#= C~l]]])b͍oN,}v[[[ "x<^dd||| tuu===?~(vHEF444p8j߾} Ν;ǎsqqa0H,$߿FKxӁvl`)JRR 0`gX۳g Q+**X FJػw/ي䧸b >0m* ,{cǖ/_R(` 2|644֞8q~ O4L&XJTçMZ3Æ Cb_W9r﫪-[F,P^^7cbbFUXXX[[h"v˗O6MlCv7,,ۻdԨQ'fOSL111Ce)&I`Ʌuuu}rE'e˪FիW7h5kpܶQC^xCCÒ1bVšOb0Zy߾}e~755#ð)QOQQQL&ޞbԴϝ N:"%%%VVVlsss8 Ct:] ʂ!h. nt$^bTIVTnvQ:Ze` .a:N<:::!!!yyy*j_p믿:>TQ "** ] d+j5D(NNNl6lE_:?,L<0p@|`0Xj/̠QFI/hbM!@5  2Vݭ$h4\.Z9B5Kڔ$U2V+4.)C ;0bZbbfOqBtuuKx&3g$[QxHR}+e;wfmmF#XRD Xjǎ;ڷoDן6m(G|>ۛ7o߿O 2w\dggƒHV^z=RB6nH/bp8ussJJJz=r߿?tPǎ3f̐i1ѣGɓpR:!5t4:t3gΔx"5dIonoo/vTTgaaaMM [P7z{{rtoffv7uT*+ItaѣGh!)+++--=z4]\K*IE%l`.ʋҹs9slٲ… B[߿OKK;zUP,!TI_$Q)ٳgV2666H/h@kTjӧO2d(rFLNN311666s̑rD /Դ|rSSS`PX{gΜ.]rrr鎎{mڴ Ehqw@+???cccᑐΝkhhhhh :H2}6e,&IKTX8n8+)EDD;`$~ztǏH߿'޽,3y1o]2337nekk`0ttt:twٳGi .FCCɽᠥ!ϗ \7 ?<|jjjssoѤ9hGޤTѣGgΜI$|(HMMׯoܸ+Anh\. "EaȄrÇ~Ⅴ2T*vРAC533tvvի XP(9sLxvgc= NOŸ8n12NGT)ÇQ-Fsrbϟ]INGCTj||| |)ܼyd/NkksεQF5P(0A 9t:Mǎ#[JX|9cǓ`X<ڵi79r^ʾBTh.%%%ƍP/^Ĩb˛7oZ,ׯ]TVVdQ>\. vK.dTT4 vvvMha?O.d!Q(RӧOE-3v)U|šaݻ8p@1|~JJʤIDopM EJ;\ /^DdLL r44bsyVOEzܼj*hSLȐ]t[ FTTT,XJvBg͚Ԥ`ѢSJG0*?Dgb-Gɠ ۷dTZ4_do&Mdjj`0zH ===bX/_DÇJ:Dwۢ6N*jfh4ȑ#7oS'Heeeϛ7﫯{U|BB mnn޲eΝ;_|Y $X4ȉ0QBڎ7n̙,k[UV͟?M8p}T= tv܉NuȖ4ܹC2m޼R__Μ9h1 ׷Q<]]]OOO3x<^ddG To.VaCCCpp0)&yxxB;X__?sLQwÇ2vܩ(K ҥKJ#ݻw;VZ FppwFN8)<ڵkU`f%%%]z"[wiiiIIѣW\ #""Ǝ[VVVZZʻݾ}fӦM[LL̨Q kkk-Z󭬬>| VaXXR2jԨTɓ ꢣ#StXX؄ KKKݺhv7nݺeiiI|s 0 ++K:|a(]]+W(#t*++wﯬX =88ʕ+dy( &[|wwwԣd l`ymmma䈵Ql;uk.))i:.)buNNLgeeؠ+**Pt:]liSg޾};BѸȗ NGY***#XA [[ۄ>_[[K؜]QQ;wUhmmMK#`b`Y[[,zķ/v +++wޑ#G֮][WW1VqMbBNNΑ#Gϟ/4y~DD՟ǣ`CSSӀP/V;::fM@ Ν;L+bkԩİ_iiiJo ܾ}DUpv5rH!&V^^.`EBB:YڵӬkDhI?F@[Fw$kGGGU(9U0d{Z roŋUќ(Jbcc}}}W"I҄ 6m$w8y򤑑uP?atZXX}pu]l a@JRR"6P%R}WrQ?~lѴ'{qq1fh1KxqH*bǎ%} 1ڊ@z/´իW6.d)Xݻw322?~~znݺ򂂂tb4dzX,eՕbȄbcc={VZZd2W\ KJJ> nݺZ]]ܢ)>~q(}}}Uʔ)S׮]ٳ7dQر Ξ=kaas׭[РF1Ν;pgʕ|>\a)S677ÜAߊ"`R;i$$$t:ի@^|||d)$` %PY )& )(J) !j`YYي+,Y2o޼ٳgO4i„ ݺuQt fx3c!t܈hРA.-LMMꫯAv1r ..,%]vƌ#Ky)ذMŐrttd H,IyyyNNN-ErT,qvQHd2G\Hy۷o'Na2 O`SL!^7on{7UUU/&~P(k׮Uh F QG|޼y$޽;)K,Ԕ)SN86e1$)"m&K1qAH %y j]WWjK9pssqmۆ"BLLLڠu988tSSӉ'޾}[R˗/84—:X!!!nݻ7;!={B%},[@JRBӱe1$)"ϯ 4H1qA.xїt###)wޡ@Ν;X[\>! !˗/ѿDD.].]:39>>2fQ^Zxq~~>+++;{СC%.^XSSS[[=`6T!3\ۓyyyR*! () I$mh AtRvQ?&R㣉(x+-XG+4CkHիW˖-#GtɓZY`|YЦS)i(`ĿĜ`#####4StGL۠^Vuu '&ɢ%ĿŲ秺}}}&T֭[C XZZr0Ù4iCR(oUeQ >Z4RVVVΞ=[4$J4h֭[(l2-0|iӦ̪۴iرcQS)i( T(',, M5jTDD1mzXsEɖ#ha ?{ںUGU$`ܹs,1 ,KoX-}fff]f͹s222$())yɓ'###G)~hhv|:**ݝd۳X(cbii٢lI@BusQשּׁ,I;b5z맦W:tPVT5A>ZfϞH=RUu9s&, aιsUE\.qիWm/C !M(-LJO8QU$Bqtt@^ФuV5y>4jԨ C ^LPǝPtO4}B];%Ζ?V$|>[|9r0|enٲDI9m\X*r J￿~6`0d)Y__+ -XPr,Ya{TFSmOד-#@SQ:D%SlUR ,r=z4(1P_.{ r`nn>q۷Үv0t3gΔx"%e\*000336 $b4Eb@|RZjqkkkт^]]]W"/ݻɖ###xYΙ3l-”w8k׮m֥XzbuJҬt\.7))iڵbeeեK9a„e˖ݻ޽{eeenLLLt͜9sL5;{l=tٳKKKObMI@[4Νkhhhhhub,cۡݻw0^&~AܿyRmִzBKY>>}t3g*Tݻoߎ2L Fv\UUc655$Wb8icQ#W+m6AAAį*}۶m>|Xp!'eX"00VTTÐꐆ=====ocdeeͅ .X //eddL6 XZ&/Ν]v/\ĉ<OƦǍtR*fQ>1i-UUUGb-XO*!!'<<DPȍC"$Z4B݂= ?Y0jB^^z|EJ r-ŐSG! 2h I^T޽{gZ! eܹBΟ?000h`0Z@+>ɫÇ P`d\a0m R$*ѣGnj/~4UVA+Ǐ)((NO4iԩzzz(ٳo1bh 0alldVC,>K,!QXL gggr`0TeLm=z4rhM.QGDDϝ;WȺR'N믿lvBBĉѣ0.ֺÄ^F1 L0`CCCňR]]]TT(3C:hP{ /[lAo6F aիYfA555ğo߾?OzM61LIm6چ.HALIIIGLСCA~$*˿¨Ŀ"m:OnlmmW^ 0Tz4wM>[nB۵k7/Zm˱cwCwww-Qh4б%TEKǤ$trr"K$P{$*`0LZ\1b [[[>xǏգdeeM29{{[-_R6`(_ӊ+utt&M,} ;;;<:%7J;Rׯpں)2AAA\.7%%dgg_$֬Y A-Z/000@б}Dk!!}?E&\-Ьf !͞7o8Ebb@ hipðn@!{؀~` Ad5WW7oC~~~ŕUUULee%-[fbb`0jkkEjhh266׏;lvxxٳð}t''8qN3##CbI껨"^^\URoČ`|l풒Ċ!!