From 8722ee21ea0871143ad214338c218e76f7bbd241e84ab043160fa0ae2beded1b Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Mon, 2 May 2016 08:45:43 +0000 Subject: [PATCH] - Remove obsolete README.pam_tally [bsc#977973] - Update Linux-PAM to version 1.3.0 - Rediff encryption_method_nis.diff - Add /sbin/unix2_chkpwd (moved from pam-modules) - Remove (since accepted upstream): - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch - 0002-Remove-enable-static-modules-option-and-support-from.patch - 0003-fix-nis-checks.patch - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=159 --- ...encies-from-pam_access-they-were-nev.patch | 71 - ...atic-modules-option-and-support-from.patch | 3256 ----------------- 0003-fix-nis-checks.patch | 70 - ...-needed-anymore-but-don-t-remove-it-.patch | 28 - ...ions-if-we-compile-and-link-against-.patch | 155 - Linux-PAM-1.2.1-docs.tar.bz2 | 3 - Linux-PAM-1.2.1.tar.bz2 | 3 - Linux-PAM-1.3.0-docs.tar.bz2 | 3 + Linux-PAM-1.3.0.tar.bz2 | 3 + encryption_method_nis.diff | 32 +- pam.changes | 26 + pam.spec | 43 +- unix2_chkpwd.8 | 79 + unix2_chkpwd.c | 337 ++ 14 files changed, 483 insertions(+), 3626 deletions(-) delete mode 100644 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch delete mode 100644 0002-Remove-enable-static-modules-option-and-support-from.patch delete mode 100644 0003-fix-nis-checks.patch delete mode 100644 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch delete mode 100644 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch delete mode 100644 Linux-PAM-1.2.1-docs.tar.bz2 delete mode 100644 Linux-PAM-1.2.1.tar.bz2 create mode 100644 Linux-PAM-1.3.0-docs.tar.bz2 create mode 100644 Linux-PAM-1.3.0.tar.bz2 create mode 100644 unix2_chkpwd.8 create mode 100644 unix2_chkpwd.c diff --git a/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch b/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch deleted file mode 100644 index a472871..0000000 --- a/0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch +++ /dev/null @@ -1,71 +0,0 @@ -From a64de52d1621ac3d3dd03f66742b48bef0101043 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Wed, 23 Mar 2016 11:16:55 +0100 -Subject: [PATCH] Remove YP dependencies from pam_access, they were never used - and such not needed. - -* modules/pam_access/Makefile.am: Remove NIS_CFLAGS and NIS_LIBS -* modules/pam_access/pam_access.c: Remove yp_get_default_domain case, - it will never be used. ---- - modules/pam_access/Makefile.am | 4 ++-- - modules/pam_access/pam_access.c | 8 -------- - 2 files changed, 2 insertions(+), 10 deletions(-) - -diff --git a/modules/pam_access/Makefile.am b/modules/pam_access/Makefile.am -index 0527674..6c0f738 100644 ---- a/modules/pam_access/Makefile.am -+++ b/modules/pam_access/Makefile.am -@@ -15,14 +15,14 @@ securelibdir = $(SECUREDIR) - secureconfdir = $(SCONFIGDIR) - - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ -- -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" $(NIS_CFLAGS) -+ -DPAM_ACCESS_CONFIG=\"$(SCONFIGDIR)/access.conf\" - AM_LDFLAGS = -no-undefined -avoid-version -module - if HAVE_VERSIONING - AM_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - - securelib_LTLIBRARIES = pam_access.la --pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la $(NIS_LIBS) -+pam_access_la_LIBADD = $(top_builddir)/libpam/libpam.la - - secureconf_DATA = access.conf - -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index b32a966..d4c847a 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -44,9 +44,6 @@ - #include - #include - #include --#ifdef HAVE_RPCSVC_YPCLNT_H --#include --#endif - #ifdef HAVE_LIBAUDIT - #include - #endif -@@ -470,8 +467,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, - { - int retval; - char *mydomain = NULL; -- --#if defined(HAVE_GETDOMAINNAME) - char domainname_res[256]; - - if (getdomainname (domainname_res, sizeof (domainname_res)) == 0) -@@ -481,9 +476,6 @@ netgroup_match (pam_handle_t *pamh, const char *netgroup, - mydomain = domainname_res; - } - } --#elif defined(HAVE_YP_GET_DEFAULT_DOMAIN) -- yp_get_default_domain(&mydomain); --#endif - - #ifdef HAVE_INNETGR - retval = innetgr (netgroup, machine, user, mydomain); --- -1.8.5.6 - diff --git a/0002-Remove-enable-static-modules-option-and-support-from.patch b/0002-Remove-enable-static-modules-option-and-support-from.patch deleted file mode 100644 index 0c4202f..0000000 --- a/0002-Remove-enable-static-modules-option-and-support-from.patch +++ /dev/null @@ -1,3256 +0,0 @@ -From a684595c0bbd88df71285f43fb27630e3829121e Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Tue, 29 Mar 2016 14:14:03 +0200 -Subject: [PATCH 1/2] Remove "--enable-static-modules" option and support from - Linux-PAM. It was never official supported and was broken since years. - -* configure.ac: Remove --enable-static-modules option. -* doc/man/pam_sm_acct_mgmt.3.xml: Remove PAM_EXTERN. -* doc/man/pam_sm_authenticate.3.xml: Likewise. -* doc/man/pam_sm_chauthtok.3.xml: Likewise. -* doc/man/pam_sm_close_session.3.xml: Likewise. -* doc/man/pam_sm_open_session.3.xml: Likewise. -* doc/man/pam_sm_setcred.3.xml: Likewise. -* libpam/Makefile.am: Remove STATIC_MODULES cases. -* libpam/include/security/pam_modules.h: Remove PAM_STATIC parts. -* libpam/pam_dynamic.c: Likewise. -* libpam/pam_handlers.c: Likewise. -* libpam/pam_private.h: Likewise. -* libpam/pam_static.c: Remove file. -* libpam/pam_static_modules.h: Remove header file. -* modules/pam_access/pam_access.c: Remove PAM_EXTERN and PAM_STATIC parts. -* modules/pam_cracklib/pam_cracklib.c: Likewise. -* modules/pam_debug/pam_debug.c: Likewise. -* modules/pam_deny/pam_deny.c: Likewise. -* modules/pam_echo/pam_echo.c: Likewise. -* modules/pam_env/pam_env.c: Likewise. -* modules/pam_exec/pam_exec.c: Likewise. -* modules/pam_faildelay/pam_faildelay.c: Likewise. -* modules/pam_filter/pam_filter.c: Likewise. -* modules/pam_ftp/pam_ftp.c: Likewise. -* modules/pam_group/pam_group.c: Likewise. -* modules/pam_issue/pam_issue.c: Likewise. -* modules/pam_keyinit/pam_keyinit.c: Likewise. -* modules/pam_lastlog/pam_lastlog.c: Likewise. -* modules/pam_limits/pam_limits.c: Likewise. -* modules/pam_listfile/pam_listfile.c: Likewise. -* modules/pam_localuser/pam_localuser.c: Likewise. -* modules/pam_loginuid/pam_loginuid.c: Likewise. -* modules/pam_mail/pam_mail.c: Likewise. -* modules/pam_mkhomedir/pam_mkhomedir.c: Likewise. -* modules/pam_motd/pam_motd.c: Likewise. -* modules/pam_namespace/pam_namespace.c: Likewise. -* modules/pam_nologin/pam_nologin.c: Likewise. -* modules/pam_permit/pam_permit.c: Likewise. -* modules/pam_pwhistory/pam_pwhistory.c: Likewise. -* modules/pam_rhosts/pam_rhosts.c: Likewise. -* modules/pam_rootok/pam_rootok.c: Likewise. -* modules/pam_securetty/pam_securetty.c: Likewise. -* modules/pam_selinux/pam_selinux.c: Likewise. -* modules/pam_sepermit/pam_sepermit.c: Likewise. -* modules/pam_shells/pam_shells.c: Likewise. -* modules/pam_stress/pam_stress.c: Likewise. -* modules/pam_succeed_if/pam_succeed_if.c: Likewise. -* modules/pam_tally/pam_tally.c: Likewise. -* modules/pam_tally2/pam_tally2.c: Likewise. -* modules/pam_time/pam_time.c: Likewise. -* modules/pam_timestamp/pam_timestamp.c: Likewise. -* modules/pam_tty_audit/pam_tty_audit.c: Likewise. -* modules/pam_umask/pam_umask.c: Likewise. -* modules/pam_userdb/pam_userdb.c: Likewise. -* modules/pam_warn/pam_warn.c: Likewise. -* modules/pam_wheel/pam_wheel.c: Likewise. -* modules/pam_xauth/pam_xauth.c: Likewise. -* modules/pam_unix/Makefile.am: Remove STATIC_MODULES part. -* modules/pam_unix/pam_unix_acct.c: Remove PAM_STATIC part. -* modules/pam_unix/pam_unix_auth.c: Likewise. -* modules/pam_unix/pam_unix_passwd.c: Likewise. -* modules/pam_unix/pam_unix_sess.c: Likewise. -* modules/pam_unix/pam_unix_static.c: Removed. -* modules/pam_unix/pam_unix_static.h: Removed. -* po/POTFILES.in: Remove removed files. -* tests/tst-dlopen.c: Remove PAM_STATIC part. ---- - configure.ac | 19 +--- - doc/man/pam_sm_acct_mgmt.3.xml | 2 +- - doc/man/pam_sm_authenticate.3.xml | 2 +- - doc/man/pam_sm_chauthtok.3.xml | 2 +- - doc/man/pam_sm_close_session.3.xml | 2 +- - doc/man/pam_sm_open_session.3.xml | 2 +- - doc/man/pam_sm_setcred.3.xml | 2 +- - libpam/Makefile.am | 9 +- - libpam/include/security/pam_modules.h | 78 +++-------------- - libpam/pam_dynamic.c | 3 - - libpam/pam_handlers.c | 53 +----------- - libpam/pam_private.h | 12 --- - libpam/pam_static.c | 127 --------------------------- - libpam/pam_static_modules.h | 148 -------------------------------- - modules/pam_access/pam_access.c | 27 ++---- - modules/pam_cracklib/pam_cracklib.c | 17 +--- - modules/pam_debug/pam_debug.c | 22 ----- - modules/pam_deny/pam_deny.c | 25 ++---- - modules/pam_echo/pam_echo.c | 15 ---- - modules/pam_env/pam_env.c | 28 ++---- - modules/pam_exec/pam_exec.c | 24 ++---- - modules/pam_faildelay/pam_faildelay.c | 19 ---- - modules/pam_filter/pam_filter.c | 40 +++------ - modules/pam_ftp/pam_ftp.c | 21 +---- - modules/pam_group/pam_group.c | 19 +--- - modules/pam_issue/pam_issue.c | 20 +---- - modules/pam_keyinit/pam_keyinit.c | 16 ---- - modules/pam_lastlog/pam_lastlog.c | 26 ++---- - modules/pam_limits/pam_limits.c | 19 +--- - modules/pam_listfile/pam_listfile.c | 30 ++----- - modules/pam_localuser/pam_localuser.c | 28 ++---- - modules/pam_loginuid/pam_loginuid.c | 19 +--- - modules/pam_mail/pam_mail.c | 21 +---- - modules/pam_mkhomedir/pam_mkhomedir.c | 18 +--- - modules/pam_motd/pam_motd.c | 20 +---- - modules/pam_namespace/pam_namespace.c | 19 +--- - modules/pam_nologin/pam_nologin.c | 23 +---- - modules/pam_permit/pam_permit.c | 28 ++---- - modules/pam_pwhistory/pam_pwhistory.c | 15 +--- - modules/pam_rhosts/pam_rhosts.c | 19 +--- - modules/pam_rootok/pam_rootok.c | 24 +----- - modules/pam_securetty/pam_securetty.c | 22 +---- - modules/pam_selinux/pam_selinux.c | 8 +- - modules/pam_sepermit/pam_sepermit.c | 20 +---- - modules/pam_shells/pam_shells.c | 19 ---- - modules/pam_stress/pam_stress.c | 22 ----- - modules/pam_succeed_if/pam_succeed_if.c | 25 ++---- - modules/pam_tally/pam_tally.c | 33 +------ - modules/pam_tally2/pam_tally2.c | 33 +------ - modules/pam_time/pam_time.c | 17 +--- - modules/pam_timestamp/pam_timestamp.c | 23 +---- - modules/pam_tty_audit/pam_tty_audit.c | 13 --- - modules/pam_umask/pam_umask.c | 20 +---- - modules/pam_unix/Makefile.am | 6 +- - modules/pam_unix/pam_unix_acct.c | 6 +- - modules/pam_unix/pam_unix_auth.c | 6 +- - modules/pam_unix/pam_unix_passwd.c | 6 +- - modules/pam_unix/pam_unix_sess.c | 6 +- - modules/pam_unix/pam_unix_static.c | 23 ----- - modules/pam_unix/pam_unix_static.h | 6 -- - modules/pam_userdb/pam_userdb.c | 23 +---- - modules/pam_warn/pam_warn.c | 25 +----- - modules/pam_wheel/pam_wheel.c | 22 +---- - modules/pam_xauth/pam_xauth.c | 13 --- - po/POTFILES.in | 1 - - tests/tst-dlopen.c | 4 - - 66 files changed, 152 insertions(+), 1313 deletions(-) - delete mode 100644 libpam/pam_static.c - delete mode 100644 libpam/pam_static_modules.h - delete mode 100644 modules/pam_unix/pam_unix_static.c - delete mode 100644 modules/pam_unix/pam_unix_static.h - -diff --git a/configure.ac b/configure.ac -index a20c502..534194d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -61,23 +61,8 @@ dnl This should be called before any macros that run the C compiler. - AC_USE_SYSTEM_EXTENSIONS - - LT_INIT([disable-static]) -- --dnl --dnl check if we should link everything static into libpam --dnl --AC_ARG_ENABLE(static-modules,AS_HELP_STRING([--enable-static-modules], -- [do not make the modules dynamically loadable]), -- STATIC_MODULES=$enableval,STATIC_MODULES=no) --if test "$STATIC_MODULES" != "no" ; then -- CFLAGS="$CFLAGS -DPAM_STATIC" -- AC_ENABLE_STATIC([yes]) -- AC_ENABLE_SHARED([no]) --else --# per default don't build static libraries -- AC_ENABLE_STATIC([no]) -- AC_ENABLE_SHARED([yes]) --fi --AM_CONDITIONAL([STATIC_MODULES], [test "$STATIC_MODULES" != "no"]) -+AC_ENABLE_STATIC([no]) -+AC_ENABLE_SHARED([yes]) - - dnl Checks for programs. - AC_PROG_CC -diff --git a/doc/man/pam_sm_acct_mgmt.3.xml b/doc/man/pam_sm_acct_mgmt.3.xml -index 35aa28a..ff99867 100644 ---- a/doc/man/pam_sm_acct_mgmt.3.xml -+++ b/doc/man/pam_sm_acct_mgmt.