debian/0000755000000000000000000000000011640643216007171 5ustar debian/compat0000644000000000000000000000000211330302107010352 0ustar 7 debian/control0000644000000000000000000000130611640642014010567 0ustar Source: libpam-alreadyloggedin Section: admin Priority: extra Maintainer: Jakub Wilk Build-Depends: debhelper (>= 7), dpkg-dev (>= 1.15.7~), libpam0g-dev Standards-Version: 3.9.2 Homepage: http://ilya-evseev.narod.ru/posix/pam_alreadyloggedin/ Package: libpam-alreadyloggedin Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Recommends: login (>= 1:4.1.3.1-1) Description: PAM module to skip password authentication for logged users libpam-alreadloggedin is a PAM module which allows a user to skip authentication if he is already logged in on an another console. . Note that this module trades a bit of security for users' convenience and thus should be used cautiously. debian/patches/0000755000000000000000000000000011640643010010610 5ustar debian/patches/maxpathlen.diff0000644000000000000000000000072511640640043013612 0ustar Description: Don't use MAXPATHLEN constant, as it's not available on Hurd. Author: Jakub Wilk Last-Update: 2011-01-31 --- a/pam_alreadyloggedin.c +++ b/pam_alreadyloggedin.c @@ -234,7 +234,7 @@ int inutmp(struct utmp *utmp, const char *lineglob, const char *username, uid_t uid) { - char ttypath[MAXPATHLEN]; + char ttypath[sizeof(utmp->ut_line) + sizeof("/dev/")]; struct stat sb; if (utmp->ut_name[0] == '\0' || utmp->ut_line[0] == '\0') debian/patches/series0000644000000000000000000000007711640640671012043 0ustar makefile.diff manpage-typos.diff syslog-h.diff maxpathlen.diff debian/patches/makefile.diff0000644000000000000000000000135411640642471013234 0ustar Description: Sanitize upstream makefile. Author: Jakub Wilk Last-Update: 2011-01-31 --- a/Makefile +++ b/Makefile @@ -10,9 +10,9 @@ RM = rm -f MKDIR = mkdir -p INSTALL = install -#CFLAGS = -c -Wall -O2 -fPIC -I. -CFLAGS = -c $(RPM_OPT_FLAGS) -fPIC -DLINUX_PAM -I. -Wall -DBUG_STAT_MISSING -LDFLAGS = -s -lpam --shared +CFLAGS ?= -g -O2 +CFLAGS += -Wall -fPIC -DLINUX_PAM -I. -DBUG_STAT_MISSING +LDLIBS = -lpam -lc TITLE = pam_alreadyloggedin LIBSHARED = $(TITLE).so @@ -31,10 +31,10 @@ all: $(LIBSHARED) $(LIBSHARED): $(OBJS) - $(LD) $(LDFLAGS) $(OBJS) -o $@ + $(LINK.c) --shared $(LDLIBS) $(OBJS) -o $@ $(TITLE).o: $(TITLE).c - $(CC) $(CFLAGS) $< + $(COMPILE.c) $< install: $(MKDIR) $(FAKEROOT)$(SECUREDIR) debian/patches/syslog-h.diff0000644000000000000000000000051611521535076013223 0ustar Description: Add missing include of syslog.h header. Author: Jakub Wilk Last-Update: 2011-01-31 --- a/pam_alreadyloggedin.c +++ b/pam_alreadyloggedin.c @@ -71,6 +71,8 @@ #include #include +#include + /*-------- Reporting ---------*/ #ifdef DEBUG debian/patches/manpage-typos.diff0000644000000000000000000000234511521535101014231 0ustar Description: Fix typos in upstream changelog. Author: Jakub Wilk Last-Update: 2011-01-31 --- a/pam_alreadyloggedin.8 +++ b/pam_alreadyloggedin.8 @@ -71,7 +71,7 @@ output, they will generally be allowed to authenticate using this method. .Pp The following options may be passed to the authentication module: -.Bl -tag -width ".Cm restrict_loggedin_tty Ns = Ns Ar ttyfoo*" +.Bl -tag -width ".Cm restrict_loggedin_tty Ns = Ns Ar ttyglob*" .It Cm debug Enable verbose output to syslog at LOG_DEBUG level. .It Cm no_debug @@ -86,9 +86,9 @@ argument is specified as a shell glob, and checked using the .Xr fnmatch 3 function. For example, -.Cm restryct_tty=/dev/tty[1-6] +.Cm restrict_tty=/dev/tty[1-6] allows logging from text consoles of physical terminal only. -.It Cm restrict_loggedin_tty Ns = Ns Ar ttyfoo* +.It Cm restrict_loggedin_tty Ns = Ns Ar ttyglob* Disallow recognition that the user is already logged in unless the terminal device logged in upon matches .Ar ttyglob* . .El @@ -108,9 +108,9 @@ FreeBSD version expects .Pa /dev/ prefix in -.Cm restryct_tty +.Cm restrict_tty value, but value of -.Cm restryct_loggedin_tty +.Cm restrict_loggedin_tty should be without them. Linux version expects .Pa /dev/ debian/copyright0000644000000000000000000000341711640641315011127 0ustar Format: http://anonscm.debian.org/viewvc/dep/web/deps/dep5.mdwn?revision=174 Upstream-Name: libpam-alreadyloggedin Upstream-Contact: Ilya Evseev Source: http://ilya-evseev.narod.ru/posix/pam_alreadyloggedin/ Files: * Copyright: 2002 Brian Fundakowski Feldman 2002 Networks Associates Technologies, Inc. License: BSD Files: debian/* Copyright: 2009-2011, Jakub Wilk License: BSD License: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/watch0000644000000000000000000000014611330302107010206 0ustar version=3 http://ilya-evseev.narod.ru/posix/pam_alreadyloggedin/ pam_alreadyloggedin-(.