ĮWAh4oY,Vbb"zZ.\jΞ={^zĩW|tSN-\kaРA3g|I]],/^f)+ pܻwhѣGGEEtΎQQQe80qDؗ/_2K6f͚􂂂ϟ?111EEEyyyh0w>x𠺺:$$dȑ׮]{nuuرca4YI&83HJ V*//SFFE,ZXdz L~] y&!^xh9$$bɒ% S8\.zI[ZZr\.߿wwwݫ쒒0jSP(̦U={2:DEEH*|ݞ={|lo1 L&Md2BaVV rmll>, ;v{PL++lN \mii)V$MJqNR h\05 1w}f1SSS7 pA}9rd%::D$8x<ڵkqsZZZ`Kz/0R"޽{!L=޽ e4$}LKKsss) PO8q"؉ PTG0JK\.j9ɢSbI9wHR 86dzBU[[ Dp0GDk!!&Z|DQ9Һu֩T9sD( 9'ŀ a2t:]QLI12jjjH߸qM(?==촶i`eeiaarrr,YtRL6 ,I5#Xyyy6dzBVJJ | #B8jjyX1cmm ܹCTQFDD 80++ ӧϳgQ%d2_ܹs|>0&&Fj#UQQo>cΜ9fxN:522۷o߿Y.\X^^^VV6&Y000UpŠr8b@kh/QЄD!!C.]OwDkiO{-G%޽;z[qqqJvӧPҡCRh4KKiӦr"&ut2vvv4v߾}D*z-Ƃy...gϞma;v;Y,utttttl,ⱦ`I&ܸ8BzlvXXPF\FA Ĕ=S5?~anee%n.D?ra4J2MIdaÆݻwhED" ,YR__wzzz>>Ċ!!u׮]_E&=ӧ Ī\ѣG*ɳ.33l׏X1^8D"! ,Ra B 1OBCAyyy 7g<o޼y177ٺuT0O?Dֈ ߃Ν;˞7@i?~nO28!$$Ϝ9CȲZEjPSS3|={=nnn}!P$Pۗ4HH ,٪sJnQ;---J鸹YXXVj` B8fܶO?C'"""55}fjj cȎR ,6]XXٴ,\p lϞ=O$QqTjPPkEk 1 (租~ӸGMHHQ8N [*}ݿC ,() tSAk۶m`C]] KBL>n'&&It ۷ZZZ >dffN6XUy #I~۽{74j߰X;wgtQT b0 S P5y$$bqvvϟ?_QQAQSSsvv޽#VLr9???X04t@`[[[uuu##TIU0p2rrrƍgddѷo7L8w YpQNX%%%pLM7 j˓DX {Fl|X%-ѣG~|REv IDATꛃ'((妤p8kJ)J7绻:4776!!ٳͫᨫ7[իW}:a4#NIHH|תa`h9$$M_я?V$VwJ(DxW0LJd-J&P_%Z*BeIyΊ=ILJaئMLMMMp~K秭 &<oٲe&&& #(( fΞ=*0,11suu}NXɓ'Gض{->q̴.ڊˏRGථ2Κ5k`%K+IhGFlllϟ":t_~wѣG'''kiiJF\iȠAfΜ&###:ޥK8]y<|033x`U?}b6z訨RGGG0930 }ezzzii)Xt)`2bbbrss {=~x3rϟ?gddlQJJJi///P˗/, ðx{{K IWd!&&:/s999EՕ $$M|hEF}6rQ0G&‘ ={2:DEEH?yfС ,^:'rrr%ܟ+d26ѱc߃풒333MѸ\X`;;;\QQ[hv2??l`0pʕ PgbbrqP8~dF$u_~j`A& v3fx+trHHCtt4Xh9S(8))h9 … u5i$>O&PZZ Gw<<x@jjj9( 0 s=>~hnn~ðGDD Z$ P#$y YfffP(}ٴ;utyQF]vڑMER5P(+ؿ.V\ A;b4 C.j >N4 7W*HJJڤ$ϝ;WZZ cbb/pHH۷oy<^AA3ƍys۶m,pΜ9QQQeee , ;CCC.\XQQQ^^gٚ?~D] s̙5kV~~>̄~WW޼y?-\(?~HHNE .[u ^p!ĉWHPP,@kJ*]I=z^吐E}}-I_zhE@l޼h9򒕕e``{4jԨw((('-GuIMM 000hӦM rܹݻQQQ, NOOwuuh`=Z~`aXXlvXX-KNNh "|>?66,sqq9{,l1+++ @__N|5}tpk! cccE 455Z^heeeBJ~ZU"}9Q:744(iQMMMMIMMHKKKU}lܸh9rQRR.twwϛŚ5k`/]F߿{(666 @zDS[[e˖̃d6S6ɓvaaaDDz0Url >>>wʕ+j&'O۷"V %KH[|ŋ,LNj`cÇ<MMM%!iEl߾IJJ?# 6  JA(N6 fٲ|J;wP*FhQ{{]èX!x3g o=ݻ[ D###G;9s޾}K$ k˖-O QKPfΜIֈI"7 U?~^ (BWrLTTņaѣRBBx{{A&W[[K$Qv+}ùs ?vܹ=z+ٔ\|l<f$!!i6J5S9Fu֭{m}}'N"Eٶm[~O&L<@R—/_&NCF[UGۻw/hhfT <OE)//:u*eMHHW FCC0[ΝK$Vm`x<b b%͆۷;v,zHHЛRi`x[ QHH:ttN:&d%Cݺu l [Rtt4tlwpp8~xvg?ܹsoiӦ&H:u>|Prk׮MIIW%?ׯo BpܩSx011]nݺlK.R2χ_Cٶmێ;9l Nfee)sAŋ7l=$/0iҤÏ˗/߾};Qbx<^iiiXXP(; *++kϞ=ݺu#V\p~ӦM322"VV0JgP8ҥKנl{`#hQ޿?eغu+%!iDGG/[ ~\h WG7on۶ Bk]1~b=zYfGNB!H/^LUfW^ ,t7obqq'OypIHK\\ܴiM6(]!l1::&xvuuUfsσm++Ǐ*G\t)++ lO0pBټyYvO^__o߾ZMM 0>|r088Ǐ؍7t -0B!T8CPoccC{ꕑ˳)Sk|֭bg\… MLL :Ù9sޜ9s&&&vICCÇ'Oҥkffew_;@9.Z?.lgϞpٳg-\]]ȑ#PY~O?ő#G/_?={ӳJr^z)SC)++)ѣGέ@zjMRcbbCÇ0ŋ^ƾ|2==`SLYv?>|? :Ba``ÇL8Q~޽ǏWWW+WsFFÇk͚5STT[PPȹ{CBBFyڵwVWW;FĕvGkkk8--P,֠9bh``Mz# uGBðv_3CǮ0 ;yՒ=\eZ$Ȱa޾}B-ʒOMMmٲe3?뗔H\-D m޼,y cp?ZvQ]]ٳ`S:wLќn޼)HRoݺ$}Nxxc`}1..N[[~355eX=1L^0Vj꼽;ѣGM }q %<}$!{{]Yh9Be7c Q1ϟoFU))) V}m &!iBg t2d׊9}49f("1R]]=##hE$$m` Šwݻw}JJJZ֭[=<<`k##Gyxx(@.  2s;v͛gϾwoF#X/^@3h|>Ŋ`FG!DDD,(wqq!V Il7@qӧ9wޖ7i= =z4zzqkIHHJLLW?~ÇAz ߿?A__ܹs-_Nl!DQIIIGvvvL&hE$$mɳp(nxxCd)ٳ'= }N3  _x L--#F8995ѧO/_b6hРSNuرҥ <˃ Z)EEEݻw0BܻwoСD"!i㴬x9s^xhQF)).]}v\MMmڵbw7A·\J'=/^twwWTǻvZAAAvvׯ++++**jkk2 }&&&]tqrr۷Q[5߿?vիW>|(iU`PSSsrrѣG>}~gWWW\S%#uNhhhz.v Cۿz O$i{H1Hۋ9Y\\zjԩS?^WWGtZ% VI3vcǎJPLHҗglT'OV? F344;vlJJ_j׮ձcZNtw?~egg>}GP +F@w:88t@ zJJJ 0 D'!?Μ9gg B |077OHHp8O> ږC n` Bn:Jd~~رcqez%OwV߻wo߾}?u6riӦ-Yd6lذaúuΝ;aOOO:.