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_ACCOUNT - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_acct_mgmt -+ int pam_sm_acct_mgmt - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_authenticate.3.xml b/doc/man/pam_sm_authenticate.3.xml -index 9121aed..4299726 100644 ---- a/doc/man/pam_sm_authenticate.3.xml -+++ b/doc/man/pam_sm_authenticate.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_AUTH - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_authenticate -+ int pam_sm_authenticate - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_chauthtok.3.xml b/doc/man/pam_sm_chauthtok.3.xml -index d6d3093..d8f36d6 100644 ---- a/doc/man/pam_sm_chauthtok.3.xml -+++ b/doc/man/pam_sm_chauthtok.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_PASSWORD - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_chauthtok -+ int pam_sm_chauthtok - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_close_session.3.xml b/doc/man/pam_sm_close_session.3.xml -index f2e6718..db579ff 100644 ---- a/doc/man/pam_sm_close_session.3.xml -+++ b/doc/man/pam_sm_close_session.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_SESSION - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_close_session -+ int pam_sm_close_session - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_open_session.3.xml b/doc/man/pam_sm_open_session.3.xml -index 0851c34..0c9ec77 100644 ---- a/doc/man/pam_sm_open_session.3.xml -+++ b/doc/man/pam_sm_open_session.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_SESSION - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_open_session -+ int pam_sm_open_session - pam_handle_t *pamh - int flags - int argc -diff --git a/doc/man/pam_sm_setcred.3.xml b/doc/man/pam_sm_setcred.3.xml -index e557000..5cfe899 100644 ---- a/doc/man/pam_sm_setcred.3.xml -+++ b/doc/man/pam_sm_setcred.3.xml -@@ -20,7 +20,7 @@ - #define PAM_SM_AUTH - #include <security/pam_modules.h> - -- PAM_EXTERN int pam_sm_setcred -+ int pam_sm_setcred - pam_handle_t *pamh - int flags - int argc -diff --git a/libpam/Makefile.am b/libpam/Makefile.am -index ac2a1fb..04a8df0 100644 ---- a/libpam/Makefile.am -+++ b/libpam/Makefile.am -@@ -18,16 +18,11 @@ include_HEADERS = include/security/_pam_compat.h \ - include/security/pam_ext.h include/security/pam_modutil.h - - noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ -- pam_modutil_private.h pam_static_modules.h -+ pam_modutil_private.h - - libpam_la_LDFLAGS = -no-undefined -version-info 84:1:84 - libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) @LIBDL@ - --if STATIC_MODULES -- libpam_la_LIBADD += $(shell ls ../modules/pam_*/*.lo) \ -- @LIBDB@ @LIBCRYPT@ $(NIS_LIBS) @LIBCRACK@ -lutil -- AM_CFLAGS += $(NIS_CFLAGS) --endif - if HAVE_VERSIONING - libpam_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libpam.map - endif -@@ -38,7 +33,7 @@ libpam_la_SOURCES = pam_account.c pam_auth.c pam_data.c pam_delay.c \ - pam_dispatch.c pam_end.c pam_env.c pam_get_authtok.c \ - pam_handlers.c pam_item.c \ - pam_misc.c pam_password.c pam_prelude.c \ -- pam_session.c pam_start.c pam_static.c pam_strerror.c \ -+ pam_session.c pam_start.c pam_strerror.c \ - pam_vprompt.c pam_syslog.c pam_dynamic.c pam_audit.c \ - pam_modutil_cleanup.c pam_modutil_getpwnam.c pam_modutil_ioloop.c \ - pam_modutil_getgrgid.c pam_modutil_getpwuid.c pam_modutil_getgrnam.c \ -diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h -index 5c516c4..37568e9 100644 ---- a/libpam/include/security/pam_modules.h -+++ b/libpam/include/security/pam_modules.h -@@ -30,80 +30,26 @@ pam_get_data(const pam_handle_t *pamh, const char *module_data_name, - extern int PAM_NONNULL((1,2)) - pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt); - --#ifdef PAM_STATIC -- --#define PAM_EXTERN static -- --struct pam_module { -- const char *name; /* Name of the module */ -- -- /* These are function pointers to the module's key functions. */ -- -- int (*pam_sm_authenticate)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_setcred)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_acct_mgmt)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_open_session)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_close_session)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- int (*pam_sm_chauthtok)(pam_handle_t *pamh, int flags, -- int argc, const char **argv); --}; -- --#else /* !PAM_STATIC */ -- --#define PAM_EXTERN extern -- --#endif /* PAM_STATIC */ -- --/* Lots of files include pam_modules.h that don't need these -- * declared. However, when they are declared static, they -- * need to be defined later. So we have to protect C files -- * that include these without wanting these functions defined.. */ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_AUTH)) || !defined(PAM_STATIC) -- - /* Authentication API's */ --PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, -- int argc, const char **argv); --PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_AUTH)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) || !defined(PAM_STATIC) -+int pam_sm_authenticate(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); -+int pam_sm_setcred(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Account Management API's */ --PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_ACCOUNT)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_SESSION)) || !defined(PAM_STATIC) -+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Session Management API's */ --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -+int pam_sm_open_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_SESSION)) -- || !defined(PAM_STATIC)*/ -- --#if (defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) || !defined(PAM_STATIC) -+int pam_sm_close_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* Password Management API's */ --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -- int argc, const char **argv); -- --#endif /*(defined(PAM_STATIC) && defined(PAM_SM_PASSWORD)) -- || !defined(PAM_STATIC)*/ -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -+ int argc, const char **argv); - - /* The following two flags are for use across the Linux-PAM/module - * interface only. The Application is not permitted to use these -diff --git a/libpam/pam_dynamic.c b/libpam/pam_dynamic.c -index e1155e5..50bfd79 100644 ---- a/libpam/pam_dynamic.c -+++ b/libpam/pam_dynamic.c -@@ -33,8 +33,6 @@ - - #include "pam_private.h" - --#ifndef PAM_STATIC -- - #ifdef PAM_SHL - # include - #elif defined(PAM_DYLD) -@@ -139,4 +137,3 @@ _pam_dlerror (void) - #endif - } - --#endif -diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c -index bc3fd9d..91cccad 100644 ---- a/libpam/pam_handlers.c -+++ b/libpam/pam_handlers.c -@@ -665,9 +665,7 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - { - int x = 0; - int success; --#ifndef PAM_STATIC - char *mod_full_isa_path=NULL, *isa=NULL; --#endif - struct loaded_module *mod; - - D(("_pam_load_module: loading module `%s'", mod_path)); -@@ -701,27 +699,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - /* Be pessimistic... */ - success = PAM_ABORT; - --#ifdef PAM_STATIC -- /* Only load static function if function was not found dynamically. -- * This code should work even if no dynamic loading is available. */ -- if (success != PAM_SUCCESS) { -- D(("_pam_load_module: open static handler %s", mod_path)); -- mod->dl_handle = _pam_open_static_handler(pamh, mod_path); -- if (mod->dl_handle == NULL) { -- D(("_pam_load_module: unable to find static handler %s", -- mod_path)); -- if (handler_type != PAM_HT_SILENT_MODULE) -- pam_syslog(pamh, LOG_ERR, -- "unable to open static handler %s", mod_path); -- /* Didn't find module in dynamic or static..will mark bad */ -- } else { -- D(("static module added successfully")); -- success = PAM_SUCCESS; -- mod->type = PAM_MT_STATIC_MOD; -- pamh->handlers.modules_used++; -- } -- } --#else - D(("_pam_load_module: _pam_dlopen(%s)", mod_path)); - mod->dl_handle = _pam_dlopen(mod_path); - D(("_pam_load_module: _pam_dlopen'ed")); -@@ -758,7 +735,6 @@ _pam_load_module(pam_handle_t *pamh, const char *mod_path, int handler_type) - mod->type = PAM_MT_DYNAMIC_MOD; - pamh->handlers.modules_used++; - } --#endif - - if (success != PAM_SUCCESS) { /* add a malformed module */ - mod->dl_handle = NULL; -@@ -869,16 +845,8 @@ int _pam_add_handler(pam_handle_t *pamh - } - - /* are the modules reliable? */ -- if ( --#ifdef PAM_STATIC -- mod_type != PAM_MT_STATIC_MOD -- && --#else -- mod_type != PAM_MT_DYNAMIC_MOD -- && --#endif -- mod_type != PAM_MT_FAULTY_MOD -- ) { -+ if (mod_type != PAM_MT_DYNAMIC_MOD && -+ mod_type != PAM_MT_FAULTY_MOD) { - D(("_pam_add_handlers: illegal module library type; %d", mod_type)); - pam_syslog(pamh, LOG_ERR, - "internal error: module library type not known: %s;%d", -@@ -888,30 +856,15 @@ int _pam_add_handler(pam_handle_t *pamh - - /* now identify this module's functions - for non-faulty modules */ - --#ifdef PAM_STATIC -- if ((mod_type == PAM_MT_STATIC_MOD) && -- (func = (servicefn)_pam_get_static_sym(mod->dl_handle, sym)) == NULL) { -- pam_syslog(pamh, LOG_ERR, "unable to resolve static symbol: %s", sym); -- } --#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func = _pam_dlsym(mod->dl_handle, sym)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym); - } --#endif - if (sym2) { --#ifdef PAM_STATIC -- if ((mod_type == PAM_MT_STATIC_MOD) && -- (func2 = (servicefn)_pam_get_static_sym(mod->dl_handle, sym2)) -- == NULL) { -- pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); -- } --#else - if ((mod_type == PAM_MT_DYNAMIC_MOD) && - !(func2 = _pam_dlsym(mod->dl_handle, sym2)) ) { - pam_syslog(pamh, LOG_ERR, "unable to resolve symbol: %s", sym2); - } --#endif - } - - /* here func (and perhaps func2) point to the appropriate functions */ -@@ -994,11 +947,9 @@ int _pam_free_handlers(pam_handle_t *pamh) - while (pamh->handlers.modules_used) { - D(("_pam_free_handlers: dlclose(%s)", mod->name)); - free(mod->name); --#ifndef PAM_STATIC - if (mod->type == PAM_MT_DYNAMIC_MOD) { - _pam_dlclose(mod->dl_handle); - } --#endif - mod++; - pamh->handlers.modules_used--; - } -diff --git a/libpam/pam_private.h b/libpam/pam_private.h -index 1138277..7ff9f75 100644 ---- a/libpam/pam_private.h -+++ b/libpam/pam_private.h -@@ -241,22 +241,10 @@ void _pam_await_timer(pam_handle_t *pamh, int status); - typedef void (*voidfunc(void))(void); - typedef int (*servicefn)(pam_handle_t *, int, int, char **); - --#ifdef PAM_STATIC --/* The next two in ../modules/_pam_static/pam_static.c */ -- --/* Return pointer to data structure used to define a static module */ --struct pam_module * _pam_open_static_handler (pam_handle_t *pamh, -- const char *path); -- --/* Return pointer to function requested from static module */ -- --voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname); --#else - void *_pam_dlopen (const char *mod_path); - servicefn _pam_dlsym (void *handle, const char *symbol); - void _pam_dlclose (void *handle); - const char *_pam_dlerror (void); --#endif - - /* For now we just use a stack and linear search for module data. */ - /* If it becomes apparent that there is a lot of data, it should */ -diff --git a/libpam/pam_static.c b/libpam/pam_static.c -deleted file mode 100644 -index 511026d..0000000 ---- a/libpam/pam_static.c -+++ /dev/null -@@ -1,127 +0,0 @@ --/* -- * pam_static.c -- static module loading helper functions -- * -- * created by Michael K. Johnson, johnsonm@redhat.com -- */ -- --/* This whole file is only used for PAM_STATIC */ -- --#ifdef PAM_STATIC -- --#include --#include --#include -- --#include "pam_private.h" -- --#include "pam_static_modules.h" -- --/* -- * and now for the functions -- */ -- --/* Return pointer to data structure used to define a static module */ --struct pam_module * --_pam_open_static_handler (pam_handle_t *pamh, const char *path) --{ -- int i; -- const char *clpath = path; -- char *lpath, *end; -- -- if (strchr(clpath, '/')) { -- /* ignore path and leading "/" */ -- clpath = strrchr(path, '/') + 1; -- } -- /* create copy to muck with (must free before return) */ -- lpath = _pam_strdup(clpath); -- /* chop .so off copy if it exists (or other extension on other -- platform...) */ -- end = strstr(lpath, ".so"); -- if (end) { -- *end = '\0'; -- } -- -- /* now go find the module */ -- for (i = 0; static_modules[i] != NULL; i++) { -- D(("%s=?