*)[.]tar[.]gz debian/manpages0000644000000000000000000000000411521532522010674 0ustar *.8 debian/changelog0000644000000000000000000000344311640643216011047 0ustar libpam-alreadyloggedin (0.3-4) unstable; urgency=low * Export CFLAGS and CPPFLAGS flags in debian/rules. * Patch upstream makefile to respect *FLAGS from environment. * Bumps standards version to 3.9.2 (no changes needed). * Use versioned format URI for the copyright file. * Rewrite debian/rules without using dh. + Reduce minimum required debhelper version to 7. * Remove Vcs-* fields. -- Jakub Wilk Wed, 28 Sep 2011 18:08:45 +0200 libpam-alreadyloggedin (0.3-3) unstable; urgency=low * Bump standards version to 3.9.1 (no changes needed). * Add Vcs-* fields. * Update my e-mail address. * Update debian/copyright to the latest DEP-5 version. * Update years in debian/copyright. * Revamp debian/rules. + Bump build-dependency on debhelper to (>= 7.0.50) for overrides support. * Pass CFLAGS and LDFLAGS (get from dpkg-buildflags) to the makefile. + Build depend on dpkg-dev (>= 1.15.7). * Refresh patches. * Extract upstream changelog from the RPM spec file. -- Jakub Wilk Fri, 04 Feb 2011 22:33:05 +0100 libpam-alreadyloggedin (0.3-2) unstable; urgency=low * Switch to source format 3.0 (quilt). * Bump standards version to 3.8.3, no changes needed. * Convert debian/copyright to the DEP-5 format. * Don't use MAXPATHLEN constant, as it's not available on Hurd. * Add security notes to package description and README.Debian (closes: #561448). Thanks to Frank Lin PIAT for raising his concerns. * Link using gcc rather than ld. -- Jakub Wilk Tue, 26 Jan 2010 17:29:43 +0100 libpam-alreadyloggedin (0.3-1) unstable; urgency=low * Initial release (Closes: #520108). * Due to #524608, recommend login (>= 1:4.1.3.1-1). -- Jakub Wilk Tue, 12 May 2009 10:19:43 +0200 debian/README.Debian0000644000000000000000000000127411330302107011221 0ustar libpam-alreadyloggedin for Debian ================================= To enable the alreadyloggedin module, add the following line to /etc/pam.d/login, just before ``@include common-auth``:: auth sufficient pam_alreadyloggedin.so no_root restrict_tty=/dev/tty[0-9]* restrict_loggedin_tty=/dev/tty[0-9]* Security notes -------------- libpam-alreadyloggedin uses utmp login records to determine whether a user is logged in or not. Terminal locking programs (e.g., vlock) don't remove utmp entries, thus a user would be able to log in without password even if he/she locked all terminals he/she were using. To use vlock along with libpam-alreadyloggedin securely, always use the -a/--all option. debian/install0000644000000000000000000000004611521532524010557 0ustar pam_alreadyloggedin.so /lib/security/ debian/clean0000644000000000000000000000001211521536642010171 0ustar changelog debian/source/0000755000000000000000000000000011445705531010473 5ustar debian/source/format0000644000000000000000000000001411330302107011662 0ustar 3.0 (quilt) debian/rules0000755000000000000000000000146111640643167010260 0ustar #!/usr/bin/make -f export CFLAGS = $(shell dpkg-buildflags --get CFLAGS) export CPPFLAGS = $(shell dpkg-buildflags --get CPPFLAGS) export LDFLAGS = $(shell dpkg-buildflags --get LDFLAGS) # build* targets # ============== .PHONY: build build-arch build-indep build build-arch: dh_testdir $(MAKE) build-indep: ; # binary* targets # =============== .PHONY: binary binary-arch binary-indep binary binary-arch: dh_testroot dh_prep dh_install dh_installdocs sed -e '0,/%changelog/d; /## EOF ##/d' < pam_alreadyloggedin.spec > changelog dh_installchangelogs dh_installexamples dh_installman dh_compress dh_fixperms dh_strip dh_shlibdeps dh_installdeb dh_gencontrol dh_md5sums dh_builddeb binary-indep: ; # clean target # ============ .PHONY: clean clean: $(MAKE) clean dh_clean # vim:ts=4 sw=4 debian/examples0000644000000000000000000000001211521532523010717 0ustar login.sso