--+WʙmS__GGG)[n&LXfɓ'߿S^^xq8O^ti3fٳ`奥J`ZZlm@؝H*N=PHH=544<==ax+++0ell$&&t{o޼A۪466F`UVV=<oٲe&&& #(( QUUUb.P՝={6Á۷֖N;99=xĉt:gϞ0,ŤTCoGb5KB Ɵ养{X`n9ÇAÏ?;cݼysʕ ;H̙Cаzvډ"\\\VXqf6xgϞmܸCl<*{S8AAAŴmٺu+싱qK_C ~,fH{ܾ}{--ǣSJJ pHHHyy9bŊ#F|򥪪j޼y̸q~ZWWvھ}ښ={-[ uyxx|6,,_~YUUծ];zĞ.933BkѢE%%%lnر_|a26l?~}zĉEmKb333@JI*.ZNTbRz*\U`q8ׯoݺ588{hAI;99?~˖-Jx%Q>.\sKr=*|ƌ Q}\ʕ+q .}ɓ'7oLIIyѳg>}$.Pr.]{{{*?|>211Z7pKɤ钎Ϩ#6++@"΀UNN\YL7n —(b IDAT߾}#ɶtBCCw!Z <`IiI=mKMM5kVQ[noߖ4HJr{ܸq-mZ4ٳGOOՠߤ0/^jhh̟?555/_ܹennn'Nht—|rp*SHN\nnybbbee%y\EWVVVZZxF&l%cOяkhf#>|S T*u„ ݓmDe)..駟NCMv٨vځ6φ pO#Fn秥-[LFщ?8-YzJF- GPZitܲAiHMM 000hӦMkIJj*cccܓh4}0 CCC h&LbbgϏk\\\Ξ=+E~IKj.+++ @__N&%%,k::::::pJJׄM4d)1..{)$5"]l v]WW' Nݻ Haaa`04555559a۷o_xQ__/vEDDZJ*'ݻwD#O>}׮]ĆxY@7 (ʚ5kVZE~'N{4557nܸpB =zO>)PfppgHHEEEGi NNNW\ivt?~;̠A?~ܼzev #%%"!!!XSaٱZZZbrpp3gfT^XXx̙777kjj[\HOO766FdE"̲eˈ"0L]_577_ʌΝ=<<̙uÇ?֭[W^xٳg-Z4i${q%.]NA2G5Ǐ}211]k׮E֊?aEeee;w4x`?|4ڵkMj=Z^(}5kVDBB"o`&0oꕚb#ǨG$i!-@RQB ѣD+REEE뒁ׯE=}T4h>1O> ­ظqh߿SWWouQxSڏСCu5w\ Dq|||\Ǐw5w\///{{{###ܤ'O{4}!!!wS' inoo.QYPOSEee쑕UVV ͞?>ԁf$ڴg9r$,`0>|(c+G&"]vg䍎DuhUUU2bFRϟ/%]P(|ի &=:$Tbbbn޼)eܻoϞ=,DF@햖(ߜ9sPw0dSSӏ?"8p@OP FFFׯ_khh:t(,/Q&  |||Z-ҥKkLZW$$*Es Ν;=z&EFGGnrbfftRѷmH~~>С*V*sMhhh}hEM@ xxx@Æ #ZQ3A-E###oiABx[ߏ+fa]J W^E+TM.pƬYHSUֽ{iA55˗zE!!!RaS(;;;)SDFFYfʕ˖-[p)S<<<q n<oPʦ$66_QaAƌ'{K9v"Lyyu{0|4:::Ǐ'D*ݻw9˖-kkkQ_ÇK׉0pܱcǢaʔ), 444}9w\ ;'4SNkڵk*djjhXh'&&|C_>vԩS ٽ{wIiii$JU87LPhQ+//ԔbXɓ1mڴQҠ鯧׼nD&ׯ_Gsڪ(#C&M•#(rΝR*-)\1 6 ʕ+Ejss󄄄 SFi#։'P)WWW~3; @[[{ɒ%Ϟ=e͛7˗/G ]v=B۷O -A_'O7'6ڮze\~u}EXYY.b*߀pp8f1ܹsOBC %K|ԁ>毦7oVGX Lyw VSS;tѢHZ(ccc}}xðx+++ " y<޲eLLL FPP? $ [fuuuuuugϞ STao>[[[:'N888={fddXF* A~WWW$|6Y<|0:U'/Ĉf0aBrr]RRR|||pt:}բx<Ț ʛ(?~ьmWJ=N n*@=b`Fd H&T?}y>|jFܼy3ի^zx}b̘1W}Poh9 ikk鋋Q!CȟD?N.lEH۷oWWWoRy%zjMD"iYDaر#LRRRbff&Z466$N$%\y߳---aEG&c)$b9atbi/^t(KCŋqW...obŭ>shItBQk+&ҥKa~mȑeee9_>455qPR ,/IKCC~|>whRV.FQo&ZN# <ݵkzGSWWGNE2@O2!RީS'ptJTLI;ޫ$**j.7 iiinnn0/fffb&Up0Jr~URb␱biIhPPn] lܸPWWWa>sN4a+3f̀$Qw999VVV%<+oՉIx!$LJ_뵴D\r^p[_^^^DˑFrr2ڻwoyʕhǎЩ#ݻf<׬YN>=T\\ :D>>> iXYYr=EjIII555V-"PI.4SI$Umr=zC|>Ǐq 'M|00077%k E^)r|ꔤY0)}ϷiRMM 2 v*񜝝N\LNBihhFmPYTLL zqS*^xu o'N+=)ʊ+zI===~ZSS_p77~fddFFF/_p8700@$knnXYYp={DEE ooo4D$U:% 3ٴ.]Vq܉'c6$G p8 ð#FZЅT'NQǍ***P 4Oc!XIKN߿Wmx_ܺu _%Zx~w(e544 svMQPPCvQTܚ$5t~ D`zzz*hhh?Oݴ|~ll,uqqh4}YqqqӅBaVVV@@>NwuuMJJY,uttttt_$U:% 2._?}kƍU*]BB:qU9'O>}]d~mܸqQ2j(τ+///++5j6`0p|F;rS ,I$@׶n9=6niJȂT10Pii)MG*ӧOGEz5x*++N9s樠NBB" iӦԩSqGwRT9~ZK.J7nG["V$Fİdlll@@Қ*ŋ"Ƅl|3fPfӲ<}||6Q/yogӦM-&ȀdQw%>]3Lfaa!U ؾ};0++;wy?y>*pa߿Rʹ3(;+TSSù2l4 [:!VԜ [H>ݕnR}޸C0,VT9,ΗGA߿ڷoߝ;wGb{zzbf#D:?wuu/G,--Q GٴiԬ_ZZ{.< )Zh{VEEXt 522j+V2|uA"8ŕ\xq+zYjh/v•۹s'wQ[WW|0ʕ+!!!Q,?k{С8.Ȃ@ @xxxCCCrMvӧnhh<&A,&&&*Q6 e[n@1Eb;vlYැq1 +N% `׮]hJ" (Jtth/Vʿ ,@Ŗ8s X[[.I%{3|422M"DֽS~MPׯeDžocl7k,4;={6GZJnn.py"c՝;wJVxmҽ{'O(Y I/ԩS]]]mnnߴZӧ(}WC+d(e( ͧ#[gX[n0`F3448p+^~-{%k׮uww766hzzzܹsNH...}فMLLˍ4 n555a6L^D~q\P(M؃`]ݻ?FҶT;%55Z5'CpA,Ѹ sQHz̞==TQQgtI1yd!!e(k….ihHL#=zcjI(MMM儅۾};l2ÇGiĒ>a%HUhHUX5.62)))EDDC Hk4~4{% ajj*BF}渐 rϝ;^T:7nNv횖+ ®_@A666gΜ)--x555O>ѣ899\޽{%%%\.ѣ! &I[^ t=rh Ɨ/_У г]UG2:zȑ!lݺUB ={P(@Ls$$QEv&;;;00АNGۅ*Ĩ7.7ڗӠ!!!>~~~D)lp\SSSQJ.Y}ׯIsm ]xz9vXLL̤ImmmMMMt:]GGC} z*.$ n)SУϟ?p[Y&Ȣ2`?~Ş9sF +**N*?~ٳV?m(EX>|077OHHp8O>'`V]ќ())QWWۀ h4\ =FP~A~~/nݺ۷/..nѢEsΝ2eѣ}|| лwo]uܹK....