%s\n", lpath, static_modules[i]->name)); -- if (static_modules[i]->name && -- ! strcmp(static_modules[i]->name, lpath)) { -- break; -- } -- } -- -- if (static_modules[i] == NULL) { -- pam_syslog (pamh, LOG_ERR, "no static module named %s", lpath); -- } -- -- free(lpath); -- return (static_modules[i]); --} -- --/* Return pointer to function requested from static module -- * Can't just return void *, because ANSI C disallows casting a -- * pointer to a function to a void *... -- * This definition means: -- * _pam_get_static_sym is a function taking two arguments and -- * returning a pointer to a function which takes no arguments -- * and returns void... */ --voidfunc *_pam_get_static_sym(struct pam_module *mod, const char *symname) { -- -- if (! strcmp(symname, "pam_sm_authenticate")) { -- return ((voidfunc *)mod->pam_sm_authenticate); -- } else if (! strcmp(symname, "pam_sm_setcred")) { -- return ((voidfunc *)mod->pam_sm_setcred); -- } else if (! strcmp(symname, "pam_sm_acct_mgmt")) { -- return ((voidfunc *)mod->pam_sm_acct_mgmt); -- } else if (! strcmp(symname, "pam_sm_open_session")) { -- return ((voidfunc *)mod->pam_sm_open_session); -- } else if (! strcmp(symname, "pam_sm_close_session")) { -- return ((voidfunc *)mod->pam_sm_close_session); -- } else if (! strcmp(symname, "pam_sm_chauthtok")) { -- return ((voidfunc *)mod->pam_sm_chauthtok); -- } -- /* getting to this point is an error */ -- return ((voidfunc *)NULL); --} -- --#else /* ! PAM_STATIC */ -- --typedef int blarg; -- --#endif /* ! PAM_STATIC */ -- --/* -- * Copyright (C) 1995 by Red Hat Software, Michael K. Johnson -- * All rights reserved -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, and the entire permission notice in its entirety, -- * including the disclaimer of warranties. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the author may not be used to endorse or promote -- * products derived from this software without specific prior -- * written permission. -- * -- * ALTERNATIVELY, this product may be distributed under the terms of -- * the GNU Public License, in which case the provisions of the GPL are -- * required INSTEAD OF the above restrictions. (This clause is -- * necessary due to a potential bad interaction between the GPL and -- * the restrictions contained in a BSD-style copyright.) -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -diff --git a/libpam/pam_static_modules.h b/libpam/pam_static_modules.h -deleted file mode 100644 -index 698989b..0000000 ---- a/libpam/pam_static_modules.h -+++ /dev/null -@@ -1,148 +0,0 @@ --/* -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the above copyright -- * notice, and the entire permission notice in its entirety, -- * including the disclaimer of warranties. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. The name of the author may not be used to endorse or promote -- * products derived from this software without specific prior -- * written permission. -- * -- * ALTERNATIVELY, this product may be distributed under the terms of -- * the GNU Public License, in which case the provisions of the GPL are -- * required INSTEAD OF the above restrictions. (This clause is -- * necessary due to a potential bad interaction between the GPL and -- * the restrictions contained in a BSD-style copyright.) -- * -- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -- * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, -- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- */ -- --/* Pointers to static module data. */ -- --extern struct pam_module _pam_access_modstruct; --extern struct pam_module _pam_cracklib_modstruct; --extern struct pam_module _pam_debug_modstruct; --extern struct pam_module _pam_deny_modstruct; --extern struct pam_module _pam_echo_modstruct; --extern struct pam_module _pam_env_modstruct; --extern struct pam_module _pam_exec_modstruct; --extern struct pam_module _pam_faildelay_modstruct; --extern struct pam_module _pam_filter_modstruct; --extern struct pam_module _pam_ftp_modstruct; --extern struct pam_module _pam_group_modstruct; --extern struct pam_module _pam_issue_modstruct; --#ifdef HAVE_KEY_MANAGEMENT --extern struct pam_module _pam_keyinit_modstruct; --#endif --extern struct pam_module _pam_lastlog_modstruct; --extern struct pam_module _pam_limits_modstruct; --extern struct pam_module _pam_listfile_modstruct; --extern struct pam_module _pam_localuser_modstruct; --extern struct pam_module _pam_loginuid_modstruct; --extern struct pam_module _pam_mail_modstruct; --extern struct pam_module _pam_mkhomedir_modstruct; --extern struct pam_module _pam_motd_modstruct; --#ifdef HAVE_UNSHARE --extern struct pam_module _pam_namespace_modstruct; --#endif --extern struct pam_module _pam_nologin_modstruct; --extern struct pam_module _pam_permit_modstruct; --extern struct pam_module _pam_pwhistory_modstruct; --extern struct pam_module _pam_rhosts_modstruct; --extern struct pam_module _pam_rootok_modstruct; --extern struct pam_module _pam_securetty_modstruct; --#ifdef WITH_SELINUX --extern struct pam_module _pam_selinux_modstruct; --extern struct pam_module _pam_sepermit_modstruct; --#endif --extern struct pam_module _pam_shells_modstruct; --extern struct pam_module _pam_stress_modstruct; --extern struct pam_module _pam_succeed_if_modstruct; --extern struct pam_module _pam_tally_modstruct; --extern struct pam_module _pam_tally2_modstruct; --extern struct pam_module _pam_time_modstruct; --extern struct pam_module _pam_timestamp_modstruct; --#ifdef HAVE_AUDIT_TTY_STATUS --extern struct pam_module _pam_tty_audit_modstruct; --#endif --extern struct pam_module _pam_umask_modstruct; --extern struct pam_module _pam_unix_modstruct; --extern struct pam_module _pam_userdb_modstruct; --extern struct pam_module _pam_warn_modstruct; --extern struct pam_module _pam_wheel_modstruct; --extern struct pam_module _pam_xauth_modstruct; -- --/* and here is a structure that connects libpam to the above static -- modules. */ -- --static struct pam_module *static_modules[] = { -- &_pam_access_modstruct, --#ifdef HAVE_LIBCRACK -- &_pam_cracklib_modstruct, --#endif -- &_pam_debug_modstruct, -- &_pam_deny_modstruct, -- &_pam_echo_modstruct, -- &_pam_env_modstruct, -- &_pam_exec_modstruct, -- &_pam_faildelay_modstruct, -- &_pam_filter_modstruct, -- &_pam_ftp_modstruct, -- &_pam_group_modstruct, -- &_pam_issue_modstruct, --#ifdef HAVE_KEY_MANAGEMENT -- &_pam_keyinit_modstruct, --#endif -- &_pam_lastlog_modstruct, -- &_pam_limits_modstruct, -- &_pam_listfile_modstruct, -- &_pam_localuser_modstruct, -- &_pam_loginuid_modstruct, -- &_pam_mail_modstruct, -- &_pam_mkhomedir_modstruct, -- &_pam_motd_modstruct, --#ifdef HAVE_UNSHARE -- &_pam_namespace_modstruct, --#endif -- &_pam_nologin_modstruct, -- &_pam_permit_modstruct, -- &_pam_pwhistory_modstruct, -- &_pam_rhosts_modstruct, -- &_pam_rootok_modstruct, -- &_pam_securetty_modstruct, --#ifdef WITH_SELINUX -- &_pam_selinux_modstruct, -- &_pam_sepermit_modstruct, --#endif -- &_pam_shells_modstruct, -- &_pam_stress_modstruct, -- &_pam_succeed_if_modstruct, -- &_pam_tally_modstruct, -- &_pam_tally2_modstruct, -- &_pam_time_modstruct, -- &_pam_timestamp_modstruct, --#ifdef HAVE_AUDIT_TTY_STATUS -- &_pam_tty_audit_modstruct, --#endif -- &_pam_umask_modstruct, -- &_pam_unix_modstruct, -- &_pam_userdb_modstruct, -- &_pam_warn_modstruct, -- &_pam_wheel_modstruct, -- &_pam_xauth_modstruct, -- NULL --}; -diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c -index d4c847a..3ac1ad0 100644 ---- a/modules/pam_access/pam_access.c -+++ b/modules/pam_access/pam_access.c -@@ -792,7 +792,7 @@ network_netmask_match (pam_handle_t *pamh, - - /* --- public PAM management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -904,35 +904,35 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate (pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -940,18 +940,3 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_access_modstruct = { -- "pam_access", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c -index 5eefd0b..1654931 100644 ---- a/modules/pam_cracklib/pam_cracklib.c -+++ b/modules/pam_cracklib/pam_cracklib.c -@@ -728,8 +728,8 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, - /* The Main Thing (by Cristian Gafton, CEO at this module :-) - * (stolen from http://home.netscape.com) - */ --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -- int argc, const char **argv) -+int -+pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - unsigned int ctrl; - struct cracklib_options options; -@@ -858,19 +858,6 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - - - --#ifdef PAM_STATIC --/* static module data */ --struct pam_module _pam_cracklib_modstruct = { -- "pam_cracklib", -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- pam_sm_chauthtok --}; --#endif -- - /* - * Copyright (c) Cristian Gafton , 1996. - * All rights reserved -diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c -index a65d1bf..9b68d38 100644 ---- a/modules/pam_debug/pam_debug.c -+++ b/modules/pam_debug/pam_debug.c -@@ -75,7 +75,6 @@ static int parse_args(int retval, const char *event, - return retval; - } - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -103,7 +102,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return retval; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -112,7 +110,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -121,7 +118,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -134,14 +130,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return parse_args(PAM_SUCCESS, "open_session", pamh, argc, argv); - } - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -149,19 +143,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_debug_modstruct = { -- "pam_debug", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_deny/pam_deny.c b/modules/pam_deny/pam_deny.c -index 544c5bd..155a1f5 100644 ---- a/modules/pam_deny/pam_deny.c -+++ b/modules/pam_deny/pam_deny.c -@@ -25,14 +25,14 @@ - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -41,7 +41,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -50,7 +50,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -59,14 +59,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SESSION_ERR; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -74,16 +74,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* end of module definition */ -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_deny_modstruct = { -- "pam_deny", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_echo/pam_echo.c b/modules/pam_echo/pam_echo.c -index d0879fb..860ff0a 100644 ---- a/modules/pam_echo/pam_echo.c -+++ b/modules/pam_echo/pam_echo.c -@@ -262,18 +262,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, - return PAM_IGNORE; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_echo_modstruct = { -- "pam_echo", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c -index 1bfdf08..0b8002f 100644 ---- a/modules/pam_env/pam_env.c -+++ b/modules/pam_env/pam_env.c -@@ -768,7 +768,7 @@ static void _clean_var(VAR *var) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -839,7 +839,7 @@ handle_env (pam_handle_t *pamh, int argc, const char **argv) - return retval; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -847,7 +847,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SERVICE_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -855,7 +855,7 @@ pam_sm_setcred (pam_handle_t *pamh, int flags UNUSED, - return handle_env (pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -863,7 +863,7 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - return handle_env (pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -871,7 +871,7 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -879,20 +879,4 @@ pam_sm_chauthtok (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SERVICE_ERR; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_env_modstruct = { -- "pam_env", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_exec/pam_exec.c b/modules/pam_exec/pam_exec.c -index 17ba6ca..0ab6548 100644 ---- a/modules/pam_exec/pam_exec.c -+++ b/modules/pam_exec/pam_exec.c -@@ -467,14 +467,14 @@ call_exec (const char *pam_type, pam_handle_t *pamh, - return PAM_SYSTEM_ERR; /* will never be reached. */ - } - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("auth", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -483,7 +483,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* password updating functions */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -492,35 +492,23 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return call_exec ("password", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("account", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("open_session", pamh, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - return call_exec ("close_session", pamh, argc, argv); - } -- --#ifdef PAM_STATIC --struct pam_module _pam_exec_modstruct = { -- "pam_exec", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; --#endif -diff --git a/modules/pam_faildelay/pam_faildelay.c b/modules/pam_faildelay/pam_faildelay.c -index 072b7dd..7ea8f83 100644 ---- a/modules/pam_faildelay/pam_faildelay.c -+++ b/modules/pam_faildelay/pam_faildelay.c -@@ -152,7 +152,6 @@ search_key (const char *filename) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -204,28 +203,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return i; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_faildelay_modstruct = { -- "pam_faildelay", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c -index 9935d99..6e6a0cf 100644 ---- a/modules/pam_filter/pam_filter.c -+++ b/modules/pam_filter/pam_filter.c -@@ -663,23 +663,23 @@ static int need_a_filter(pam_handle_t *pamh - - /* ------------------ authentication ----------------- */ - --PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh -- , int flags, int argc, const char **argv) -+int pam_sm_authenticate(pam_handle_t *pamh, -+ int flags, int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "authenticate", FILTER_RUN1); - } - --PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_setcred(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv, "setcred", FILTER_RUN2); - } - - /* --------------- account management ---------------- */ - --PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, -- const char **argv) -+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, -+ const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "setcred", FILTER_RUN1|FILTER_RUN2 ); -@@ -687,15 +687,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, - - /* --------------- session management ---------------- */ - --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_open_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "open_session", FILTER_RUN1); - } - --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_close_session(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - return need_a_filter(pamh, flags, argc, argv - , "close_session", FILTER_RUN2); -@@ -704,8 +704,8 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags - /* --------- updating authentication tokens --------- */ - - --PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags -- , int argc, const char **argv) -+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, -+ int argc, const char **argv) - { - int runN; - -@@ -720,19 +720,3 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags - - return need_a_filter(pamh, flags, argc, argv, "chauthtok", runN); - } -- --#ifdef PAM_STATIC -- --/* ------------ stuff for static modules ------------ */ -- --struct pam_module _pam_filter_modstruct = { -- "pam_filter", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c -index 221d8f8..6b6cf2a 100644 ---- a/modules/pam_ftp/pam_ftp.c -+++ b/modules/pam_ftp/pam_ftp.c -@@ -111,7 +111,7 @@ static int lookup(const char *name, const char *list, const char **_user) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -210,28 +210,11 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_ftp_modstruct = { -- "pam_ftp", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c -index be5f20f..da8237f 100644 ---- a/modules/pam_group/pam_group.c -+++ b/modules/pam_group/pam_group.c -@@ -739,14 +739,14 @@ static int check_account(pam_handle_t *pamh, const char *service, - - /* --- public authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -817,18 +817,3 @@ pam_sm_setcred (pam_handle_t *pamh, int flags, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_group_modstruct = { -- "pam_group", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c -index 060baad..5b5ee41 100644 ---- a/modules/pam_issue/pam_issue.c -+++ b/modules/pam_issue/pam_issue.c -@@ -42,7 +42,7 @@ static int read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt); - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -120,7 +120,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return (retval == PAM_SUCCESS) ? PAM_IGNORE : retval; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -291,20 +291,4 @@ read_issue_quoted(pam_handle_t *pamh, FILE *fp, char **prompt) - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_issue_modstruct = { -- "pam_issue", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_keyinit/pam_keyinit.c b/modules/pam_keyinit/pam_keyinit.c -index f82eead..5dd7b06 100644 ---- a/modules/pam_keyinit/pam_keyinit.c -+++ b/modules/pam_keyinit/pam_keyinit.c -@@ -165,7 +165,6 @@ static void kill_keyrings(pam_handle_t *pamh) - /* - * open a PAM session by making sure there's a session keyring - */ --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -238,7 +237,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - /* - * close a PAM session by revoking the session keyring if requested - */ --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -253,17 +251,3 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_keyinit_modstruct = { -- "pam_keyinit", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c -index 76a33e4..1e2f08d 100644 ---- a/modules/pam_lastlog/pam_lastlog.c -+++ b/modules/pam_lastlog/pam_lastlog.c -@@ -566,7 +566,7 @@ cleanup: - } - - /* --- authentication (locking out inactive users) functions --- */ --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -636,14 +636,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -652,7 +652,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - - /* --- session management functions --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -702,7 +702,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, - return retval; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -719,20 +719,4 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_lastlog_modstruct = { -- "pam_lastlog", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c -index eabc856..d63c683 100644 ---- a/modules/pam_limits/pam_limits.c -+++ b/modules/pam_limits/pam_limits.c -@@ -1002,7 +1002,7 @@ static int setup_limits(pam_handle_t *pamh, - } - - /* now the session stuff */ --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -1096,7 +1096,7 @@ out: - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -1104,21 +1104,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_limits_modstruct = { -- "pam_limits", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -- - /* - * Copyright (c) Cristian Gafton, 1996-1997, - * All rights reserved. -diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c -index 2af2afd..c236406 100644 ---- a/modules/pam_listfile/pam_listfile.c -+++ b/modules/pam_listfile/pam_listfile.c -@@ -53,7 +53,7 @@ - - #define LESSER(a, b) ((a) < (b) ? (a) : (b)) - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -370,55 +370,37 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - } - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_listfile_modstruct = { -- "pam_listfile", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif /* PAM_STATIC */ -- --/* end of module definition */ -diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c -index aa43bc4..e32ea6d 100644 ---- a/modules/pam_localuser/pam_localuser.c -+++ b/modules/pam_localuser/pam_localuser.c -@@ -55,7 +55,7 @@ - - #define MODULE_NAME "pam_localuser" - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -123,52 +123,36 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return ret; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_localuser_modstruct = { -- "pam_localuser", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_loginuid/pam_loginuid.c b/modules/pam_loginuid/pam_loginuid.c -index 9a1589e..96bfd98 100644 ---- a/modules/pam_loginuid/pam_loginuid.c -+++ b/modules/pam_loginuid/pam_loginuid.c -@@ -247,34 +247,21 @@ _pam_loginuid(pam_handle_t *pamh, int flags UNUSED, - * - * This is here for vsftpd which doesn't seem to run the session stack - */ --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return _pam_loginuid(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return _pam_loginuid(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_loginuid_modstruct = { -- "pam_loginuid", -- NULL, -- NULL, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c -index f5ba173..0022f6d 100644 ---- a/modules/pam_mail/pam_mail.c -+++ b/modules/pam_mail/pam_mail.c -@@ -338,7 +338,7 @@ static int _do_mail(pam_handle_t *, int, int, const char **, int); - - /* --- authentication functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -346,7 +346,6 @@ pam_sm_authenticate (pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* Checking mail as part of authentication */ --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -357,7 +356,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, - - /* --- session management functions --- */ - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc - ,const char **argv) - { -@@ -365,7 +363,6 @@ int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc - } - - /* Checking mail as part of the session management */ --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -475,20 +472,4 @@ static int _do_mail(pam_handle_t *pamh, int flags, int argc, - return retval; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_mail_modstruct = { -- "pam_mail", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c -index c922089..daed63a 100644 ---- a/modules/pam_mkhomedir/pam_mkhomedir.c -+++ b/modules/pam_mkhomedir/pam_mkhomedir.c -@@ -183,7 +183,7 @@ create_homedir (pam_handle_t *pamh, options_t *opt, - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -227,25 +227,9 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, - } - - /* Ignore */ --PAM_EXTERN - int pam_sm_close_session (pam_handle_t * pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ --struct pam_module _pam_mkhomedir_modstruct = --{ -- "pam_mkhomedir", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c -index ff9b169..11c7b56 100644 ---- a/modules/pam_motd/pam_motd.c -+++ b/modules/pam_motd/pam_motd.c -@@ -39,7 +39,7 @@ - - /* --- session management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -48,7 +48,6 @@ pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - - static char default_motd[] = DEFAULT_MOTD; - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -110,21 +109,4 