{駟 6r &EFFZj@׮]o ;v#-4fP7SN͙3]`<ڵkv?Rjjj(JsHg޽wE$Ǎv)SStfffDDn `ԩ4P>$d0lӦM ƴi7 ei7џ%(-[fbb`0`x lvxxٳ AWWW8^k ŚLݺu_~  *\hTt`6nܸ_խ]o߾b;n/Zh̘1奥h1rHp#D#744o277o1Zx<=蔾>:P__(Gqq+W~CSY,]tß8[y (3|A8]@ d܌FLL z. <oǎ 'aUUU/^8a\vddtD,d rrr%ܟ+d2߱cG lh4IK\-,,`lKKKX3^v ݶI [P(w\PðF3r"е8' ΈJ뫡ڵkv5kV^DrfddԱcG^z 8sȑp IDATG;vȑ#=<< O?ٳK.YhB.NNNNXXn իͮnذaM"??_ GxQA^^޵kv1j(&A&>GNpҥp׬(jE'_~.iv%BpСN:Xb}M~b2?344q8lmmwz&y6\.4_T*OKKsss ElpX̬HB\P$R%o`[Q8p5>B4N)))'___:K+GOYY_nݺ#GeBϘ1c{߯_իREr0= سgTHի'N̟?P(D2RVVfv}=ZZZf:}_x1bY C˗/G=z4߾}fQԊNǏS(lmB_^={/,6|rܸqC(ڵBCCCتLBhpIEE&n+77W:deeTSS#jkkz欭q1 t, Ba2Xmv F*0 x~8-\g3/h ={l֭AAA666>/Q,,, vSN=x𠠠@stt\~=\Zb 0ӌyyy`xذaG%񇜵p`Ҿ} qhm`{%)|Eg}}c.]8'Om[n=%55U4aSLDP(=[6ЧOk2o߾`7`?aFV_yyyYYdddteRƁh7~fdd!\ssJ38x{{/^*D;``-\|& `=z޽{"iAw%pQ-X;w\rС2zP9;;Y&))իWG@}wKKEK&Ε-0LCCIg=y<5Crr,?ӧϣ*KQΕ+Wb*GԆey!}Ѥ*<]GGGGG'<<*n`1P >66V}cXplԩ1t .&gׯwhΑ*ֳUv{VZ?.E]]}Ĉ/?^zhp)))),?9HSΟ?,Š EˊJ'޾}{m۶͙3VYB U |C~~>SCC,zPcb-[<==Ϝ9sfGnnnlP@ uml=8``? X,z`0P8f̘FkR}:th߾}nj*𒐴"VZаdɒ@('Om4@ wc)p-wnnɓ۷oO---N*%utt kxw]h𹖂 v tBj׮݈#;&iq(0rUQf׃I/oܾ}{߾}-ݻ7˗/a߿k֬EEQ;і *166F;B!/K/INr/TSSSmmI&alٲe>RYY 9%݀r?z}+k o*`b&p8p fܹ+aIII'ORzzz탁CZ׮]kcf"zJN ޽۸qNWWW777>|={'N;յkՠ@ЬP[@?ƹ7EHb3>D XHHcׯ<dcƌg@TG.RR"  ֠((((BXclXbB,,(U^;[Xm>͝;s{ϝ9sNjjSSӇvSSS,={Hշo_O  ;{̙3|3S*1GX,lR.ܸq^y4 XHܹ;:*3ʳ V\\&iKOOϟ?۞?f̘a0L7;v,x 4-@u$껤r>} ;;;4bKK >{m3{AF766^pS^ekkf`}%`Z-]THtey_H0@e Z1hN!j @<1=z[ -YBK,? 1_.$ {B-,,PRR&&&m>b_rJ2p'(*/FFF5;\ p}l;w qDDAS( &%''M0A7q7A]]+TAGG/"PӨ P(Хp`(Y@ ȋb1 hnn%ߗHWW~HHHHJJZz5_UU%M1LZYY R$7z `0‡RK,!i0XT%A-DGII >FIox5***VZ1mڴK.lJ<}tUUUtt5k`5 dҤI )(m!~}_&J#uuu$L{nb4>`lٲBz0NJJi ^v ?téM3gţGSQQɓ`A.ћ_~頵 AS52h"/~%%%{{ :t(---((x8b-111>}ںu+֮Djj*B8_ ɻLÀ ]? "`OTjGc?޻w/Zɓ6jmm=|իa_P6yfmUP(L&~r/^l28{"F6PIY8CP6oL]8 "|J-PVVvqqet7aر }tS[ <<~!ܿf߾} 󭭭BTP?RL@.^FxϟC=^.\o&$$37¢7oހ|s 222ӳA1A'bd)Hxxxv*k׮ u=%),0988V{{{A6 G,X򵵵kCk.y#1 a*T|Dxۇ͞=Czq`|H_qUSS}|îm&1]ʭ[3>}=f/55MMM?~EEE MDAAZcll #|DЉ@6rs\A ${ܹ{NLL={OZZZ>~啔djj:g1dмjeAIV8P^^._y$᎐@촵SѨK}577FNaijjr&L@aȑ Uٳ]ݻWYY-7nXYYbxCCC'%c4 @]H: ѧOT|2c58!]w/wLL Xϟ?O6ԩShAxcxٹs'G|N_[}CEJMM X^^5.~):ӬY@Rmm$t1t:h*!0L/ _RqFFH3X8T\PPǏI‘^ny*++-X )) Fm/atGcH_UNG՞={wԩSA7޽{@IgςAqky;vk׊lׯ_w4;lٲ%KdeeX3gΚ5kJKKKJJVZ c+99j^ y4)YYẎAw]'Nk;|p6-oܹsp,vvv9/_8əK] @ :%! cOOOmmmfbbpB1Fuo>onf*++P引I9 -3|{ÇsK>2f0@sss4!/$, uF K6* yK$XKK777)dCCCtHe޼yBC\s~ rss%!&Pѽo޼!F >|b hhhi-0AIIp)mӦMp|'b@"Dw[]]tŋAI˻r HۣT+**n߾ cƌ!mj`0CӃG$/SPp8DđKtǏCgW$O:ZXXHn ---^^^$/OPPܧfnnw^#___hώ.rJhgRN͛IƍGǹsEˆ2RuΜ9қFEHc^/`XvW),^ѣG7sYѣǛ7o-Q۠{^z[KŽKXYYZ[[?MMM`vwAǎ QNss3tE0C=߿_^vyP,ފi$N޽{_cǎ["@ٳgEUUU0Nf###RԜڵt+-]-F29 )yPKh;4hXϞ=Cc6)8p9JE s7>|B9ݻw!L0-bX録/_%$Vo !}@?rR@@T*۷>ܺu z!bܹ ݻ02:A +*_n޼ 6mZfѭ;v쐗8HaX``0ݍ)XhT:+#}vRRRRݤI" իWKnQS[(2W^E:;;w:;jQ޽dOEE("x`:-/91Lw ֧Oj޼yhXX4}ty)aQ?AwE/_Hqit_~0aX¸q:iԓ{I:bXX,ʒbL:t(i:&~ 7AG>uuuh%KPd.$IMMvvvzhSSSϞ=A\x:~yԨQv$ogp,;wD8δiP5\^r ]SSրtUVh43g>zHP崴'N81--MJO>͚5KGGN;::^vMlHaaѰa: ,޽|2ZF :p$<~XWWf̙#GmӨA}粻%''#11-@r2Z^Ɇ 111hiSS'O^bEvv6*))vژ1cU߶m[eeeEEEPP %G)++kjj5k, V}}}^Аb8{ QQQpNNNj۷/(RWWݖ:#GX,,HLL$M\Q('ORq8ף8ǎ  zjXIFb:.@=QEE ݻ7Br,kӦMzzz cΜ9D GtO;wښNCƀMMMMMͥK655r}}}#;??0$";B1:88{og¯*X\.7((ȑ#hQbb"ٳ𥢢R(XpVC444|$v 8̙3ԻMRR, UHQU.򥵵䊝_YCCCqL0]qƊf͘1cǎUUU۷oEs疖;vL81//̙3ssswڥ w1l0PmڵnnnEEE'Nܰa]t}`!!!pS =(X@DW^^^]]]ppkզ0_TUU5ҭj*rwwt_hX??? Qϟ?IFxo8]]Ki^\\܊+`\E=ʑhnH?Ls} }}}WXVVCxBCCIu޿+twRYYuV{{{ѧO*Aa SS6?W(((?~颢"X  W!FicccӧO&&&\.755 Aph $(X@͉Sd{Ԭ!88-766]<K-[&/!1(uuu[lѣ`0l+6<<!FJW$r*Rkkk:t:}zP(k%%%0HAl#q8·'N(ĉGhE I-5mϷC%%%hb ɓ'_~^t׷ PHKq-]B!RQQ UpNw(ׯc]MMM= #M,TUUWXq…v͛76o4>}\rEJ#RlKRO>Y[[WN.֯_>t:)˭߿J -%tCCcǎ755]^^^"*X6\R+X---9E`p8'N})))J;vX*2*2aaa9hѢxyQՍ1^ii{n45AV}0nܸJRʑ#G:ZZZG9#Y?~驭MLLL.\XXX(ƍ`0TTTƎXD`쐐n%DS-Z;vLII;.ٳgO:h4ME UWW{ń"_s8[zРAYfjjN+++aWJ CA3’ΧO@ IZ F>-Z$/Q1bpΝuֹ[YY YC鹸,_ӟ>}Bqq1r|1jC7t{6ENXYYur/_$$$̱t(--ݴiӹs۷fkkkkkkKKK~~~aaaqqGZ[[@RNn:+@]]?pӳgϘ~`pիp;Jtׯ_ISvvA!}0`@nn.Zdd$ja0~z? =~8A"kBb⦦ZZZ1B1Ȟ'0GSVVsBCC UU՝;wr#79~8 owѓ'Oj^0nεkH]mmm߾}+/_5_1QP(vvv۷o7^6l h &"gʭ[H8ΡCHe--Jۥùq7|vMBCCy~6n8i3`:#CEST*733Sϟ?߾}w}7rHAUϞ=g͚|޽6ڵ CD^n޼)qc0IjiiqwwG՗?Zjj 1d2/^(---.\@-666|ݼyU]]]| F8l6;<>^Vuuuxx8iгgϐ t:6MgoYfee-ZĀ~;z?}͛9sfǎCF͛7/%% ߿G0p~g===CUU%K;wM#-AEEEBEE姟~0Bpcǎ3޽---={ K.;8z9Nys笭t}rrX,֦M Ɯ9sjjjˉxqFo>tF۷OUAAAHHH߾}>4;뫪pr8 ,x(tC VYYHh4ݻ7occt铉 F)J5SSӏ?̢"r #̓pϟS4sΜ9aaa(?KJJzNa|!E֧O/_Ϊ` $1S1qDRxm;G `0$233ϝ;̙3߿18::{yy!Z nݺuҤIyyyUUUk׮%%%SLYnFHT۽{[fffkkkrr9s>>..ի^xӦM˗/'-Ec0Yݻ &-v횷E`0Y"PuڵT--- `kk x`م߿V0ek׮%mo`02&))յRP//?S"a0Y||ٳg\RUUfeUUUuuuXSSg9r$B F|[zhܪZZZ x1 K"uc۷oJ^zO2?1!&&fڴimּ~Yd p8>|xylllFFׯ5Bqtt9rQ =/`0 ?3cƌ!u$ŋe%֗/_|RXXXZZݻxP<|CCC###SS>}b QXn޼9wܖrrr*)) "vT*֖ vZ]W0N7|||ڌ@>P=z4e `0@sBnnnPʕ+ Jxx(Ah[nIM( 3rX6}t vw3b0"rW^ DW^L&3)) cc|tI9;;;AB122Rra0aXҮ(//4iHyF a0uСS:inniQL~w4SOOoȑ . y󦓓sQQQ`[ZZVXq6kkjj@* #"eeeqqqB\r޽ illKYYY̙3AAA_~%AP zt„ hWA455:uJ"a0),,>|8ԮÇA/^ׯ_|9,JOO:u*H'%%M `2U3Oٸq˗'x;;LpםǏa_]r%8D,.{=)K`0r@v ֭[F \ H7o9 GVO> ###+++ rUV>a„=z wޕ #kd`qݻwϚ5NN>=t>HV0 #"f_~qqq|+766~]]]AB:thڵ***cƌ>lmm #k`566q8*d2ԧOСCI%44SӡncϞ=gXsݰa9FzⅹSѣѢ|pꫦŋ(>\)SQQSVVԄX,}}}1;wnuu(>P"?␑ Jqơ@???;wjjjRSSa-[3 Q`>mjjګW/hr.))i|!C޾}+I)1<Ӎ7FmaaRv8"Y.wA?LKK#FDDDyzNN4WP(۶m?He^?㭠ѿ& `:rs4zyP(.]rqqRY]]O>+ A1JTTPhWow>޽koo UTT.\}6@.K1b'Noߖ o`:Q`ב#Gƍ***hԭBKNNNvvvfffFFFJJʨQd*4=P(p&IR `ٛ7oWUU񩭭ݻ7p@:nffvIɷ2xO1_vvvF{DǏ733NNN .TSS344ܿ?*޽{ -Zhs|;;.bw_z%nݺuԩ G__?&&WSSS#FRp8[ Gyfcc#Hϟ? == `ZKKK /޼y,CBB޾}P\\`06n,X 886&&;[o) JO?$''?y]XXm6чɷ#)v ,,,[s^~-( /)A̋+Ç"`0X~M<NA&Mի\}`ZEE\ňAǏ ]TTd``L&_|ATt2zG4]VV4 MLL222@Da~ZZZ޽a?o]߼YUUϟmmmQO^dQ* F^TjW/ A*..h:c ?ad2\n}} /P( իWL&3""BxeRp !G+i{ V@*1jo])YYYhkkNRwpԙ۬{ko_ A:z(|^rWMMͫWLuΜ9#{1b@z3|!޽khh(2Moo?o  `,! ︄g B4{Exf@SSɓ'M c,^S`0Ύl^ jjjӦM~ĉٳgL jժϟ?DL$Ylْ%KX,VJJKKKkiip8,KxemmO>6o߾.1֬YSVVVZZΝXZZZRRzj???oKrAb۶m~Dmll^~ =$84Q̶\\\,5*`:7\naa!P3gZ~1bDkk Eƈb!!!ʶpŋVVV4+ÖѬ, > X {o]?;h4..3m4}݌ )C ---` Y+XѢ7}۶m&$$SRt2<<!!Ukk+0(z1c@oX8<2TMЍ}"___6-Y 1. =ztMM ȡP(۷o600x?~liiAx6Wb0LgG hnnn"edd}]1Lii1cn ?rHRA0>(9PWW'a0 FNjlliWWWGӧO+++Ð{IVN qƍ~ p0. ,dX `644uرcAՅC.Gɉt)jkk-ZUQQrt$,Sјh(C N믿@BEEa0ٳ+WBfԩՒӉ ݘ4&52IgϞ߯_3gssuIcPi׉::: , 5r޽ L&]Zg|2ܦٳgw56spСCES:<(v 7n9rdAA\`AJJ$d$nEP /_d #d`側(... Р2ĉ0͚5bc$ B g2 $޼y3S[[ ݻwot:ɓ oe0DPLׯ{ aP(Ǐ733.\fhh~T{-ZYa=1;;{***'O.**;ַo=z 80&&|M=P|HǏ cǎVqhkk; IDAT)1HOOi1,DHI eMIHRPm6%)B 3!pv3'''N,_\xeohhwE0φDoo_~p8555psrrRaaaq G|ܼuj m/餤vK2Q3#Au 2+$ Sfb4Դxb-----e˖"A2CF}xgll aVtj`Bhf1prr7oސJ{y}jIOO4iRyyyGz>|ʕ+GٶmOϜ9ӎ^lْ%KX,VJJ \KKKkiip8ГV5ww۷oK ??5k֔E%%%WDFϟ?KHM4q5mڴ>,_\.aZl uЕQB4zO?TZZ?}@`׿pp=CDHH۷o ƍA~QQ蟑> E8b4TPPO? u֝;w;vZ Fc2"ʌt=E~ܸqg h;;;0\paÇ[DO>'O }YSSSn-6bjjlkk{UE+++fccs}CCCa8++GB[cc?000طo2 f####-,,h4ѣG 2YÇiՏ9+,qÇbIYDЕ$ 2C!ϡE,I\.WCC, 566NOOO>ӥK\nFFF޽ݬH]ZlST9s&'' >b:o !!!((.}EYnRKHHV8|7AP/^\QQ!  