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - return retval; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_motd_modstruct = { -- "pam_motd", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c -index 92883f5..d02ea09 100644 ---- a/modules/pam_namespace/pam_namespace.c -+++ b/modules/pam_namespace/pam_namespace.c -@@ -2008,7 +2008,7 @@ static int get_user_data(struct instance_data *idata) - /* - * Entry point from pam_open_session call. - */ --PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - int i, retval; -@@ -2104,7 +2104,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - /* - * Entry point from pam_close_session call. - */ --PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, -+int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { - int i, retval; -@@ -2183,18 +2183,3 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - - return PAM_SUCCESS; - } -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_namespace_modstruct = { -- "pam_namespace", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c -index f047c32..9fd91fd 100644 ---- a/modules/pam_nologin/pam_nologin.c -+++ b/modules/pam_nologin/pam_nologin.c -@@ -135,7 +135,7 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -146,7 +146,7 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, &opts); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc, const char **argv) - { -@@ -159,7 +159,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management function --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -170,21 +170,4 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, &opts); - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_nologin_modstruct = { -- "pam_nologin", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_permit/pam_permit.c b/modules/pam_permit/pam_permit.c -index e4539b0..c773087 100644 ---- a/modules/pam_permit/pam_permit.c -+++ b/modules/pam_permit/pam_permit.c -@@ -30,7 +30,7 @@ - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -56,7 +56,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -65,7 +65,7 @@ pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -74,7 +74,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- password management --- */ - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -83,14 +83,14 @@ pam_sm_chauthtok(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- session management --- */ - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -98,19 +98,3 @@ pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_permit_modstruct = { -- "pam_permit", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c -index 654edd3..0c07dc1 100644 ---- a/modules/pam_pwhistory/pam_pwhistory.c -+++ b/modules/pam_pwhistory/pam_pwhistory.c -@@ -106,7 +106,7 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) - /* This module saves the current crypted password in /etc/security/opasswd - and then compares the new password with all entries in this file. */ - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct passwd *pwd; -@@ -235,16 +235,3 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC --/* static module data */ --struct pam_module _pam_pwhistory_modstruct = { -- "pam_pwhistory", -- NULL, -- NULL, -- NULL, -- NULL, -- NULL, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_rhosts/pam_rhosts.c b/modules/pam_rhosts/pam_rhosts.c -index bc9e76f..d6e7030 100644 ---- a/modules/pam_rhosts/pam_rhosts.c -+++ b/modules/pam_rhosts/pam_rhosts.c -@@ -43,7 +43,6 @@ - #include - #include - --PAM_EXTERN - int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, - const char **argv) - { -@@ -130,26 +129,10 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, - } - - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_rhosts_modstruct = { -- "pam_rhosts", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- NULL, -- NULL, -- NULL, --}; -- --#endif -diff --git a/modules/pam_rootok/pam_rootok.c b/modules/pam_rootok/pam_rootok.c -index 88bed0c..17baabe 100644 ---- a/modules/pam_rootok/pam_rootok.c -+++ b/modules/pam_rootok/pam_rootok.c -@@ -135,7 +135,7 @@ check_for_root (pam_handle_t *pamh, int ctrl) - - /* --- management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -146,14 +146,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -164,7 +164,7 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -175,20 +175,4 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags UNUSED, - return check_for_root (pamh, ctrl); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_rootok_modstruct = { -- "pam_rootok", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c -index 0474130..e279efa 100644 ---- a/modules/pam_securetty/pam_securetty.c -+++ b/modules/pam_securetty/pam_securetty.c -@@ -235,7 +235,6 @@ securetty_perform_check (pam_handle_t *pamh, int ctrl, - - /* --- authentication management functions --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, - const char **argv) - { -@@ -247,7 +246,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, int argc, - return securetty_perform_check(pamh, ctrl, __FUNCTION__); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -256,7 +255,7 @@ pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -269,21 +268,4 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return securetty_perform_check(pamh, ctrl, __FUNCTION__); - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_securetty_modstruct = { -- "pam_securetty", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c -index b2a75e0..6daba1e 100644 ---- a/modules/pam_selinux/pam_selinux.c -+++ b/modules/pam_selinux/pam_selinux.c -@@ -757,7 +757,7 @@ create_context(pam_handle_t *pamh, int argc, const char **argv, - return set_context(pamh, data, debug, verbose); - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -765,14 +765,14 @@ pam_sm_authenticate(pam_handle_t *pamh UNUSED, int flags UNUSED, - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -813,7 +813,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, - create_context(pamh, argc, argv, debug, verbose); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c -index 8af1266..0b90a39 100644 ---- a/modules/pam_sepermit/pam_sepermit.c -+++ b/modules/pam_sepermit/pam_sepermit.c -@@ -363,7 +363,7 @@ sepermit_match(pam_handle_t *pamh, const char *cfgfile, const char *user, - return -1; - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -430,31 +430,17 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return rv; - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_sepermit_modstruct = { -- "pam_sepermit", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_shells/pam_shells.c b/modules/pam_shells/pam_shells.c -index 68bd607..c8acb9e 100644 ---- a/modules/pam_shells/pam_shells.c -+++ b/modules/pam_shells/pam_shells.c -@@ -104,14 +104,12 @@ static int perform_check(pam_handle_t *pamh) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return perform_check(pamh); - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { -@@ -120,27 +118,10 @@ int pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - - /* --- account management functions (only) --- */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return perform_check(pamh); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_shells_modstruct = { -- "pam_shells", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif /* PAM_STATIC */ -- - /* end of module definition */ -diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c -index c1695d7..44c3a30 100644 ---- a/modules/pam_stress/pam_stress.c -+++ b/modules/pam_stress/pam_stress.c -@@ -213,7 +213,6 @@ wipe_up (pam_handle_t *pamh UNUSED, void *data, int error UNUSED) - free(data); - } - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -281,7 +280,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - return retval; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -299,7 +297,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* account management functions */ - --PAM_EXTERN - int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -334,7 +331,6 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -362,7 +358,6 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -390,7 +385,6 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, - return PAM_SUCCESS; - } - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -552,19 +546,3 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return retval; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_stress_modstruct = { -- "pam_stress", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; -- --#endif -diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c -index aa828fc..c39b1cb 100644 ---- a/modules/pam_succeed_if/pam_succeed_if.c -+++ b/modules/pam_succeed_if/pam_succeed_if.c -@@ -400,7 +400,7 @@ evaluate(pam_handle_t *pamh, int debug, - return PAM_SERVICE_ERR; - } - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -544,46 +544,33 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return ret; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } - --PAM_EXTERN int -+int - pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - return pam_sm_authenticate(pamh, flags, argc, argv); - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_succeed_if_modstruct = { -- "pam_succeed_if", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok --}; --#endif -diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c -index c712885..66a515c 100644 ---- a/modules/pam_tally/pam_tally.c -+++ b/modules/pam_tally/pam_tally.c -@@ -615,7 +615,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts) - - #ifdef PAM_SM_AUTH - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -649,7 +649,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, - return rvcheck != PAM_SUCCESS ? rvcheck : rvbump; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -694,7 +694,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* To reset failcount of user on successfull login */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc, const char **argv) - { -@@ -733,33 +733,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - - /*-----------------------------------------------------------------------*/ - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_tally_modstruct = { -- MODULE_NAME, --#ifdef PAM_SM_AUTH -- pam_sm_authenticate, -- pam_sm_setcred, --#else -- NULL, -- NULL, --#endif --#ifdef PAM_SM_ACCOUNT -- pam_sm_acct_mgmt, --#else -- NULL, --#endif -- NULL, -- NULL, -- NULL, --}; -- --#endif /* #ifdef PAM_STATIC */ -- --/*-----------------------------------------------------------------------*/ -- - #else /* #ifndef MAIN */ - - static const char *cline_filename = DEFAULT_LOGFILE; -diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c -index 9187cbf..9f3bebe 100644 ---- a/modules/pam_tally2/pam_tally2.c -+++ b/modules/pam_tally2/pam_tally2.c -@@ -737,7 +737,7 @@ tally_reset (pam_handle_t *pamh, uid_t uid, struct tally_options *opts, int old_ - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -770,7 +770,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return rv; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -810,7 +810,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags UNUSED, - - /* To reset failcount of user on successfull login */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -846,33 +846,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - - /*-----------------------------------------------------------------------*/ - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_tally2_modstruct = { -- MODULE_NAME, --#ifdef PAM_SM_AUTH -- pam_sm_authenticate, -- pam_sm_setcred, --#else -- NULL, -- NULL, --#endif --#ifdef PAM_SM_ACCOUNT -- pam_sm_acct_mgmt, --#else -- NULL, --#endif -- NULL, -- NULL, -- NULL, --}; -- --#endif /* #ifdef PAM_STATIC */ -- --/*-----------------------------------------------------------------------*/ -- - #else /* #ifndef MAIN */ - - static const char *cline_filename = DEFAULT_LOGFILE; -diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c -index c94737c..75d0864 100644 ---- a/modules/pam_time/pam_time.c -+++ b/modules/pam_time/pam_time.c -@@ -588,7 +588,7 @@ check_account(pam_handle_t *pamh, const char *service, - - /* --- public account management functions --- */ - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -663,18 +663,3 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - } - - /* end of module definition */ -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_time_modstruct = { -- "pam_time", -- NULL, -- NULL, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; --#endif -diff --git a/modules/pam_timestamp/pam_timestamp.c b/modules/pam_timestamp/pam_timestamp.c -index 1bf0e84..b18efdf 100644 ---- a/modules/pam_timestamp/pam_timestamp.c -+++ b/modules/pam_timestamp/pam_timestamp.c -@@ -357,7 +357,7 @@ verbose_success(pam_handle_t *pamh, long diff) - pam_info(pamh, _("Access granted (last access was %ld seconds ago)."), diff); - } - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - { - struct stat st; -@@ -547,13 +547,13 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) - return PAM_AUTH_ERR; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) - { - char path[BUFLEN], subdir[BUFLEN], *text, *p; -@@ -670,27 +670,12 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED, int argc, const char * - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh UNUSED, int flags UNUSED, int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC --/* static module data */ -- --struct pam_module _pam_timestamp_modstruct = { -- "pam_timestamp", -- pam_sm_authenticate, -- pam_sm_setcred, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -- -- - #else /* PAM_TIMESTAMP_MAIN */ - - #define USAGE "Usage: %s [[-k] | [-d]] [target user]\n" -diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c -index 6003f4e..bce3ab7 100644 ---- a/modules/pam_tty_audit/pam_tty_audit.c -+++ b/modules/pam_tty_audit/pam_tty_audit.c -@@ -360,16 +360,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags, int argc, - } - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_tty_audit_modstruct = { -- "pam_tty_audit", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/modules/pam_umask/pam_umask.c b/modules/pam_umask/pam_umask.c -index 863f038..ab49064 100644 ---- a/modules/pam_umask/pam_umask.c -+++ b/modules/pam_umask/pam_umask.c -@@ -249,7 +249,7 @@ setup_limits_from_gecos (pam_handle_t *pamh, options_t *options, - } - - --PAM_EXTERN int -+int - pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -297,27 +297,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags UNUSED, - return retval; - } - --PAM_EXTERN int -+int - pam_sm_close_session (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_umask_modstruct = { -- "pam_umask", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index 88e6125..56df178 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -34,8 +34,7 @@ pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ - - securelib_LTLIBRARIES = pam_unix.la - --noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h \ -- pam_unix_static.h -+noinst_HEADERS = md5.h support.h yppasswd.h bigcrypt.h passverify.h - - sbin_PROGRAMS = unix_chkpwd unix_update - -@@ -44,9 +43,6 @@ noinst_PROGRAMS = bigcrypt - pam_unix_la_SOURCES = bigcrypt.c pam_unix_acct.c \ - pam_unix_auth.c pam_unix_passwd.c pam_unix_sess.c support.c \ - passverify.c yppasswd_xdr.c md5_good.c md5_broken.c --if STATIC_MODULES --pam_unix_la_SOURCES += pam_unix_static.c --endif - - bigcrypt_SOURCES = bigcrypt.c bigcrypt_main.c - bigcrypt_CFLAGS = $(AM_CFLAGS) -diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c -index f8b39c9..17a0890 100644 ---- a/modules/pam_unix/pam_unix_acct.c -+++ b/modules/pam_unix/pam_unix_acct.c -@@ -53,11 +53,7 @@ - - /* indicate that the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_ACCOUNT --#endif -+#define PAM_SM_ACCOUNT - - #include - #include -diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c -index 9a547b3..9f66c5d 100644 ---- a/modules/pam_unix/pam_unix_auth.c -+++ b/modules/pam_unix/pam_unix_auth.c -@@ -50,11 +50,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_AUTH --#endif -+#define PAM_SM_AUTH - - #define _PAM_EXTERN_FUNCTIONS - #include -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index c2e5de5..e3d3209 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -64,11 +64,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_PASSWORD --#endif -+#define PAM_SM_PASSWORD - - #include - #include -diff --git a/modules/pam_unix/pam_unix_sess.c b/modules/pam_unix/pam_unix_sess.c -index 5d00181..dbc6298 100644 ---- a/modules/pam_unix/pam_unix_sess.c -+++ b/modules/pam_unix/pam_unix_sess.c -@@ -49,11 +49,7 @@ - - /* indicate the following groups are defined */ - --#ifdef PAM_STATIC --# include "pam_unix_static.h" --#else --# define PAM_SM_SESSION --#endif -+#define PAM_SM_SESSION - - #include - #include -diff --git a/modules/pam_unix/pam_unix_static.c b/modules/pam_unix/pam_unix_static.c -deleted file mode 100644 -index 160268c..0000000 ---- a/modules/pam_unix/pam_unix_static.c -+++ /dev/null -@@ -1,23 +0,0 @@ --#include "config.h" -- --#ifdef PAM_STATIC -- --#define static extern --#define PAM_SM_ACCOUNT --#define PAM_SM_AUTH --#define PAM_SM_PASSWORD --#define PAM_SM_SESSION --#include "pam_unix_static.h" --#include -- --struct pam_module _pam_unix_modstruct = { -- "pam_unix", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -diff --git a/modules/pam_unix/pam_unix_static.h b/modules/pam_unix/pam_unix_static.h -deleted file mode 100644 -index 39b05ef..0000000 ---- a/modules/pam_unix/pam_unix_static.h -+++ /dev/null -@@ -1,6 +0,0 @@ --#define pam_sm_acct_mgmt _pam_unix_sm_acct_mgmt --#define pam_sm_authenticate _pam_unix_sm_authenticate --#define pam_sm_setcred _pam_unix_sm_setcred --#define pam_sm_chauthtok _pam_unix_sm_chauthtok --#define pam_sm_open_session _pam_unix_sm_open_session --#define pam_sm_close_session _pam_unix_sm_close_session -diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c -index 8df1a40..09ab8d3 100644 ---- a/modules/pam_userdb/pam_userdb.c -+++ b/modules/pam_userdb/pam_userdb.c -@@ -334,7 +334,7 @@ user_lookup (pam_handle_t *pamh, const char *database, const char *cryptmode, - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -423,14 +423,14 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags UNUSED, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_setcred(pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -475,23 +475,6 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags UNUSED, - return PAM_SUCCESS; - } - -- --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_userdb_modstruct = { -- "pam_userdb", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL, --}; -- --#endif -- - /* - * Copyright (c) Cristian Gafton , 1999 - * All rights reserved -diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c -index a26c48d..1d196ad 100644 ---- a/modules/pam_warn/pam_warn.c -+++ b/modules/pam_warn/pam_warn.c -@@ -54,7 +54,6 @@ static void log_items(pam_handle_t *pamh, const char *function, int flags) - - /* --- authentication management functions (only) --- */ - --PAM_EXTERN - int pam_sm_authenticate(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -62,7 +61,6 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN - int pam_sm_setcred(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -72,7 +70,6 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, - - /* password updating functions */ - --PAM_EXTERN - int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -80,7 +77,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -88,7 +85,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_open_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -96,7 +93,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --PAM_EXTERN int -+int - pam_sm_close_session(pam_handle_t *pamh, int flags, - int argc UNUSED, const char **argv UNUSED) - { -@@ -104,20 +101,4 @@ pam_sm_close_session(pam_handle_t *pamh, int flags, - return PAM_IGNORE; - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_warn_modstruct = { -- "pam_warn", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- pam_sm_open_session, -- pam_sm_close_session, -- pam_sm_chauthtok, --}; -- --#endif -- - /* end of module definition */ -diff --git a/modules/pam_wheel/pam_wheel.c b/modules/pam_wheel/pam_wheel.c -index d7d8096..6ea7b84 100644 ---- a/modules/pam_wheel/pam_wheel.c -+++ b/modules/pam_wheel/pam_wheel.c -@@ -232,7 +232,7 @@ perform_check (pam_handle_t *pamh, int ctrl, const char *use_group) - - /* --- authentication management functions --- */ - --PAM_EXTERN int -+int - pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -244,14 +244,14 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, ctrl, use_group); - } - --PAM_EXTERN int -+int - pam_sm_setcred (pam_handle_t *pamh UNUSED, int flags UNUSED, - int argc UNUSED, const char **argv UNUSED) - { - return PAM_SUCCESS; - } - --PAM_EXTERN int -+int - pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - int argc, const char **argv) - { -@@ -263,22 +263,6 @@ pam_sm_acct_mgmt (pam_handle_t *pamh, int flags UNUSED, - return perform_check(pamh, ctrl, use_group); - } - --#ifdef PAM_STATIC -- --/* static module data */ -- --struct pam_module _pam_wheel_modstruct = { -- "pam_wheel", -- pam_sm_authenticate, -- pam_sm_setcred, -- pam_sm_acct_mgmt, -- NULL, -- NULL, -- NULL --}; -- --#endif /* PAM_STATIC */ -- - /* - * Copyright (c) Cristian Gafton , 1996, 1997 - * All rights reserved -diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c -index 2be4351..6778aa8 100644 ---- a/modules/pam_xauth/pam_xauth.c -+++ b/modules/pam_xauth/pam_xauth.c -@@ -798,16 +798,3 @@ pam_sm_close_session (pam_handle_t *pamh, int flags UNUSED, - - return PAM_SUCCESS; - } -- --/* static module data */ --#ifdef PAM_STATIC --struct pam_module _pam_xauth_modstruct = { -- "pam_xauth", -- NULL, -- NULL, -- NULL, -- pam_sm_open_session, -- pam_sm_close_session, -- NULL --}; --#endif -diff --git a/po/POTFILES.in b/po/POTFILES.in -index 76d9640..fcec3d8 100644 ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -29,7 +29,6 @@ - ./libpam/pam_prelude.c - ./libpam/pam_session.c - ./libpam/pam_start.c --./libpam/pam_static.c - ./libpam/pam_strerror.c - ./libpam/pam_syslog.c - ./libpam/pam_vprompt.c -diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c -index 3000055..7092716 100644 ---- a/tests/tst-dlopen.c -+++ b/tests/tst-dlopen.c -@@ -19,9 +19,6 @@ - /* Simple program to see if dlopen() would succeed. */ - int main(int argc, char **argv) - { --#ifdef PAM_STATIC -- return 77; --#else - int i; - struct stat st; - char buf[PATH_MAX]; -@@ -43,5 +40,4 @@ int main(int argc, char **argv) - } - } - return 0; --#endif - } --- -1.8.5.6 - diff --git a/0003-fix-nis-checks.patch b/0003-fix-nis-checks.patch deleted file mode 100644 index 6f842a6..0000000 --- a/0003-fix-nis-checks.patch +++ /dev/null @@ -1,70 +0,0 @@ -diff --git a/configure.ac b/configure.ac -index d5cc644..534194d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -447,22 +447,26 @@ AC_SUBST(LIBDB) - AM_CONDITIONAL([HAVE_LIBDB], [test ! -z "$LIBDB"]) - - AC_ARG_ENABLE([nis], -- AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix and pam_access])) -+ AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix])) - - AS_IF([test "x$enable_nis" != "xno"], [ -- CFLAGS=$old_CFLAGS -- LIBS=$old_LIBS -+ old_CFLAGS=$CFLAGS -+ old_LIBS=$LIBS - - dnl if there's libtirpc available, prefer that over the system - dnl implementation. -- PKG_CHECK_MODULES([libtirpc], [libtirpc], [ -- CFLAGS="$CFLAGS $libtirpc_CFLAGS" -- LIBS="$LIBS $libtirpc_LIBS" -+ PKG_CHECK_MODULES([TIRPC], [libtirpc], [ -+ CFLAGS="$CFLAGS $TIRPC_CFLAGS" -+ LIBS="$LIBS $TIRPC_LIBS" - ], [:;]) - -- AC_SEARCH_LIBS([yp_get_default_domain], [nsl]) -+ PKG_CHECK_MODULES([NSL], [libnsl], [], -+ [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) -+ CFLAGS="$CFLAGS $NSL_CFLAGS" -+ LIBS="$LIBS $NSL_LIBS" - - AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) -+ AC_CHECK_FUNCS([getrpcport rpcb_getaddr]) - AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h]) - AC_CHECK_DECLS([getrpcport], , , [ - #if HAVE_RPC_RPC_H -@@ -470,9 +474,6 @@ AS_IF([test "x$enable_nis" != "xno"], [ - #endif - ]) - -- NIS_CFLAGS="${CFLAGS%${old_CFLAGS}}" -- NIS_LIBS="${LIBS%${old_LIBS}}" -- - CFLAGS="$old_CFLAGS" - LIBS="$old_LIBS" - ]) -diff --git a/modules/pam_unix/Makefile.am b/modules/pam_unix/Makefile.am -index ab0d55a..56df178 100644 ---- a/modules/pam_unix/Makefile.am -+++ b/modules/pam_unix/Makefile.am -@@ -19,7 +19,7 @@ secureconfdir = $(SCONFIGDIR) - AM_CFLAGS = -I$(top_srcdir)/libpam/include -I$(top_srcdir)/libpamc/include \ - -DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \ - -DUPDATE_HELPER=\"$(sbindir)/unix_update\" \ -- $(NIS_CFLAGS) -+ @TIRPC_CFLAGS@ @NSL_CFLAGS@ - - if HAVE_LIBSELINUX - AM_CFLAGS += -D"WITH_SELINUX" -@@ -30,7 +30,7 @@ if HAVE_VERSIONING - pam_unix_la_LDFLAGS += -Wl,--version-script=$(srcdir)/../modules.map - endif - pam_unix_la_LIBADD = $(top_builddir)/libpam/libpam.la \ -- @LIBCRYPT@ @LIBSELINUX@ $(NIS_LIBS) -+ @LIBCRYPT@ @LIBSELINUX@ @TIRPC_LIBS@ @NSL_LIBS@ - - securelib_LTLIBRARIES = pam_unix.la - diff --git a/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch b/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch deleted file mode 100644 index 89cd195..0000000 --- a/0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 6b12a20c527cb6ced5b8911ea0f1dcdfc6e6f30c Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Tue, 29 Mar 2016 14:17:34 +0200 -Subject: [PATCH 2/2] PAM_EXTERN isn't needed anymore, but don't remove it to - not break lot of external code using it. - -* libpam/include/security/pam_modules.h: Readd PAM_EXTERN for compatibility ---- - libpam/include/security/pam_modules.h | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libpam/include/security/pam_modules.h b/libpam/include/security/pam_modules.h -index 37568e9..ec65e3e 100644 ---- a/libpam/include/security/pam_modules.h -+++ b/libpam/include/security/pam_modules.h -@@ -75,6 +75,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, - - #define PAM_DATA_REPLACE 0x20000000 /* used when replacing a data item */ - -+/* PAM_EXTERN isn't needed anymore, but don't remove it to not break -+ lot of external code using it. */ -+#define PAM_EXTERN extern - - /* take care of any compatibility issues */ - #include --- -1.8.5.6 - diff --git a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch b/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch deleted file mode 100644 index 1e0e5af..0000000 --- a/0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch +++ /dev/null @@ -1,155 +0,0 @@ -From 549aef483c9f1852e1fbefabc4ebbbe72e00c243 Mon Sep 17 00:00:00 2001 -From: Thorsten Kukuk -Date: Fri, 1 Apr 2016 15:28:09 +0200 -Subject: [PATCH] Use TI-RPC functions if we compile and link against libtirpc. - The old SunRPC functions don't work with IPv6. - -* configure.ac: Set and restore CPPFLAGS -* modules/pam_unix/pam_unix_passwd.c: Replace getrpcport with - rpcb_getaddr if available. ---- - configure.ac | 4 +++ - modules/pam_unix/pam_unix_passwd.c | 73 +++++++++++++++++++++++++++++++++++++- - 2 files changed, 76 insertions(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 534194d..20f6ba3 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -451,18 +451,21 @@ AC_ARG_ENABLE([nis], - - AS_IF([test "x$enable_nis" != "xno"], [ - old_CFLAGS=$CFLAGS -+ old_CPPFLAGS=$CPPFLAGS - old_LIBS=$LIBS - - dnl if there's libtirpc available, prefer that over the system - dnl implementation. - PKG_CHECK_MODULES([TIRPC], [libtirpc], [ - CFLAGS="$CFLAGS $TIRPC_CFLAGS" -+ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS" - LIBS="$LIBS $TIRPC_LIBS" - ], [:;]) - - PKG_CHECK_MODULES([NSL], [libnsl], [], - [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])]) - CFLAGS="$CFLAGS $NSL_CFLAGS" -+ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS" - LIBS="$LIBS $NSL_LIBS" - - AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind]) -@@ -475,6 +478,7 @@ AS_IF([test "x$enable_nis" != "xno"], [ - ]) - - CFLAGS="$old_CFLAGS" -+ CPPFLAGS="$old_CPPFLAGS" - LIBS="$old_LIBS" - ]) - -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index e3d3209..fa29327 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -92,7 +92,7 @@ - - # include "yppasswd.h" - --# if !HAVE_DECL_GETRPCPORT -+# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR - extern int getrpcport(const char *host, unsigned long prognum, - unsigned long versnum, unsigned int proto); - # endif /* GNU libc 2.1 */ -@@ -114,11 +114,48 @@ extern int getrpcport(const char *host, unsigned long prognum, - #define MAX_PASSWD_TRIES 3 - - #ifdef HAVE_NIS -+#ifdef HAVE_RPCB_GETADDR -+static unsigned short -+__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf) -+{ -+ unsigned short port = 0; -+ struct __rpc_sockinfo si; -+ struct sockaddr_in *sin; -+ struct sockaddr_in6 *sin6; -+ if (!__rpc_nconf2sockinfo(nconf, &si)) -+ return 0; -+ -+ switch (si.si_af) -+ { -+ case AF_INET: -+ sin = nbuf->buf; -+ port = sin->sin_port; -+ break; -+ case AF_INET6: -+ sin6 = nbuf->buf; -+ port = sin6->sin6_port; -+ break; -+ default: -+ break; -+ } -+ -+ return htons (port); -+} -+#endif -+ - static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) - { - char *master; - char *domainname; - int port, err; -+#if defined(HAVE_RPCB_GETADDR) -+ struct netconfig *nconf; -+ struct netbuf svcaddr; -+ char addrbuf[INET6_ADDRSTRLEN]; -+ void *handle; -+ int found; -+#endif -+ - - #ifdef HAVE_YP_GET_DEFAULT_DOMAIN - if ((err = yp_get_default_domain(&domainname)) != 0) { -@@ -146,7 +183,41 @@ static char *getNISserver(pam_handle_t *pamh, unsigned int ctrl) - yperr_string(err)); - return NULL; - } -+#ifdef HAVE_RPCB_GETADDR -+ svcaddr.len = 0; -+ svcaddr.maxlen = sizeof (addrbuf); -+ svcaddr.buf = addrbuf; -+ port = 0; -+ found = 0; -+ -+ handle = setnetconfig(); -+ while ((nconf = getnetconfig(handle)) != NULL) { -+ if (!strcmp(nconf->nc_proto, "udp")) { -+ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE, -+ nconf, &svcaddr, master)) { -+ port = __taddr2port (nconf, &svcaddr); -+ endnetconfig (handle); -+ found=1; -+ break; -+ } -+ -+ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) { -+ clnt_pcreateerror (master); -+ pam_syslog (pamh, LOG_ERR, -+ "rpcb_getaddr (%s) failed!", master); -+ return NULL; -+ } -+ } -+ } -+ -+ if (!found) { -+ pam_syslog (pamh, LOG_ERR, -+ "Cannot find suitable transport for protocol 'udp'"); -+ return NULL; -+ } -+#else - port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP); -+#endif - if (port == 0) { - pam_syslog(pamh, LOG_WARNING, - "yppasswdd not running on NIS master host"); --- -1.8.5.6 - diff --git a/Linux-PAM-1.2.1-docs.tar.bz2 b/Linux-PAM-1.2.1-docs.tar.bz2 deleted file mode 100644 index 32e575a..0000000 --- a/Linux-PAM-1.2.1-docs.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1f8860544d935f744546a4bb15167e3e42736c4e37756534117bdfaa822e6b25 -size 491551 diff --git a/Linux-PAM-1.2.1.tar.bz2 b/Linux-PAM-1.2.1.tar.bz2 deleted file mode 100644 index 92da79f..0000000 --- a/Linux-PAM-1.2.1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:342b1211c0d3b203a7df2540a5b03a428a087bd8a48c17e49ae268f992b334d9 -size 1279523 diff --git a/Linux-PAM-1.3.0-docs.tar.bz2 b/Linux-PAM-1.3.0-docs.tar.bz2 new file mode 100644 index 0000000..7baca1f --- /dev/null +++ b/Linux-PAM-1.3.0-docs.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8610b48703f036f6755c1d2bd8bcdeaddd9d99a1631f2d7668ec69b444d972a0 +size 492805 diff --git a/Linux-PAM-1.3.0.tar.bz2 b/Linux-PAM-1.3.0.tar.bz2 new file mode 100644 index 0000000..8ad625a --- /dev/null +++ b/Linux-PAM-1.3.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:241aed1ef522f66ed672719ecf2205ec513fd0075ed80cda8e086a5b1a01d1bb +size 1302820 diff --git a/encryption_method_nis.diff b/encryption_method_nis.diff index 55980bf..f812786 100644 --- a/encryption_method_nis.diff +++ b/encryption_method_nis.diff @@ -1,8 +1,6 @@ -diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c -index 0cfc0f4..2239206 100644 ---- a/modules/pam_unix/pam_unix_passwd.c -+++ b/modules/pam_unix/pam_unix_passwd.c -@@ -796,6 +796,29 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) +--- modules/pam_unix/pam_unix_passwd.c ++++ modules/pam_unix/pam_unix_passwd.c 2016/04/11 13:49:32 +@@ -840,6 +840,29 @@ * rebuild the password database file. */ @@ -32,13 +30,11 @@ index 0cfc0f4..2239206 100644 /* * First we encrypt the new password. */ -diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c -index 19d72e6..dafa9f0 100644 ---- a/modules/pam_unix/support.c -+++ b/modules/pam_unix/support.c -@@ -37,8 +37,8 @@ - #define SELINUX_ENABLED 0 - #endif +--- modules/pam_unix/support.c ++++ modules/pam_unix/support.c 2016/04/11 13:49:32 +@@ -31,8 +31,8 @@ + #include "support.h" + #include "passverify.h" -static char * -search_key (const char *key, const char *filename) @@ -47,7 +43,7 @@ index 19d72e6..dafa9f0 100644 { FILE *fp; char *buf = NULL; -@@ -159,7 +159,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -153,7 +153,7 @@ } /* preset encryption method with value from /etc/login.defs */ @@ -56,7 +52,7 @@ index 19d72e6..dafa9f0 100644 if (val) { for (j = 0; j < UNIX_CTRLS_; ++j) { if (unix_args[j].token && unix_args[j].is_hash_algo -@@ -177,7 +177,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, +@@ -171,7 +171,7 @@ /* read number of rounds for crypt algo */ if (rounds && (on(UNIX_SHA256_PASS, ctrl) || on(UNIX_SHA512_PASS, ctrl))) { @@ -65,11 +61,9 @@ index 19d72e6..dafa9f0 100644 if (val) { *rounds = strtol(val, NULL, 10); -diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h -index 6f5b2eb..a35a8a8 100644 ---- a/modules/pam_unix/support.h -+++ b/modules/pam_unix/support.h -@@ -174,4 +174,5 @@ extern int _unix_read_password(pam_handle_t * pamh +--- modules/pam_unix/support.h ++++ modules/pam_unix/support.h 2016/04/11 13:49:32 +@@ -174,4 +174,5 @@ extern int _unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user, int *daysleft); diff --git a/pam.changes b/pam.changes index 23c3bc1..0ee5084 100644 --- a/pam.changes +++ b/pam.changes @@ -1,3 +1,29 @@ +------------------------------------------------------------------- +Mon May 2 10:44:38 CEST 2016 - kukuk@suse.de + +- Remove obsolete README.pam_tally [bsc#977973] + +------------------------------------------------------------------- +Thu Apr 28 13:51:59 CEST 2016 - kukuk@suse.de + +- Update Linux-PAM to version 1.3.0 +- Rediff encryption_method_nis.diff + +------------------------------------------------------------------- +Thu Apr 14 14:06:18 CEST 2016 - kukuk@suse.de + +- Add /sbin/unix2_chkpwd (moved from pam-modules) + +------------------------------------------------------------------- +Mon Apr 11 15:09:04 CEST 2016 - kukuk@suse.de + +- Remove (since accepted upstream): + - 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch + - 0002-Remove-enable-static-modules-option-and-support-from.patch + - 0003-fix-nis-checks.patch + - 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch + - 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch + ------------------------------------------------------------------- Fri Apr 1 15:32:37 CEST 2016 - kukuk@suse.de diff --git a/pam.spec b/pam.spec index 36037e2..67e8d11 100644 --- a/pam.spec +++ b/pam.spec @@ -30,11 +30,11 @@ BuildRequires: pkgconfig(libtirpc) %if %{enable_selinux} BuildRequires: libselinux-devel %endif -%define libpam_so_version 0.84.1 +%define libpam_so_version 0.84.2 %define libpam_misc_so_version 0.82.1 %define libpamc_so_version 0.82.1 # -Version: 1.2.1 +Version: 1.3.0 Release: 0 Summary: A Security Tool that Provides Authentication for Applications License: GPL-2.0+ or BSD-3-Clause @@ -52,14 +52,11 @@ Source6: common-password.pamd Source7: common-session.pamd Source8: etc.environment Source9: baselibs.conf +Source10: unix2_chkpwd.c +Source11: unix2_chkpwd.8 Patch0: fix-man-links.dif Patch2: pam-limit-nproc.patch Patch3: encryption_method_nis.diff -Patch4: 0001-Remove-YP-dependencies-from-pam_access-they-were-nev.patch -Patch5: 0002-Remove-enable-static-modules-option-and-support-from.patch -Patch6: 0003-fix-nis-checks.patch -Patch7: 0004-PAM_EXTERN-isn-t-needed-anymore-but-don-t-remove-it-.patch -Patch8: 0005-Use-TI-RPC-functions-if-we-compile-and-link-against-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # Remove with next version update: BuildRequires: autoconf @@ -109,12 +106,7 @@ building both PAM-aware applications and modules for use with PAM. %setup -q -n Linux-PAM-%{version} -b 1 %patch0 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%patch3 -p0 %build autoreconf -fiv @@ -128,7 +120,8 @@ export CFLAGS="%optflags -DNDEBUG" --libdir=/%{_lib} \ --enable-isadir=../../%{_lib}/security \ --enable-securedir=/%{_lib}/security -make %{?