JTy`ɠ&ٮ :Ay" $r\KKKr Y▂b4H:"unׯ=|0ŬJH]:޽{ ~>򒙙 &v{pee/2phTPUU]pa\\G)7$NqqٳI˗2]`*,v;ׯlHLIYYo&==] VFF}`NRnٲx`;ᤦ::::Ϟ=< ©S倸2=77wɓ;⸿QUUi&^C*Kۨ;={t5&Y__aKaffb0\zrmKK H>\RBwAKҊ &ܻwOR"ɗf:nݺ\J0 .<|p0#pϟ? Bt`ô,E<"66o577O6 uI)**7nܹs`N~޽{~_6&%%m۶ .?̙32r/]d2s[(1:u܏`0 )*X0씺D[8GSRRƍ9ڵk`NGNNx|˖-{=۷oinn^h%broݺ5h ??b/Θ1Cⵋ`k0 F^bkȐ!|wN>~خsg͚s.]8tXMM?zl"oٳgy][)++/[X҉ ~#n!nB)Y`@-v7(Қz-L2D%2YD(Ν;/\Հ7oJRJQZZ:vXdnn3h¯8())?~֭0'$$_HrC ̤Rǎ⚼蚚@XoMڐ|jܸqc|+pltoii9bĈ`DS*X؋~~~111[k޽~v6GݷoW^)vٵkΝ;?9#c\ݻwGkOP<==߽{wEKKK9Jq:P;iSfDEEyxxQoo﨨(9 `R@BKKKIYi1"55rM6˗C6h^FPPpAٮ ùqNnD b֬Y7oޔRnMutt$ |bKHPÙL&J%fo޼Ċ񩭭ݻ7p@:nffvIɷ2P(pB@Ǐ733NgZ[[׬Y w:!iDA8;; F FH]΋/aΓ'O ӑf7VWW۷|EoooSf>| P(SN}%NUUHa:zq%&͛7 o&$$37: ,|+s "8M>|Y2oߞ.(2" L""b0ivUVI hB \/6vB:RM6)Tp<555(! .Yhhh\RIZSQ(y (@8xΟ?/YFACSSӏ?tQQH3Ç=WPeR_ $dYYHh4ݻ7BpetD\.YUUw FHEBwz.uppT_&3 6BRw3~x(/o!==]SSHb[NKKZQTDTJ8EIA1Xppg`8 z]WWdFDDLjܜR!ᡒo+! fVVc0"%”F#H }F>|pww9}9y$WޖgΜy!H[XX8p@򈇕Epfq޾} ~jORϟ.)oB%=w`ҢQ~~>|U6'''N,_\xe$Z.hA(..G`(X}N@ۣڎ,0cǎuuuK.4i{i/5557oi%%˗/+7Q7oHgee/GlX,֕+WLxVXqϛQHU RIUZlْ%KX,VJJKKKkiip80҃hHww۷o󫫫׭[28e˖ 9W"Ҙh>E۽~Zwٳ3g$ޑ(nQ׬Y#$Hii)|("O|C=2̰jy(;@ˉD}2dدwmݺbС$@h3f\v,<<\Jr ɧIL9POOOI rXgIu`$z 4r'􍫢e˖!C̘1#!!A+**޼ynnnWW]l}(DDD 6޾]}%$$lٲ>$$7ӯZ[[{-ooz% `&6UP%HCCáC`8x (~4_AUPw2~\.722rȐ!Jy|uM4I"* P^foٲe֬Y555"*@/^Xf!CBCCy酄TVVzjŊ @CIV% IgqѣK47ZZZ1"""B-c0 a dff&I FFFgΜyѣׯjիW0=qDHp/Y|p8ȑ#x`x777/\PMMp{500PSS[h $`0|755ݾ}{FcLAZ*iVkΝ5jܷo߾}tKKKTTԆ ttt-[bHǗo߾}IDz_Bw͛7`e3$$۷ cƍ3kUA"NZ+"*WZ[\wݺ}R*UPeEA$AH¼wi C2Ik-n東c"j ѣGr?q8__GnNCVцʍ7zyyxm_~W^fff\.̬gϞV*))Qżj f޼yGo_zȑ#p8^^^7oTB@ΝݜǚSRRO0EHDaa!trrzlll󣢢^zEݗT["ZbjjJg$vD"C}VVQf\gdd888`U555&&&u0S IDATr `ٳ'!׏]r3I5М$''MtӾ}חR?}Wؿ*M j)IMMœIKKSHUr͛7t9C711o8[UpE|cccY|yݻ'9XMe?zʊ_pAqe)mڴy%Ņxb$0c;d$IfggkNn,"A}ѲeK$j98x`^^ުU͈̥KZYYM6ԩS~J3)ǒ%KҜO8!bûv\ϼyA׮]RXݻ.]P>߻wW^<[_nHR77EݼyܹsӦM.5@YUrYY1[.((wC"3::Z(ٳ,E^% WckkW QUDԟw||gZ@5 ,`Q3#F@͹i9V;w߿ahh8P\Js)Яׯ_Ke FFF(AEoQQQ ?? (v㸇>u֍5˗ɓ&MB555/_R\:$Iȑ#ԁX4#XK, cƌ!(#Xcƌ)..FZt)wܸqǎ?6h6|C\~=|Et̞=5gllAMMӧGA:'W r9??? eΝAڵkeeeʕ+h={TQ>m4YV>>)gϞeQ3`XXX8X!<<|ܸqkŇQ,jF bnn*"h &\zU(n߾'?ƨmÆ 'NprrС_dd$Z =sA#FrFp8O9s*FÖzb|Æ k0662ZLMM[TF˩3ͅ -[`n;XX֭[,-[]*?Ӡ 33̓'O._/_nRW`D~~~II*s8Ǐ 3g̚5KAp$N TD}511A_|`Q0)9X4 { CڷoҤÇϟ?5;;ʕ+ MTBgPO(988ŘHJJڸq#5kb̪: h~7Ǐ*'Z$@ݰ`㦦.c|%i<888`gb|r ={p/_ѯ_?r Wip+jǥp8ݺu[hիW߽{w+WzyyDFF: `ȅM XXXVxѴ,jpQjQIKK#tT *2`IR|8::2pk֬pwwGZchh>/tu?􀃥"HPEUΝW\yX~4~ȑ X&M:rP(H$8q"AJ[WSSd''ndd00)m ^R+ƍSzwv.tK&*y=4`QsM鹻'%%*MZZ͍ܩkfddL2E_:tXv&&&bK.J9v5cՍr۶mxW6mׯ&@as Tꦩ:XA JKK[n mmm~-11y>kk넄޽{s\ss޽{GDD$$$hA^:+[ 1_RLΝ8p CnJ\7?...}pmas RTziУGQ[[7h tԩSN?&5klٲe4Eu֭UhC]111ڶBktmʔ) B!"So0aBLLzMM1  hbӜK,ZD#yذa5P`R/p4p8-[|-@",_e4rXsb1 NB49 %~vQn'믿֮1r`KR`ūɓ'IIIuuuA'$$$&& ccK:aaa?Fr+ZQQܦoݺu޽2__`\j*P|.)))999o߾_wSn[r%P9A|WGyĉcoo?k,jJo2#4vJjH~$3++PcDmٲE3j |p8YYYkHc?Y&O[Q15-VXObEEq6wz+ =K̜^x䢢"$(t266DQRRdHp{{{|gffRw\Jז~-T܄H4X_555LN4 `Q#jl6%&L$;]cAEEEtt4 tv.HIy }೵-..FΝqFϞ=/^t0(A&&&biXl۶mQQwpMmz B$=ztС>>>FSPP7)E Tuh"9X_}:tTrzp5{iSS+:XtnrҺu낂;OOhPgSAe)z 3lmmsssG.e[4nݚ2eӧgϞ]PPs޽{37>>SEEHVr{$In߾ɆA]/GYX;XjgϞ=slX?Xddd|UHOO:/] 3BCCKJJBaHH_!!!BxwBYpan222bbbƏߠigϞU%d14:MTLBBy1*F5IVVv"ms؄:sڴi6PT|*âfmp!nJ$p'''}}}SNcǎx+++ 39XQӧOV17F5 5ݻwmk'%%ECwPv,>n8-6ɗds@uZI Tv-]<]dI\\\iLL :|Ν;k@,--$7oh|rm{@ w,8XԩXM //QF!ÇgΜѮ=C$pTc48Į^5 >7XsJP mbDFFCz7 s$O}vMbBJJʘ1cr̙5 `'''<SiPƀZ, |nANNNgϞ_L9ܘ0>~x8wء]122¡^|ɖZp]tmq>|}74N+..nhGgΜ4MWWW$`7E$;ՍH$2p90eʔcɓ ڵJ?:vvuSSSZ $5 ,t,,jĝ"bڴi_:$$$h*D"Yb:GOO{YYYi0@}c,tv***9XAL>ŋx찬O>[d ={RCwƍZ P7;vrFF+:ufXQ1XsԹjfffiQ}} vŊ^^^7ӧO .ҥ˳gpssshj܍tVt! ]5ԹjÇH022lnnnɓ'nnns䬬s9;;oٲO722:y!@۶m`*N"`43 iݺujjƍYWWk׮6m,^X i${5~or//I&iQ +D"wXeddrbWŔ!B3-6Z-Zؽ{w\(6mx}v[,--ݶm[NƎK\߬Yݻw?x/+>ݑr3@a3U~ˤ=W+88XN:%$$;v G}$ѣo߾=z*ÇۇHͶ0aBnnY`fXӰ99j;XB p}_͛7_YYYC 6lX:v@X,NMMMKKw^rrlPS==oPK]K.XNIIfVt3A:~SMII Zlu##q޼y'Nz.]tl޼ E޽{W\\\XXf͚͛7:@OO,h p\Ç Mz7G,kkkH' ޽{#!//O-/8X"***bQ\ `oo`vHO`n Rj"?? 3I( լY32LD"Y|Z9HV&h,tCUwMjaurh AO>)`t,<ߩW^aIm 틄Ǐ+g<,bUBF>~֌XnӦtg&E  722F0XvIԯx͛ChT Հ,>p4@#`9;;cuնm[r4 H5(j~c/_"]vk/?4h_$ @`rttYk TTT8[jj֭%oݺՠ}Baee%@GaQUWA 2߯b/ EPQ vr 0tP$TWW߻ww3d ¾ֲ t,wQM"#GיH]: Rj-Zب ToG!3:,XŋHpssS~XaHHMMe4++ ... }{B,"֩S'#F_p/`at,'''$ήA28XИ2d\d @dp]w:tϟ?%%-LLLpћ7o~]KX`0 A{?^WWǮrեKv.GFH$yf~U9`u "9HFգO]AX]`pbgϞ!صkW$_x$IVZlR 8XTC{Fߵh A <|Pqe`t8X|>yez~޽;ea1ODDĸq҆ cB2QVs@cpႂ5558F8X4jqӧOYTnݺY}TVVn۶mӦMrQܴi֭[Qu3ޜ>}ZAt,ӨKyyylMHH@ø3Ν;7p@[jzHu\\\x<h2A$j)j7 @mٳ'HTp?m(ڵ+cKZն &h @L0gϞFuketu9X=z'OXÇL$c44klڴi8(| ѣG mt/ɧN""--M888yۛ!Ǭ| _('666%%%''۷ ._jP(KNNs. )..nnn!!!}#I OHHHLLK.EEEEvvv muֽ{|}}/QBʕ+ 233srrVZf̊+֬YOիϟonnN-C?OtŕFP,$gdd888:_hLVH$ۄӋ/\TTdccdcccHDijj*N JJJpC<Oat}t7{(j IDATT!IvvvHNOOWl3_Ǐ'I2++ ,tQ@GV>}}#...LGn6mTYY͛ٳgS" ,XBCCKJJB!h222222ͥ1&={̙3bqJJɓQK44ta ºI&͟??)pVXrJ\~Yoooz]?>}huUTT?֭3fL~uZFcmڴAOEU6_~ݻwx|>ǎZ*KUUUPP͆ .ڵxmڴٹs'.h޼9ޔH$NNNNB":;;7D|$h>/t:VXYY9m4SSSSS`/:Ϝ9Z[[K+++e0xٖ-["ѻwÇϞ=k׮\.^0E~a544gΌ3*.ۧKxxq4nsFDDh@[l۶ {T֭cPkvV)rm>/k[#T4N!k֮]-266VU8n{UhDSE"ٳ]"h@k믿kG`llmÁ<ﮍמ.\@2AD`KJYؠ]4y8 cUZP(ij맪YrS Zj5rH$ߺu|8zzzG-))))GFϋUTS [ JשS-["ݻJA_H8p*&5ΟZ$\X-`NDGJ`HuuuW#ALm(u b"`]F|P2}tj8=$WmmmhhhV,,,*ͶleR;oqqq99Tj5=S^oz1\Mn2Mb&u@a>AW^ܹ޽{@.իPA7 JKK[jUVVF-A%X$x Qp͠A N|8z?b+޽{wĈTr0t˨]LQAUTTwt)TpJPA7 ,--={[XXPMFy= '#b͚5Jh;w.jp___$;V9/^y:u*++Ӷ@ ;Zn-DgRO"eDVuG:t0.]4iIZ:tI&Lt.k >U$IW^kO:Q޼vϟ?wvvFGjkkq=$xLPpSF娫kժi~Jh8u9st* `l9 Hc۲/srrm `r&˥S\}[CZ&]~3LEE#I;w4hI|>ǏJ+WlIv2&IzOG|>ZGgO@loT~Y$?/.  ?r8/~xe&EU^/L2ČBpϞ=sQlB'] d{,X`Al߾}ѢE&HyZLΎ&V: 555x:sս{w+++6-111Ԓ &hh ?mc8ÇbL?|?d6nT2)72bĈP4~Ea M$fL, S]]^FgB'] d{ >dΝrs%c}TI*/Sˤ3IbF'3c\]]y>RMs6o޼O>[n}rA"AAAfff'NցFnX4rG3%%exSgMꀰޢF.] `OꂣhDdD~hw 6l͸1999&&Fݮ7o޼Yf> 03VVn0ѢQ o H|8ιBbCEs>|^t)*2e *>}z]] Qɘ1c4l!tRA9sFF޾}۩S'mѢEϲ%7WܚH?~|~~Ǐ<==eOC}uii?Y%:9m f)n,Q\k:uGFF) o^~-֮]ۼy &իWݛ[pQAQQѰaÖ,YҠͅ ;V( 1c)pww*++߿?ɓ'+] igkӦ -YW\̓jB䒚jff֭[iۨP]]=uT5k,m 8QQQ^&KJJ,xۮ\bkk&CFFT!CC$I0YkK3Ai]]Dze˜kjjT0=bvvvYYYHȠUHWnggG7EwRT988}?֭[Qabbby<߱cstYkfKgΜquu~[SJsC k6mipppUUbt"( &<<\__ס;)R۵kڴisNCMݫE;rssqS&1bĈ3gΠ{_~<ѣGݻw׶QL!IrW^EsN#JmCNzzQrrrm#4 ѦM޽{#&&&(XÇm߾]+ 8αcX M{L4I۶2@xbM  ?~t(%K:txFҥK | _33+W48x믿kg[~nܹsQiixӧOG2MDw3]fٵkJҽ{gϞꠠ 4׏611:u*}N>ؼykX,^lYV'MT^^.]vH>|0RRRڵkwtK!9s8+߿Μ9ʕ+NNNRoGΘ^kOӀN85~u߿jZAEY=L~ ##GzQ^^~ &4k֌S[[yݹsG6LǎfmmMMmdظq#?^4)ǏcXX'*_dѣQ]5j@ (**1bZ)9' իW6,??<((+TΝsN$_zeff&HܱcǼyN9]})dwӠArA}IVVVgϞ~Upp܃F=rYpرcB@ 3f aohk׮uI"GFFʶwEWq a&zqpp0+~,k~~ϓ4|Ӷ9j>D@[H=KJJ,x<I} 56  NNN/^@rQQK.M4$ɈVZ:t$ &DGG+rR] mvm۶r;󣢢^zE}~ݩFrVV>*>MǏG-:88 _r'i,&?G ;X׮]ye100]xbcc_x! bD"H$b099QQQ=z4]weff<ٺu+޽msE~PmllmNAA(_\.W,#ӹ t1x(EEE#I;w4hI|>Ǐ)WlnիWm6:%=.\ۄ\?dpjĭݼxbǎ%?Z' ߕB0(>L`s玽'r gϞT%ngbҥK?sΝes8~Ŏȑ#eejjD4= $))I4<#Xa2uᐒ_>_PPP>}O>$I3&&/i: ,''';889s:Dʕ+r[cggd}T:e˖9;;mQ#v???٠...bq&Gff---211YzuUU[ D"i޼9|||TWXYYqF///sssgiiٷoߟ~ӧ #ZEE R*0y.Y[(S'1f<7, GZ^D"QAA׭[7jԨ/_&''ODFF:88ر$͛7;99_)g`.]