_smp_mflags}; +make %{?_smp_mflags} +%__cc -fwhole-program -fpie -pie -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE %{optflags} -I$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/include %{SOURCE10} -o $RPM_BUILD_DIR/unix2_chkpwd -L$RPM_BUILD_DIR/Linux-PAM-%{version}/libpam/.libs/ -lpam %check make %{?_smp_mflags} check @@ -181,12 +174,6 @@ for x in pam_unix_auth pam_unix_acct pam_unix_passwd pam_unix_session; do ln -f $RPM_BUILD_ROOT/%{_lib}/security/pam_unix.so $RPM_BUILD_ROOT/%{_lib}/security/$x.so done # -# pam_tally is deprecated since ages -# -rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so -rm -f $RPM_BUILD_ROOT/sbin/pam_tally -rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* -# # Install READMEs of PAM modules # DOC=$RPM_BUILD_ROOT%{_defaultdocdir}/pam @@ -198,18 +185,30 @@ mkdir -p $DOC/modules done ) # -# Install misc docu and md5.config +# pam_tally is deprecated since ages +# +rm -f $RPM_BUILD_ROOT/%{_lib}/security/pam_tally.so +rm -f $RPM_BUILD_ROOT/sbin/pam_tally +rm -f $RPM_BUILD_ROOT%{_mandir}/man8/pam_tally.8* +rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/pam/modules/README.pam_tally +# +# Install misc docu # install -m 644 NEWS COPYING $DOC +# Install unix2_chkpwd +install -m 755 $RPM_BUILD_DIR/unix2_chkpwd $RPM_BUILD_ROOT/sbin/ +install -m 644 $RPM_SOURCE_DIR/unix2_chkpwd.8 $RPM_BUILD_ROOT%{_mandir}/man8/ # Create filelist with translatins %{find_lang} Linux-PAM %verifyscript %verify_permissions -e /sbin/unix_chkpwd +%verify_permissions -e /sbin/unix2_chkpwd %post /sbin/ldconfig %set_permissions /sbin/unix_chkpwd +%set_permissions /sbin/unix2_chkpwd %postun -p /sbin/ldconfig @@ -234,6 +233,7 @@ install -m 644 NEWS COPYING $DOC %config(noreplace) %{_sysconfdir}/security/namespace.init %doc %{_defaultdocdir}/pam/NEWS %doc %{_defaultdocdir}/pam/COPYING +%doc %{_mandir}/man5/environment.5* %doc %{_mandir}/man5/*.conf.5* %doc %{_mandir}/man5/pam.d.5* %doc %{_mandir}/man8/* @@ -299,6 +299,7 @@ install -m 644 NEWS COPYING $DOC /sbin/pam_tally2 /sbin/pam_timestamp_check %verify(not mode) %attr(4755,root,shadow) /sbin/unix_chkpwd +%verify(not mode) %attr(4755,root,shadow) /sbin/unix2_chkpwd %attr(0700,root,root) /sbin/unix_update %files doc diff --git a/unix2_chkpwd.8 b/unix2_chkpwd.8 new file mode 100644 index 0000000..5f41cf4 --- /dev/null +++ b/unix2_chkpwd.8 @@ -0,0 +1,79 @@ +.\" Copyright (C) 2003 International Business Machines Corporation +.\" This file is distributed according to the GNU General Public License. +.\" See the file COPYING in the top level source directory for details. +.\" +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "UNIX2_CHKPWD" 8 "2003-03-21" "Linux-PAM 0.76" "Linux-PAM Manual" +.SH NAME +unix2_chkpwd \- helper binary that verifies the password of the current user +.SH "SYNOPSIS" +.ad l +.hy 0 + +/sbin/unix2_chkpwd \fIservicename\fR \fIusername\fR +.sp +.ad +.hy +.SH "DESCRIPTION" +.PP +\fBunix2_chkpwd\fR is a helper program for applications that verifies +the password of the current user. It is not intended to be run directly from +the command line and logs a security violation if done so. + +It is typically installed setuid root or setgid shadow and called by +applications, which only wishes to do an user authentification and +nothing more. + +.SH "OPTIONS" +.PP +unix2_chkpwd requires the following arguments: +.TP +\fIpam_service\fR +The name of the service using unix2_chkpwd. This is required to be one of +the services in /etc/pam.d +.TP +\fIusername\fR +The name of the user whose password you want to verify. + +.SH "INPUTS" +.PP +unix2_chkpwd expects the password via stdin. + +.SH "RETURN CODES" +.PP +\fBunix2_chkpwd\fR has the following return codes: +.TP +1 +unix2_chkpwd was inappropriately called from the command line or the password is incorrect. + +.TP +0 +The password is correct. + +.SH "HISTORY" +Written by Olaf Kirch loosely based on unix_chkpwd by Andrew Morgan + +.SH "SEE ALSO" + +.PP +\fBpam\fR(8) + +.SH AUTHOR +Emily Ratliff. diff --git a/unix2_chkpwd.c b/unix2_chkpwd.c new file mode 100644 index 0000000..082fd3d --- /dev/null +++ b/unix2_chkpwd.c @@ -0,0 +1,337 @@ +/* + * Set*id helper program for PAM authentication. + * + * It is supposed to be called from pam_unix2's + * pam_sm_authenticate function if the function notices + * that it's unable to get the password from the shadow file + * because it doesn't have sufficient permissions. + * + * Copyright (C) 2002 SuSE Linux AG + * + * Written by okir@suse.de, loosely based on unix_chkpwd + * by Andrew Morgan. + */ + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define BUFLEN 1024 +#ifndef LOGINDEFS +#define LOGINDEFS "/etc/login.defs" +#endif +#define LOGINDEFS_FAIL_DELAY_KEY "FAIL_DELAY" +#define DEFAULT_FAIL_DELAY_S 10 + +#define PASSWD_CRACKER_DELAY_MS 100 + +enum { + UNIX_PASSED = 0, + UNIX_FAILED = 1 +}; + +static char * program_name; +static char pass[64]; +static int npass = -1; + +/* + * Log error messages + */ +static void +_log_err(int err, const char *format,...) +{ + va_list args; + + va_start(args, format); + openlog(program_name, LOG_CONS | LOG_PID, LOG_AUTH); + vsyslog(err, format, args); + va_end(args); + closelog(); +} + +static void +su_sighandler(int sig) +{ + if (sig > 0) { + _log_err(LOG_NOTICE, "caught signal %d.", sig); + exit(sig); + } +} + +/* + * Setup signal handlers + */ +static void +setup_signals(void) +{ + struct sigaction action; + + memset((void *) &action, 0, sizeof(action)); + action.sa_handler = su_sighandler; + action.sa_flags = SA_RESETHAND; + sigaction(SIGILL, &action, NULL); + sigaction(SIGTRAP, &action, NULL); + sigaction(SIGBUS, &action, NULL); + sigaction(SIGSEGV, &action, NULL); + action.sa_handler = SIG_IGN; + action.sa_flags = 0; + sigaction(SIGTERM, &action, NULL); + sigaction(SIGHUP, &action, NULL); + sigaction(SIGINT, &action, NULL); + sigaction(SIGQUIT, &action, NULL); + sigaction(SIGALRM, &action, NULL); +} + +static int +_converse(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *appdata_ptr) +{ + struct pam_response *reply; + int num; + + if (!(reply = malloc(sizeof(*reply) * num_msg))) + return PAM_CONV_ERR; + + for (num = 0; num < num_msg; num++) { + reply[num].resp_retcode = PAM_SUCCESS; + reply[num].resp = NULL; + switch (msg[num]->msg_style) { + case PAM_PROMPT_ECHO_ON: + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + /* read the password from stdin */ + if (npass < 0) { + npass = read(STDIN_FILENO, pass, sizeof(pass)-1); + if (npass < 0) { + _log_err(LOG_DEBUG, "error reading password"); + return UNIX_FAILED; + } + pass[npass] = '\0'; + } + reply[num].resp = strdup(pass); + break; + case PAM_TEXT_INFO: + case PAM_ERROR_MSG: + /* ignored */ + break; + default: + /* Must be an error of some sort... */ + return PAM_CONV_ERR; + } + } + + *resp = reply; + return PAM_SUCCESS; +} + +static int +_authenticate(const char *service, const char *user) +{ + struct pam_conv conv = { _converse, NULL }; + pam_handle_t *pamh; + int err; + + err = pam_start(service, user, &conv, &pamh); + if (err != PAM_SUCCESS) { + _log_err(LOG_ERR, "pam_start(%s, %s) failed (errno %d)", + service, user, err); + return UNIX_FAILED; + } + + err = pam_authenticate(pamh, 0); + if (err != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_authenticate(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + + if (err == PAM_SUCCESS) + { + err = pam_acct_mgmt(pamh, 0); + if (err == PAM_SUCCESS) + { + int err2 = pam_setcred(pamh, PAM_REFRESH_CRED); + if (err2 != PAM_SUCCESS) + _log_err(LOG_ERR, "pam_setcred(%s, %s): %s", + service, user, + pam_strerror(pamh, err2)); + /* + * ignore errors on refresh credentials. + * If this did not work we use the old once. + */ + } else { + _log_err(LOG_ERR, "pam_acct_mgmt(%s, %s): %s", + service, user, + pam_strerror(pamh, err)); + } + } + + pam_end(pamh, err); + + if (err != PAM_SUCCESS) + return UNIX_FAILED; + return UNIX_PASSED; +} + +static char * +getuidname(uid_t uid) +{ + struct passwd *pw; + static char username[32]; + + pw = getpwuid(uid); + if (pw == NULL) + return NULL; + + strncpy(username, pw->pw_name, sizeof(username)); + username[sizeof(username) - 1] = '\0'; + + endpwent(); + return username; +} + +static int +sane_pam_service(const char *name) +{ + const char *sp; + char path[128]; + + if (strlen(name) > 32) + return 0; + for (sp = name; *sp; sp++) { + if (!isalnum(*sp) && *sp != '_' && *sp != '-') + return 0; + } + + snprintf(path, sizeof(path), "/etc/pam.d/%s", name); + return access(path, R_OK) == 0; +} + +static int +get_system_fail_delay (void) +{ + FILE *fs; + char buf[BUFLEN]; + long int delay = -1; + char *s; + int l; + + fs = fopen(LOGINDEFS, "r"); + if (NULL == fs) { + goto bail_out; + } + + while ((NULL != fgets(buf, BUFLEN, fs)) && (-1 == delay)) { + if (!strstr(buf, LOGINDEFS_FAIL_DELAY_KEY)) { + continue; + } + s = buf + strspn(buf, " \t"); + l = strcspn(s, " \t"); + if (strncmp(LOGINDEFS_FAIL_DELAY_KEY, s, l)) { + continue; + } + s += l; + s += strspn(s, " \t"); + errno = 0; + delay = strtol(s, NULL, 10); + if (errno) { + delay = -1; + } + break; + } + fclose (fs); +bail_out: + delay = (delay < 0) ? DEFAULT_FAIL_DELAY_S : delay; + return (int)delay; +} + +int +main(int argc, char *argv[]) +{ + const char *program_name; + char *service, *user; + int fd; + int result = UNIX_FAILED; + uid_t uid; + + uid = getuid(); + + /* + * Make sure standard file descriptors are connected. + */ + while ((fd = open("/dev/null", O_RDWR)) <= 2) + ; + close(fd); + + /* + * Get the program name + */ + if (argc == 0) + program_name = "unix2_chkpwd"; + else if ((program_name = strrchr(argv[0], '/')) != NULL) + program_name++; + else + program_name = argv[0]; + + /* + * Catch or ignore as many signal as possible. + */ + setup_signals(); + + /* + * Check argument list + */ + if (argc < 2 || argc > 3) { + _log_err(LOG_NOTICE, "Bad number of arguments (%d)", argc); + return UNIX_FAILED; + } + + /* + * Get the service name and do some sanity checks on it + */ + service = argv[1]; + if (!sane_pam_service(service)) { + _log_err(LOG_ERR, "Illegal service name '%s'", service); + return UNIX_FAILED; + } + + /* + * Discourage users messing around (fat chance) + */ + if (isatty(STDIN_FILENO) && uid != 0) { + _log_err(LOG_NOTICE, + "Inappropriate use of Unix helper binary [UID=%d]", + uid); + fprintf(stderr, + "This binary is not designed for running in this way\n" + "-- the system administrator has been informed\n"); + sleep(10); /* this should discourage/annoy the user */ + return UNIX_FAILED; + } + + /* + * determine the caller's user name + */ + user = getuidname(uid); + if (argc == 3 && strcmp(user, argv[2])) { + user = argv[2]; + } + result = _authenticate(service, user); + /* Discourage use of this program as a + * password cracker */ + usleep(PASSWD_CRACKER_DELAY_MS * 1000); + if (result != UNIX_PASSED && uid != 0) + sleep(get_system_fail_delay()); + return result; +}