ܾ}$K.o] IDAT?Jkjj._lee%{pHOhh/:5̍TVi"IɓA߿_nsz,&?G ,8XeQ$Dr1'''[mvz/%D9^W2d}i2e0yVUUˮ"\~=ZED}[DDDGjݻwx|>ǎ$<<-C8u\III<$B.K}N9CKv)SP׬mٲeڴiJ;ݯ]&{pHH$ @&<<\__*>M$I9sU@:,&?G *9XB'l4t"r՝;w͍: k@8q_GڦLB'X,~}|||xxx׮]UyogΜQnwOOOSՍ&Ƌ/ڴi<Vbb#չquu믿X4 >}ڴiՒCji~'|JiDΝ;A)*5sLJ'g΂ JKKƌh"u7'H#541~~m-Z(%%S .|ŀp͛7{MbܢE +++D" ڵkYعs'A3f̐Z $ˬYKǎ]\\Zh믿9.qAX2ڹsĉ ;;nܸАUݻwn݊mׯǏeHVo̙oc .x3f(cu @G7o@ 8zXR!I277oz4ڴi?@>}$$$Ջm Y`[lllPIiiСCݻ]@'x T׶acc'N899u/22ILطo_mmܠ0 :X0:hxb|o޽kkkÔ_~xRyy# 677W][>}dffy˗JH${%bΜ9GǏUQ 8X'O s=sLcYM*66:D QYYVoIII?kvvϕ+WSPPо}Jی\UU*0u:9uNLspYRRү_?P]1S]]#\nnmۖrJ>gٰ ;X-ZQ@R;w8::ҩÅ;hRhN*lHdee%v\;[:۩&⪪*'''tKIIQ ** Ş={msː!CPOm $rMrMIc*… I5u 0' QPMn_˵ɱj2@ h͛7c#̙V#4Cmmma}-FģG%sNmF,,,POǍms%Q m:JDV4h^3\bkk+[N:N˗/ʐܽ{w546,,,6{3gfgg└ɓ'˭" ,X ΤIBCCQ1ΌO>TBCCKJJB!ufRUUQnn.uaFerTplz+S9Ԃ\ѣҥK5i=z~khD|;u;q㆚Z M^$<<.8uܦׯ_UUUYYY9m4SSSSS`jrM3رc<ڵkUUUK"n׮kӦ ʈ U2]}v*8^RةCʻ+!! U76?]e˖1-~gƖ4{% LLL޽{nj sѶ@cG'T]1iҤ]1qD;;;$=z믿rtt-QUUU7oD@MqO,Ϙ1Ch7m4$yڵ^^^8 ͱcǴkp]chqٹG|wX>q-F?Ғk:/'NԮ1&H;XHӕ4 C8$իWR OoJdggH1bv #`AFҬ1'.,,LMMծ1xӧOP]{ex:vnܸ333///ۣ!yW9svء]cXݻw{Evi#`ᜈ *P6mԧO-Zlٲ_~+VxY$&&vuܹ*ӧAh*" }5nZ\\]{bڵ8u Iu4=-(M߹sQijP<\J|-@ NT`nnCڷohz__kӶ9,chhzdmm-m* }IDG9U9?pEC*fXdIZZ'X,~}|||xxx׮]saaa޽5jԇϟ8{VV^ A?#G޽{$i̝;_]DC>I}2yQQJJ 9yW%n޼yѢEHuvvVڔ-[>}mllVo߾3g"ٳg]ta:h :thԩHիW||<ծIJscǎ@TiڊCmZE{XJ3'6q\1vکts*G`` ɓM6i)))`9Ν;j{nggg=z$'':555SNm֬ƍe%644UV[lA999>>>FFFÇ/**{Q3K$˗ }'O@W^ܹ3^Zܹs\smPg˖-|>/;,rFO<7>| u"vնm[CCΝ;9rCݻwOIIAժg̘annnnn>{l<\9:sGw(t{莛Y:r|$nZ___An̙.$I梑~AUT wq&5I r_j$@ܺu޽{eee؟&bժUB0///99Ν;r_SRRsrr^z }||BBB[HHT-<<+WfeeeffZ9=$qp?3׳gOvH['Oq޽:u.l޼YU$I{+\f*B͆nggWRRmFXX7%<D<ױBrff&!oCzzD"$I:99xEEE666HQQQ^n/@жmŋmV TAR;,vǏ$ {I5D׮]ff&tN'QJzBwZP222̨^vbbbS֭[G|rUT@SE"PׯRF1ԩS8m&rR\.W,#V.\.VJy\\܀G5y h@`"$heնQY;2:˯3E( )V,2<#PZ9 B$) 4E!!?w&>?z{{>Tt]]]ϟˋ@f|IΝ tssG7b+޽{B󉯡W^yϴy0 {\`, 3}}}]|T*5׿޻w`0%fʱ% gTIK,~Jt0б4r`08p ,,L33jinn&i0쥗^XX`MOOX,.{I.333yyyl6U644EhSRRR>bbkku :)m64a؆ Va0***ryRRuP;|*{1; 㩧_ԋ/hϡk Q[[kx&c-]O>qR~3: ]|QS$rojRlٲYb6zzzzzzz QQQ(mUS_:|KK^p8WNIIIMM%`9(qyז/_ꫯ*J ߿|jo.|7&''>%wх9 JG=tNee;PիDE[oo2J2Z}`122/5?ѣG_u2N͛W\!j FaaaQQќ@C3@䋙;;;\90AtV7ݻX.w^nnUjjj"Ȏ;Տ~ׯCt|駟&ﺺ\AXDr ,+--Mֳ7)) ]f(;Jb`ٳG,_XC\j*; l8ohLF\!vZ ^HDXR'5455?g >s^'^_eeePB|;I N@kkkHHj/8{mx/ Rt#P-D\\ 5czzz~I0 >~ƍ}}}srr.\[%Yն[K,E*++_W"f>D$dn---DB+u?0wFFF8PUUE EGGGFFs܀???m0n߾}ݻw~RWPʉ*((HMM%tݞK.8PcqXg8ʩXl`i?vjZ6.ٰa_"Ŝ?|rtUΖ-[],*?;< )zWٳqFJX5Sυb/zxx$&&krtjkkU86- RX,>rHSSSkkkU*Uee%DWFk.w)򫒒.㓑ATYYY~~~~~~(++ \fX,6(66ݪ BXX'駟+VQ>oڴ$O8nvھ}{CCY,刡Qoo!th Μ9388HגN3e:ڻhbur*۷o'L?ju :Q4T0\OGWF??uuuz>55! IDAThcbb"$$>^q\ LNNRA~4m2!%F3t28@ xiKt]`lFU.T(, (<<|fffr8sϻZyrK&`'W,Xʟss0Fc^M6Ԡk~gqqqtC  62Qt6/x<.tKR3:ЕZk@R2f 7|Oo>*HKK *JT_+JBw^b/aIIIBKIIp,qСwyG$o/ Ѹo6`ё{~Nݝlz1Y;Jҙ,o@:vܙ3<<<>>n%@]E^CCC$ҥKݻ7q3~:a3K^y憆ie/8۷Oztssz]8ؿ?Պ,TXq@%&&666Gww۶msn6={>c .T 3źSGq*=]hh;oIZ:aɬٴizEEEʰ-[VttrZ`ab#GILLTNj s=Gd0Nڿkx`0eeeaaak֬WVu1jO<2>'򊎎nkkOW\znKII h4R}9[dI33֙:ԄK.EGG{zzUTTP~X^FH'Fٵk;uiyua^^^uuu;w$jW\H?44Hd2/\7:W\ꫯ^ybۮc\|իccc)))[lill|د~,Y[[[ww\.=|0,..qFgg;wX,VAAo2 FÉD>L& 1 IwjXTT)ȱʢYɦ&رȑ#mmmΧ 5@3 J[bkcYw}݀HOOY|w?OȚp8ֹ0J<`26whnS6jo{__*KR>ʡ|m.K0((H&D" Ԑ ϗH$˱ТY' 3g EUC91ڌ(Mpp0L&'q*v㏓#K={`08J?h4~(΋]TdCkMt:TjDHd2?hsyU)EjmcZG'=!!/EUˇ3\D3me!8LF>Hx'|ٳl'R~s8HQ%,**yfXX ɜBw a``(x`Xֱlb2aiiiRtff`0t:.^ah;HKK *JTR*fx<f BRݾ}|nHHb8_/x2lݺgq@f,k  7n|t~^zصk:IIG1͛7RD"UTӆp8\.7<<|ʕVz'RC;?; X,ƛ%IENDB`